Automating Security Operations Using Phantom

Slide Note
Embed
Share

Isabella Minca, an intern for 4 months in the Security Team at Adobe, presents an overview of automating security operations using Phantom. The presentation covers goals, security alerts, Phantom playbooks, handling security data, and the capabilities of Phantom in orchestrating security responses. Learn how automation can enhance analyst efficiency and enrich knowledge on potential security threats.

gwe_sad
gwe_sad Follow

Uploaded on Sep 30, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Automating Security Operations using Phantom

  2. About Me Isabella Minca Intern for 4 months in the Security Team @ Adobe 4th year student @ Univ. Politehnica of Bucharest

  3. Agenda Our goals Security Alerts Phantom overview Phantom Playbooks What's next

  4. Our goals Automate repetitive manual work of analysts Enrich existing knowledge on Security Alerts In the future: Discovering new potentially malicious behavior

  5. Security Alerts Logs SIEM Alerts Triage

  6. How much data? 30 TB logs/day 150 alerts/day > 100 different types of alerts

  7. Log example How the log looks like in the SIEM

  8. Alert example How the alert looks like in the SIEM

  9. Manual triage Manually handling the alerts includes a lot of repetitive work Example: Azure Weak Network Security Group

  10. Example Workflow for handling the alert NSG still exists? NSG still weak? Create Jira ticket

  11. Example (cont) All of these steps can be automated So here it comes Phantom

  12. What is Phantom? Security Orchestration Response capabilities Automation

  13. What is Phantom?(cont.) Aims to help scaling security operations efforts Recently acquired by Splunk

  14. Main Components Apps Events Playbooks Assets

  15. Apps Third party technologies Used similarly to an API

  16. Playbooks Codification of the security operations plan Written in Python

  17. Assets Specific instances of physical or virtual devices Examples: servers, endpoints, firewalls

  18. Events Phantom server Asset Events Polling

  19. Why Phantom? Phantom playbook Plain Python script vs.

  20. Why Phantom?(cont.) Artifact Artifact Artifact Playbook Event Event

  21. Why Phantom?(cont) Asset 1 ACTION 1 ACTION 2 APP PLAYBOOK ACTION 3 ACTION 4 Asset 2

  22. Examples of useful integrations Virus Total Splunk Jira Slack SMTP

  23. Demo Let s create a Playbook! Demo

  24. Achievements Alerts for Weak Network Security Group in Azure

  25. Achievements(cont.) Alerts for Publicly Exposed Azure Containers Container still exists? Container still exposed? Create Jira ticket

  26. Achievements(cont.) Follow-up work on Jira tickets for AWS Weak Security Groups SG All SGs crossed out? Close ticket restricted/ deleted? Cross out

  27. Next steps Automate repetitive manual work What is on for the future? Enrich alert data Use ML to detect security issues

  28. Q & A

Related


Analyzing Character Personality in

Analyzing Character Personality in "The Phantom Tollbooth

gatchell_j
DIY Microphone Workshop for Students: Build Your Own Phantom-Powered Mic!

DIY Microphone Workshop for Students: Build Your Own Phantom-Powered Mic!

naer721
Analysis of

Analysis of "She was a Phantom of Delight" by Wordsworth

hjod
Exploring the DJI Phantom 4 Pro V2.0 Drone Features and Resources

Exploring the DJI Phantom 4 Pro V2.0 Drone Features and Resources

carolinw
Automating Housing Data: Lessons from BC and Q&A Review

Automating Housing Data: Lessons from BC and Q&A Review

percival
Automating DNS Maintenance with Catalog Zones: A New Approach

Automating DNS Maintenance with Catalog Zones: A New Approach

kkai
COMPUTER ORGANISATION Register Transfer Language

COMPUTER ORGANISATION Register Transfer Language

luther
Understanding the Role of Security Champions in Organizations

Understanding the Role of Security Champions in Organizations

irvin
Understanding the Roles of a Security Partner

Understanding the Roles of a Security Partner

zaara
Understanding Computer Organization and Design: Chapter 2

Understanding Computer Organization and Design: Chapter 2

auriol
AEP Enterprise Security Program Overview - June 2021 Update

AEP Enterprise Security Program Overview - June 2021 Update

aubriella
Understanding Security in World Politics

Understanding Security in World Politics

eisenberg_k
Comprehensive Course Review: Security Research Cornerstones at Carnegie Mellon University

Comprehensive Course Review: Security Research Cornerstones at Carnegie Mellon University

kol_lov
UIC Security Division Overview and International Activities

UIC Security Division Overview and International Activities

hadri
Understanding Security Onion: Network Security Monitoring Tools

Understanding Security Onion: Network Security Monitoring Tools

sadhbh
BCA 601(N): Computer Network Security

BCA 601(N): Computer Network Security

danna
Enhancing Security Definitions for Functional Encryption

Enhancing Security Definitions for Functional Encryption

kalila
International Approaches to Enhance Nuclear Safety and Security

International Approaches to Enhance Nuclear Safety and Security

mazarine
TSA Updates on Security Training Rule for OTRB Companies

TSA Updates on Security Training Rule for OTRB Companies

aziza
Evolving Security Practices in DevOps: A Holistic Approach

Evolving Security Practices in DevOps: A Holistic Approach

madisyn
Certification and Training in Information Security

Certification and Training in Information Security

buck
Overview of Social Security and Health Care System in Turkey

Overview of Social Security and Health Care System in Turkey

violeta
Understanding Transport Layer Security (TLS)

Understanding Transport Layer Security (TLS)

amabel
Understanding Cyber Security and Risks

Understanding Cyber Security and Risks

kathryn

More Related Content

Understanding Provable Security Models in Cryptography
Understanding Provable Security Models in Cryptography
Understanding Computer Security Principles and Practices
Understanding Computer Security Principles and Practices
Legal Framework on Information Security in the Ministry of Trade, Tourism, and Telecommunication
Legal Framework on Information Security in the Ministry of Trade, Tourism, and Telecommunication
Enhancing SWIFT Security Measures for ReBIT: March 2018 Update
Enhancing SWIFT Security Measures for ReBIT: March 2018 Update
Comprehensive Guide to Designing Physical Security and Security Planning by Susan Lincke
Comprehensive Guide to Designing Physical Security and Security Planning by Susan Lincke
Understanding Security Threats and Countermeasures
Understanding Security Threats and Countermeasures
Managing Application Security in Large Organizations: Insights and Best Practices
Managing Application Security in Large Organizations: Insights and Best Practices
IPv6 Security and Threats Workshop Summary
IPv6 Security and Threats Workshop Summary
Understanding Isolation Levels in Database Management Systems
Understanding Isolation Levels in Database Management Systems
OWASP Bricks - Web Application Security Learning Platform
OWASP Bricks - Web Application Security Learning Platform
Enhancing Browser Security for Mobile Devices Using Smart CDNs
Enhancing Browser Security for Mobile Devices Using Smart CDNs
Machine Transcription for Call Center Efficiency
Machine Transcription for Call Center Efficiency
Maximizing Patient Acquisition with CRM in Healthcare Industry
Maximizing Patient Acquisition with CRM in Healthcare Industry
IP Fabric Architecture for GRNET Datacenters: Automating the Future
IP Fabric Architecture for GRNET Datacenters: Automating the Future
Comprehensive Records Management System for K-12 School Districts
Comprehensive Records Management System for K-12 School Districts
Simulation Study of Photoacoustic Imaging for Bragg Peak Reconstruction
Simulation Study of Photoacoustic Imaging for Bragg Peak Reconstruction
Evaluation of MURR Thermal BNCT Facility for Canine Nasal/Sinus Tumor Treatment
Evaluation of MURR Thermal BNCT Facility for Canine Nasal/Sinus Tumor Treatment
Understanding the Strategic Role of Operations Management
Understanding the Strategic Role of Operations Management
Understanding Digital Transformation in the Age of Cybersecurity Insight
Understanding Digital Transformation in the Age of Cybersecurity Insight
Overview of Cyber Operations and Security Threats
Overview of Cyber Operations and Security Threats
iQ-Banks Security and Operations Solutions Overview
iQ-Banks Security and Operations Solutions Overview
Ensuring Digital Security Governance in the Modern Business Landscape
Ensuring Digital Security Governance in the Modern Business Landscape
Innovative ATM Protection System by 3SI Security Systems
Innovative ATM Protection System by 3SI Security Systems
Modernizing Personnel Security Vetting for National Intelligence and Security
Modernizing Personnel Security Vetting for National Intelligence and Security