Symantec ATP Automates Security Incident with Phantom
Security
Executive Summary
An increasing number of stealthier and complex security incidents are bogging down the SOC operations for Symantec ATP Endpoint customers. The longer it takes to contain the security incident, the higher is the risk of damage caused. Crest helped Symantec to adopt Splunk Phantom as a SOAR platform and integrated a few tools/systems for Automated Security Incident Response.
About Customer
Symantec’s teams around the world are developing technologies and building solutions to help customers secure and manage their information. The company has a robust portfolio and a long history of technology leadership.
Business Challenge
Symantec ATP Endpoint customers complained that a flood of alerts quickly overwhelms their team and an automated solution with a SOAR platform would effectively help mitigate the problem through an automated incident response mechanism. Today’s security talent gap also exacerbates these problems for the client.
Customer Solution
Symantec ATP team worked with Crest Data Systems, a leading development/consulting vendor across all major SOAR platforms, to create playbooks for Phantom’s SOAR platform that providers incident responses for popular actions out of the box and provides flexibility to customize incident responses to fit end-customer’s needs. Following Actions were integrated as part of Symantec ATP Phantom App:
- Ingest ATP incidents to Phantom
- Quarantine/Un-quarantine an endpoint
- Delete malicious file from an endpoint
