Skip links
Crest Data
Published in: Analytics

Symantec ATP Automates Security Incident with Phantom

Symantec ATP team partnered with Crest to create playbooks for Phantom’s SOAR platform that provides incident response for out of the box actions and flexibility to customize incident response to fit end-customer’s needs.

Author
Published on:
Case Study

Symantec ATP Automates Security Incident with Phantom

Executive Summary

An increasing number of stealthier and complex security incidents are bogging down the SOC operations for Symantec ATP Endpoint customers.

The longer it takes to contain the security incident, the higher is the risk of damage caused. Crest helped Symantec to adopt Splunk Phantom as a SOAR platform and integrated a few tools/systems for Automated Security Incident Response.

 

 

Business Challenge

Symantec ATP Endpoint customers complained that a flood of alerts quickly overwhelms their team and an automated solution with a SOAR platform would effectively help mitigate the problem through an automated incident response mechanism. Today’s security talent gap also exacerbates these problems for the client.

Customer Solution

Symantec ATP team worked with Crest Data, a leading development/consulting vendor across all major SOAR platforms, to create playbooks for Phantom’s SOAR platform that providers incident responses for popular actions out of the box and provides flexibility to customize incident responses to fit end-customer’s needs.

Following Actions were integrated as part of Symantec ATP Phantom App:

  • Ingest ATP incidents to Phantom

  • Quarantine/Un-quarantine an endpoint

  • Delete malicious file from an endpoint