Symantec ATP Automates Security Incident with Phantom


Symantec ATP Automates Security Incident with Phantom


Executive Summary

An increasing number of stealthier and complex security incidents are bogging down the SOC operations for Symantec ATP Endpoint customers. The longer it takes to contain the security incident, the higher is the risk of damage caused. Crest helped Symantec to adopt Splunk Phantom as a SOAR platform and integrated a few tools/systems for Automated Security Incident Response.

About Customer

Symantec’s teams around the world are developing technologies and building solutions to help customers secure and manage their information. The company has a robust portfolio and a long history of technology leadership.

Business Challenge

Symantec ATP Endpoint customers complained that a flood of alerts quickly overwhelms their team and an automated solution with a SOAR platform would effectively help mitigate the problem through an automated incident response mechanism. Today’s security talent gap also exacerbates these problems for the client.

Customer Solution

Symantec ATP team worked with Crest Data Systems, a leading development/consulting vendor across all major SOAR platforms, to create playbooks for Phantom’s SOAR platform that providers incident responses for popular actions out of the box and provides flexibility to customize incident responses to fit end-customer’s needs.

Following Actions were integrated as part of Symantec ATP Phantom App:


We’d love to hear about your project and help you get started.

Contact our sales team to discuss your business requirements.