Executive Summary

An increasing number of stealthier and complex security incidents are bogging down the SOC operations for Symantec ATP Endpoint customers. The longer it takes to contain the security incident, the higher is the risk of damage caused.  Crest helped Symantec to adopt Splunk Phantom as a SOAR platform and integrated a few tools/systems for Automated Security Incident Response.

Services
  • Engineering Services
  • Enterprise Integrations
  • Managed Services
  • Managed SOAR
  • Software Development
Technology and Platform
  • SOAR -Phantom

About Client

Symantec’s teams around the world are developing technologies and building solutions to help customers secure and manage their information. The company has a robust portfolio and a long history of technology leadership.

Business Challenge

Symantec ATP Endpoint customers complained that a flood of alerts quickly overwhelms their team and an automated solution with a SOAR platform would effectively help mitigate the problem through an automated incident response mechanism. Today’s security talent gap also exacerbates these problems for the client.

Client Solution

Symantec ATP team worked with Crest Data Systems, a leading development/consulting vendor across all major SOAR platforms, to create playbooks for Phantom’s SOAR platform that providers incident responses for popular actions out of the box and provides flexibility to customize incident responses to fit end-customer’s needs.

Following Actions were integrated as part of Symantec ATP Phantom App:

  • Ingest ATP incidents to Phantom
  • Quarantine/Un-quarantine an endpoint
  • Delete malicious file from an endpoint

I agree with storage and handling of my information.


By using this site, you agree with our use of cookies. Privacy Policy