#splunkconf18 Preview: Brewing up Security Automation Use Cases with Phantom and Starbucks

One of the things I’m most proud of when I talk about the Phantom security orchestration, automation, and response (SOAR) platform is its flexibility to adapt to just about any security operations (SecOps) use case. Another great thing I’m proud of is the large and active Phantom Community of users who have built and implemented automation playbooks that solve real-world problems—problems that I never conceived of when I originally architected the platform.

To be clear, orchestration of disparate security products that were never really intended to work with each other is not a simple task. There’s a tremendous amount of engineering on the backend that makes sure that the right action is executed at the right time. On the front-end however, we wanted a user experience that makes the hard problem of building an automation playbook easy. And so our visual policy editor did just that, enabling users with little to no coding experience to use the platform to assemble actions into playbooks and, in turn, solve some of their biggest security problems.

Mike Hughes, the Director of Information Security at Starbucks and I will co-present a session at .conf18 next week on automation use cases implemented with the Phantom platform. We’ll cover the background and thought process that goes into identifying the ideal use cases and walk through several examples like the one below.

The example shown above is a nontraditional security use case that involves responding to user reports of URLs blocked by a proxy. If you want to get a security analyst’s attention, explain how you can reduce or eliminate these kinds of tasks from their workload! While it’s exciting to talk about use cases that really push the envelope of what’s possible, the most useful automation use cases are often those that eliminate highly repetitive and boring security tasks.

While I’ve been an attendee in years past, I’m super excited to participate in my first .conf as a Splunker. I’m also excited to co-present these security automation use cases with Mike. If you’re attending .conf18, be sure to register for the session and join us!


SEC1979 - Splunk Phantom at Starbucks
Tuesday, Oct 2, 4:45 p.m. – 5:30 p.m.

Also, be sure to check out all of the Phantom-related sessions at .conf18, part of the Security, Compliance and Fraud track.

Follow all the conversations coming out of #splunkconf18!

Sourabh Satish
Posted by

Sourabh Satish

Sourabh has had an accomplished 24+ year career in cyber security. With 189 issued and 47 pending patents, he is building and leading the way to the next generation of innovative security technologies for Splunk. Sourabh was co-founder and CTO for Phantom, where he and his team built a leading, innovative and enterprise grade Security Orchestration and Automation product. The product is in use by many security operations teams around the world. Sourabh joined Splunk when Phantom was acquired by Splunk in 2018. Sourabh brings incredible intellectual and engineering horsepower, maturity and experience to the Splunk team needed to build world-class enterprise products. His in-depth understanding of complex computing systems and internals and experience implementing a wide array of security technologies, particularly in machine learning and big data analytics, enables him to solve some of the most complex security problems. Sourabh has had a long and established career in the security industry at companies like Symantec and Axent where he has led the development of wide variety of security products and cutting-edge threat detection technologies that ship in both enterprise and consumer products. Sourabh holds a Degree in Computer Science and Engineering. Sourabh is an avid speaker in the industry. He has been pivotal in defining standards in areas like VOIP Security, OpenC2 and also serves as an Advisor to many Silicon Valley security startups who seek his expertise in cyber security.

Join the Discussion