Security analysts struggle with connecting the dots every single day. They get siloed information from multiple places, making it nearly impossible for them to see the overall context of a security event. Think about your security approach today. What does it look like? How many alerts (from how many sources) does your team see a day? How many security data points are you gathering and collating across multiple security tools (like endpoint, network and cloud security)? And then how do you act on that data, quickly and efficiently, to respond to a security incident?
We asked these same questions to Robb Mayeski, a senior manager for cybersecurity who leads Ernst & Young’s security orchestration, automation and response (SOAR) practice across the Americas. He helps clients tackle their most difficult security problems. He explained that Ernst & Young’s clients struggle most with a lack of resources, siloed workflows, lack of collaboration and manual processes. In essence, they struggled with connecting the dots.
Ernst & Young LLP turned to Splunk Phantom to connect these dots and remove siloed workflows for their customers. Phantom connects all of these workflows so that you can see the entire contextual picture, and then take action. Mayeski shared with us recently:
“We’re now able to see where the cyber defense team is able to talk with the threat intelligence team or the data protection team. And they're able to share useful metrics. These insights can then roll up to the C-suite, who are then able to make educated decisions based on the risk to the organization.”
The success Ernst & Young saw with Phantom was proven when one of their largest clients was hit with a ransomware attack. Luckily, the client had previously implemented Phantom, allowing them to automate their response to the attack, contain the threat to a single system, and prevent any possible spread or outages.
Read on to see the full story on how Ernst & Young LLP connected the dots for security analysts with Splunk Phantom.
If you’re eager to try Phantom for yourself, download the free community edition.