Supercharged SOAR: Meet Splunk Phantom 4.9

The number of cyberattacks launched on organizations continues to rise every year. More attacks means more security alerts that security analysts have to triage each day. Many security teams have turned to a security orchestration, automation and response (SOAR) tool to help them automate the ever-increasing volume of security alerts, and respond to threats faster and more comprehensively. 

But as your organization grows, and the number of security events and alerts increase as well, your SOAR tool needs to keep up. It needs to be an automation workhorse — today and into the future. It needs to be able to automate a majority of (if not all) alerts daily and not allow a backlog to develop, no matter how many security events you’re hit with each day. It also needs to make automation simple and easy. Playbooks should be versatile and easy to build — repeatable and usable across a multitude of security use cases.

That’s why the Splunk Phantom Team is excited to share that Splunk Phantom version 4.9 is generally available. This release enhances Phantom’s performance, scalability and speed to automate the ever-increasing volume of security events your SOC must contend with each day. It also improves the usability and simplicity of automation features within Phantom, making the security analyst experience easier than ever. 

Let’s dive in. Some of the new and enhanced capabilities in this release include:

  • Supercharged Performance, Speed, and Scalability: Phantom’s automation engine just got supercharged. Maximize SOC efficiency, and achieve enterprise-grade reliability, with the ability to automate against 50,000 security events per hour. That’s right, 50,000 per hour. Large enterprises, financial institutions, and government agencies that are habitually bombarded by hundreds to thousands of attacks per day can rely on Splunk Phantom to detect, investigate, contain and remediate a large volume of security events and keep them safe. No other SOAR product on the market can match Phantom on sheer performance, speed, and scalability.

  • Custom Functions: Phantom’s “custom functions” make playbook creation and execution faster and easier. Leverage our out-of-the-box library of custom functions for quick deployment, and easily reuse custom functions across multiple playbooks to maximize playbook versatility and automate additional security processes. Attend our upcoming webinar on custom functions, "Splunk Phantom: Put the Fun in Custom Functions," to learn more.

Other enhancements include Python 3 support, UI streamlining and more. For a full list of new features and upgrades, be sure to read our release notes.

Are you ready for a supercharged SOAR? Join the Splunk Phantom Community today to see how Splunk Phantom can supercharge your security operations. 

John Dominguez
Posted by

John Dominguez

John Dominguez is a product marketer in the Security Markets Group at Splunk. With over 8 years experience in the networking and security industry, John is currently focused on the Security Orchestration, Automation, and Response (SOAR) marketplace. In his role, John is responsible for messaging and positioning, marketing strategy, content creation, and product evangelism for Splunk Phantom. In his previous role in Cisco’s Security Business Group, he marketed Cisco’s Next-Generation Firewall and Cisco Advanced Malware Protection (AMP for Endpoints, AMP for Networks). John has an MBA in Marketing and Strategy from the University of Michigan, and a BA in Economics and Government from Dartmouth College.