Phantom Announces the First Purpose-Built, Community-Powered Security Automation & Orchestration Platform

Innovation Connects Existing Security Products to Help Security Operations Accelerate Investigation, Response & Recovery through Automation & Orchestration

PALO ALTO, Calif.--()--Phantom, the first company to provide an open community for security automation and orchestration, today announced the general availability of the Phantom platform to integrate existing security technologies and provide a layer of “connective tissue” between otherwise disparate systems. The only purpose-built automation and orchestration platform that addresses everything from preventative protection and incident response, to regeneration of the environment; Phantom was recently recognized as one of the 10 most innovative companies of 2016 and a finalist in the RSA Conference Innovation Sandbox Contest. The competition is dedicated to encouraging out-of-the-box ideas and the exploration of new technologies that have the potential to transform the information security industry.

“Phantom is a force-multiplier for our security team,” said Jay Leek, Chief Information Security Officer at Blackstone. “We saw it first from a customer's perspective as an innovation that delivers productivity gains, enabling us to respond faster, do more with our existing resources, and get the most out of our security investments. We felt so strongly about Phantom's potential, that we decided to invest in the company as well."

Phantom streamlines security operations through the execution of digital “Playbooks” to achieve in seconds what may normally take minutes or hours to accomplish with the dozens of point products used in typical enterprise security environments. Focused on enhancing security operations, Phantom doesn’t replace existing security products, but instead makes a company’s investment in them smarter, faster and stronger. Through a logical architecture that abstracts product capabilities via the Phantom App model; simple actions can be automated from within Playbooks thus allowing Phantom to act as an "operating system" for an organization’s numerous security products.

“Despite bundled offerings from reputable security vendors, organizations continue to select best of breed; and for good reason,” explained Phantom co-founder and CTO, Sourabh Satish. “Unfortunately this results in a dizzying number of point products that don’t work together and hinder security analysts’ ability to react to incidents. With Phantom we are making it easier for organizations to get the most out of their security investments by enabling existing resources to achieve their full potential.”

Phantom empowers organizations to automate the triage of security elements such as alerts, incidents, threat intelligence, vulnerabilities, phishing emails and more. Customers can either push JSON formatted data to the platform, or pull it from a number of externally supported SIEM or analytics tools. Phantom currently provides integration with over 40 of the industry’s leading security solutions.

Phantom recently collaborated with Enterprise Strategy Group to survey the security community and identify key trends and concerns around security automation and orchestration. Below are a few key findings. Please pre-register to receive the full report when it is published.

  • 74% stated their team ignores events because they can’t keep up with the volume; consequently 30% said more than half of all events are ignored.
  • 77% said if given access to automation/orchestration tools they would investigate the security events/alerts they currently ignore.
  • 69% said more than a quarter of the tasks they manage would be more effective with automation.

“Organizations are constantly trying to balance their resources when it comes to identifying and remediating today’s sophisticated attacks,” stated Jon Oltsik, Principal Analyst at Enterprise Strategy Group. “As more and more organizations realize the significance of effective incident response, we are seeing an increase in budgets with the intention to adopt more automated solutions. The market is becoming ripe for solutions that not only make it easier for security teams to do their jobs, but also enhance current security investments through strategic automation and orchestration.”

While not strictly open source, Phantom is expandable by the user community. Phantom Apps allow users to create connectors to in-house or more obscure security technologies and abstract their APIs back to the platform. Phantom Apps are Python modules, allowing anyone in the community to expand the platform and contribute Apps to the Phantom App store. Similarly, Phantom Playbooks are also written in Python and can be customized at will by the community. Playbooks are synchronized via Git and published on our public GitHub repository. In addition to the enterprise version, the Phantom Community Edition is a free download that offers organizations 100 actions per day to automate and orchestrate their security operations.

Dedicated to promoting an open security community, Phantom launched a $10,000 cash prize contest on January 20, 2016 for developers and security analysts to showcase their expertise in creating innovative Phantom Playbooks and Apps. The contest ends on April 15, 2016 and submissions will be evaluated by a panel of judges from the security industry. For more information or to enter the contest, please visit:

About Phantom

Phantom automates and orchestrates key stages of security operations from prevention to triage and resolution; delivering dramatic increases in productivity and effectiveness. Ranging from simple automation to fully autonomous response, Phantom lets you choose the best balance that fits your organization’s needs while increasing security and accelerating security operations. Focused on closing the security gap by enabling enterprise security operations to be smarter, faster and stronger; Phantom provides the flexibility to connect in-house and third-party systems into one consolidated, integrated and extensible platform. Phantom was founded by enterprise security veterans Oliver Friedrichs and Sourabh Satish who have helped propel companies like Symantec, Sourcefire, Cisco and others to success. For more information visit:


LaunchTech Communications
Caroline Dobyns, 410-353-5340

Release Summary

Phantom today announced the general availability of the Phantom platform to integrate existing security technologies and provide a layer of “connective tissue” between otherwise disparate systems.


LaunchTech Communications
Caroline Dobyns, 410-353-5340