Phantom and ESG Research Finds Companies Ignore Majority of Security Alerts

Findings from Research Conducted with Enterprise Strategy Group Show Majority of Security Operations Teams are Struggling to Keep Pace with Incident Response Demands and Priorities

PALO ALTO, Calif.--()--Phantom, the first company to provide an open community for security automation and orchestration, today announced the findings of a joint study with Enterprise Strategy Group (ESG) to assess the current practices and challenges associated with incident response processes and technologies. The research, which was completed in early 2016, surveyed 125 IT and cybersecurity professionals with knowledge of, or responsibility for, incident response processes and technologies at their organizations.

The Automation and Orchestration research study conducted with ESG focused on identifying key trends and the need for security automation and orchestration. Alarmingly, despite having invested significantly in information security solutions to the point of utilizing dozens of point products, nearly 74% of those surveyed reported that security events/alerts are simply ignored because their teams can’t keep up with the suffocating volume.

Unfortunately, organizations simply can’t hire security talent fast enough to address the problem with brute force, and the skills gap continues to grow and cause challenges. Ninety-two percent of respondents said that the difference in skill levels among the employees dealing with incident responses is significant. Consequently, 30% said more than half of all events are ignored. However, 77% of those in the study stated that if given access to automation/orchestration tools they would investigate the security events/alerts they currently ignore.

“Overwhelmed by security alert volume, today’s organizations are in dire need of smarter, faster and stronger incident response procedures and solutions,” said Phantom co-founder and CEO, Oliver Friedrichs. “It has become very clear that security risks are only going to increase, and in order to stay ahead of the threat curve, companies can no longer rely on manual processes. At Phantom we strive to give our customers the automation and orchestration necessary to enable them to get the most out of their security investments and make it much easier to address pertinent incidents.”

Phantom, which was recently recognized as the most innovative company at the RSA Conference, integrates existing security technologies and provides a layer of “connective tissue” between otherwise disparate systems. Phantom is the only purpose-built automation and orchestration platform that addresses everything from preventative protection and incident response, to regeneration of the environment. Aligning nicely with the belief of 77% of organizations that incident response automation and orchestration can help expand and extend their ability to investigate more security alerts, Phantom empowers organizations to automate the triage of security elements such as alerts, incidents, threat intelligence, vulnerabilities, phishing emails and more. Furthermore, Phantom streamlines security operations through the execution of digital “Playbooks” to achieve in seconds what may normally take minutes or hours to accomplish with the dozens of point products used in typical enterprise security environments.

Additional key findings from the ESG-led research:

  • Large organizations are struggling to keep ahead of incident response processes and priorities. 67% of enterprise organizations believe that IR is more difficult today than two years ago for several reasons:
    • More IT activities
    • Additional security management and incident detection technologies
    • Considerably more security alerts
  • 69% said more than a quarter of the tasks they manage would be more effective with automation. Additionally, many organizations believe they can leverage incident response automation and orchestration beyond simple security investigations and technology remediation.
    • 61% of organizations believe that incident response automation and orchestration could be applied to vulnerability scanning; 58% see a fit with network access controls (NAC); and 51% feel it could be applied to system provisioning.
  • CISOs recognize that incident response issues represent a profound business and IT risk to their organizations, and 80% plan to increase spending on incident response over the next two years.
  • Moving forward, 86% of enterprise organizations have deployed or plan to deploy a commercially-available incident response automation and orchestration platform to anchor their incident response processes.
    • To alleviate the burden of manual processes, CISOs want to automate as many incident response tasks as possible. Most want to start with routine task like automatically blocking malicious URLs and rogue IP addresses; then with a foundation in place they can move on to automating workflows and investigations.

“Organizations are constantly trying to balance their resources when it comes to identifying and remediating today’s sophisticated attacks,” stated Jon Oltsik, Principal Analyst at Enterprise Strategy Group. “As more and more organizations realize the significance of effective incident response, we are seeing an increase in budgets with the intention to adopt more automated solutions. The market is becoming ripe for solutions that not only make it easier for security teams to do their jobs, but also enhance current security investments through strategic automation and orchestration.”

Now available for download, the ESG report provides a complete breakdown of current incident response practices and challenges as well as future strategic plans intended to improve the efficacy and efficiency of incident response activities. Respondents represented numerous industry and government segments with the largest participation coming from the financial services industry (18%), manufacturing (14%), communications and media (14%), business services (11%), and retail/wholesale (10%). To download the complete report and full findings, please register here.

Focused on enhancing security operations, Phantom does not replace existing security products, but instead makes a company’s investment in them smarter, faster and stronger. Through a logical architecture that abstracts product capabilities via the Phantom App model, simple actions can be automated from within Playbooks thus allowing Phantom to act as an "operating system" for an organization’s numerous security products. For more information on how Phantom automates security operations, please visit:

About Phantom

Phantom, an award-winning company, automates and orchestrates key stages of security operations from prevention to triage and resolution; delivering dramatic increases in productivity and effectiveness. Ranging from simple automation to fully autonomous response, Phantom lets you choose the best balance that fits your organization’s needs while increasing security and accelerating security operations. Focused on closing the security gap by enabling enterprise security operations to be smarter, faster and stronger; Phantom provides the flexibility to connect in-house and third-party systems into one consolidated, integrated and extensible platform. Phantom was founded by enterprise security veterans Oliver Friedrichs and Sourabh Satish who have helped propel companies like Symantec, Sourcefire, Cisco and others to success. For more information visit:


LaunchTech Communications
Kate Davis, 410-698-5211

Release Summary

Phantom today announced the findings of a joint study with Enterprise Strategy Group (ESG) to assess the current practices and challenges associated with incident response processes and technologies.


LaunchTech Communications
Kate Davis, 410-698-5211