consumed, it may recognize the need to pull a machine off the network for reimaging. Rather than alerting IT to do the job, it can take the actions needed without human intervention. Or, if there’s something more complicated that does require human input, Phantom can stop, send a message to a human, who can then decide what to do or not, and then it continues. It can trigger events, close networks down, generate help tickets and any number of other actions.
Phantom serves as the nerve center in the very middle
of the entire security operation, where it can pull data from
all the many tools, push data out and respond where it’s needed. Organizations are able to improve security and better manage risk by integrating teams, processes and tools. On
the incident response side, security teams can automate tasks, orchestrate workflows and support security operations center (SOC) functions including event and case management, collaboration and reporting.
One frequent story I hear from campus IT customers is how they use Phantom to block activities on the network that end
up protecting students’ machines in the residence halls. Even though those machines aren’t being monitored directly, the network activity is. Splunk could detect botnet activities before they launched an attack in the dorms. Phantom could even
be set to send out a notification informing the students with infected machines that their devices have been compromised and that they need to either do the patching themselves or bring their systems into the tech center for attention.
IT staffers no longer need to take training on all of the many security tools in use; they have to become conversant in just one. And because that one tool allows for deep analytics, level one folks aren’t consigned to the simplest stuff; they too can dig into the raw data for forensic analysis, which makes the work far more intriguing. With the right automation, the churn may just wind down.
Jesse Trucks serves as minister of magic at Splunk, where he specializes in security. He also hosts “Meanwhile in Security,” a podcast covering cloud security for ordinary people.
Data to stopping
threats and protecting students because keeping our institutions safe
is Everything.
The Data-to- EverythingTM Platform
For more information, check
www.splunk.com/highered
©2020 Splunk Inc.
CAMPUSTECHNOLOGY.COM | 7