securityboulevard.com
Open in
urlscan Pro
2606:4700:10::6816:29c
Public Scan
URL:
https://securityboulevard.com/2020/07/3-steps-to-improve-your-appsec-using-threatx-and-splunk-phantom/
Submission Tags: falconsandbox
Submission: On November 15 via api from US — Scanned from DE
Submission Tags: falconsandbox
Submission: On November 15 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
GET https://securityboulevard.com/
<form action="https://securityboulevard.com/" class="search-form searchform clearfix" method="get">
<div class="search-wrap">
<input type="text" placeholder="Search" class="s field" name="s">
<button class="search-icon" type="submit"></button>
</div>
</form>POST /2020/07/3-steps-to-improve-your-appsec-using-threatx-and-splunk-phantom/
<form method="post" enctype="multipart/form-data" id="gform_10" action="/2020/07/3-steps-to-improve-your-appsec-using-threatx-and-splunk-phantom/">
<div class="gform_body gform-body">
<ul id="gform_fields_10" class="gform_fields top_label form_sublabel_below description_below">
<li id="field_10_1" class="gfield gfield_contains_required field_sublabel_below field_description_below hidden_label gfield_visibility_visible"><label class="gfield_label" for="input_10_1">Email<span class="gfield_required"><span
class="gfield_required gfield_required_asterisk">*</span></span></label>
<div class="ginput_container ginput_container_email">
<input name="input_1" id="input_10_1" type="text" value="" class="large" placeholder="Your Email" aria-required="true" aria-invalid="false">
</div>
</li>
<li id="field_10_2" class="gfield gfield_html gfield_html_formatted gfield_no_follows_desc field_sublabel_below field_description_below gfield_visibility_visible">
<div class="gsection_description"><a href="https://securityboulevard.com/privacy-policy/">View Security Boulevard <u>Privacy Policy</u></a></div>
</li>
<li id="field_10_3" class="gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible">
<div class="ginput_container ginput_container_text"><input name="input_3" id="input_10_3" type="hidden" class="gform_hidden" aria-invalid="false" value=""></div>
</li>
<li id="field_10_4" class="gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible">
<div class="ginput_container ginput_container_text"><input name="input_4" id="input_10_4" type="hidden" class="gform_hidden" aria-invalid="false" value=""></div>
</li>
<li id="field_10_5" class="gfield gfield--width-full field_sublabel_below field_description_below hidden_label gfield_visibility_visible"><label class="gfield_label" for="input_10_5">CAPTCHA</label>
<div id="input_10_5" class="ginput_container ginput_recaptcha gform-initialized" data-sitekey="6Ld9rm8cAAAAAEa1mXDqRlCvlsP8t1u1weqyOCJn" data-theme="light" data-tabindex="-1" data-size="invisible" data-badge="bottomright">
<div class="grecaptcha-badge" data-style="bottomright"
style="width: 256px; height: 60px; display: block; transition: right 0.3s ease 0s; position: fixed; bottom: 14px; right: -186px; box-shadow: gray 0px 0px 5px; border-radius: 2px; overflow: hidden;">
<div class="grecaptcha-logo"><iframe title="reCAPTCHA"
src="https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld9rm8cAAAAAEa1mXDqRlCvlsP8t1u1weqyOCJn&co=aHR0cHM6Ly9zZWN1cml0eWJvdWxldmFyZC5jb206NDQz&hl=en&v=yZguKF1TiDm6F3yJWVhmOKQ9&theme=light&size=invisible&badge=bottomright&cb=7olfhldeof5f"
width="256" height="60" role="presentation" name="a-n6yxwqhk9s8w" frameborder="0" scrolling="no" sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-top-navigation allow-modals allow-popups-to-escape-sandbox"
tabindex="-1"></iframe></div>
<div class="grecaptcha-error"></div><textarea id="g-recaptcha-response" name="g-recaptcha-response" class="g-recaptcha-response"
style="width: 250px; height: 40px; border: 1px solid rgb(193, 193, 193); margin: 10px 25px; padding: 0px; resize: none; display: none;"></textarea>
</div><iframe style="display: none;"></iframe>
</div>
</li>
<li id="field_10_6" class="gfield gform_validation_container field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label" for="input_10_6">Name</label>
<div class="ginput_container"><input name="input_6" id="input_10_6" type="text" value=""></div>
<div class="gfield_description" id="gfield_description_10_6">This field is for validation purposes and should be left unchanged.</div>
</li>
</ul>
</div>
<div class="gform_footer top_label"> <input type="submit" id="gform_submit_button_10" class="gform_button button" value="Subscribe Now"
onclick="if (!window.__cfRLUnblockHandlers) return false; if(window["gf_submitting_10"]){return false;} window["gf_submitting_10"]=true; "
onkeypress="if (!window.__cfRLUnblockHandlers) return false; if( event.keyCode == 13 ){ if(window["gf_submitting_10"]){return false;} window["gf_submitting_10"]=true; jQuery("#gform_10").trigger("submit",[true]); }">
<input type="hidden" class="gform_hidden" name="is_submit_10" value="1">
<input type="hidden" class="gform_hidden" name="gform_submit" value="10">
<input type="hidden" class="gform_hidden" name="gform_unique_id" value="">
<input type="hidden" class="gform_hidden" name="state_10" value="WyJbXSIsImExN2ZmNzMxNzRmOWUyZjU4NDM0NzI5MzVhYzMzZjI2Il0=">
<input type="hidden" class="gform_hidden" name="gform_target_page_number_10" id="gform_target_page_number_10" value="0">
<input type="hidden" class="gform_hidden" name="gform_source_page_number_10" id="gform_source_page_number_10" value="1">
<input type="hidden" name="gform_field_values" value="">
</div>
<p style="display: none !important;"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js" name="ak_js" value="1636984370457"></p>
</form>Text Content
Monday, November 15, 2021 * FBI Email—‘Threat Actor in Systems’—is Spam * Cybersecurity for Sports and Entertainment * You are the only one who can secure and protect your web applications * Attacks On Retail Websites Up Heading Into Holiday Season * US Treasury Again Threatens to Sanction Ransomware Victims * * * * * * * SECURITY BOULEVARD The Home of the Security Bloggers Network Community Chats Webinars Library * Home * Cybersecurity News * Features * Industry Spotlight * News Releases * Security Bloggers Network * Latest Posts * Contributors * Syndicate Your Blog * Write for Security Boulevard * Events * Upcoming Events * Upcoming Webinars * On-Demand Events * On-Demand Webinars * Chat * Security Boulevard Chat * Marketing InSecurity Podcast * Library * Related Sites * Techstrong Group * Container Journal * DevOps.com * Security Boulevard * Techstrong Research * Techstrong TV * Devops Chat * DevOps Dozen * DevOps TV * Digital Anarchist * Media Kit * About Us * Analytics * AppSec * CISO * Cloud * DevOps * GRC * Identity * Incident Response * IoT / ICS * Threats / Breaches * More * Blockchain / Digital Currencies * Careers * Cyberlaw * Mobile * Social Engineering * Humor TwitterLinkedInFacebookRedditEmailShare Security Bloggers Network HOME » SECURITY BLOGGERS NETWORK » 3 STEPS TO IMPROVE YOUR APPSEC USING THREATX AND SPLUNK PHANTOM 3 STEPS TO IMPROVE YOUR APPSEC USING THREATX AND SPLUNK PHANTOM by Tom Hickman on July 15, 2020 Modern AppSec and security teams face enormous challenges of scale when it comes to their daily workload. Organizations need to secure more applications and APIs than ever before, and those apps and APIs are under constant attack from increasingly sophisticated methods. Security staff has to parse and analyze an avalanche of alerts and data to stay ahead of bad actors and continuously improve the security posture of their organization. Collectively, this is a perfect storm that can put even the best security teams under intense strain. That strain is starting to show! A recent survey found that 83% of cybersecurity works felt overworked, and 82% of their teams were understaffed. And with the shortfall in cybersecurity talent expected to hit 3.5 million in 2021, we as an industry aren’t going to solve this problem by throwing people at it. The combination of ThreatX and leading Security Orchestration and Automation (SOAR) tools such as Splunk Phantom gives AppSec teams the force-multiplier they need to vastly improve their security posture while also reducing their operational workload. We’ve teamed up with Splunk to break it down for you: STEP 1: BETTER SECURITY AND REDUCED SPRAWL WITH THREATX As the security landscape has evolved, many organizations have acquired a wide variety of specialized security tools that require their own configuration and maintenance and generate their own alerts and logs. Even many supposedly integrated solutions rely on multiple independent modules that behave like separate products. This increases the management overhead on staff and creates the tedious problem of correlating and analyzing logs and alerts from multiple sources of truth, all to get a complete view of risk. ThreatX brings an Easy Button to this problem. Our WAAP++ platform is a truly unified approach to AppSec that covers all types of threats. Instead of separate solutions for WAF, behavioral analysis, anti-bot protection, DDoS mitigation, and API protection, ThreatX provides a single platform. Just as importantly, ThreatX brings together a wide variety of analytical and detection techniques to deliver a continuously updated view of risk. This means that application profiling, attacker profiling, fingerprinting, active interrogation, and deception techniques all work as a unified detection engine. We track suspicious and malicious activity in real-time and deliver a single verdict on a potential threat, resulting in fewer tools to manage. With ThreatX, the endless monotony of manually correlating alerts can finally become a lost art! STEP 2: ENRICHED INTELLIGENCE WITH THREATX AND SPLUNK PHANTOM Information within ThreatX can also be invaluable for use in investigation and response workflows. Through our integration with Splunk Phantom, security analysts and staff can automatically leverage the unique intelligence and context in the ThreatX platform. For example, ThreatX discovers and maintains extensive information on each entity that interacts with a protected application, including a variety of low-level traits and behaviors that uniquely identify the entity. Using the Splunk integration, this entity profile can be shared with other systems to inform both defensive and forensic actions. The ThreatX/Splunk Phantom integration delivers a unified, up-to-date view of an entity’s total risk to the organization. And this can all be integrated into custom or pre-built investigation playbooks for malware, command-and-control, ransomware, and more. STEP 3: AUTOMATICALLY ADAPT AND DEFEND WITH THREATX AND SPLUNK PHANTOM In addition to investigations, security teams can use the combination of ThreatX and Splunk Phantom to take automated and proactive action when threats are detected. ThreatX provides the inherent ability to take action against hosts. The Splunk Phantom integration allows security teams to extend ThreatX enforcement decisions to other tools in their defense arsenal. For example, the integration can allow any system such as a network firewall to block or unblock an IP address based on information from ThreatX. Likewise, specific hosts can be dynamically added to blacklists or whitelists. These designations can also be triggered to adapt based on ThreatX’s internal risk score. This means that as risk rises for a particular entity, it can be blocked, and it can likewise be automatically unblocked once the threat has passed. This saves staff the often-manual work of cleaning up after a blocking incident. Two great products, three easy steps, one massively improved security posture! What I covered above represents some of the most common examples of how security teams automate and integrate via ThreatX and Splunk Phantom. The advantage for organizations is two-fold: * a unified view of risk, and * an overall better security posture! If you’d like to learn more about ThreatX and our integration with Splunk Phantom, schedule a ThreatX demo and let us know you how it works. Recent Articles By Author * Winning the battle against blended threats * Five Reasons Agentless AppSec is the Right Choice * This Way to WAAP++ More from Tom Hickman *** This is a Security Bloggers Network syndicated blog from ThreatX Blog authored by Tom Hickman. Read the original post at: https://blog.threatxlabs.com/3-steps-to-improve-your-appsec-using-threatx-and-splunk-phantom July 15, 2020July 16, 2020 Tom Hickman Company | Product Updates * ← Build vs Buy: Securing Customer Identity with Loginradius * Strong Things Have Deep Roots: Capitalizing On Half a Century Of Positive Action In The Cybersecurity Sector → TECHSTRONG TV – LIVE Watch latest episodes and shows SUBSCRIBE TO OUR NEWSLETTERS Get breaking news, free eBooks and upcoming events delivered to your inbox. * Email* * View Security Boulevard Privacy Policy * * * CAPTCHA * Name This field is for validation purposes and should be left unchanged. Δ MOST READ ON THE BOULEVARD Sontiq BreachIQ Data Breach Report: Week of Nov. 8 Are Cyber Insurers Cybersecurity’s New Enforcers? Zebra2014 Broker Shares Ransomware Resources How Optimism Bias Undermines Cybersecurity Loosening the Grip of Ransomware Why XDR is a ‘Must Have’ for Organizations of Every Size Why 86% of Organizations Are Increasing Their Investment in Active Directory Security CVE Remediation Is Now a Board-Level Issue:It’s Time to Automate 5 Takeaways From Our Webinar on Cyber Risk with Former BP CEO Bob Dudley How an MSSP successfully fought off a major cyber attack UPCOMING WEBINARS Tue 16 USING THE OWASP TOP 10 TO GUIDE SOFTWARE SECURITY PROGRAMS November 16 @ 12:00 pm - 1:00 pm Tue 16 RED TEAM VS. BLUE TEAM INTRUSION SIMULATION USING WIZARD SPIDER November 16 @ 12:00 pm - 1:00 pm Thu 18 MODERN RANSOMWARE: HOW WE GOT HERE AND WHERE WE’RE GOING November 18 @ 3:00 pm - 4:00 pm Mon 22 SECURING OPEN SOURCE: BEST PRACTICES November 22 @ 1:00 pm - 2:00 pm Mon 29 CYBERSECURITY MAYHEM: 2021 THREATS AND WHAT TO EXPECT NEXT November 29 @ 11:00 am - 12:00 pm Tue 30 SECURING YOUR DEVELOPMENT INFRASTRUCTURE AND APPS FROM SUPPLY CHAIN ATTACKS November 30 @ 11:00 am - 12:00 pm Tue 30 SECURING ACCESS TO SENSITIVE CORPORATE DATA AND APPLICATIONS IN THE HYBRID WORLD November 30 @ 3:00 pm - 4:00 pm Dec 01 PROTECTING APPLICATIONS RUNNING ON KUBERNETES December 1 @ 12:00 pm - 1:00 pm More Webinars DOWNLOAD FREE EBOOK RECENT SECURITY BOULEVARD CHATS * Cloud, DevSecOps and Network Security, All Together? * Security-as-Code with Tim Jefferson, Barracuda Networks * ASRTM with Rohit Sethi, Security Compass * Deception: Art or Science, Ofer Israeli, Illusive Networks * Tips to Secure IoT and Connected Systems w/ DigiCert INDUSTRY SPOTLIGHT Application Security Cloud Security Cybersecurity Data Security Industry Spotlight Mobile Security Network Security Security Boulevard (Original) CYBERSECURITY FOR SPORTS AND ENTERTAINMENT November 15, 2021 Bindu Sundaresan | 5 hours ago 0 Cyberlaw Cybersecurity Data Security Governance, Risk & Compliance Industry Spotlight Security Awareness Security Boulevard (Original) RANSOMWARE AND THE UNCERTAINTIES OF CYBERINSURANCE November 4, 2021 Christopher Escobedo Hart | Nov 04 0 Cybersecurity Data Security Governance, Risk & Compliance Incident Response Industry Spotlight Network Security Security Awareness Security Boulevard (Original) Threat Intelligence WHO NEEDS CYBERINSURANCE? November 3, 2021 Stuart Cooke | Nov 03 0 TOP STORIES Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Malware Mobile Security Network Security News Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities FBI EMAIL—‘THREAT ACTOR IN SYSTEMS’—IS SPAM November 15, 2021 Richi Jennings | 35 minutes ago 0 Cyberlaw Cybersecurity Featured Governance, Risk & Compliance Malware Network Security News Security Awareness Security Boulevard (Original) Spotlight US TREASURY AGAIN THREATENS TO SANCTION RANSOMWARE VICTIMS November 15, 2021 Mark Rasch | 6 hours ago 0 Application Security Cloud Security Cybersecurity Featured News Security Boulevard (Original) Spotlight LACEWORK ACQUIRES SOLUBLE TO IMPROVE CLOUD SECURITY November 12, 2021 Michael Vizard | 2 days ago 0 SECURITY HUMOR FBI EMAIL—‘THREAT ACTOR IN SYSTEMS’—IS SPAM JOIN THE COMMUNITY * Add your blog to Security Bloggers Network * Write for Security Boulevard * Bloggers Meetup and Awards * Ask a Question * Email: info@securityboulevard.com USEFUL LINKS * About * Media Kit * Sponsors Info * Copyright * TOS * DMCA Compliance Statement * Privacy Policy RELATED SITES * Techstrong Group * Container Journal * DevOps.com * Techstrong Research * Techstrong TV * DevOps Chat * DevOps Dozen * DevOps TV * Digital Anarchist * * * * * * * Copyright © 2021 Techstrong Group Inc. All rights reserved. ✓ Thanks for sharing! AddToAny More… Notifications previousnextslideshow