securityboulevard.com
Open in
urlscan Pro
2606:4700:10::6816:29c
Public Scan
URL:
https://securityboulevard.com/2020/07/3-steps-to-improve-your-appsec-using-threatx-and-splunk-phantom/
Submission Tags: falconsandbox
Submission: On August 29 via api from US
Submission Tags: falconsandbox
Submission: On August 29 via api from US
Form analysis 2 forms found in the DOM
GET https://securityboulevard.com/
<form action="https://securityboulevard.com/" class="search-form searchform clearfix" method="get">
<div class="search-wrap">
<input type="text" placeholder="Search" class="s field" name="s">
<button class="search-icon" type="submit"></button>
</div>
</form>POST /2020/07/3-steps-to-improve-your-appsec-using-threatx-and-splunk-phantom/
<form method="post" enctype="multipart/form-data" id="gform_10" action="/2020/07/3-steps-to-improve-your-appsec-using-threatx-and-splunk-phantom/">
<input type="hidden" class="gforms-pum" value="{"closepopup":false,"closedelay":0,"openpopup":false,"openpopup_id":0}">
<div class="gform_body gform-body">
<ul id="gform_fields_10" class="gform_fields top_label form_sublabel_below description_below">
<li id="field_10_1" class="gfield gfield_contains_required field_sublabel_below field_description_below hidden_label gfield_visibility_visible"><label class="gfield_label" for="input_10_1">Email<span class="gfield_required"><span
class="gfield_required gfield_required_asterisk">*</span></span></label>
<div class="ginput_container ginput_container_email">
<input name="input_1" id="input_10_1" type="text" value="" class="large" placeholder="Your Email" aria-required="true" aria-invalid="false">
</div>
</li>
<li id="field_10_2" class="gfield gfield_html gfield_html_formatted gfield_no_follows_desc field_sublabel_below field_description_below gfield_visibility_visible">
<div class="gsection_description"><a href="https://securityboulevard.com/privacy-policy/">View Security Boulevard <u>Privacy Policy</u></a></div>
</li>
<li id="field_10_3" class="gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible">
<div class="ginput_container ginput_container_text"><input name="input_3" id="input_10_3" type="hidden" class="gform_hidden" aria-invalid="false" value=""></div>
</li>
<li id="field_10_4" class="gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible">
<div class="ginput_container ginput_container_text"><input name="input_4" id="input_10_4" type="hidden" class="gform_hidden" aria-invalid="false" value=""></div>
</li>
<li id="field_10_5" class="gfield gform_validation_container field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label" for="input_10_5">Comments</label>
<div class="ginput_container"><input name="input_5" id="input_10_5" type="text" value=""></div>
<div class="gfield_description" id="gfield_description_10_5">This field is for validation purposes and should be left unchanged.</div>
</li>
</ul>
</div>
<div class="gform_footer top_label"> <input type="submit" id="gform_submit_button_10" class="gform_button button" value="Subscribe Now"
onclick="if (!window.__cfRLUnblockHandlers) return false; if(window["gf_submitting_10"]){return false;} window["gf_submitting_10"]=true; "
onkeypress="if (!window.__cfRLUnblockHandlers) return false; if( event.keyCode == 13 ){ if(window["gf_submitting_10"]){return false;} window["gf_submitting_10"]=true; jQuery("#gform_10").trigger("submit",[true]); }">
<input type="hidden" class="gform_hidden" name="is_submit_10" value="1">
<input type="hidden" class="gform_hidden" name="gform_submit" value="10">
<input type="hidden" class="gform_hidden" name="gform_unique_id" value="">
<input type="hidden" class="gform_hidden" name="state_10" value="WyJbXSIsImExN2ZmNzMxNzRmOWUyZjU4NDM0NzI5MzVhYzMzZjI2Il0=">
<input type="hidden" class="gform_hidden" name="gform_target_page_number_10" id="gform_target_page_number_10" value="0">
<input type="hidden" class="gform_hidden" name="gform_source_page_number_10" id="gform_source_page_number_10" value="1">
<input type="hidden" name="gform_field_values" value="">
</div>
</form>Text Content
Sunday, August 29, 2021 * DEF CON 29 Main Stage – Austin Allshouse’s ‘The Mechanics Of Compromising Low Entropy RSA Keys’ * The Joy of Tech® ‘A Statement By The Beam Of Light From The Dark Side Of (The) Moon Album Cover’ * Why Microsoft’s Hardware Baseline for Windows 11 Is Important * DEF CON 29 Main Stage – Barak Sternberg’s ‘Extension Land: Exploits And Rootkits In Your Browser Extensions’ * SIM Swapping Is a Growing Cyber Threat — Here’s Help * * * * * * * SECURITY BOULEVARD The Home of the Security Bloggers Network Community Chats Webinars Library * Home * Cybersecurity News * Features * Industry Spotlight * News Releases * Security Bloggers Network * Latest Posts * Contributors * Syndicate Your Blog * Write for Security Boulevard * Events * Upcoming Events * Upcoming Webinars * On-Demand Events * On-Demand Webinars * Chat * Security Boulevard Chat * Marketing InSecurity Podcast * Library * Related Sites * MediaOps Inc. * DevOps.com * Container Journal * Digital Anarchist * SweetCode.io * Media Kit * Analytics * AppSec * CISO * Cloud * DevOps * GRC * Identity * Incident Response * IoT / ICS * Threats / Breaches * More * Blockchain / Digital Currencies * Careers * Cyberlaw * Mobile * Social Engineering * Humor TwitterLinkedInFacebookRedditEmailShare Security Bloggers Network HOME » SECURITY BLOGGERS NETWORK » 3 STEPS TO IMPROVE YOUR APPSEC USING THREATX AND SPLUNK PHANTOM 3 STEPS TO IMPROVE YOUR APPSEC USING THREATX AND SPLUNK PHANTOM by Tom Hickman on July 15, 2020 Modern AppSec and security teams face enormous challenges of scale when it comes to their daily workload. Organizations need to secure more applications and APIs than ever before, and those apps and APIs are under constant attack from increasingly sophisticated methods. Security staff has to parse and analyze an avalanche of alerts and data to stay ahead of bad actors and continuously improve the security posture of their organization. Collectively, this is a perfect storm that can put even the best security teams under intense strain. That strain is starting to show! A recent survey found that 83% of cybersecurity works felt overworked, and 82% of their teams were understaffed. And with the shortfall in cybersecurity talent expected to hit 3.5 million in 2021, we as an industry aren’t going to solve this problem by throwing people at it. The combination of ThreatX and leading Security Orchestration and Automation (SOAR) tools such as Splunk Phantom gives AppSec teams the force-multiplier they need to vastly improve their security posture while also reducing their operational workload. We’ve teamed up with Splunk to break it down for you: STEP 1: BETTER SECURITY AND REDUCED SPRAWL WITH THREATX As the security landscape has evolved, many organizations have acquired a wide variety of specialized security tools that require their own configuration and maintenance and generate their own alerts and logs. Even many supposedly integrated solutions rely on multiple independent modules that behave like separate products. This increases the management overhead on staff and creates the tedious problem of correlating and analyzing logs and alerts from multiple sources of truth, all to get a complete view of risk. ThreatX brings an Easy Button to this problem. Our WAAP++ platform is a truly unified approach to AppSec that covers all types of threats. Instead of separate solutions for WAF, behavioral analysis, anti-bot protection, DDoS mitigation, and API protection, ThreatX provides a single platform. Just as importantly, ThreatX brings together a wide variety of analytical and detection techniques to deliver a continuously updated view of risk. This means that application profiling, attacker profiling, fingerprinting, active interrogation, and deception techniques all work as a unified detection engine. We track suspicious and malicious activity in real-time and deliver a single verdict on a potential threat, resulting in fewer tools to manage. With ThreatX, the endless monotony of manually correlating alerts can finally become a lost art! STEP 2: ENRICHED INTELLIGENCE WITH THREATX AND SPLUNK PHANTOM Information within ThreatX can also be invaluable for use in investigation and response workflows. Through our integration with Splunk Phantom, security analysts and staff can automatically leverage the unique intelligence and context in the ThreatX platform. For example, ThreatX discovers and maintains extensive information on each entity that interacts with a protected application, including a variety of low-level traits and behaviors that uniquely identify the entity. Using the Splunk integration, this entity profile can be shared with other systems to inform both defensive and forensic actions. The ThreatX/Splunk Phantom integration delivers a unified, up-to-date view of an entity’s total risk to the organization. And this can all be integrated into custom or pre-built investigation playbooks for malware, command-and-control, ransomware, and more. STEP 3: AUTOMATICALLY ADAPT AND DEFEND WITH THREATX AND SPLUNK PHANTOM In addition to investigations, security teams can use the combination of ThreatX and Splunk Phantom to take automated and proactive action when threats are detected. ThreatX provides the inherent ability to take action against hosts. The Splunk Phantom integration allows security teams to extend ThreatX enforcement decisions to other tools in their defense arsenal. For example, the integration can allow any system such as a network firewall to block or unblock an IP address based on information from ThreatX. Likewise, specific hosts can be dynamically added to blacklists or whitelists. These designations can also be triggered to adapt based on ThreatX’s internal risk score. This means that as risk rises for a particular entity, it can be blocked, and it can likewise be automatically unblocked once the threat has passed. This saves staff the often-manual work of cleaning up after a blocking incident. Two great products, three easy steps, one massively improved security posture! What I covered above represents some of the most common examples of how security teams automate and integrate via ThreatX and Splunk Phantom. The advantage for organizations is two-fold: * a unified view of risk, and * an overall better security posture! If you’d like to learn more about ThreatX and our integration with Splunk Phantom, schedule a ThreatX demo and let us know you how it works. Recent Articles By Author * Winning the battle against blended threats * Five Reasons Agentless AppSec is the Right Choice * This Way to WAAP++ More from Tom Hickman *** This is a Security Bloggers Network syndicated blog from ThreatX Blog authored by Tom Hickman. Read the original post at: https://blog.threatxlabs.com/3-steps-to-improve-your-appsec-using-threatx-and-splunk-phantom July 15, 2020July 16, 2020 Tom Hickman Company | Product Updates * ← Build vs Buy: Securing Customer Identity with Loginradius * Strong Things Have Deep Roots: Capitalizing On Half a Century Of Positive Action In The Cybersecurity Sector → TECHSTRONG TV – LIVE Watch latest episodes and shows SUBSCRIBE TO OUR NEWSLETTERS Get breaking news, free eBooks and upcoming events delivered to your inbox. * Email* * View Security Boulevard Privacy Policy * * * Comments This field is for validation purposes and should be left unchanged. MOST READ ON THE BOULEVARD HYCU Tool Assesses Ransomware Recovery Ability Banking’s Digital Future Raises Security Concerns Your ISP is Selling your Data—Despite Swearing Not To Cameyo Adds Secure Cloud Tunneling Capability Linux Attackers Take Advantage of Unpatched Vulnerabilities Rain Washes Away Arizona Border Wall… AGAIN Data Loss Prevention: What Is DLP and Why Is It Important? API Security 101: Injection What is Zero-Day Attack Identification? The 4 most common bad bot attack methods targeting financial services UPCOMING WEBINARS Mon 30 API SECURITY August 30 @ 1:00 pm - 2:00 pm Sep 01 HOW TO DISCOVER DATA EXFILTRATION IN MINUTES, NOT MONTHS September 1 @ 11:00 am - 12:00 pm Sep 02 KUBERNETES LIFE CYCLE SECURITY: RED HAT OPENSHIFT LIVE HACK September 2 @ 1:00 pm - 2:00 pm Sep 07 THE DO’S AND DON’TS OF APPSEC FOR MODERN SOFTWARE DEVELOPMENT September 7 @ 11:00 am - 12:00 pm Sep 07 [EXECUTIVE BRIEFING] AVOIDING A CLOUD SECURITY COLLISION WITH POLICY-BASED AUTOMATION September 7 @ 3:00 pm - 4:00 pm Sep 08 KEYS OR CERTS FOR SSH ACCESS? WHY SHOULD I CARE? September 8 @ 11:00 am - 12:00 pm Sep 09 SCALING GOVERNANCE, COMPLIANCE AND SECURITY THROUGH PIPELINE AUTOMATION September 9 @ 11:00 am - 12:00 pm Sep 09 THE PERFECT STORM: RESHAPING MDR September 9 @ 1:00 pm - 2:00 pm Sep 14 AUTOMATING SECURITY POLICY TO ACCELERATE CI/CD September 14 @ 11:00 am - 12:00 pm Sep 14 SECURING YOUR SOFTWARE SUPPLY CHAIN: LEVERAGING DARK WEB THREAT INTELLIGENCE TO FORTIFY YOUR DEFENSES September 14 @ 1:00 pm - 2:00 pm More Webinars DOWNLOAD FREE EBOOK RECENT SECURITY BOULEVARD CHATS * Cloud, DevSecOps and Network Security, All Together? * Security-as-Code with Tim Jefferson, Barracuda Networks * ASRTM with Rohit Sethi, Security Compass * Deception: Art or Science, Ofer Israeli, Illusive Networks * Tips to Secure IoT and Connected Systems w/ DigiCert INDUSTRY SPOTLIGHT Cybersecurity Data Security Endpoint Identity & Access Industry Spotlight Mobile Security Network Security Security Awareness Security Boulevard (Original) Threat Intelligence Vulnerabilities FIRMWARE: BEYOND SECURING THE SOFTWARE STACK August 24, 2021 Maggie Jauregui | Aug 24 0 Analytics & Intelligence CISO Suite Cybersecurity Governance, Risk & Compliance Industry Spotlight Security Awareness Security Boulevard (Original) 3 METRICS TO GAUGE CYBERSECURITY PROGRAM HEALTH August 12, 2021 Colin O'Connor | Aug 12 0 Application Security Cybersecurity Data Security Identity & Access Industry Spotlight Mobile Security Security Boulevard (Original) SOLVING THE PUZZLE OF GLOBAL IDENTITY VERIFICATION August 10, 2021 Alain Meier | Aug 10 0 TOP STORIES Analytics & Intelligence Cloud Security Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance IoT & ICS Security Mobile Security Network Security News Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities YOUR ISP IS SELLING YOUR DATA—DESPITE SWEARING NOT TO August 26, 2021 Richi Jennings | 2 days ago 0 Analytics & Intelligence Application Security Cybersecurity Endpoint Featured Identity & Access Incident Response IoT & ICS Security News Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities THIS MOUSE GIVES YOU ADMIN ON WINDOWS August 23, 2021 Richi Jennings | Aug 23 0 Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Endpoint Featured Governance, Risk & Compliance IoT & ICS Security Malware Network Security News Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities GREAT FIREWALL READY TO UNLEASH ‘GIGANTIC’ DDOS—SO ARE OTHER MIDDLEBOXES August 19, 2021 Richi Jennings | Aug 19 0 SECURITY HUMOR THE JOY OF TECH® ‘A STATEMENT BY THE BEAM OF LIGHT FROM THE DARK SIDE OF (THE) MOON ALBUM COVER’ JOIN THE COMMUNITY * Add your blog to Security Bloggers Network * Write for Security Boulevard * Bloggers Meetup and Awards * Ask a Question * Email: info@securityboulevard.com USEFUL LINKS * About * Media Kit * Sponsors Info * Copyright * TOS * Privacy Policy * DMCA Compliance Statement OTHER MEDIAOPS SITES * Container Journal * DevOps.com * DevOps Connect * DevOps Institute * * * * * * * Copyright © 2021 MediaOps Inc. All rights reserved. ✓ Thanks for sharing! AddToAny More… Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.I Accept. Notifications previousnextslideshow