How Splunk and Recorded Future Solve Real-World Problems

Posted: 24th June 2020
How Splunk and Recorded Future Solve Real-World Problems

Splunk Phantom enables security professionals to work smarter, respond faster, and strengthen their defenses through automation and orchestration. Phantom playbooks allow clients to create and automate customized, repeatable security workflows. Recorded Future supercharges those playbooks by inserting elite security intelligence directly into the Splunk platform — giving users the context they need to make informed security decisions fast.

Recorded Future’s VP of Integrations, Seth Whitten, visited Splunk’s offices to talk about the history of the partnership between Recorded Future and Splunk Phantom. Whitten also discussed one of his favorite things about Phantom — playbooks.

Recorded Future for Splunk Phantom Case Study

How Clients Benefit From Recorded Future’s Partnership with Splunk Phantom

The benefit of partnering with Splunk Phantom was clear from the start. Recorded Future’s clients were manually conducting security operations and there was a desire to add automation to those operations. “They would have to go into our platform, pull out the information they were looking for, and make a decision on whether or not to move forward when investigating an alert or triaging things in their environment,” Whitten said.

The integration with Phantom solved that problem. Recorded Future clients could immediately automate previously manual and repetitive tasks, resulting in quicker response times and cutting actions that previously took hours down to seconds. Since then, Recorded Future clients have consistently seen increased operational efficiency thanks to automation through the use of playbooks.

Recorded Future Playbooks in Splunk Phantom

Phantom playbooks are able to automate a sequence of security actions at machine speed, enabling clients to create customized and repeatable security workflows. The integration with Recorded Future gives those playbooks instant, real-time access to the world’s most advanced security intelligence platform.

Whitten says his favorite part of Phantom is the way his team can structure playbooks. “It’s easier for us to work with Phantom in the field because we have the predefined playbooks that we can get up and running for clients a lot quicker, without taking them through the redesigning process,” he says.

In addition to ease of implementation, these playbooks create even more organizational efficiency when combined with security intelligence from Recorded Future by:

  • Automating the process of retrieving external data for details and context on IOCs

  • Identifying relationships between internal activity logs in Splunk and external risk with contextual security intelligence

  • Alerting users to stay on top of external information and risk factors important to the organization

  • Speeding up team’s workflow reviews with alerting on company-specific entities found in external data

  • Proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions

Learn more about how Recorded Future’s integration with Splunk Phantom empowers security teams to improve efficiency, resolve threats faster, and make more confident decisions.