This week the start up tip features PhantomCyber, a company that has developed an automation and orchestration platform to connect disparate security solutions for the benefit of enterprises. It solution is to create a web connecting different security products sensing when a cyber threat emerges and reacting appropriately to any given situation.
PhantomCyber has just completed a Series A funding round, raising $6.5 million from investors the Blackstone Group, TechOperators and Zach Nelson (Source Crunchbase). Zach Nelson was also one of the Seed investors and clearly impressed with the architecture that PhantomCyber has been putting together.
This is a company to watch, the initial seed investors are an impressive list of who’s who in the security world with John Thompson (ex CIO of Symantec), Tom Noonan (ex CEO at ISS Internet Security Company), John Becker (former CEO of Cybertrust) and Zach Nelson. Its CEO and Founder Oliver Friedrichs founded Immunet before it was acquired by Sourcefire and also worked at Symantec.
Jay Leek the CISO at Blackstone, one of the investors clearly likes the product and commented in a canned statement that: “Phantom is a force-multiplier for our security team.”
“By leveraging the platform, we are able to automate processes such as malware investigation and containment, threat indicator hunting and deployment based on threat intelligence sources, phishing investigation, and regeneration of our environment in the event of a breach. Phantom delivers instant productivity gains, enabling us to respond faster, do more with our existing resources, and get the most out of our security investments.”
Phantom Cyber like to describe their product as the “connective tissue” that takes information from end points and security product and delivers actions to be realised on the relevant security platforms within a corporate infrastructure. The inference is that Phantom Cyber takes control of the decision making and acting that often needs human intervention.
They have already integrated into several of the endpoints and data sources, using pull technology from some but also enabling push technology from others as Phantom Cyber was developed using Json. These platforms include Splunk, ArcSight, IBM Radar, STIX, Soltra and REST API’s are also supported.
For the security devices they are looking to control this list becomes even more extensive, an example of how the solution works can be seen in the diagram below. Twenty eight other systems are listed on the site including Palo Alto, Threatgrid, BIT9 + Carbon Black, FireEye, Juniper, Cisco, Microsoft, HP , IBM and Anubis. Obvious companies missing from this list are Dell and Symantec, it will be interesting to see how quickly these are added.
They have also released availability of an early experience edition of their platform, to which companies that qualify can sign up. Unfortunately Phantom Cyber do not specific exactly what they are looking for in their participating companies but no doubt they are looking for companies with a reasonably complex security infrastructure that needs a platform to help integrate it.
It will be interesting to see how Phantom Cyber develops, they are almost certainly on track though. The seed capital has given them to funds to develop a workable product that is now entering beta trial phase. The funding from this latest round should see it develop a product that is ready for market. If the market likes it, further funding rounds may be needed to accelerate growth but the future certainly looks positive.
Friedrichs commenting in a press release said “Just as automation has improved finance, marketing, human resources, software development, and other aspects of IT, it is now time for security to benefit.
“Initial demand has been tremendous and we are pleased to have the support of some of the industry’s leading minds to help us as we accelerate Phantom’s market penetration and product development.”