When Splunk approached WWT about building an appliance for Phantom, Splunk's security orchestration, automation and response (SOAR) solution, we recognized an opportunity to partner and collaborate in a way that would bring value to our shared customers.

Splunk was seeking a premier partner with the experience and knowledge to showcase how Phantom could help government organizations defend themselves from phishing attacks. While all organizations must constantly guard against cyber threats from external bad actors, it's equally important that their employees know how to react when they encounter suspicious activity internally, as part of their daily jobs.

WWT's partnership with Splunk is rooted in our ability to showcase a wide range of Splunk solutions in our Advanced Technology Center (ATC). Through custom labs, technology integrations, proofs of concept, demos, Lab as a Service (LaaS), workshops and other offerings, the ATC provides hands-on access to Splunk technology that helps customers interpret, manage and secure the vast streams of data generated by the devices, tools and applications used in current and future IT architecture.

Splunk's initial ask was for WWT to develop a Phantom server appliance -- a self-contained system that end-user engineers could leverage on their network servers to combat phishing. After evaluating the ask, we believed we could provide even more value by broadening the scope beyond appliances to include virtual machines and containers. Doing so would allow customers with more advanced system architectures to reap the benefits of Phantom as well.

To add even more value, WWT wanted to the scope to include smaller SLED customers, those with just a handful of IT staff, who didn't need or have the budget for the minimum five-seat Phantom license. So we worked with Splunk to create a two-seat Phantom license only available through WWT.

Before we dive into the specifics of how this security kit combats phishing, it's worth revisiting why phishing is such an important issue.

Phishing rephresher

Cartoon of four fish (or "phish") exhibiting different types of fraudulent behavior.
Splunk's ebook on phishing

"Phishing" is a common means of online identity theft and virus spreading. Folks generally associate phishing with authentic looking spam email that impersonates a bank, credit card company, someone you know or someone in need -- all in an effort to trick you into revealing sensitive information or clicking on a corrupt link. Billions of dollars are lost to this type of fraud each year. And it can all start with something as simple as an email from a sympathetic prince down on his luck.

For a more lighthearted introduction to phishing in society, check out Splunk's e-book for children. It takes readers on a colorful and educational journey through the many ways that fraud might touch our lives (e.g., credit card scams, payroll fraud, financial aid swindles, healthcare deception, wire transfer fraud, phishing attacks, account takeovers, etc.).

Why focus on phishing?

Phishing is one of the more difficult attacks to defend against. Turns out it's surprisingly tough for employees and workers to consistently identify and properly react to the flood of suspicious email they receive each day. No matter how much training and awareness your employees have, attention will waver and someone will click on a fraudulent link or divulge information they shouldn't.

Compounding the issue is that while today's security teams are busy trying to identify, analyze and mitigate an amorphous barrage of cyber threats, they're commonly forced to leverage security products with no real orchestration between them. And because most companies don't appropriately staff cybersecurity personnel to address the normal volume of daily events, the result can be a tremendous accumulation and backlog of security incidents.

This means a successful phishing attack is all but inevitable at most companies.

If a phishing breach isn't a matter of "if" but "when," how can organizations best protect themselves and ensure an effective response when a breach does occur?

Automate the mundane, orchestrate the complex

Smart organizations want to harness the vast amount of complex and varied data at their disposal to drive business outcomes, but few actually do.

At a high level, organizations wishing to combat phishing must do a better job of leveraging available resources by deploying tools that allow them to automate the mundane and orchestrate the complex. In other words, they need a SOAR policy that ensures security systems are hardened into a cross-functioning defense that is greater than the sum of its parts.

We built our Phishing Security Kit, rooted in the SOAR capabilities of Phantom, to help our customers quickly address phishing attacks. It allows security teams to work smarter, respond faster and strengthen defenses.

Security teams can use the Phishing Security Kit to automate tasks and orchestrate workflows in support of a broad range of SOC functions, including collaboration, reporting, and event and case management. This lets time-strapped analysts offload repetitive tasks and concentrate on making mission-critical decisions. In short, your security experts will have more time to focus on the most serious attacks -- the ones likely to succeed in a damaging breach.

What do I get in a Phishing Security Kit?

During a Phishing Security Kit engagement, WWT's experienced cybersecurity engineers can help you design and implement a comprehensive plan to combat phishing attacks.

  • Evaluate: First, we'll help you understand your level of maturity around data and analytics, then identify and prioritize clear use cases to provide immediate value. Our goal is to eliminate security services constraints and dramatically increase your security operations efficiencies.
  • Design: Next, leverage our ATC lab environment to design, test and validate your security solution. Our goal is to combine the right people, processes and programs to increase your overall SOC effectiveness.
  • Implement and Operate: Finally, we'll help you identify the most effective data distribution and visualization tools. Then we'll advise on the right methods of integrating your solution with existing systems to support a successful, long-term data and analytics deployment. Our ultimate goal is to fortify your SOC defense with advanced SOAR capabilities.

Customize kits for your use case

Available in physical, virtual and containerized versions, our Phishing Security Kit can be implemented in nearly any environment and is customizable for a wide range of use cases.

Do you have complex NIST compliancy requirements? Are you required to comply with the minimum cybersecurity standards set by the Defense Federal Acquisition Regulation Supplement (DFARS)? Are you constantly faced with changing financial industry rules and regulations?

For these and many other scenarios, we can build and configure a custom Phishing Security Kit to your specifications in our North American Integration Technology Center (NAIC), then accelerate deployment by shipping a plug-and-play solution devised for your unique environment.

Our Infrastructure Services professionals are available for assistance before, during and after deployment to integrate essential data and assist in the creation of a custom Phishing Security Kit Automation Playbook. Depending on which platform you choose (physical server, VM or Linux container) and your organization's requirements, our professionals can provide just the right amount of service hours needed to meet your goals.


If you're interested in learning more about Splunk's Phantom, WWT offers a hands-on Phantom Incident Response Orchestration Sandbox in our ATC. This scheduled lab demonstrates how Phantom can be used to automate diverse security tools to improve an organization's overall risk posture.

To get our Phishing Security Kit, contact us via the link below.

I want WWT's Phishing Security Kit!