In my latest demo, I take a look at the functionality of a Phantom Cyber Application, which integrates Phantom and the A10 Lightning Application Delivery System (LADS).
The A10 LADS is cloud managed using the A10 Lightning Controller Dashboard that provides a central point of configuration and monitoring of the Lightning Application Delivery Controllers. A primary benefit of this architecture is the ability to manage the configurations and policies of controllers deployed in an enterprise data center, private and public cloud. This central point of management provides the ability for Phantom Cyber, which is a security automation and orchestration solution, to programmatically update security policies of these Lighting Application Delivery Controllers (LADC's) regardless of the location of the application workload.
The demonstration topology consists of a web server application that is installed and running in Amazon Web Services. It serves data up to end users that connect to the URLs configured on the LADC cluster. The clusters configured to reference one or more application servers in this Amazon Web Services cloud. Our A10 app is installed under Phantom Cyber and the security operations team can use this A10 integration to block IP addresses or entire networks from malicious users. When the security policy is applied through the API, the malicious user will receive a 403 forbidden return code from the LADC cluster.
This video continues with a demonstration of the functionality of this application by diving deeper into the administrative section of the Phantom console and using pre-configured incidents to test the integration of Phantom and A10.