Case Study: Blackstone achieves sub-minute malware investigations with Splunk Phantom

Automating Malware Investigation at One of the World’s Leading Investment Firms

Blackstone, a global investment firm with more than 21 offices, faced a growing security burden—handling 30–40 malware alerts a day that each required 30–45 minutes of manual investigation. Maintaining custom automation across many security vendors proved brittle as APIs changed, creating inconsistency and slowing the incident response process.

Blackstone deployed Splunk Phantom as a SOAR platform, using Python-based apps and playbooks to automatically query SIEM, Active Directory, Carbon Black, iSightPartners, VirusTotal and Cylance when an email alert arrives. The automated playbook produces a repeatable, auditable investigation in about 40 seconds (under one minute) versus the prior 30+ minutes, improving accuracy, freeing analysts for higher-value work, and enabling future remediation playbooks.

Blackstone

Adam Fletcher

CISO