As one of the world’s leading investment firms with more than 21 offices spanning the globe, it’s not uncommon for the security team at Blackstone to see as many as 30 to 40 malware alerts in a single day. Blackstone’s Incident Response team investigates each malware alert as if a compromise has already occurred, a process that requires 30 to 45 minutes to address each alert fully if done manually.


  • Difficulty maintaining automation scripts across a large number of security vendors.
  • Needed to tie together existing security products to reduce the response and remediation gap.


  • Processing malware email alerts in about 40 seconds versus 30 minutes or more.
  • Ensuring a repeatable and auditable process for investigating malware alerts.

Business Impact:

  • Dramatically reduce time to investigate malware alerts.
  • Drive accuracy and consistency in the incident response process.
  • Incident response automation enables the team to investigate issues faster.

Splunk Product:

Splunk SOAR (Previously Splunk Phantom) Enterprise Edition

Get in touch

Send us a Message

Looking for general information or have a specific question. Fill the form below or drop
us a line at