DFLabs Raises the Bar for Responding to and Containing Security Incidents with Machine-based Automation


BOSTON & MILAN–(BUSINESS WIRE)–DFLabs, the pioneer in Security
Automation and Orchestration, today announced a new version of its
IncMan Security Orchestration, Automation and Response (SOAR) platform
for enterprise SOC and managed security services providers (MSSP) that
reduces the time and complexity associated with responding to,
containing and eliminating cyber security threats. Among several key
enhancements, IncMan R3 Rapid Response Runbooks
can now automate workflows based on more granular risk factors and
operate case management for remediating incidents.

According to Gartner, Inc., “IT security and risk management leaders
responsible for security monitoring and operations should focus on
automating tasks and orchestrate incident response starting with
procedures that are easy to implement and where machine-based automation
will reduce incident investigation cycle times.”*

DFLabs was recognized as a Representative Vendor by Gartner in its
November 2017 Innovation Insight for Security Orchestration, Automation
and Response.*

Customizable Automation
To provide industry-leading
flexibility for automation and orchestration of incident response tasks,
IncMan R3 Rapid Response Runbooks now support ‘User Choice’ conditions
that allow more granular flow control compared to traditional true/false
conditions. In addition, output filtering enables previous actions to be
omitted based on user-defined criteria for subsequent steps. For
example, different automated decisions can now be made not only based on
the presence or absence of a detection, but also based on the number or
their severity.

Since each organization has their own automation preferences and
policies, R3 Rapid Response Runbooks can apply dual-mode orchestration
actions that combine manual, semi-automated and fully automated steps.
R3 Runbooks can also include conditional statements that apply full
automation when it is safe to do so, but request that a human approve a
decision in critical environments or where it may have a detrimental
impact on operational integrity.

“Organizations that still rely on manual, document-based procedures for
security incident response can’t keep up with the increasing volume and
sophistication of threats,” said Michele Zambelli, CTO for DFLabs. “The
DFLabs IncMan SOAR platform provides an end-to-end framework that uses
machine-based automation to handle the time consuming early steps of
SecOps, before human intervention is required. Our new version sets a
higher standard for SOAR using granular risk factors, Machine learning
capabilities and Case management.”

New Integrations for End-to-End Incident Response
advanced threat detection, incident creation and response, and
sandboxing, IncMan now includes new bidirectional integrations with
Recorded Future, Jira, Carbon Black Defense, Microfocus HPE, Tufin and
Cuckoo Sandbox. These enhancements allow IncMan to manage the end-to-end
response process, and extend its existing long list of enrichment and
containment actions with the ability to perform dynamic malware
analysis, block advanced threats and automate more decisions based on
actionable threat intelligence.

To facilitate team collaboration and improve individual analyst
productivity, the IncMan Dashboard now provides a more holistic view of
the current state of the organization including greater detail on
individual incidents and tasks, and a rolling dashboard to provide
managers and Security Operations Center teams a hands-free way to view
all critical metrics.

*Gartner, Inc., Innovation Insight for Security Orchestration,
Automation and Response
, Claudio Neiva, Craig Lawson et al., 30
November 2017

The new version of DFLabs IncMan is available
immediately on AWS, CentOS and RedHat7 from DFLabs and its channel

About IncMan
The DFLabs IncMan Security Automation and
Orchestration platform automates and orchestrates security operations
and incident response tasks including threat qualification, triage and
escalation; hunting and investigation; and containment. IncMan uses
machine learning and automated rapid response runbook capabilities as a
force multiplier that has enabled security teams to reduce average
incident resolution times by up to 90% and increase incident handling by

About DFLabs
DFLabs is a recognized global leader in
security automation and orchestration technology. The company’s
management team has helped shape the cyber security industry, which
includes co-editing several industry standards such as ISO 27043 and ISO
30121. Its flagship product, IncMan, has been adopted by Fortune 500 and
Global 2000 organizations worldwide. DFLabs has operations in North
America, and EMEA. For more information, visit www.dflabs.com
or connect with us on Twitter @DFLabs.

Do you think you can beat this Sweet post?

If so, you may have what it takes to become a Sweetcode contributor... Learn More.


Click on a tab to select how you'd like to leave your comment

Leave a Comment

Your email address will not be published. Required fields are marked *