Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

Press Releases

August 3, 2018 |

DFLabs Transforms Security Operations with Automated Triage for Incident Response

New Version of IncMan SOAR Platform Enriches and Assesses Security Events Before Creating Incidents; Helps Financial Services Firms Slash Manual Cyber Fraud Reviews

DFLabs, the pioneer in Security Orchestration, Automation, and Response (SOAR), announced a new version of the IncMan SOAR platform that uses automated event triage to dramatically reduce the number of security incidents generated from alerts. This first of its kind capability, called START (Simple Triage And Rapid Treatment) Triage, is being used in production by a major European bank to eliminate manual first line assessment of suspected fraudulent online transactions. IncMan SOAR has reduced triage time by 90% for cyber fraud events generated by its mainframe and other external systems.

DFLabs will demonstrate IncMan SOAR with START Triage at Black Hat booth #IC2329 on August 8-9 at Mandalay Bay in Las Vegas.

Traditionally, every security alert received by a SOAR platform generates an incident, which must be investigated. This process can lead to an overwhelming number of security incidents, sometimes created because of false positive alerts, that must be addressed by overworked security operations center (SOC) staff.

START Triage Eases the Pain
To reduce the number of security incidents generated by false positives, the new version of IncMan SOAR can ingest alerts from any source via a new API for triage to determine whether they should be converted to an incident or discarded. The START Triage event queue, which is separate from the incident queue, uses the full automation, orchestration and machine learning power of IncMan SOAR’s R3†Rapid Response Runbooks to enrich event information. This allows IncMan SOAR to quickly make a determination regarding the reliability of an alert and whether it merits being turned into a security incident.

The flexible, open and customizable architecture of IncMan SOAR’s START Triage allows it to adapt to virtually any use case and data source, including network alerts, endpoint alerts, transaction fraud alerts, physical security events and threat intelligence alerts. One large European bank is using IncMan SOAR START Triage to ingest fraud alerts for online transactions and integrate with its mainframe, ATM system, and other data sources to automate manual enrichment and containment workflows. They have experienced a 90% reduction in processing times for alerts by combining cyber and financial fraud monitoring with IncMan SOAR.

“Not every alert deserves to become and be processed as a security incident, yet that is how SOAR products currently operate. The new release of IncMan SOAR is breaking this cycle,” said Michele Zambelli, CTO of DFLabs. “By applying our automation engine, enrichment and containment capabilities to events using a triage process, we can dramatically reduce the number that are turned into incidents, and placed into the queue for deeper assessment by IncMan and security analysts.”

Additional Enhancements
IncMan SOAR 4.4 includes several new bidirectional integrations from a variety of product categories including SIEM, network defense, endpoint protection and threat intelligence, that broaden its orchestration and automation capabilities. In addition, new enhancements made to IncMan SOAR R3†Rapid Response Runbooks allow one R3†Runbook to call other R3Runbooks. For example, a phishing R3†Runbook which detects a malicious attachment can now automatically call the appropriate malware R3†Runbook, eliminating the need to create processes within multiple runbooks.

About DFLabs IncMan SOAR
DFLabs IncMan SOAR is the only platform capable of full security incident lifecycle automation. Its patent-pending R3†Rapid Response Runbooks use hundreds of automated actions to provide workflows and execute a variety of data enrichment, notification, containment and custom actions based on complex, stateful and logical decision making. This accelerates the ability of responders to assess, investigate and hunt for threats. Runbooks also collect and facilitate knowledge transfer between incident response (IR) and SOC teams.

Availability
DFLabs IncMan SOAR version 4.4 with START Triage is available immediately from DFLabs and its business partners worldwide.

Related News & Articles

Growing the MSP

Editor’s Choice


Explore ChannelPro

Events

Reach Our Audience