DFLabs, the pioneer in Security Automation and Orchestration, announced a new version of its IncMan Security Orchestration, Automation and Response (SOAR) platform for enterprise SOC and managed security services providers (MSSP) that reduces the time and complexity associated with responding to, containing and eliminating cyber security threats. Among several key enhancements, IncMan R3 Rapid Response†Runbooks†can now automate workflows based on more granular risk factors and operate case management for remediating incidents.
According to Gartner, Inc., “IT security and risk management leaders responsible for security monitoring and operations should focus on automating tasks and orchestrate incident response starting with procedures that are easy to implement and where machine-based automation will reduce incident investigation cycle times.”
DFLabs was recognized as a Representative Vendor by Gartner in its November 2017 Innovation Insight for Security Orchestration, Automation and Response.
Customizable Automation
To provide industry-leading flexibility for automation and orchestration of incident response tasks, IncMan R3 Rapid Response Runbooks now support ‘User Choice’ conditions that allow more granular flow control compared to traditional true/false conditions. In addition, output filtering enables previous actions to be omitted based on user-defined criteria for subsequent steps. For example, different automated decisions can now be made not only based on the presence or absence of a detection, but also based on the number or their severity.
Since each organization has their own automation preferences and policies, R3 Rapid Response Runbooks can apply dual-mode orchestration actions that combine manual, semi-automated and fully automated steps. R3 Runbooks can also include conditional statements that apply full automation when it is safe to do so, but request that a human approve a decision in critical environments or where it may have a detrimental impact on operational integrity.
“Organizations that still rely on manual, document-based procedures for security incident response can’t keep up with the increasing volume and sophistication of threats,” said Michele Zambelli, CTO for DFLabs. “The DFLabs IncMan SOAR platform provides an end-to-end framework that uses machine-based automation to handle the time consuming early steps of SecOps, before human intervention is required. Our new version sets a higher standard for SOAR using granular risk factors, Machine learning capabilities and Case management.”
New Integrations for End-to-End Incident Response
For advanced threat detection, incident creation and response, and sandboxing, IncMan now includes new bidirectional integrations with Recorded Future, Jira, Carbon Black Defense, Microfocus HPE, Tufin and Cuckoo Sandbox. These enhancements allow IncMan to manage the end-to-end response process, and extend its existing long list of enrichment and containment actions with the ability to perform dynamic malware analysis, block advanced threats and automate more decisions based on actionable threat intelligence.
To facilitate team collaboration and improve individual analyst productivity, the IncMan Dashboard now provides a more holistic view of the current state of the organization including greater detail on individual incidents and tasks, and a rolling dashboard to provide managers and Security Operations Center teams a hands-free way to view all critical metrics.
