IncMan’s Key Benefits
DFLabs’ SOAR technology reduces the reaction times by up to 80% and improves the efficiency factor by an average of 10X.
1. All-In-One Platform to Empower SecOps
• Improve your own processes and SOP in a graphical way
• Easily orchestrate your tools leveraging Open Integration Framework
• Better resource allocation based on task priorities
2. Save Time and Focus on Real Threats
• Alarm Triage Management benefits:
• Reduction of false positives
• Accurate & automated enrichment of alarms
• Deduplication. Incidents with similar characteristics are merged
• “Progressive” automation of time-consuming activities and mundane tasks
3. Measure Success and Improve Communication
• Manage the escalation process and allow multiple analysts to work simultaneously on incidents
• Immediate and detailed incident reports with related IOC’s, timeline, and corrective actions executed
• Notify stakeholders when it is necessary
• KPIs dashboards for analyst, SOC manager, CISO, audit manager or customers for MSSP
IncMan’s Key Differentiators
1. The Most Integrated SOAR in the Market
- Open Integration Framework
Extend security product integrations easily without the need for complex coding.
DFLabs’ Open Integration Framework defines all integrations at the action level, not as one monolithic file. It also allows users with limited coding experience to easily add actions to existing integrations without the need to modify existing code. The execution of each integration is performed in a unique Docker container and easily configured from within the integration file, providing additional security and eliminating the risk of conflicting libraries.
• Everybody Can Easily Develop Integrations
Share knowledge and integrations with DFLabs’ IncMan SOAR Community Portal.
DFLabs’ team develops the connectors you need, but through the Community Portal, DFLabs aims to provide an open and cooperative ecosystem for individuals and organizations, where you can share integrations of security tools, as well as specific workflows, including runbooks for tackling specific bespoke use cases.
• The Only SOAR with IT/OT Use Cases
There are no limits to the integrations you can create including your own script - Cyber - Anti-fraud - Industrial - IoT and Beyond Thanks to the Open Integration framework, you can also manage “non-cyber” incidents (e.g. financial mainframes, OT/SCADA/IoT, physical security, etc.) or develop connectors of proprietary solutions.
2. Advanced Triage and Machine Learning Engine
Significantly reduce false positives and duplicate events.
The Triage capability in IncMan SOAR allows you to handle suspicious events that require deeper analysis outside the context of an incident. This is the key differentiator between DFLabs and other SOAR vendors since it allows clients to handle the last mile of inside and outside the context of the incident. The Triage capability allows you to reduce the number of false positives and other red flags raised by an elevated number of suspicious events that have to be inspected. This goal can be achieved with different techniques of pre-processing based on automation, machine learning, correlation, and aggregation of events. It’s an important differentiator that can aid SOC and CISOs, especially in regulated contexts.
• Automated investigation of relevant IOCs
• Specific Cyber and Non-Cyber info-gathering processes (i.e. financial transactions, credit cards, admin logins, IoT network activity, …)
• Reduction of false positives
• Alerts converted in Incidents automatically or with Analyst supervision
• Enrichment results documented on the incident
• Automated re-classification of Incident, based on results of Triage
3. Case Management, Chain of Custody and Probatory Role
- Manage all aspects of the incident case management with specific emphasis on the evidentiary and probatory role.
We place specific emphasis on the evidentiary and probatory role and provide in-depth information in over a hundred customizable Case Management fields. DFLabs’ case management also handles forensics, the evidentiary chain of custody of the incident response processes.
- Segregation of Duties With Access to Over 500 Grants
IncMan SOAR offers granular Role Based Access Control (RBAC) which allows you to have access to more than 500 Grants. The profiles can be defined and customized depending on the particular role in hand, both for general and incident profiles.
Our forensic approach to case management allows clients to have access to valuable data regarding the incident, including the elements which have been found, the type of attack that was intended, and who made the attack.
The reason why case management is a relevant and sensitive component is that Data Breach is subject to control by the authorities, and there are regulations that highlight the importance of the evidence that is acquired and managed.
4. Highly Customizable Dashboards, Reports and KPIs
Dashboards and KPIs
IncMan’s dashboards offer an overview of various aspects of the platform. You can easily customize your dashboards to include all data relevant to your workflow processes, job functions, timeframes, and characteristics.
The Fastest and Most Customizable Reports on the Market
IncMan offers highly configurable custom reports and allows you to build customizable KPI reports in your own template, generate reports in different formats, as well as have access to advanced reporting with impact visual dashboards.
5. MSSP Advantage: Multi-Tenancy Native Platform to Provide Incident and Response and SOC Services
- Centralized management with aggregated reporting and high visibility on tenants
- Propagate standards from Master to Tenant (e.g. Runbooks, custom fields, dashboards, etc.)
- Horizontal and vertical scalability to ensure excellent performance
- Physical Data segregation by Customer
- Advanced Clustering