DFLabs is a pioneer, and a globally recognized industry leader in security orchestration, automation, and response (SOAR) technology.
DFLabs’ IncMan is the most open Security Orchestration, Automation and Response (SOAR) in the industry. IncMan SOAR is a technology platform that significantly empowers MSSPs, SOCs, and security teams by providing collaborative and automated real-time incident management, threat, and data breach response.
The company’s management team has helped shape the cyber security industry, which includes co-editing several industry standards such as ISO 27043 and ISO 30121. Its award-winning product, IncMan SOAR, is a multi-patented technology and has been adopted by Fortune 500 and Global 2000 organizations worldwide.
DFLabs has operations in EMEA Americas and APAC.
Security Orchestration, Automation and Response (SOAR) solutions should provide three core functions; Orchestration and Automation, which enable Response, as well as Measurement.
The three pillars of SOAR:
DFLabs’ SOAR technology reduces the reaction times by up to 80% and improves the efficiency factor by an average of 10X.
• Improve your own processes and SOP in a graphical way
• Easily orchestrate your tools leveraging Open Integration Framework
• Better resource allocation based on task priorities
• Alarm Triage Management benefits:
• Reduction of false positives
• Accurate & automated enrichment of alarms
• Deduplication. Incidents with similar characteristics are merged
• “Progressive” automation of time-consuming activities and mundane tasks
• Manage the escalation process and allow multiple analysts to work simultaneously on incidents
• Immediate and detailed incident reports with related IOC’s, timeline, and corrective actions executed
• Notify stakeholders when it is necessary
• KPIs dashboards for analyst, SOC manager, CISO, audit manager or customers for MSSP
Extend security product integrations easily without the need for complex coding.
DFLabs’ Open Integration Framework defines all integrations at the action level, not as one monolithic file. It also allows users with limited coding experience to easily add actions to existing integrations without the need to modify existing code. The execution of each integration is performed in a unique Docker container and easily configured from within the integration file, providing additional security and eliminating the risk of conflicting libraries.
• Everybody Can Easily Develop Integrations
Share knowledge and integrations with DFLabs’ IncMan SOAR Community Portal.
DFLabs’ team develops the connectors you need, but through the Community Portal, DFLabs aims to provide an open and cooperative ecosystem for individuals and organizations, where you can share integrations of security tools, as well as specific workflows, including runbooks for tackling specific bespoke use cases.
• The Only SOAR with IT/OT Use Cases
There are no limits to the integrations you can create including your own script - Cyber - Anti-fraud - Industrial - IoT and Beyond Thanks to the Open Integration framework, you can also manage “non-cyber” incidents (e.g. financial mainframes, OT/SCADA/IoT, physical security, etc.) or develop connectors of proprietary solutions.
Significantly reduce false positives and duplicate events.
The Triage capability in IncMan SOAR allows you to handle suspicious events that require deeper analysis outside the context of an incident. This is the key differentiator between DFLabs and other SOAR vendors since it allows clients to handle the last mile of inside and outside the context of the incident. The Triage capability allows you to reduce the number of false positives and other red flags raised by an elevated number of suspicious events that have to be inspected. This goal can be achieved with different techniques of pre-processing based on automation, machine learning, correlation, and aggregation of events. It’s an important differentiator that can aid SOC and CISOs, especially in regulated contexts.
• Automated investigation of relevant IOCs
• Specific Cyber and Non-Cyber info-gathering processes (i.e. financial transactions, credit cards, admin logins, IoT network activity, …)
• Reduction of false positives
• Alerts converted in Incidents automatically or with Analyst supervision
• Enrichment results documented on the incident
• Automated re-classification of Incident, based on results of Triage
We place specific emphasis on the evidentiary and probatory role and provide in-depth information in over a hundred customizable Case Management fields. DFLabs’ case management also handles forensics, the evidentiary chain of custody of the incident response processes.
IncMan SOAR offers granular Role Based Access Control (RBAC) which allows you to have access to more than 500 Grants. The profiles can be defined and customized depending on the particular role in hand, both for general and incident profiles.
Our forensic approach to case management allows clients to have access to valuable data regarding the incident, including the elements which have been found, the type of attack that was intended, and who made the attack.
The reason why case management is a relevant and sensitive component is that Data Breach is subject to control by the authorities, and there are regulations that highlight the importance of the evidence that is acquired and managed.
Dashboards and KPIs
IncMan’s dashboards offer an overview of various aspects of the platform. You can easily customize your dashboards to include all data relevant to your workflow processes, job functions, timeframes, and characteristics.
The Fastest and Most Customizable Reports on the Market
IncMan offers highly configurable custom reports and allows you to build customizable KPI reports in your own template, generate reports in different formats, as well as have access to advanced reporting with impact visual dashboards.
If you have any questions, we are available to you via email. We would be happy to provide you with a detailed solution overview and actively support you in your customer projects.
We are looking forward to your contact.