Overwhelmed by the Number of Cyber Attacks Hitting Your Network?


  • Can’t keep up with never-ending alerts.
  • Technologies don’t work well together.
  • Overwhelming task load.
  • Too many false positives.
  • Worried about data breaches.
  • Not enough skilled staff to respond.


DF Lab's IncMan SOAR enables your team to focus on critical alerts while it handles the rest.


Who is DF Labs?

DFLabs is a pioneer, and a globally recognized industry leader in security orchestration, automation, and response (SOAR) technology.

DFLabs’ IncMan is the most open Security Orchestration, Automation and Response (SOAR) in the industry. IncMan SOAR is a technology platform that significantly empowers MSSPs, SOCs, and security teams by providing collaborative and automated real-time incident management, threat, and data breach response.

The company’s management team has helped shape the cyber security industry, which includes co-editing several industry standards such as ISO 27043 and ISO 30121. Its award-winning product, IncMan SOAR, is a multi-patented technology and has been adopted by Fortune 500 and Global 2000 organizations worldwide.
DFLabs has operations in EMEA Americas and APAC.


What is SOAR?

Security Orchestration, Automation and Response (SOAR) solutions should provide three core functions; Orchestration and Automation, which enable Response, as well as Measurement.

The three pillars of SOAR:














DFLabs IncMan SOAR: All-In-One Platform to Empower your SecOps Processes

IncMan’s Key Benefits

DFLabs’ SOAR technology reduces the reaction times by up to 80% and improves the efficiency factor by an average of 10X.

1. All-In-One Platform to Empower SecOps

• Improve your own processes and SOP in a graphical way
• Easily orchestrate your tools leveraging Open Integration Framework
• Better resource allocation based on task priorities

2. Save Time and Focus on Real Threats

• Alarm Triage Management benefits:
• Reduction of false positives
• Accurate & automated enrichment of alarms
• Deduplication. Incidents with similar characteristics are merged
• “Progressive” automation of time-consuming activities and mundane tasks

3. Measure Success and Improve Communication

• Manage the escalation process and allow multiple analysts to work simultaneously on incidents
• Immediate and detailed incident reports with related IOC’s, timeline, and corrective actions executed
• Notify stakeholders when it is necessary
• KPIs dashboards for analyst, SOC manager, CISO, audit manager or customers for MSSP


IncMan’s Key Differentiators


1. The Most Integrated SOAR in the Market


  • Open Integration Framework

Extend security product integrations easily without the need for complex coding.
DFLabs’ Open Integration Framework defines all integrations at the action level, not as one monolithic file. It also allows users with limited coding experience to easily add actions to existing integrations without the need to modify existing code. The execution of each integration is performed in a unique Docker container and easily configured from within the integration file, providing additional security and eliminating the risk of conflicting libraries.

• Everybody Can Easily Develop Integrations

Share knowledge and integrations with DFLabs’ IncMan SOAR Community Portal.
DFLabs’ team develops the connectors you need, but through the Community Portal, DFLabs aims to provide an open and cooperative ecosystem for individuals and organizations, where you can share integrations of security tools, as well as specific workflows, including runbooks for tackling specific bespoke use cases.

• The Only SOAR with IT/OT Use Cases

There are no limits to the integrations you can create including your own script - Cyber - Anti-fraud - Industrial - IoT and Beyond Thanks to the Open Integration framework, you can also manage “non-cyber” incidents (e.g. financial mainframes, OT/SCADA/IoT, physical security, etc.) or develop connectors of proprietary solutions.


2. Advanced Triage and Machine Learning Engine


Significantly reduce false positives and duplicate events.

The Triage capability in IncMan SOAR allows you to handle suspicious events that require deeper analysis outside the context of an incident. This is the key differentiator between DFLabs and other SOAR vendors since it allows clients to handle the last mile of inside and outside the context of the incident. The Triage capability allows you to reduce the number of false positives and other red flags raised by an elevated number of suspicious events that have to be inspected. This goal can be achieved with different techniques of pre-processing based on automation, machine learning, correlation, and aggregation of events. It’s an important differentiator that can aid SOC and CISOs, especially in regulated contexts.


Alerts Triage

• Automated investigation of relevant IOCs
• Specific Cyber and Non-Cyber info-gathering processes (i.e. financial transactions, credit cards, admin logins, IoT network activity, …)
• Reduction of false positives

Alerts Escalation

• Alerts converted in Incidents automatically or with Analyst supervision
• Enrichment results documented on the incident
• Automated re-classification of Incident, based on results of Triage


3. Case Management, Chain of Custody and Probatory Role


  • Manage all aspects of the incident case management with specific emphasis on the evidentiary and probatory role.

We place specific emphasis on the evidentiary and probatory role and provide in-depth information in over a hundred customizable Case Management fields. DFLabs’ case management also handles forensics, the evidentiary chain of custody of the incident response processes.


  • Segregation of Duties With Access to Over 500 Grants

IncMan SOAR offers granular Role Based Access Control (RBAC) which allows you to have access to more than 500 Grants. The profiles can be defined and customized depending on the particular role in hand, both for general and incident profiles.


  • Forensic Compliance

Our forensic approach to case management allows clients to have access to valuable data regarding the incident, including the elements which have been found, the type of attack that was intended, and who made the attack.


  • Data Breach Regulations

The reason why case management is a relevant and sensitive component is that Data Breach is subject to control by the authorities, and there are regulations that highlight the importance of the evidence that is acquired and managed.


4. Highly Customizable Dashboards, Reports and KPIs


Dashboards and KPIs

IncMan’s dashboards offer an overview of various aspects of the platform. You can easily customize your dashboards to include all data relevant to your workflow processes, job functions, timeframes, and characteristics.

The Fastest and Most Customizable Reports on the Market

IncMan offers highly configurable custom reports and allows you to build customizable KPI reports in your own template, generate reports in different formats, as well as have access to advanced reporting with impact visual dashboards.


5. MSSP Advantage: Multi-Tenancy Native Platform to Provide Incident and Response and SOC Services

  • Centralized management with aggregated reporting and high visibility on tenants
  • Propagate standards from Master to Tenant (e.g. Runbooks, custom fields, dashboards, etc.)
  • Horizontal and vertical scalability to ensure excellent performance
  • Physical Data segregation by Customer
  • Advanced Clustering


What Can We Do for You?

If you have any questions, we are available to you via email. We would be happy to provide you with a detailed solution overview and actively support you in your customer projects.

We are looking forward to your contact.