Market Overview

DFLabs Transforms Security Operations with Automated Triage for Incident Response


New Version of IncMan SOAR Platform Enriches and Assesses Security
Events Before Creating Incidents; Helps Financial Services Firms Slash
Manual Cyber Fraud Reviews

DFLabs, the pioneer in Security
Orchestration, Automation and Response (SOAR), today announced a new
version of the IncMan SOAR platform that uses automated event triage to
dramatically reduce the number of security incidents generated from
alerts. This first of its kind capability, called START (Simple Triage
And Rapid Treatment) Triage, is being used in production by a major
European bank to eliminate manual first line assessment of suspected
fraudulent online transactions. IncMan SOAR has reduced triage time by
90% for cyber fraud events generated by its mainframe and other external

DFLabs will demonstrate IncMan SOAR with START Triage at Black Hat booth
#IC2329 on August 8-9 at Mandalay Bay in Las Vegas.

Traditionally, every security alert received by a SOAR platform
generates an incident, which must be investigated. This process can lead
to an overwhelming number of security incidents, sometimes created
because of false positive alerts, that must be addressed by overworked
security operations center (SOC) staff.

START Triage Eases the Pain
To reduce the number of security
incidents generated by false positives, the new version of IncMan SOAR
can ingest alerts from any source via a new API for triage to determine
whether they should be converted to an incident or discarded. The START
Triage event queue, which is separate from the incident queue, uses the
full automation, orchestration and machine learning power of IncMan
SOAR's R3 Rapid Response Runbooks to enrich event
information. This allows IncMan SOAR to quickly make a determination
regarding the reliability of an alert and whether it merits being turned
into a security incident.

The flexible, open and customizable architecture of IncMan SOAR's START
Triage allows it to adapt to virtually any use case and data source,
including network alerts, endpoint alerts, transaction fraud alerts,
physical security events and threat intelligence alerts. One large
European bank is using IncMan SOAR START Triage to ingest fraud alerts
for online transactions and integrate with its mainframe, ATM system and
other data sources to automate manual enrichment and containment
workflows. They have experienced a 90% reduction in processing times for
alerts by combining cyber and financial fraud monitoring with IncMan

"Not every alert deserves to become and be processed as a security
incident, yet that is how SOAR products currently operate. The new
release of IncMan SOAR is breaking this cycle," said Michele Zambelli,
CTO of DFLabs. "By applying our automation engine, enrichment and
containment capabilities to events using a triage process, we can
dramatically reduce the number that are turned into incidents, and
placed into the queue for deeper assessment by IncMan and security

Additional Enhancements
IncMan SOAR 4.4 includes several new
bidirectional integrations from a variety of product categories
including SIEM, network defense, endpoint protection and threat
intelligence, that broaden its orchestration and automation
capabilities. In addition, new enhancements made to IncMan SOAR R3
Rapid Response Runbooks allow one R3 Runbook to call other R3
Runbooks. For example, a phishing R3 Runbook which detects a
malicious attachment can now automatically call the appropriate malware R3
Runbook, eliminating the need to create processes within multiple

About DFLabs IncMan SOAR
DFLabs IncMan SOAR is the only
platform capable of full security incident lifecycle automation. Its
patent pending R3 Rapid Response Runbooks use hundreds of
automated actions to provide workflows and execute a variety of data
enrichment, notification, containment and custom actions based on
complex, stateful and logical decision making. This accelerates the
ability of responders to assess, investigate and hunt for threats.
Runbooks also collect and facilitate knowledge transfer between incident
response (IR) and SOC teams.

DFLabs IncMan SOAR version 4.4 with START
Triage is available immediately from DFLabs and its business partners

About DFLabs
DFLabs is an award-winning and recognized
global leader in security orchestration, automation and response (SOAR)
technology. The company's management team has helped shape the cyber
security industry, which includes co-editing several industry standards
such as ISO 27043 and ISO 30121. Its flagship product, IncMan SOAR, has
been adopted by Fortune 500 and Global 2000 organizations worldwide.
DFLabs has operations in Europe, North America, and EMEA. For more
information, visit
or connect with us on Twitter @DFLabs.

View Comments and Join the Discussion!