BOSTON & MILAN--(BUSINESS WIRE)--DFLabs, the pioneer in Security Orchestration, Automation and Response (SOAR), today announced a new version of the IncMan SOAR platform that uses automated event triage to dramatically reduce the number of security incidents generated from alerts. This first of its kind capability, called START (Simple Triage And Rapid Treatment) Triage, is being used in production by a major European bank to eliminate manual first line assessment of suspected fraudulent online transactions. IncMan SOAR has reduced triage time by 90% for cyber fraud events generated by its mainframe and other external systems.
DFLabs will demonstrate IncMan SOAR with START Triage at Black Hat booth #IC2329 on August 8-9 at Mandalay Bay in Las Vegas.
Traditionally, every security alert received by a SOAR platform generates an incident, which must be investigated. This process can lead to an overwhelming number of security incidents, sometimes created because of false positive alerts, that must be addressed by overworked security operations center (SOC) staff.
START Triage Eases the Pain
To reduce the number of security
incidents generated by false positives, the new version of IncMan SOAR
can ingest alerts from any source via a new API for triage to determine
whether they should be converted to an incident or discarded. The START
Triage event queue, which is separate from the incident queue, uses the
full automation, orchestration and machine learning power of IncMan
SOAR’s R3 Rapid Response Runbooks to enrich event
information. This allows IncMan SOAR to quickly make a determination
regarding the reliability of an alert and whether it merits being turned
into a security incident.
The flexible, open and customizable architecture of IncMan SOAR’s START Triage allows it to adapt to virtually any use case and data source, including network alerts, endpoint alerts, transaction fraud alerts, physical security events and threat intelligence alerts. One large European bank is using IncMan SOAR START Triage to ingest fraud alerts for online transactions and integrate with its mainframe, ATM system and other data sources to automate manual enrichment and containment workflows. They have experienced a 90% reduction in processing times for alerts by combining cyber and financial fraud monitoring with IncMan SOAR.
“Not every alert deserves to become and be processed as a security incident, yet that is how SOAR products currently operate. The new release of IncMan SOAR is breaking this cycle,” said Michele Zambelli, CTO of DFLabs. “By applying our automation engine, enrichment and containment capabilities to events using a triage process, we can dramatically reduce the number that are turned into incidents, and placed into the queue for deeper assessment by IncMan and security analysts.”
Additional Enhancements
IncMan SOAR 4.4 includes several new
bidirectional integrations from a variety of product categories
including SIEM, network defense, endpoint protection and threat
intelligence, that broaden its orchestration and automation
capabilities. In addition, new enhancements made to IncMan SOAR R3
Rapid Response Runbooks allow one R3 Runbook to call other R3
Runbooks. For example, a phishing R3 Runbook which detects a
malicious attachment can now automatically call the appropriate malware R3
Runbook, eliminating the need to create processes within multiple
runbooks.
About DFLabs IncMan SOAR
DFLabs IncMan SOAR is the only
platform capable of full security incident lifecycle automation. Its
patent pending R3 Rapid Response Runbooks use hundreds of
automated actions to provide workflows and execute a variety of data
enrichment, notification, containment and custom actions based on
complex, stateful and logical decision making. This accelerates the
ability of responders to assess, investigate and hunt for threats.
Runbooks also collect and facilitate knowledge transfer between incident
response (IR) and SOC teams.
Availability
DFLabs IncMan SOAR version 4.4 with START
Triage is available immediately from DFLabs and its business partners
worldwide.
About DFLabs
DFLabs is an award-winning and recognized
global leader in security orchestration, automation and response (SOAR)
technology. The company’s management team has helped shape the cyber
security industry, which includes co-editing several industry standards
such as ISO 27043 and ISO 30121. Its flagship product, IncMan SOAR, has
been adopted by Fortune 500 and Global 2000 organizations worldwide.
DFLabs has operations in Europe, North America, and EMEA. For more
information, visit www.dflabs.com
or connect with us on Twitter @DFLabs.