DFLabs Transforms Security Operations with Automated Triage for Incident Response

BOSTON & MILAN--(BUSINESS WIRE)--DFLabs, the pioneer in Security Orchestration, Automation and Response (SOAR), today announced a new version of the IncMan SOAR platform that uses automated event triage to dramatically reduce the number of security incidents generated from alerts. This first of its kind capability, called START (Simple Triage And Rapid Treatment) Triage, is being used in production by a major European bank to eliminate manual first line assessment of suspected fraudulent online transactions. IncMan SOAR has reduced triage time by 90% for cyber fraud events generated by its mainframe and other external systems.

DFLabs will demonstrate IncMan SOAR with START Triage at Black Hat booth #IC2329 on August 8-9 at Mandalay Bay in Las Vegas.

Traditionally, every security alert received by a SOAR platform generates an incident, which must be investigated. This process can lead to an overwhelming number of security incidents, sometimes created because of false positive alerts, that must be addressed by overworked security operations center (SOC) staff.

START Triage Eases the Pain
To reduce the number of security incidents generated by false positives, the new version of IncMan SOAR can ingest alerts from any source via a new API for triage to determine whether they should be converted to an incident or discarded. The START Triage event queue, which is separate from the incident queue, uses the full automation, orchestration and machine learning power of IncMan SOAR’s R³ Rapid Response Runbooks to enrich event information. This allows IncMan SOAR to quickly make a determination regarding the reliability of an alert and whether it merits being turned into a security incident.

The flexible, open and customizable architecture of IncMan SOAR’s START Triage allows it to adapt to virtually any use case and data source, including network alerts, endpoint alerts, transaction fraud alerts, physical security events and threat intelligence alerts. One large European bank is using IncMan SOAR START Triage to ingest fraud alerts for online transactions and integrate with its mainframe, ATM system and other data sources to automate manual enrichment and containment workflows. They have experienced a 90% reduction in processing times for alerts by combining cyber and financial fraud monitoring with IncMan SOAR.

“Not every alert deserves to become and be processed as a security incident, yet that is how SOAR products currently operate. The new release of IncMan SOAR is breaking this cycle,” said Michele Zambelli, CTO of DFLabs. “By applying our automation engine, enrichment and containment capabilities to events using a triage process, we can dramatically reduce the number that are turned into incidents, and placed into the queue for deeper assessment by IncMan and security analysts.”

Additional Enhancements
IncMan SOAR 4.4 includes several new bidirectional integrations from a variety of product categories including SIEM, network defense, endpoint protection and threat intelligence, that broaden its orchestration and automation capabilities. In addition, new enhancements made to IncMan SOAR R³ Rapid Response Runbooks allow one R³ Runbook to call other R³ Runbooks. For example, a phishing R³ Runbook which detects a malicious attachment can now automatically call the appropriate malware R³ Runbook, eliminating the need to create processes within multiple runbooks.

About DFLabs IncMan SOAR
DFLabs IncMan SOAR is the only platform capable of full security incident lifecycle automation. Its patent pending R³ Rapid Response Runbooks use hundreds of automated actions to provide workflows and execute a variety of data enrichment, notification, containment and custom actions based on complex, stateful and logical decision making. This accelerates the ability of responders to assess, investigate and hunt for threats. Runbooks also collect and facilitate knowledge transfer between incident response (IR) and SOC teams.

Availability
DFLabs IncMan SOAR version 4.4 with START Triage is available immediately from DFLabs and its business partners worldwide.

About DFLabs
DFLabs is an award-winning and recognized global leader in security orchestration, automation and response (SOAR) technology. The company’s management team has helped shape the cyber security industry, which includes co-editing several industry standards such as ISO 27043 and ISO 30121. Its flagship product, IncMan SOAR, has been adopted by Fortune 500 and Global 2000 organizations worldwide. DFLabs has operations in Europe, North America, and EMEA. For more information, visit www.dflabs.com or connect with us on Twitter @DFLabs.