IncMan – Incident Response Platform for Security Operations Center
DFLabs IncMan Incident Response Platform for SOC is a purpose-built platform designed to manage and orchestrate Security Operations.
DFLabs IncMan’s library of customizable runbooks orchestrate and automate the response to threat and incident scenarios such as malware, data loss or regulatory breach notification. The solution supports incident responders in assessing, investigating and hunting for threats, and to gather, maintain and transfer knowledge within the Security Operations Center team.
DFLabs IncMan – Incident Response Platform acts as force multiplier – it is possible to manage more incidents in less time with fewer security analysts, and to do so in a repeatable, measurable and enforceable manner.
R3 Rapid Response Runbooks
R3 Rapid Response Runbook
At the heart of IncMan is the R3 Rapid Response Runbook engine. R3 Runbooks are created using a visual editor and support granular, stateful and conditional workflows to orchestrate and automate incident response activities such as incident triage, stakeholder notification, data and context enrichment and threat containment. R3 Runbooks are enhanced by capabilities to empower incident responders in assessing, investigating and hunting for threats, and to gather, maintain and transfer knowledge between IR and SOC teams.
Customizable, Linear and Conditional Runbooks
Over 100 customizable runbooks and playbooks for individual incident types or threats and regulatory frameworks
Complex, stateful and conditional logical decision making to pursue a variety of alternative responses
99+ out of the box automation actions
Graphical visual editor
Full Incident Lifecycle Automation
Triage and Notification
Context Enrichment
Hunting and Investigating
Threat Containment
Dual-Mode Actions
Combine manual, semi-automated and automated actions
Augmenting Security Analysts using Machine Learning
DFLabs patent-pending Automated Responder Knowledge (DF-ARK) module applies machine learning to historical responses to threats, and recommends relevant runbooks and paths of action to manage and mitigate them. DF-ARK applies a supervised case-based reasoning machine learning algorithm.
ARK constructs a model of an organizations threat landscape based on known and historical incidents
ARK scores and evaluates any incident based on unique and shared indicators and attributes and their relevance to historical incidents
The ARK algorithm uses this model to suggest playbooks for similar and related threats
Threats known to the model are considered to have a greater relevance, are scored more reliably, and are assigned a greater urgency and higher priority
ARK requires sufficient training data – it begins with no knowledge, but learns from the experience and actions of your security team, becoming more effective over time.
DFLabs Incident Response Platform for SOC’s at a Glance
The table below highlights further benefits that IncMan offers to Security Operations Centers:
Core SOC Benefits
IncMan’s Solution
Aggregation and correlation of security and incident data
Support for hundreds of 3rd party security technologies via Syslog, CEF and Email parsing
45+ certified bidirectional connectors are included for leading 3rd party security technologies such as ActiveDirectory, Palo Alto, Cisco ThreatGrid, CrowdStrike, and Carbon Black, with many more continuously being added
Database querying for MySQL, MSSQL, PostGreSQL, Microsoft Access and Oracle
Custom Script execution
Bidirectional SOAP API
Customizable linear playbooks and conditional runbooks
Security analysts can create a library of dedicated, customizable and granular runbooks using a graphical editor for individual threat, incident, or asset types
IncMan comes with 100+ customizable playbooks, runbooks and automation actions out of the box
Automatic correlation and re-application of playbooks across tenants in multi-user environments
Integrated Knowledgebase module to disseminate, share and transfer knowledge from experienced to novice analysts and within the team
IncMan has an integrated Knowledgebase Module to document playbooks, threat assessments, threat intelligence, situational awareness and best practices
Segregated and dedicated Knowledge bases can be maintained for individual business units or asset groups
Integrated Knowledgebase library includes GDPR, ISO, NIST and other regulatory frameworks