Why You Want It
DFLabs IncMan Incident Response Platform for SOC is a purpose-built platform designed to manage and orchestrate Security Operations.
IncMan – Incident Response Platform for Security Operations Center
DFLabs IncMan Incident Response Platform for SOC is a purpose-built platform designed to manage and orchestrate Security Operations.
DFLabs IncMan’s library of customizable runbooks orchestrate and automate the response to threat and incident scenarios such as malware, data loss or regulatory breach notification. The solution supports incident responders in assessing, investigating and hunting for threats, and to gather, maintain and transfer knowledge within the Security Operations Center team.
DFLabs IncMan – Incident Response Platform acts as force multiplier – it is possible to manage more incidents in less time with fewer security analysts, and to do so in a repeatable, measurable and enforceable manner.
R3 Rapid Response Runbooks
At the heart of IncMan is the R3 Rapid Response Runbook engine. R3 Runbooks are created using a visual editor and support granular, stateful and conditional workflows to orchestrate and automate incident response activities such as incident triage, stakeholder notification, data and context enrichment and threat containment. R3 Runbooks are enhanced by capabilities to empower incident responders in assessing, investigating and hunting for threats, and to gather, maintain and transfer knowledge between IR and SOC teams.
- Customizable, Linear and Conditional Runbooks
- Over 100 customizable runbooks and playbooks for individual incident types or threats and regulatory frameworks
- Complex, stateful and conditional logical decision making to pursue a variety of alternative responses
- 99+ out of the box automation actions
- Graphical visual editor
- Full Incident Lifecycle Automation
- Triage and Notification
- Context Enrichment
- Hunting and Investigating
- Threat Containment
- Dual-Mode Actions
- Combine manual, semi-automated and automated actions
Augmenting Security Analysts using Machine Learning
DFLabs patent-pending Automated Responder Knowledge (DF-ARK) module applies machine learning to historical responses to threats, and recommends relevant runbooks and paths of action to manage and mitigate them. DF-ARK applies a supervised case-based reasoning machine learning algorithm.
- ARK constructs a model of an organizations threat landscape based on known and historical incidents
- ARK scores and evaluates any incident based on unique and shared indicators and attributes and their relevance to historical incidents
- The ARK algorithm uses this model to suggest playbooks for similar and related threats
- Threats known to the model are considered to have a greater relevance, are scored more reliably, and are assigned a greater urgency and higher priority
ARK requires sufficient training data – it begins with no knowledge, but learns from the experience and actions of your security team, becoming more effective over time.
DFLabs Incident Response Platform for SOC’s at a Glance
The table below highlights further benefits that IncMan offers to Security Operations Centers:
| Core SOC Benefits | IncMan’s Solution |
| Aggregation and correlation of security and incident data |
|
| Customizable linear playbooks and conditional runbooks |
|
| Integrated Knowledgebase module to disseminate, share and transfer knowledge from experienced to novice analysts and within the team |
|
| Repeatable, enforceable, measurable & effective incident response workflows |
|
| Customizable dashboards and widgets to gain immediate situational awareness of operations and threats |
|
| Generate operational performance reports with an integrated reporting engine |
|
| Powerful case management |
|
| Threat and incident data visualization and analysis |
|
Deployment
IncMan is deployed as a Virtual Machine or dedicated HW appliance
- High availability and load balancing
- Multitenant architecture
- Scalable incident response platform, can be integrated with NAS and SAN
