About DFLabs


DFLabs is the pioneer in Security Orchestration, Automation and Response technology. Our IncMan SOAR platform enables CSIRTs and SOCs to manage, measure and orchestrate security operations tasks including security incident qualification, triage and escalation, threat hunting & investigation and threat containment.

At the heart of IncMan is our R3 Rapid Response Runbook engine. R3 runbooks are created using a visual editor that supports granular, stateful and conditional workflows to orchestrate and automate incident response activities such as incident triage, stakeholder notification, data and context enrichment and threat containment. R3 runbooks are enhanced by capabilities to empower incident responders in assessing, investigating and hunting for threats, and to gather, maintain and transfer knowledge between IR and SOC teams. Our patent-pending Automated Responder Knowledge (DFLabs ARK) module applies machine learning to historical responses to threats, and recommends relevant playbooks and paths of action to manage and mitigate them.

We are proud to be a European Cybersecurity Vendor with Research and Development based in Italy. We have been acknowledged as the leading continental European Cybersecurity vendor by Cybersecurity Ventures.

DFLabs’ management team is composed of seasoned leaders from the government and private sector, including the EU, Accenture, Deutsche Bank, Gartner and Guidance Software. We are recognized for our industry experience in the information security field including contributing to industry standards such as ISO 27043 and ISO 30121.

★ IncMan is a preferred solution of over 100 satisfied clients, with 60% of customers in the Fortune 500 and Global 2000

★ Listed in the top 20 most innovative Cybersecurity companies in Cybersecurity Ventures Cybersecurity500


Cyber incidents under control™

Our mission is to harness machine learning and automation to orchestrate intelligence-driven Security Operations and Incident Response.

★ Maximize the effectiveness and efficiency of security operations teams

★ Minimize the time from breach discovery to resolution

★ Increase the return on investment for existing security technologies.

★ Orchestrate, automate and measure security operations and incident response


Supervised Active Intelligence™

Our vision is to enable full spectrum intelligence-driven command and control of your security operations, orchestrating the entire incident and investigation lifecycle for SOC and CSIRT teams

★ Augment security analysts and incident responders with automation and machine-learning

★ Equalize the advantage of threat actors using automated tools and command & control capabilities

★ Safely automate threat containment to reduce the time from breach discovery to mitigation