DFLabs 3rd Party Integrations vs the Market

Back to all articles

dflabs 3rd party integrations vs the market

A consistent feedback point we receive from our users is that their security technology stack is rapidly growing to keep pace with the evolving threat landscape. The days where it was sufficient to deploy a firewall, an intrusion prevention system, antivirus and an identity access management system are long gone. Enterprises are literally spoilt when it comes to selecting a wide variety of different security technologies – User Entity Behaviour Analytics (UEBA), Network Traffic Analysis (NTA), Endpoint Detection and Response (EDR), Breach and Attack Simulation (BAS), are just a few of the emerging technologies available to security teams, and this list does not even include mobile, cloud and IoT offerings that are required to secure the expanding attack surface. This can seem daunting to many organizations, not just the budgetary impact, but also the fact that every one of these technologies requires the expertise and knowledge to effectively operate them.

As a vendor offering a Security Orchestration, Automation, and Response platform that is designed to integrate with, and orchestrate these different solutions, we often have to make difficult choices as to what we integrate with, and how deeply we integrate. Our focus is on market-leading security technologies, technologies we identify as emerging but of growing importance and effectiveness, and of course also based on what our customers have deployed and ask us to integrate.

There is a trend in our market to exaggerate the amount of 3rd party integrations. Marketing collateral often cites hundreds of different 3rd party tools, yet rarely differentiates between the depth of the integration, whether these are truly bidirectional and whether they certified by the 3rd party. As an example, any solution that supports Syslog can claim to support hundreds of 3rd party technologies. It’s an open standard and many solutions can forward syslog message to a syslog collector. But that does not necessarily mean that the solution also has out of the box parsers to normalize the messages, or that there are automation actions, playbooks or report templates available that can parse and use their content.

Reducing this to a pure quantitative marketing message also entirely misses the point. Organization only really care about the technologies they have deployed, or are planning to acquire. The quantity here is entirely misleading. More importantly, users are not stupid. They will see through this charade at the latest when conducting a proof of concept. And at that point any vendor following this approach has some uncomfortable explaining to do. No relationship, personal or business, gets off to a good start based on fudging the truth.

I have rarely seen an RFP that was based purely on a quantitative measure of supported 3rd party integrations, so it is baffling why marketers believe this to have any impact.

At DFLabs we have decided to go a different way. We want to clearly state which of our integrations are bidirectional as opposed to only based on data ingestion, and which integrations are certified, or compatibility tested by our integration partners.

While at first glance this appears to put as at a disadvantage, we trust in the intelligence of our customers. We hope that it will help them to make better-informed decisions and they give us credit for being honest and realistic.

Related Articles

John Moran / 16 Oct 2018

Add Context and Enrich Alert Information for a More Effective Response with DFLabs and ArcSight

In this blog post we’ll take a closer look at how security teams can increase the efficiency and effectiveness of their response by adding context and enrichment to the security alert information directly from ArcSight, when utilizing DFLabs’ SOAR solution.

Read blog

John Moran / 14 Aug 2018

Automate Actionable Network Intelligence with Tufin and DFLabs SOAR Platform

Learn more about the current challenges faced by security operations teams and how they can harness vast amounts of network intelligence available.

Read blog

John Moran / 29 Nov 2018

Automate Advanced Dynamic Malware Analysis with Cuckoo Sandbox and DFLabs

Read blog

John Moran / 2 Oct 2018

Automate Evidence Gathering and Threat Containment by Orchestrating Response Efforts with Carbon Black Defense

The integration between DFLabs’ IncMan SOAR platform and Carbon Black Defense’s antivirus and EDR solution allows companies to automate evidence gathering and threat containment efforts.

Read blog

John Moran / 20 Sep 2018

Contain Threats and Stop Data Exfiltration with DFLabs and McAfee Web Gateway

Read blog

John Moran / 13 Jun 2018

Detect, Analyze and Respond to Advanced Malware with DFLabs SOAR Platform and McAfee ATD

Learn how a security operations team can detect, analyze and respond to evasive, advanced malware by utilizing McAfee ATD with DFLabs IncMan SOAR platform

Read blog

John Moran / 18 Apr 2018

DFLabs IncMan SOAR Platform Integrates with Recorded Future and Tufin

DFLabs is excited to announce two new technology partnerships with recognized industry leaders: Recorded Future and Tufin

Read blog

John Moran / 2 Aug 2018

Full Lifecycle Threat Management by Integrating DFLabs SOAR with McAfee ePO

Discover how DFLabs IncMan SOAR platform enables McAfee customers to execute full lifecycle threat management by integrating DFLabs SOAR with McAfee ePO.

Read blog

John Moran / 12 Jul 2018

Gain Actionable Threat Intelligence Utilizing DFLabs SOAR and IBM X-Force Exchange

Learn how a security program can automate the collection of actionable threat intelligence utilizing IBM X-Force Exchange with its integration with DFLabs

Read blog

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request Your Live IncMan SOAR Demo.

DFLabs IncMan SOAR is the pioneering Security Orchestration, Automation and Response (SOAR) platform to automate, orchestrate and measure security operations tasks.

IncMan SOAR harnesses machine learning and automation capabilities to augment human analysts to maximize the effectiveness and efficiency of security operations teams, reducing the time from breach discovery to resolution by up to 80%.

What You'll See in a Demo

See for yourself why IncMan SOAR is the preferred solution of Fortune 500, Global 2000 and MSSP clients. DFLabs IncMan SOAR at a glance:

  • Full and semi-automated Incident Response, improving response times by up to 80%
  • Covers the entire spectrum of IR and SecOps
  • Automated Responder Knowledge (ARK) generated by machine learning
  • Highly flexible and customizable, with over 100 templates and automation actions out of the box
  • Correlation engine correlates all relevant IOCs and artefacts between incidents
  • Multi-tenancy and granular role-based access
  • Dual mode playbooks and intelligence sharing
  • Powerful case management with integrated forensics capabilities.

Yes, I want a demo

DFLabs would like to stay in touch to provide you with marketing related content. By ticking the box you consent to receive educational, company and promotional information from DFLabs and accept DFLabs' Privacy Policy.

* Required fields