Request a demo

DFLabs: the Highlights of 2018

Back to all articles

2018 has been a busy and successful year for DFLabs, from expanding teams and increasing technical partnerships and integrations, to newly developed product enhancements with some prestigious award wins along the way. We have therefore decided to summarize our important product landmarks that took place this year in a single blog post, with the idea that it might serve as a timeline and also an overview that outlines our company story and highlights for 2018.

In brief, here’s what happened:

Award Wins

The year kicked off in great style with the announcement in January of two award wins from the GSN Homeland Security Awards. Many more followed throughout the year from prestigious cyber security publications based on the exciting developments and enhancements of our innovative and pioneering IncMan SOAR platform, and the benefits it can bring to organizations and their Security Operations programs. In summary here are the key awards we received.

START Triage

At the beginning of August we announced the latest release of IncMan SOAR Version 4.4. With industry trends in mind we developed v4.4 which included many new features that came directly from our users requirements and suggestions. One of the most exciting features was IncMan’s new automated Triage capability called START (Simple Triage And Rapid Treatment) Triage, which allows alerts to be sent to IncMan via API, syslog or email to be triaged before being converted into an incident, with the aim to confirm the veracity of an alert before declaring an incident. This first of its kind capability was initially used in production by a major European bank to eliminate suspected fraudulent online transactions but it is now successfully being used across a number of varying use cases and industries where the volume of alerts is high from low confidence sources.

Open Integration Framework

Into the next quarter of the year, a few months after the release of IncMan SOAR v4.4, we announced version 4.5, with some of our most exciting enhancements to date. Many of the most significant new features in this release were centered around DFLabs’ commitment to delivering a more open, extensible and community-oriented solution to some of the most challenging problems facing SOCs, CSIRTs and MSSPs today.

The launch of our innovative Open Integration Framework, which is an open standard for defining IncMans SOAR’s integration, enables the fine grained integration of IncMan SOAR with other security tools, meaning organizations now have the capability to fully customize and orchestrate new functions based on the third-party products they use, without the need for complex coding.

As every IT environment is unique with different requirements, this new open approach puts the security team in control of which actions they want to take and which they chose to automate as part of their incident response process. The new framework enables faster integration development, new and extensions of existing integrations, the ability to share custom integrations between users, allows actions from multiple sources to be used for maximum flexibility, as well as perhaps most importantly, increases the openness and community involvement surrounding our IncMan SOAR solution.

New Integrations

Again with the release of IncMan SOAR v4.5, many new integrations became available across a wide variety of product spaces including ITSM, vulnerability management and threat intelligence. This included integrations with AlienVault OTX, RSA NetWitness, ServiceNow and Tenable. We also enhanced several of our existing integrations, including those with IBM QRadar, Splunk and TAXII.

Here’s a list of the full 25+ integrations we’ve established this year, with many more already under development and on the roadmap for 2019.

  • AlienVault OTX

  • Carbon Black Protection

  • CheckPoint

  • CIRCL CVE

  • Cuckoo

  • Cybereason

  • FireEye HX

  • IBM D2B

  • IBM X Force

  • Javelin AD Protect

  • Jira

  • LogPoint

  • McAfee ADT and TIE

  • MicroFocus ArcSight ESM and ArcSight Logger

  • Microsoft EWS and PowerShell

  • Recorded Future

  • RSA NetWitness

  • ServiceNow

  • Tenable.io

  • Tufin

  • Twilio

Community Portal

The final months of this year saw our focus on our community, as we announced our new Community Portal for our customers and partners, which was the result of the efforts to increase community involvement and customer interaction. We created the Community Portal with the goal to make it a hub for customers, where they can access the latest information and support from DFLabs, as well as interact with other customers to share integrations, scripts, Playbooks and more, discussing various SOAR and security topics.

Some of the key features of the Community Portal includes:

  • Community Forums

  • Searchable Knowledge Base and FAQs

  • Access to the Latest Files and Documentation

  • Access to DFLabs’ Framework Integrations

  • Instant Access to DFLabs Support

IncMan Community Edition

Last but not least, we started December with the release of Community Edition of IncMan SOAR, IncMan CE. IncMan CE is a free version of our IncMan SOAR platform allowing organizations to test and experience the benefits of automated and orchestrated incident response in pre-production environments.

IncMan CE is available to verified users through the Community Portal, including educational institutions, research groups, organization interested in evaluating IncMan SOAR for purchase, as well as those Interested in contributing to the DFLabs Community, such as developing integrations.

IncMan CE supports most of the functionality of IncMan, with the following features and capabilities:

  • Support for five user accounts

  • Support for five incidents per day

  • A maximum of five integrations

  • Single tenant

  • 12-month license, subject to renewal each year

  • Support provided via the Community Portal Forum

Other Notable Product Enhancements

On top of the highlighted events above we have seen a number of other product enhancements throughout the year, too many to go into each one in detail. These include a new REST API, new Runbook conditions and capabilities, new Phase Management system, multiple enhancements to our Correlation Engine and Automated Responder Knowledge (ARK), internal Backup and Restore capabilities, bulk incident actions added, expanded incident reporting, parsing of email headers and file attachments and more!

Final thoughts

In a nutshell this blog highlights the key achievements and successes of 2018 for DFLabs and its entire global team and there are many more we wish we could have included. We are already excited about what we have in store for next year and we sincerely hope that 2019 will be as, or even more successful than this year. By working closely together with our current and future clients, continuing our commitment to research and development, as well as taking on board the ever-changing threat landscape around us, we will continue to aspire to work towards achieving our goals - to help organizations overcome their security operations challenges and to keep their cyber incidents under control.

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request a demo