Sharing Critical Security Information Using DFLabs SOAR and McAfee OpenDXL

Back to all articles

In security, information is power. Having actionable information available at the touch of a button can be the difference between stopping a threat in its tracks and becoming the victim of the next big breach. However, the many disparate security products deployed in most organizations make information sharing and integration difficult, if not impossible.

Lack of information sharing and integrations between security products leads to a time consuming and disjointed response to a security incident; an environment ripe for mistakes to be made.

Information sharing and security product integration and orchestration have always been at the core of the many values provided by DFLabs. By designing a solution that is OpenDXL compatible, DFLabs has provided joint DFLabs and McAfee customers with yet another way to streamline their security processes.

DFLabs IncMan SOAR and McAfee OpenDXL solve these specific challenges:

  • How can I share security information between my security products?
  • How can I quickly integrate my security products without the need for time-consuming custom integrations?

McAfee’s OpenDXL allows compatible security applications to seamlessly share security information without the need for complicated custom integrations. DFLabs IncMan OpenDXL implementation is now certified as McAfee compatible. All integrations between DFLabs IncMan platform and McAfee, including ePO, ATD and TIE, have been enhanced to include OpenDXL, significantly reducing the complexity gathering actionable enrichment information from these solutions.

OpenDXL lets developers join an adaptive system of interconnected services that communicate and share information to make real-time accurate security decisions. OpenDXL leverages the Data Exchange Layer (DXL), which many vendors and enterprises already utilize, and delivers a simple, open path for integrating security technologies regardless of vendor.

Together, this integration enables the ability to share information seamlessly between IncMan SOAR and McAfee products using OpenDXL, which leverages the power of OpenDXL for easy to use, feature rich integrations between products.

One of the most common and versatile use cases for OpenDXL within IncMan is integration with McAfee Threat Intelligence Exchange (TIE). McAfee TIE is a reputation broker which combines threat intelligence from imported global sources, such as McAfee Global Threat Intelligence (McAfee GTI) and third-party threat information (such as VirusTotal) with intelligence from local sources, including endpoints, gateways, and advanced analysis solutions. Using Data Exchange Layer (DXL), it instantly shares this collective intelligence across your security ecosystem, allowing security solutions to operate as one to enhance protection throughout the organization.

McAfee TIE makes it possible for administrators to easily tailor threat intelligence. Security administrators are empowered to assemble, override, augment, and tune the comprehensive intelligence information to customize protection for their environment and organization. This locally prioritized and tuned threat information provides instant response to any future encounters. Threat intelligence from McAfee TIE can be used to enrich indicators, such as file hashes, using IncMan’s R3 Rapid Response Runbooks to enable intelligent automated or manual decisions during the incident response process.

DFLabs IncMan also integrates with other McAfee tools. You can learn more about our integration with McAfee ATD and ePO in our previous blog posts.

Detect, Analyze and Respond to Advanced Malware with DFLabs SOAR Platform and McAfee ATD
Full Lifecycle Threat Management by Integrating DFLabs SOAR with McAfee ePO

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request Your Live IncMan SOAR Demo.

DFLabs IncMan SOAR is the pioneering Security Orchestration, Automation and Response (SOAR) platform to automate, orchestrate and measure security operations tasks.

IncMan SOAR harnesses machine learning and automation capabilities to augment human analysts to maximize the effectiveness and efficiency of security operations teams, reducing the time from breach discovery to resolution by up to 80%.

What You'll See in a Demo

See for yourself why IncMan SOAR is the preferred solution of Fortune 500, Global 2000 and MSSP clients. DFLabs IncMan SOAR at a glance:

  • Full and semi-automated Incident Response, improving response times by up to 80%
  • Covers the entire spectrum of IR and SecOps
  • Automated Responder Knowledge (ARK) generated by machine learning
  • Highly flexible and customizable, with over 100 templates and automation actions out of the box
  • Correlation engine correlates all relevant IOCs and artefacts between incidents
  • Multi-tenancy and granular role-based access
  • Dual mode playbooks and intelligence sharing
  • Powerful case management with integrated forensics capabilities.

Yes, I want a demo

DFLabs would like to stay in touch to provide you with marketing related content. By ticking the box you consent to receive educational, company and promotional information from DFLabs and accept DFLabs' Privacy Policy.

* Required fields