DFLabs Presents Updated Platform to Improve Security Incident Reporting

Back to all articles

DFLabs, provider of Security Orchestration, Automation and Response (SOAR), has just introduced the latest updated version of the IncMan SOAR platform that uses automated event triage to significantly lower the number of alert-generated security incidents.

START (Simple Triage And Rapid Treatment) Triage is used in production by a major European bank to eliminate manual first line assessment of suspected fraudulent online transactions. IncMan SOAR reduces triage time by 90% for cyber fraud events generated by its mainframe and other external systems.

Usually a single security alert received by a SOAR platform generates an incident, which must be investigated. This process can lead to an overwhelming number of security incidents, sometimes created by false positive alerts, that have to be addressed by security operations center (SOC) staff.

The latest version of IncMan SOAR focuses on reducing the number of incidents created by false positives, as it ingests alerts from any source via a new API for triage to determine whether they should be converted to an incident or discarded. Michele Zambelli, CTO of DFLabs says: “Not every alert deserves to become and be processed as a security incident, yet that is how SOAR products currently operate. The new release of IncMan SOAR is breaking this cycle. By applying our automation engine, enrichment and containment capabilities to events using a triage process, we can dramatically reduce the number that are turned into incidents, and placed into the queue for deeper assessment by IncMan and security analysts.”

You can read the full article here

Read article

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request a demo