DFLabs Names New VP of Global Sales and Business Development

DFLabs Security Orchestration, Automation and Response (SOAR) provider, has named Tito Avila as its VP of global sales and business development.

Avila, a 20-year veteran and former Fortinet executive, is tasked to build out the vendor’s global sales organization, extending its reach and expanding its portion of the relatively young SOAR technology market. In that regard, Avila’s appointment is particularly important to managed security service providers (MSSPs) and security-oriented managed service providers (MSPs).

The key reason is the SOAR market appears poised for rapid growth, making it a fertile territory for the channel. Dario Forte, DFLabs founder, and CEO, suggested that Avila’s international experience was a significant factor in his hiring. “He has the international and domain experience to help DFLabs aggressively grow our market share, enter new markets and build a global sales organization,” Forte said.

“The biggest challenge facing organizations is and will continue to be the lack of skilled people to keep threats at bay,” Avila said. “Tools like IncMan SOAR are finally addressing this hurdle through automation and AI. “I’m looking forward to accelerating the growth of our sales team and infrastructure to capture a greater share of the global SOAR market”, Avila added.

This article was originally published on MSSP Alert. Read the full article here.

What is the Role of Incident Response in ICS Security Compliance?

Incident response and its data-driven nature can provide many of the reporting requirements governing industrial control system safety, finance, consumer privacy, and notifications.

Regulatory compliance in industrial environments creates unique challenges that can’t be found in traditional IT settings. A major source of this complexity originates from the pre-Internet, largely proprietary nature of industrial control system (ICS) networks, specifically their lack of open computing standards, which are taken for granted in IT networks. These closed ICS networks are very hard to upgrade and even harder to maintain in compliance with state, federal, and industry regulations.

Moreover, most ICS networks lack built-in security components, such as automated asset management, proactive security monitoring, and real-time threat analysis and prevention. In addition to this, most applicable regulations and guidelines apply to verticals such as healthcare and energy and cover ICS only either indirectly or at a very high level.

Read the entire article here.

8 Key Ways Security Automation and Orchestration Tools Transform Security Operations

In the attempt to stay ahead of cyberattackers, more and more companies turn to a new category of security tools: security automation and orchestration solutions.

Gartner, which named the products as Security Orchestration, Automation and Response (SOAR) solutions, reported that less than 1 percent of businesses with more than five IT security professionals were using SOAR tools by the end of last year. Furthermore, the firm predicts that by 2020, 15 percent of those organizations will be using the tools.

Enterprise Strategy Group (ESG) found somewhat higher numbers of enterprises using SOAR tools. According to their research, “19 percent of enterprise organizations have adopted security operations automation and orchestration technologies extensively, 39 percent have done so on a limited basis, and 26 percent are currently engaged in a project to automate/orchestrate security operations.”

DFLabs has been listed among the leading security automation and orchestration vendors around the globe.

Read the entire article here.

John Moran, DFLabs’ Senior Product Manager TV Interview with Chuck Harold at Black Hat 2018

DFLabs’ Senior Product Manager, John Moran joins Chuck Harold from Security Guy TV for an interview at Black Hat 2018 in Las Vegas. In this short interview, John Moran introduces the concept of security orchestration, automation and response (SOAR) technology, and explains what will happen if companies don’t start with automation. He further gives examples of how orchestration and automation of the incident response process actually help a company defend itself against growing sophisticated cyber attacks. He points out that automation doesn’t mean replacing and firing people, on the contrary, how to make the teams within a company work more effectively.

Watch the full interview here.

5 Core Elements Of A Successful Incident Response Program

IBM’s 2018 Cost of a Data Breach study shows that the impact of a data breach on an organization averages $3.86 million, while more serious and severe “mega breaches” can cost hundreds of millions of dollars. The difference between a data breach and a “mega breach” often comes down to the effectiveness and speed of the incident response process.

The most successful incident response programs are excellent in the following core areas: visibility, incident management, workflows, threat intelligence, and collaboration/information-sharing.

The following lines will focus on the things required to achieve excellence in each of these components from a systems level perspective.


With the variety and number of security products deployed in the average enterprise, visibility into the output of these tools is the basis of all incident response systems. Aggregating data feeds from commercial and open-source products, as well as anything developed in-house, is required.

When deploying an incident response management system, take into consideration platforms that support the most common security products out of the box. Since few can support everything by default, flexibility to add bi-directional integrations with security products which are not supported by default is an important issue.


Read the full article here.

What Happens When You Combine SOAR with Existing Security Technologies

Security teams and Security Operations Centers across the industry face many similar challenges, some of which include increased workload, budget constraints, competition for skilled analysts and repeating manual processes.

Managed Security Service Providers (MSSPs) are facing many of these challenges, multiplied by the scale at which they operate.  Enterprises across the globe are increasingly turning to Security Orchestration, Automation and Response (SOAR) solutions to address these growing challenges.

It now seems clear that SOAR is not just a feature. It is actually becoming a critical component of an advanced security program.  Our existing manual processes simply do not scale to the level they must.

Enterprises cannot continue to respond to today’s growing security threats effectively without some level of automation and orchestration.  Gartner predicts that the adoption of SOAR solutions will increase enormously over the next several years.

Read the entire article here.

DFLabs Announced a New version of IncMan SOAR Platform With Automated Event Triage

DFLabs, the pioneer in Security Orchestration, Automation and Response (SOAR) has just announced a new version of the IncMan SOAR platform that uses automated event triage to hugely reduce the number of security incidents generated from alerts.

With its unique capability the START (Simple Triage And Rapid Treatment) Triage is already used in production by a major European bank to banish manual first-line assessment of suspected fraudulent online transactions. IncMan SOAR reduces triage time by 90% for cyber fraud events generated by its mainframe and other external systems.

IncMan SOAR with START Triage will be demonstrated at Black Hat USA 2018 at their booth #IC2329 on August 8-9 at Mandalay Bay in Las Vegas.

Read the entire article here.


DFLabs to Release Free Live Forensics Tool at Black Hat USA 2018

DFLabs’ Senior Product Manager, John Moran will promote and discuss the release of a free live forensics tool at Black Hat USA 2018.

Prior to DFLabs, Moran was a computer forensic analyst for the Maine State Police Computer Crimes Unit and computer forensics task force officer for the U.S. Department of Homeland Security. The constant challenges he ran across led to finding the right combination of tools for the forensic information he needed. The solution to this challenge was writing his own tool called No-Script Automation Tool (NAT), which he’ll personally promote on Aug. 8 at the Black Hat USA 2018 conference in Las Vegas.

Moran told eWEEK: “I’m going to talk a little bit about live forensics as a whole and the do’s and don’ts for forensic analysis, but really the whole purpose of the talk is to show the tool that basically came out of my experiences working in incident response.”

Moreover, he said that he often had to use 30 or more tools to get the necessary information. Figuring out the proper configuration options for various tools, as well as getting every single tool to run and export information took too much time.

Moran adds: “I wanted to build a tool that would be a one-click thing that would enable incident responders to run the right tools and it would just work. This tool also allows responders to verify the tools they are running, so it has a known good list of accepted, authentic tools.”

Read the entire article here.