John Moran, DFLabs’ Senior Product Manager TV Interview with Chuck Harold at Black Hat 2018

DFLabs’ Senior Product Manager, John Moran joins Chuck Harold from Security Guy TV for an interview at Black Hat 2018 in Las Vegas. In this short interview, John Moran introduces the concept of security orchestration, automation and response (SOAR) technology, and explains what will happen if companies don’t start with automation. He further gives examples of how orchestration and automation of the incident response process actually help a company defend itself against growing sophisticated cyber attacks. He points out that automation doesn’t mean replacing and firing people, on the contrary, how to make the teams within a company work more effectively.

Watch the full interview here.

What Happens When You Combine SOAR with Existing Security Technologies

Security teams and Security Operations Centers across the industry face many similar challenges, some of which include increased workload, budget constraints, competition for skilled analysts and repeating manual processes.

Managed Security Service Providers (MSSPs) are facing many of these challenges, multiplied by the scale at which they operate.  Enterprises across the globe are increasingly turning to Security Orchestration, Automation and Response (SOAR) solutions to address these growing challenges.

It now seems clear that SOAR is not just a feature. It is actually becoming a critical component of an advanced security program.  Our existing manual processes simply do not scale to the level they must.

Enterprises cannot continue to respond to today’s growing security threats effectively without some level of automation and orchestration.  Gartner predicts that the adoption of SOAR solutions will increase enormously over the next several years.

Read the entire article here.

DFLabs Announced a New version of IncMan SOAR Platform With Automated Event Triage

DFLabs, the pioneer in Security Orchestration, Automation and Response (SOAR) has just announced a new version of the IncMan SOAR platform that uses automated event triage to hugely reduce the number of security incidents generated from alerts.

With its unique capability the START (Simple Triage And Rapid Treatment) Triage is already used in production by a major European bank to banish manual first-line assessment of suspected fraudulent online transactions. IncMan SOAR reduces triage time by 90% for cyber fraud events generated by its mainframe and other external systems.

IncMan SOAR with START Triage will be demonstrated at Black Hat USA 2018 at their booth #IC2329 on August 8-9 at Mandalay Bay in Las Vegas.

Read the entire article here.


Four Reasons Why Companies Fail At Incident Response

DFLabs’s CEO Dario Forte pinpoints the main reasons why many companies today still can’t seem to create the suitable plan when it comes to incident response.

Today, a vast number of companies throughout many different industries are still exposed to continuous security breaches of various kinds. This year only, companies such as Best Buy, Delta, Orbitz, Panera, Saks Fifth Avenue, and Sears, have all been victims to some type of cyber-security threat.

Security threats have become very sophisticated with the rise of new technologies and companies need to fight them back. However, these are not always tested for security flaws and create difficult gaps for companies in their battle for protection of their assets.

Read the entire article here.

Tufinnovate Awards For Top Performing Channel Partners

Tufin’s Annual User & Partner Conference, Tufinnovate, recognized their Partners of the Year. The award went to the top performing channel partners that brought most value to their regions and joint customers during the past year. The winners were announced at Tufinnovate that was held in Barcelona on June 19-21 and in Boston on July 10-12.

The complexity of the modern enterprise networks makes it crucial for channel partners to ensure best-in-class network security orchestration solution in their portfolio. In order to achieve this, Tufin teamed up with more than 600 channel partners worldwide.

Tufin’s two prominent programs are the Service Delivery Partner Program  and Technology Alliance Partner (TAP) Program. The former enables their partners to be more services-ready, and the value is twofold – partners have the tools necessary to get additional service revenues, while offering clients best-in-class user experience through certified technical resources.

The latter opens a new avenue to meet customer’s needs, by extending the abilities of the company’s Orchestration Suite. With the addition of inaugural members Cybereason, Cyber Observer, DFLabs, Reposify, and Swimlane, Tufin Orchestration Suite can now address 4 new use cases: Security Incident Enrichment, Security Incident Response, Compliance, and Risk Assessment.

With these partners, Tufin has designed strong partner ecosystem that enables them to provide extensive solutions for security policy orchestration.

The entire article can be read here.

451 Research Report Says DFLabs Brings MSSPs a Holistic View of Cyber Threats and Accelerates Incident Response

DFLabs’ IncMan security, orchestration, automation and response (SOAR) platform has been cited for the ability to increase revenues, lower operational costs and deliver more value to MSSPs in the new 451 Research Report. According to the 451 Research report, DFLabs provides MSSPs with a broad set of capabilities to streamline and scale operations, improve effectiveness and efficiency and create new revenue streams.

The 451 Research Impact Report, “DFLabs brings security automation and orchestration to MSSPs,” was published on June 5 and can be downloaded here.

“MSSPs need advanced capabilities to manage, measure and maximize the effectiveness and efficiency of their operations, and aggregate analyst knowledge. But they lack the resources to build these on their own,” said Aaron Sherrill, Senior Analyst at 451 Research. “With support for granular risk factors, machine learning, semi to full automation, incident triage, playbooks and built-in integrations to over 100 cybersecurity tools, DFLabs provides MSSPs a holistic SOAR platform that accelerates responses to threats facing their customers.”

This press release was originally published on Business Wire. Read the full press release here.

DFLabs Integrates with Carbon Black for Comprehensive Cyber Incident Response Automation and Orchestration

Boston – January 10, 2017DFLabs, the global leader in cyber incident response automation and orchestration, announced today its integration with Carbon Black, the leader in next-generation endpoint security, to provide a fully integrated solution for cyber incident response.

The native integration combines DFLabs’ IncMan cyber incident response automation and orchestration platform with Carbon Black’s Cb Response to give users advanced visibility into cyber incidents to speed the investigation, prioritization, and response to incidents in one single orchestration report while improving the management of threats.

This development represents another milestone in DFLabs’ comprehensive integration partnership portfolio with security data sources to “connect all the dots” with in the incident response process – from SIEMs to end-point detection and response, email notification, malware analysis and threat intelligence services. Through this single, transparent pane of glass customers can easily gain actionable intelligence and automatically share bi-directional data with their communities while retaining critical control and evidence through human supervision of the process.

“Driven by the demand of our high-profile F500 customers, the combination of DFLabs and Carbon Black is a powerful solution for our customers, enabling them to seamlessly triage and remediate cyber attacks. To stay ahead of the threat, collaboration is critical, and this important partnership further demonstrates our rapid technology advancements, vision for Supervised Active Intelligence™, and commitment to helping CISOs around the world get their cyber incidents under control,” said Dario Forte, Founder, and CEO of DFLabs.

”Responding quickly to today’s advanced threats is vital for businesses to keep their critical data safe,” said Tom Barsi, Carbon Black’s senior vice president of business development. “Through this integration, DFLabs and Carbon Black are empowering security teams to remediate cyber attacks faster and more conclusively than ever before.”

IncMan integrates with a multitude of sources for alerts, including but not limiting to SIEM, ticketing systems, Threat Intelligence communities, and any external application that can invoke IncMan API’s. Additionally, Syslog alerts and emails can automatically trigger the creation of an incident, alerting and notifying the most appropriate team on their mobile phone, and assigning the most efficient playbooks (i.e. workflows) to provide a timely automated response. IncMan also represents a centralized repository for case management and advanced analytics or customized personal dashboards as well as features a smart KPI engine helps the user to promptly answer inquiries from executive management.

Active data breach and privacy regulations are making incident response platforms mandatory. DFLabs is the first mover in fast growing categories of Security Operations, Analytics and Reporting (SOAR) and Security Incident Response Platforms (SIRP). DFLabs is recognized for its unique approach to automation that provides a highly customizable solution that meets the specific needs of any industry while joining automation and human resources so that the enterprises can improve security.

Cb Response is the market-leading incident response and threat hunting solution. Only Cb Response continuously records and centralizes all endpoint activity, giving Incident Responders, SOC analysts, and MSSPs the complete, real-time information they need to understand exactly how attackers are targeting their organization so they can identify the root cause, hunt anomalous behavior, and isolate threats. With Cb Response, organizations can streamline alert validation, accelerate investigations, reduce dwell time, eliminate unnecessary reimaging, and limit IT involvement in the security life cycle process.

About DFLabs
DFLabs is a recognized global leader in cyber incident response automation and orchestration. The company is led by a management team recognized for its experience in and contributions to the information security field including co-edited many industry standards such as ISO 27043 and ISO 30121. IncMan – Cyber Incidents Under Control – is the flagship product, adopted by Fortune 500 and Global 2000 organizations worldwide. DFLabs has operations in North America, Europe, Middle East, and Asia with US headquarters in Boston, MA and World headquarters in Milano, Italy. For more information visit: or connect with us on Twitter @DFLabs.


Media contacts:
Leslie Kesselring, Kesselring Communications
[email protected]