What is the Role of Incident Response in ICS Security Compliance?

Incident response and its data-driven nature can provide many of the reporting requirements governing industrial control system safety, finance, consumer privacy, and notifications.

Regulatory compliance in industrial environments creates unique challenges that can’t be found in traditional IT settings. A major source of this complexity originates from the pre-Internet, largely proprietary nature of industrial control system (ICS) networks, specifically their lack of open computing standards, which are taken for granted in IT networks. These closed ICS networks are very hard to upgrade and even harder to maintain in compliance with state, federal, and industry regulations.

Moreover, most ICS networks lack built-in security components, such as automated asset management, proactive security monitoring, and real-time threat analysis and prevention. In addition to this, most applicable regulations and guidelines apply to verticals such as healthcare and energy and cover ICS only either indirectly or at a very high level.

Read the entire article here.

John Moran to Reveal Best Practices for “Live Box” Forensics at SANS Threat Hunting and IR Summit

DFLabs’ Senior Product Manager and an expert in security operations, incident response, digital forensics and investigations John Moran, will present best practices for using “live box” forensics at the upcoming SANS Threat Hunting and Incident Response Summit in New Orleans on September 7, 2018.

As organizations experience an increase in complex cyber threats and advanced attack techniques, such as the use of file-less malware, security operations personnel are turning to the use of “live box” forensics in threat hunting, despite its perceived risks and pitfalls. With this in mind, John will detail the Dos and Don’ts when conducting “live box” forensics for threat hunting and provide a best practices framework for incident response teams. Moreover, he will use a newly released free Windows tool that automates data acquisition to demonstrate “live box” techniques.

Learn more about the Summit here.

This press release was originally published on Business Wire. Read the full press release here.

DFLabs Announced a New version of IncMan SOAR Platform With Automated Event Triage

DFLabs, the pioneer in Security Orchestration, Automation and Response (SOAR) has just announced a new version of the IncMan SOAR platform that uses automated event triage to hugely reduce the number of security incidents generated from alerts.

With its unique capability the START (Simple Triage And Rapid Treatment) Triage is already used in production by a major European bank to banish manual first-line assessment of suspected fraudulent online transactions. IncMan SOAR reduces triage time by 90% for cyber fraud events generated by its mainframe and other external systems.

IncMan SOAR with START Triage will be demonstrated at Black Hat USA 2018 at their booth #IC2329 on August 8-9 at Mandalay Bay in Las Vegas.

Read the entire article here.

 

DFLabs to Release Free Live Forensics Tool at Black Hat USA 2018

DFLabs’ Senior Product Manager, John Moran will promote and discuss the release of a free live forensics tool at Black Hat USA 2018.

Prior to DFLabs, Moran was a computer forensic analyst for the Maine State Police Computer Crimes Unit and computer forensics task force officer for the U.S. Department of Homeland Security. The constant challenges he ran across led to finding the right combination of tools for the forensic information he needed. The solution to this challenge was writing his own tool called No-Script Automation Tool (NAT), which he’ll personally promote on Aug. 8 at the Black Hat USA 2018 conference in Las Vegas.

Moran told eWEEK: “I’m going to talk a little bit about live forensics as a whole and the do’s and don’ts for forensic analysis, but really the whole purpose of the talk is to show the tool that basically came out of my experiences working in incident response.”

Moreover, he said that he often had to use 30 or more tools to get the necessary information. Figuring out the proper configuration options for various tools, as well as getting every single tool to run and export information took too much time.

Moran adds: “I wanted to build a tool that would be a one-click thing that would enable incident responders to run the right tools and it would just work. This tool also allows responders to verify the tools they are running, so it has a known good list of accepted, authentic tools.”

Read the entire article here.

Four Reasons Why Companies Fail At Incident Response

DFLabs’s CEO Dario Forte pinpoints the main reasons why many companies today still can’t seem to create the suitable plan when it comes to incident response.

Today, a vast number of companies throughout many different industries are still exposed to continuous security breaches of various kinds. This year only, companies such as Best Buy, Delta, Orbitz, Panera, Saks Fifth Avenue, and Sears, have all been victims to some type of cyber-security threat.

Security threats have become very sophisticated with the rise of new technologies and companies need to fight them back. However, these are not always tested for security flaws and create difficult gaps for companies in their battle for protection of their assets.

Read the entire article here.

DFLabs to Discuss How Orchestration Can Facilitate Knowledge Transfer and Improve Incident Response at SANS SOC Summit 2018

DFLabs’ Vice President of Professional Services, Mike Fowler will present a session on improving incident response capabilities and how to overcome the shortage of skilled security operations staff at the SANS Security Operations Center Summit on Monday, July 30, 2018 at 12 PM noon CDT.

The shortage of skilled SOC personnel worldwide is only getting worse. With increasing workloads, inexperienced security analysts need to be brought up to speed quickly so they can contribute effectively to SOC Operations. In this session, “Leveraging Orchestration to Facilitate Knowledge Transfer in Security Operations,” Mike Fowler will present a framework that combines a traditional and new knowledge transfer techniques with the help of orchestration to enable under-resourced SOCs to achieve new levels incident response efficiency and productivity.

This press release was originally published on Business Wire. Read the full press release here.

451 Research Report Says DFLabs Brings MSSPs a Holistic View of Cyber Threats and Accelerates Incident Response

DFLabs’ IncMan security, orchestration, automation and response (SOAR) platform has been cited for the ability to increase revenues, lower operational costs and deliver more value to MSSPs in the new 451 Research Report. According to the 451 Research report, DFLabs provides MSSPs with a broad set of capabilities to streamline and scale operations, improve effectiveness and efficiency and create new revenue streams.

The 451 Research Impact Report, “DFLabs brings security automation and orchestration to MSSPs,” was published on June 5 and can be downloaded here.

“MSSPs need advanced capabilities to manage, measure and maximize the effectiveness and efficiency of their operations, and aggregate analyst knowledge. But they lack the resources to build these on their own,” said Aaron Sherrill, Senior Analyst at 451 Research. “With support for granular risk factors, machine learning, semi to full automation, incident triage, playbooks and built-in integrations to over 100 cybersecurity tools, DFLabs provides MSSPs a holistic SOAR platform that accelerates responses to threats facing their customers.”

This press release was originally published on Business Wire. Read the full press release here.

DFLabs and LogPoint Team Up to Accelerate Cyber Incident Detection and Response

DFLabs, the pioneer in Security Orchestration, Automation and Response (SOAR) technology has joined forces with LogPoint, the next generation SIEM and Big Data Analytics company to provide rapid detection and faster remediation of security incidents. The combination of DFLabs’ IncMan Security Orchestration, Automation and Response and LogPoint SIEM provides end-to-end visibility to neutralize cyber threats.

“The deep integration of the LogPoint SIEM with DFLabs IncMan combines the power of each solution to create a more robust, efficient and responsive security program,” said Dario Forte, CEO, and Founder of DFLabs. “Together IncMan and LogPoint enable organizations to automate most of the work performed by security analysts, and accelerate incident detection and response actions from hours to seconds.”

“With accelerated detection and response and the added benefit of utilizing playbooks and runbooks to formalize the response handling procedure, we will provide true operational value to our customers,” said Jesper Zerlang, CEO of LogPoint. “From a business value perspective, LogPoint and DFLabs are individually delivering the best feature to price ratio in the market, but even more so as a joint solution.”

This press release was originally published on BusinessWire. Read the full press release here.

DFLabs CEO Dario Forte @GTSC Homeland Security Today: PERSPECTIVE: Critical Infrastructure Threats Placing Incident Response in the Crosshairs

Read the new article by Dario Forte, DFLabs’ CEO for GTSC Homeland Security Today titled “PERSPECTIVE: Critical Infrastructure Threats Placing Incident Response in the Crosshairs“. In this article, Dario Forte talks about the state of incident response in critical infrastructure and how a proactive threat hunting can be very effective in preventing sophisticated threat actors. He indicates that having a developed plan, process and procedures in place for incident response is important in every industry. For critical infrastructures, incident response capabilities must adhere to a much higher standard, where the stakes of a cyber incident include physical damage and public safety concerns.

This article was originally published on GTSC Homeland Security Today. Read the full article here.