DFLabs, provider of Security Orchestration, Automation and Response (SOAR), has just introduced the latest updated version of the IncMan SOAR platform that uses automated event triage to significantly lower the number of alert-generated security incidents.
START (Simple Triage And Rapid Treatment) Triage is used in production by a major European bank to eliminate manual first line assessment of suspected fraudulent online transactions. IncMan SOAR reduces triage time by 90% for cyber fraud events generated by its mainframe and other external systems.
Usually a single security alert received by a SOAR platform generates an incident, which must be investigated. This process can lead to an overwhelming number of security incidents, sometimes created by false positive alerts, that have to be addressed by security operations center (SOC) staff.
The latest version of IncMan SOAR focuses on reducing the number of incidents created by false positives, as it ingests alerts from any source via a new API for triage to determine whether they should be converted to an incident or discarded. Michele Zambelli, CTO of DFLabs says: “Not every alert deserves to become and be processed as a security incident, yet that is how SOAR products currently operate. The new release of IncMan SOAR is breaking this cycle. By applying our automation engine, enrichment and containment capabilities to events using a triage process, we can dramatically reduce the number that are turned into incidents, and placed into the queue for deeper assessment by IncMan and security analysts.”
Read the entire article here.