DFLabs, provider of Security Orchestration, Automation and Response (SOAR), has just introduced the latest updated version of the IncMan SOAR platform that uses automated event triage to significantly lower the number of alert-generated security incidents.
START (Simple Triage And Rapid Treatment) Triage is used in production by a major European bank to eliminate manual first line assessment of suspected fraudulent online transactions. IncMan SOAR reduces triage time by 90% for cyber fraud events generated by its mainframe and other external systems.
Usually a single security alert received by a SOAR platform generates an incident, which must be investigated. This process can lead to an overwhelming number of security incidents, sometimes created by false positive alerts, that have to be addressed by security operations center (SOC) staff.
The latest version of IncMan SOAR focuses on reducing the number of incidents created by false positives, as it ingests alerts from any source via a new API for triage to determine whether they should be converted to an incident or discarded. Michele Zambelli, CTO of DFLabs says: “Not every alert deserves to become and be processed as a security incident, yet that is how SOAR products currently operate. The new release of IncMan SOAR is breaking this cycle. By applying our automation engine, enrichment and containment capabilities to events using a triage process, we can dramatically reduce the number that are turned into incidents, and placed into the queue for deeper assessment by IncMan and security analysts.”
Read the entire article here.
According to the latest SANS survey (to be released as a webcast in two parts on August 14 and 16, sponsored by DFLabs), security operations centers (SOCs) are forced to grow, as they’re pushed by the use of cloud, mobile, personal and Industrial IoT.
There’s a significant discrepancy in the pace of change, and improvements in security operations can’t seem to keep up the galloping SOC evolution. Furthermore, the top barrier is said to be the scarcity of skilled staff that could improve SOC performance. This shortfall will directly lead to issues with metrics and automation.
SANS Analyst and Instructor Christopher Crowley says: “hiring skilled staff is challenging and expensive, while the business culture at most companies is focused on reducing labor costs and shifting to consuming services. SOC managers need to focus on better recruitment and internal talent development processes to meet the challenge of securing appropriate staffing levels.”
Moreover, he adds that organizations should focus on improving metrics in order to better demonstrate the value of their organization. He’s quite optimistic regarding the future of SOCs that focus on “better orchestration both with the network operations center (NOC) and internal to the SOC using orchestration tools to drive consistency.”
The entire article can be read here.
John Moran, Senior Product Manager at DFLabs, writing about the benefits and the downsides of SOC automation in the latest article for Infosec Island titled: “SOC Automation: Good or Evil?”. Read the full article here and discover the recommendations that can help you determine which SOC processes should be automated and the ones that shouldn’t.
DFLabs’ CEO and Founder, Dario Forte discusses how to employ SOC automation to boost incident response in the latest interview for BankInfo Security with Tom Field, Senior Vice President, Editorial, ISMG. In this video interview at RSA Conference 2018, Dario Forte talks about:
- The biggest challenges to security operations and incident response;
- The role of automation in the SOC;
- How SOC automation can improve incident response.
Watch the full interview here.