DFLabs IncMan orchestrates the intelligence-driven SOC and CSIRT
BOSTON – ( BusinessWire ) – DFLabs, the leader in Security Automation and Orchestration Technology, announced today the release of its new Playbook Recommendation and Intelligent Selection Mechanism (DF-PRISM), enhancing DFLabs security automation and orchestration with incorporated proprietary machine learning. The system uses patent-pending advanced methods and algorithms to detect operational intelligence such as security incident and resolution data to recommend playbooks and actions based on historical incident response activities. This approach minimizes the resources and time required to successfully analyze and respond to ongoing incidents while maximizing the effectiveness and efficiency of security teams.
At its core, DFLabs SAO enables security organizations to take a gradual “crawl, walk, run” path to developing effective processes for successfully responding to and managing threats as well as hardening security controls. Beginning with “Human Guided Learning” and evolving into “Human Supervised Learning”, users can create and apply simple, linear or conditional playbooks that combine manual, semi-automated and automated actions. Decision-making and conditional responses can be made manually by humans, automatically by machine, or a hybrid of the two – depending on the needs, requirements, and maturity of the organization.
Mature organizations can leverage the advanced Runbooks of DF-PRISM that support complex and stateful logical decision-making to enable an advanced and adaptive threat management program. Conditional responses that allow users to pursue a variety of alternative responses.
“In developing DF-PRISM, we have built a technology that enables users and the system to learn together and lets people determine their level of involvement in responding to and managing threats,” said Dario Forte, chief executive officer, and founder DFLabs. “Users get immediate value by tracking and responding to threats, then over time the system builds a knowledge base of responses that can be relied on to automatically manage the entire incident response process.”
According to recent research from Enterprise Strategy Group (ESG) entitled “Next Generation Cybersecurity Analytics and Operations Survey,” commissioned by DFLabs and other technology vendors, 92% of respondents have deployed, plan to deploy or are interested in deploying machine learning technology to support Automation and orchestration. The top drivers are accelerating incident detection (29%) and accelerating incident response (27%).
The research also found that 21% of respondents will deploy machine learning because they hope the technology can help maximize the productivity of their existing staff to compensate for their inability to hire enough new security operations personnel.
“Enterprises are finding it challenging to quickly respond to security incidents across a constantly growing attack surface and with limited resources, resulting in a large window of opportunity for attackers to execute the full kill chain and the potential for minor incidents to evolve into full-blown breaches , “Said Oliver Rochford, vice president of Product Marketing, DFLabs. “Augmenting analysts” smart eyeballs with machine learning will help organizations to reduce the time from breach discovery to containment, while also assisting in building, retaining and transferring institutional knowledge about past incidents and threats. ”
Innovative Threatscape Modeling
Leveraging machine learning, DF-PRISM constructs a model of the threatscape based on known and historical incidents, scoring and evaluating any incident based on unique and shared indicators and attributes and their relevance. The algorithms use this model to propose playbooks for similar or related threats. Threats known to the model are considered to have greater relevance, are scored more reliably, and are assigned a higher urgency and higher prioritization.
Key benefits include:
• Intelligence-guided false positive reduction
• Improves response time by up to 80%
• Automatically correlates and re-applies playbooks across Tenants in multi-user and MSSP environments
DF-PRISM is available immediately with version 4.2 of IncMan, which also includes:
• New Dual-Mode Playbook engines
• An advanced correlation engine
• An observable investigation view
• A unique set of features based on machine learning (ML) and supervised active intelligence to guide first responders
The current integration library is composed of over 100 different playbooks and connectors Can be customized by and shared between users without requiring scripting or coding.
DFLabs – Cyber Incidents Under Control – is a recognized global leader in security automation and orchestration technology. The company is led by a management team recognized for its experience in and contributing to the information security field including the co-editing of many industry standards such as ISO 27043 and ISO 30121. Its flagship product, IncMan, has been adopted by Fortune 500 and Global 2000 organizations worldwide. DFLabs has operations in Europe, North America, and EMEA. For more information, visit www.dflabs.com or connect with us on Twitter @DFLabs.
This Press Release was originally published on BusinessWire
Read DFLabs’ VP of Security Evangelism Oliver Rochford’s latest column for SecurityWeek titled “Security Automation is About Trust, Not Technology”. It provides a great insight into the field of security automation and why security teams tend to like it so much, while also offering an overview of some of the misconceptions and the real risks that still prevent a wider adoption of the technology.
Read the full article here.