Advanced Malware Analysis, Detection and Response with IncMan SOAR and McAfee

Back to all articles

advanced malware

There’s no doubt that protecting an enterprise network from the vast array of attack vectors organizations are faced with today is a difficult task at best. We are well beyond the days where antivirus and perimeter firewalls can be relied upon to provide adequate security. As the number of security solutions in the enterprise increase to keep pace with the growing number of attack vectors, a new problem has emerged; how do we best utilize these solutions as part of an integrated, holistic security and incident response program?

Many security solution providers have sought to add to their product portfolio, bringing together solutions such as network protection, endpoint protection, and threat intelligence under one umbrella. One of DFLabs’ technology partners, McAfee, is an excellent example of this approach. With products such as Web Gateway, Advanced Threat Defense, ePolicy Orchestrator, and Threat Intelligence Exchange, McAfee is well positioned to provide enterprises with a single-source security solution for their core security needs.

However, even with a product portfolio as broad as McAfee’s, covering network, cloud, endpoint and more, the chances are that an organization will turn to at least a few products delivered from outside their core security vendor. This could be because their core security vendor does not offer a solution that meets the organization’s needs, the solution is cost-prohibitive, or because the solution was chosen by another business unit. No matter the reason, security and incident response programs are most efficient and effective when all available solutions are working in concert towards a common goal.

Enterprises are increasingly turning to Security Orchestration, Automation and Response (SOAR) solutions like DFLabs IncMan SOAR to help orchestrate actions between their security tools and automate investigation and response processes. This is true even of primarily single security vendor enterprises, who often find that a SOAR solution can even enhance processes between their solutions from a single vendor.

In our upcoming joint webinar with McAfee, “Detect, Analyze & Respond to Advanced Malware Using Orchestration & Automation”, we will examine a primarily McAfee-centric use case showing how the automated examination of a suspicious executable using McAfee Advanced Threat Defense can be used to pivot into other indicators and search for these indicators across the enterprise. By incorporating actions from other McAfee solutions, such as Web Gateway, Threat Intelligence Exchange, and ePolicy Orchestrator, it is possible to enrich the initial artifacts (in this case, a suspicious executable), make intelligent automated decisions, and even perform immediate containment to temporarily block the threat until more investigation can be performed.

Make sure you join us for our webinar on Tuesday, February 5th at 11AM EST to see how McAfee and DFLabs can help you detect, analyze and respond to advanced malware, as well as increase the overall security posture and readiness of your organization.

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request a demo