AMP Up Your Response with IncMan SOAR and Cisco’s Security Suite

Back to all articles


Organizations are being exposed to more advanced attacks with increasing frequency. By the time these advanced attacks are detected, the damage is often already done. Cisco AMP for Endpoints integrates prevention, detection and response capabilities into a single solution, leveraging the power of cloud-based analytics to detect and respond to these advanced threats in real-time, minimizing the risk to the organization.

However, blocking the execution of a single file will likely not deter a determined attacker. Advanced attackers often use multiple methods of attack and establish multiple beachheads during a campaign. The detection and remediation of a single malicious file may be only the tip of the iceberg; an indicator of a much more severe problem.

To determine the extent of the possible risk, an organization must thoroughly examine this initial indicator and utilize any available intelligence to assess the security of the rest of the network. Cisco’s suite of security solutions, including Threat Grid, Umbrella and Umbrella Investigate, can provide security teams with the knowledge required to properly assess the threat and perform a thorough compromise assessment of the network.

Nevertheless, these tasks take time, something which most security operations teams have precious little of. While security teams are enriching indicators and pivoting from one to the next, another attack may already be in progress.

IncMan SOAR from DFLabs allows security teams to automate repeatable tasks, such as enriching initial threat indicators, allowing security teams more time to focus on tasks which require human intervention. By combining IncMan SOAR with Cisco’s suite of security products, security teams can automate the process of pivoting from an initial indicator and assessing the environment beyond the scope of the initial alert, ensuring that the security team understands the full extent of the incident. With these actions automatically performed by IncMan SOAR, security teams can jump directly to an actionable response, saving minutes to hours, significantly reducing financial and reputational damage.

IncMan SOAR even allows organizations to automatically pivot from a single, seemingly benign event, into other more serious events, just like a human analyst might do. For example, IncMan can easily take a network IDS alert and use the source or destination address to pivot into the endpoint using a product such as Cisco AMP to look for activities which may indicate that this routine IDS alert may be the first indicator of a much more serious incident. Based on the workflows set by the organization, incident priority, assignment and notifications can be automatically adjusted based on the results of this automatic investigation.

Combining the vast capabilities of Cisco’s suite of security products, with the orchestration and automation power of IncMan SOAR, allows organizations to respond to potential security incidents, with unmatched speed and accuracy.

Tune into our joint webinar “AMP Up Your Response with SOAR and Cisco’s Security Suite” on 11 January at 1pm ET hosted by DFLabs and Cisco Security experts, to learn more about how IncMan SOAR integrates and performs seamlessly with Cisco’s security suite, including DFLabs’ latest integration with Cisco AMP for Endpoints.

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request a demo