Get Started with a One-to-One Personalized Demo
Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.
See IncMan SOAR in Action.
Inundation of alerts, lack of documented processes and workflows, disparate security solutions, manual tasks, competition for skilled analysts; Managed Security Service Providers (MSSPs) face many of the same challenges the SOAR industry has been solving for many years. While these challenges are a burden enough for Security Operation Centers (SOCs) and Computer Security Incident Response Teams (CSIRTs), MSSPs face these challenges at a scale multiplied by the number of customers they serve. As service providers, MSSPs are also driven to maximize capabilities and efficiency to offer customers the highest quality service at the most cost competitive prices.
As challenges increase, so do the complexities of implementing a solution. Some of these complexities for the MSSP market include unique KPI and reporting needs, varying on and off-site deployment models, the need for segregation at the customer level while maintaining transparent access at the MSSP level, and granular control over both customer and MSSP data.
Until now, MSSPs have been forced to implement SOAR solutions which were designed with a standalone SOC or CSIRT in mind. Now, DFLabs is aiming to raise the expectations of MSSPs evaluating SOAR solutions with our latest IncMan SOAR release (v4.6), featuring new capabilities designed specifically for the MSSP market, by the MSSP market. DFLabs’ goal is to provide MSSPs with a multitenant, collaborative approach to security as a service.
DFLabs’ latest release supports several deployment models – MSSP hosted, customer hosted, or any combination of the two. This will allow MSSPs the greatest flexibility in meeting both customer needs and regulatory requirements. All communications between the MSSP and the customer is performed within DFLabs’ IncMan SOAR platform over a single, secure communication channel, eliminating the need for customers to open their critical security controls to the Internet.
IncMan SOAR’s multitenant architecture has been redesigned to permit complete segregation of data at the customer level, while allowing MSSP users controlled, transparent access across all customer tenants. Customers retain control of their data by permitting each customer to determine the level of access the MSSP has to their individual tenant.
Complete tactical and strategic visibility is critical for both MSSPs and their customers. The latest version also includes custom dashboard widgets and reports to allow the MSSP to gain full visibility across all customer environments at a single glance and run custom comprehensive reports to generate metrics of any kind. IncMan’s flexibility allows MSSPs to easily track any metrics and set custom SLAs globally, per customer or per incident.
IncMan’s Open Integration Framework allows both MSSPs and customers to extend or create their own integrations. This allows MSSPs to perform integration as a service for customer technologies, as well as integrate their existing, proprietary technologies into the IncMan ecosystem.
Workflows allowing automation and orchestration are critical components of SOAR. IncMan’s Runbooks allow enterprises to define and codify processes for responding to virtually any type of incident. Our new multitenant environment will allow MSSPs to create Runbooks, which can then automatically be pushed to some or all customer tenants. Customers will retain control over when these Runbooks should be executed, as well as have the ability to create their own private Runbooks.
Customizability has been a core tenant of IncMan since the beginning. The ability to tailor the IncMan environment through custom fields and values is an important component of that customizability, and we have extended this feature to the multitenant model as well. MSSPs can now define custom fields, with complete control over their propagation to the customers. Customers also retain the ability to create their own custom fields which are unique to their individual tenant and are not shared with the MSSP.
A SOAR solution provides MSSPs with a unique ability to collaborate with their customers and unify their respective security operations teams unlike any other platform. SOAR can be an especially effective tool for those MSSPs providing more advanced Managed Detection and Response (MDR) services, allowing all teams to work from a unified platform, enabling seamless communication for the most effective response and to provide the best possible customer experience. By increasing the efficiency and effectiveness of their services through a SOAR solution, MSSPs can increase their own ROI and translate that directly into a cost competitive offering for their customers. Offering a SOAR solution to customers also allows MSSPs to differentiate their services from those of other MSSPs offering a less sophisticated user experience.
You can learn more about the new features and capabilities of our latest IncMan release in our upcoming webinar on 16 April, 2019 at 10 EST “Provide Better MDR Service to Clients with SOAR for MSSPs”.
Over the coming months DFLabs will be releasing a number of new exciting features, including many more planned enhancements for the MSSP market. Please keep an eye on our blog, Twitter, LinkedIn, and website for more details coming soon.
DFLabs / 29 Nov 2017
DFLabs / 24 Jul 2018
Discover the three core pillars which define what a SOAR solution is: Security Orchestration, Automation and Measurement. Learn more
DFLabs / 19 Mar 2019
Heather Hixon / 21 Mar 2019
By combining SOAR with MDR services, MSSPs can provide a solid answer to some of the most difficult challenges their clients are being faced with.
See IncMan SOAR in Action.