IncMan for MSSP
IncMan for MSSP – Managed Detection and Response Delivery Platform for MSSP’s and MDR’s
Many service providers have opted to build their own backend and platform, with mixed results. Others have re-purposed adjacent technologies such as Security Incident and Event Management or Ticket Management solutions, but have had to improvise around the shortcomings of using a technology not directly conceived of for their use case.
DFLabs IncMan for MSSP’s is a purpose-built platform designed for MSSP’s to deliver security monitoring and incident response services.
At the the heart of IncMan is the R3 Rapid Response Runbook engine. R3 Runbooks are created using a visual editor and support granular, stateful and conditional workflows to orchestrate and automate incident response activities such as incident triage, stakeholder notification, data and context enrichment and threat containment. R3 Runbooks are supported by capabilities to empower incident responders in assessing, investigating and hunting for threats, and to gather, maintain and transfer knowledge between IR and SOC teams.
R3 Runbooks can be created and assigned to individual customers, multiple per customer in fact, to capture, enforce and measure customer specific workflows.
DFlabs patent-pending Automated Responder Knowledge (DF-ARK) module applies machine learning to historical responses to incidents, and recommends relevant Runbooks and paths of action to manage and mitigate threats across customers and tenants.
- It is possible to manage more incidents for more customers with fewer security analysts.
- The ceiling for diminishing returns in scaling up a SOC is raised
- The economies of scale in running a SOC are increased
DFLabs for MSSP’s at a Glance
In addition to the capabilities that DFLabs IncMan platform generally provides, the table below outlines specific benefits for MSSP’s
|Core MSSP Benefits||IncMan’s Solution|
|Increase economies of scale, reduce the cost per handled incident||Customizable playbooks and Runbooks that automate many manual actions, keeping Humans “In the loop” and “on the loop”.|
|Eliminate manually writing and maintaining customer playbooks and incident response procedures||Create a library of dedicated, customizable and granular playbooks for every individual customer. No more relying on spreadsheets, word documents and other manual collateral.|
|Establish a knowledge base to disseminate,
share and transfer knowledge from experienced
to novice analysts and across the team, or for
specific verticals or regions
|IncMan includes a Knowledge Base Module to document playbooks, threat assessment, situational awareness and best practices. Segregated and dedicated knowledge bases can be assigned to individual or groups of customers, to establish vertical or region-specific knowledge bases or CERT’s.|
|Offer a dedicated Virtual SOC for customers
with data segregation or critical security
|IncMan can be deployed as a multi tenant solution. Customers can be provided with their own dedicated virtual SOC, hosted and centrally managed by the MSSP. Collaborative workflows between the MSSP and customers to facilitate co-managed SOC’s are also supported.|
|Offer remote containment of threats||IncMan Runbooks can execute remote and automated containments responses such as disabling an Active Directory User or blocking a specific connection on a firewall. MSSP’s can offer out of hours and rapid containment services out of the box. Over 25+ bidirectional connectors are provided, with many more in development.
|Maintain Automated Responder Knowledge||DFLabs Automated Responder Knowledge (ARK) learns from historical incidents and your team’s responses to them to build a threat model that is used to advise analysts about similar and related incidents and suggest relevant and related playbooks, speeding up response times and facilitating knowledge sharing.|
How MSSP’s can monetize DFLabs IncMan
There are multiple ways that an MSSP can leverage DFLabs IncMan to reduce costs and to offer premium security services and capabilities. From offering a dedicated Knowledge Base and Library of custom Runbooks to individual customers, or a dedicated Virtual SOC, up to delivering advanced Managed Detect and Response services, DFLabs IncMan is the platform of choice for MSSP and MDR providers.
Innovative MSSP Licensing
DFLabs has a pay-as-you grow licensing model that is designed to enable MSSP’s to deliver competitive premium and advanced security services, and to increase their economies of scale to manage more incidents for more customers at a lower overall cost.
Speak to one of our MSSP Channel representatives to find out more.
IncMan integrates with the leading cyber security technologies to automate context enrichment and threat containment
Want to see IncMan in action?
DFlabs is the pioneer in Security Automation & Orchestration technology, leveraging your existing security products to dramatically reduce the response and remediation gap caused by limited resources and the increasing volume of threats and incidents