IncMan SOAR for MSSPs

Security Orchestration, Automation and Response for MSSPs and MDRs.

Download the Full Solution Brief

Download

Many service providers have opted to build their own proprietary automation and orchestration platforms, with mixed results. For many MSSPs the investment required to develop such a platform is unrealistic. Others have re-purposed adjacent technologies such as security incident and event management or ticket management solutions, but have had to improvise around the shortcomings of using a technology not directly conceived for their use case.

IncMan SOAR for MSSPs is a purpose-built platform designed for MSSPs to deliver advanced and scalable Managed Detection and Response (MDR) services to reduce the time and complexity required to respond, contain and eliminate cyber security threats for customers who have chosen to outsource their security operations and incident responses processes and tasks. It allows MSSPs to respond to potential security incidents collaboratively with their customers, providing a single workbench for both the MSSP and customer to share information. For MSSPs offering more advanced MDR services, IncMan SOAR allows the MSSP SOC to seamlessly transfer information and control of the incident to the MSSP’s response services team.

Not only does IncMan SOAR address security operational problems and increase incident response capabilities, it also enables new and expanded service offerings, creating additional revenue opportunities for MSSPs.

Scalable and Tailor Made

Deploy with Ease

IncMan SOAR for MSSPs is designed to provide advanced and premium MSSP services. It's scalable architecture can be hosted in the cloud or integrated with NAS and SANs. It supports custom script execution and bidirectional REST API for easy integration with other MSSP and customer components.

Supports Multi Tenancy

Segregate and Share Data Securely

The multi-tenant platform can be implemented as an appliance or hosted in the cloud with integrated support for high availability and load balancing. Data for each customer is physically separated to ensure segregation and security, and collaborative workflows enable MSSPs to offer co-managed SOCs, improve information sharing and most importantly deliver rapid response.

Innovative MSSP Licensing

Pay-As-You-Grow

DFLabs has a pay-as-you grow licensing model that is designed to enable MSSPs to deliver competitive premium and advanced security services, and to increase their economies of scale to manage more incidents for more customers at a lower overall cost.

IncMan SOAR for MSSPs at a Glance.

In addition to the features and capabilities that IncMan SOAR provides, below highlights specific benefits for Managed Security Service Providers:

Increase economies of scale, reduce the cost per handled incident

Customizable playbooks and runbooks that automate many manual actions, keeping humans “in the loop” and “on the loop”

Eliminate manually writing and maintaining customer playbooks and incident response procedures

Create a library of dedicated, customizable and granular playbooks for every individual customer. No more relying on spreadsheets, word documents and other manual collateral. Playbooks can be automatically correlated and re-applied across tenants in multi-user MSSP environments

Establish a knowledge base to disseminate, share and transfer knowledge from experienced to novice analysts and across the team, or for specific verticals or regions

IncMan SOAR includes a knowledge base module to document playbooks, threat assessment, situational awareness and best practices. Segregated and dedicated knowledge bases can be assigned to individual or groups of customers, to establish vertical or region-specific knowledge bases or CERTs

Offer a dedicated virtual SOC for customers with data segregation or critical security requirements

IncMan SOAR can be deployed as a multi tenant solution. Customers can be provided with their own dedicated virtual SOC, hosted and centrally managed by the MSSP. Collaborative workflows between the MSSP and customers to facilitate co-managed SOC’s are also supported

Offer remote containment of threats

R3 Rapid Response Runbooks can execute remote and automated containments responses such as disabling an Active Directory User or blocking a specific connection on a firewall. MSSPs can offer out of hours and rapid containment services out of the box. Over 45+ bidirectional connectors are provided, with many more in development

Maintain automated responder knowledge

DFLabs Automated Responder Knowledge (ARK) engine learns from historical incidents and your team’s responses to them to build a threat model that is used to advise analysts about similar and related incidents and suggest relevant and related playbooks, speeding up response times and facilitating knowledge sharing

How MSSPs Can Monetize IncMan SOAR

There are multiple ways that an MSSP can leverage DFLabs’ SOAR solution to reduce costs and to offer premium security services and capabilities.

From a primary SOC platform delivering a shared service offering a dedicated knowledge base and library of custom runbooks to individual customers, to a dedicated virtual SOC where customer receive their own managed, hosted and dedicated instance of the platform, up to delivering fully advanced managed detection and incident response services, IncMan SOAR is the platform of choice for MSSP and MDR providers.

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Seamlessly Integrate and Orchestrate Your Tools Together as One.

Improve efficiencies by enabling your security analysts to access and manage all tools, technologies and processes from one intuitive platform.

IncMan SOAR supports hundreds of 3rd party security technologies via QIC, API, CEF, Syslog and Email, with a constantly growing list of certified bidirectional integrations and Open Integration Framework for custom integrations.

View all integration partners

Request Your Live IncMan SOAR Demo.

DFLabs IncMan SOAR is the pioneering Security Orchestration, Automation and Response (SOAR) platform to automate, orchestrate and measure security operations tasks.

IncMan SOAR harnesses machine learning and automation capabilities to augment human analysts to maximize the effectiveness and efficiency of security operations teams, reducing the time from breach discovery to resolution by up to 80%.

What You'll See in a Demo

See for yourself why IncMan SOAR is the preferred solution of Fortune 500, Global 2000 and MSSP clients. DFLabs IncMan SOAR at a glance:

  • Full and semi-automated Incident Response, improving response times by up to 80%
  • Covers the entire spectrum of IR and SecOps
  • Automated Responder Knowledge (ARK) generated by machine learning
  • Highly flexible and customizable, with over 100 templates and automation actions out of the box
  • Correlation engine correlates all relevant IOCs and artefacts between incidents
  • Multi-tenancy and granular role-based access
  • Dual mode playbooks and intelligence sharing
  • Powerful case management with integrated forensics capabilities.

Yes, I want a demo

DFLabs would like to stay in touch to provide you with marketing related content. By ticking the box you consent to receive educational, company and promotional information from DFLabs and accept DFLabs' Privacy Policy.

* Required fields