IncMan SOAR for MSSPs

Security Orchestration, Automation and Response for MSSPs and MDRs.

Download the Full Solution Brief


Many service providers have opted to build their own proprietary automation and orchestration platforms, with mixed results. For many MSSPs the investment required to develop such a platform is unrealistic. Others have re-purposed adjacent technologies such as security incident and event management or ticket management solutions, but have had to improvise around the shortcomings of using a technology not directly conceived for their use case.

IncMan SOAR for MSSPs is a purpose-built platform designed for MSSPs to deliver advanced and scalable Managed Detection and Response (MDR) services to reduce the time and complexity required to respond, contain and eliminate cyber security threats for customers who have chosen to outsource their security operations and incident responses processes and tasks. It allows MSSPs to respond to potential security incidents collaboratively with their customers, providing a single workbench for both the MSSP and customer to share information. For MSSPs offering more advanced MDR services, IncMan SOAR allows the MSSP SOC to seamlessly transfer information and control of the incident to the MSSP’s response services team.

Not only does IncMan SOAR address security operational problems and increase incident response capabilities, it also enables new and expanded service offerings, creating additional revenue opportunities for MSSPs.

Scalable and Tailor Made

Deploy with Ease

IncMan SOAR for MSSPs is designed to provide advanced and premium MSSP services. It's scalable architecture can be hosted in the cloud or integrated with NAS and SANs. It supports custom script execution and bidirectional REST API for easy integration with other MSSP and customer components.

Supports Multi Tenancy

Segregate and Share Data Securely

The multi-tenant platform can be implemented as an appliance or hosted in the cloud with integrated support for high availability and load balancing. Data for each customer is physically separated to ensure segregation and security, and collaborative workflows enable MSSPs to offer co-managed SOCs, improve information sharing and most importantly deliver rapid response.

Innovative MSSP Licensing


DFLabs has a pay-as-you grow licensing model that is designed to enable MSSPs to deliver competitive premium and advanced security services, and to increase their economies of scale to manage more incidents for more customers at a lower overall cost.

IncMan SOAR for MSSPs at a Glance.

In addition to the features and capabilities that IncMan SOAR provides, below highlights specific benefits for Managed Security Service Providers:

Increase economies of scale, reduce the cost per handled incident

Customizable runbooks that automate many manual actions, keeping humans “in the loop” and “on the loop”.

Eliminate manually writing and maintaining customer runbooks and incident response procedures

Create a library of dedicated, customizable and granular runbooks for every individual customer. No more relying on spreadsheets, word documents and other manual collateral. Playbooks can be automatically correlated and re-applied across tenants in multi-user MSSP environments.

Establish a knowledge base to disseminate, share and transfer knowledge from experienced to novice analysts and across the team, or for specific verticals or regions

IncMan SOAR includes a knowledge base module to document runbooks, threat assessment, situational awareness and best practices. Segregated and dedicated knowledge bases can be assigned to individual or groups of customers, to establish vertical or region-specific knowledge bases or CERTs.

Offer a dedicated virtual SOC for customers with data segregation or critical security requirements

IncMan SOAR can be deployed as a multi tenant solution. Customers can be provided with their own dedicated virtual SOC, hosted and centrally managed by the MSSP. Collaborative workflows between the MSSP and customers to facilitate co-managed SOC’s are also supported.

Offer remote containment of threats

R3 Rapid Response Runbooks can execute remote and automated containments responses such as disabling an Active Directory User or blocking a specific connection on a firewall. MSSPs can offer out of hours and rapid containment services out of the box. Over 100 bidirectional connectors are provided, with many more in development.

Maintain automated responder knowledge

DFLabs Automated Responder Knowledge (ARK) engine learns from historical incidents and your team’s responses to them to build a threat model that is used to advise analysts about similar and related incidents and suggest relevant and related runbooks, speeding up response times and facilitating knowledge sharing.

How MSSPs Can Monetize IncMan SOAR

There are multiple ways that an MSSP can leverage DFLabs’ SOAR solution to reduce costs and to offer premium security services and capabilities.

From a primary SOC platform delivering a shared service offering a dedicated knowledge base and library of custom runbooks to individual customers, to a dedicated virtual SOC where customer receive their own managed, hosted and dedicated instance of the platform, up to delivering fully advanced managed detection and incident response services, IncMan SOAR is the platform of choice for MSSP and MDR providers.

Seamlessly Integrate and Orchestrate Your Tools Together as One.

Improve efficiencies by enabling your security analysts to access and manage all tools, technologies and processes from one intuitive platform.

IncMan SOAR supports hundreds of 3rd party security technologies via QIC, API, CEF, Syslog and Email, with a constantly growing list of certified bidirectional integrations and Open Integration Framework for custom integrations.

View all integration partners

Explore IncMan SOAR with Our Community Edition

See the features and capabilities of our SOAR solution and experience first-hand the benefits of automated incident response with IncMan CE.

Test Drive IncMan SOAR Today.

Sign up now

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request a demo