DFLabs IncMan SOAR Platform Integrates with Recorded Future and Tufin

DFLabs is excited to announce two new technology partnerships with recognized industry leaders: Recorded Future and Tufin. Both Recorded Future and Tufin recently launched formal technology partnership programs and DFLabs is honored to be among the first technology partners to join. Each of these integrations adds significant value to the security programs of our joint customers, allowing them to more efficiently and effectively respond to computer security incidents and reduce risk across the organization.

Recorded Future Partnership

DFLabs’ new integration with Recorded Future allows joint customers to automate the retrieval of contextualized threat intelligence from Recorded Future, orchestrating these data enrichment actions into the overall incident response workflow. This enriched information can be used within the R3 Rapid Response Runbooks of IncMan SOAR to inform further automated decisions or can be reviewed by analysts as part of the response process.

DFLabs’ integration with Recorded Future includes five enrichment actions: Domain, File, IP and URL reputation queries, as well as a threat intelligence search action. Each of these enrichment actions will return all relevant intelligence on the queried entity, as well as a direct link to the Recorded Future Info Card.

DFLabs Incman SOAR recorded future partnership

Tufin Partnership

DFLabs’ new integration with Tufin allows joint customers to automate the retrieval of actionable network intelligence from Tufin’s rich sources of network data, providing further context surrounding the organization’s network, allowing for more informed automated and manual decisions. This network intelligence can be used within the R3 Rapid Response Runbooks of IncMan SOAR to make decisions based on numerous factors, such as network device information, simulated path information or network policy rules, or can also be reviewed by analysts as part of the response process.

DFLabs’ integration with Tufin includes five enrichment actions: Get Devices (get network device information based on the supplied parameters), Get Path and Get Path Image (simulate the path which would be taken based on source and destination IP and port information), Get Policies by Device (get network policies for the given device ID), Get Rule Count (get the number of rules which match the specified parameters), and Get Rules by Device (get network rules for the given device ID).

DFLabs IncMAn SOAR platform tufin partnership
See the DFLabs IncMan SOAR Platform Integrations in Action

Each of these new partnerships extends DFLabs automation and orchestration capabilities into new product spaces with some of the best solutions in their respective classes.

If you are attending the RSA Conference at the Moscone Center in San Francisco and would like to see DFLabs’ new integration with Tufin in action, I will be at the Tufin booth (#929) in the South Expo Hall on Wednesday, April 18th from 3:00 to 4:00 PM PST to provide a live demo and answer any questions.

Otherwise, for more information regarding our new Recorded Future and Tufin partnerships, please contact us to schedule a demo to see IncMan SOAR Platform in action here.

IncMan SOAR Platform Features – New and Improved

DFLabs is excited to announce the latest release of its industry-leading Security Orchestration, Automation and Response platform, IncMan version 4.3.  Solving customer’s problems and adding value to our customer’s security programs is one of our core goals here at DFLabs and this is reflected in our 4.3 release with over 100 enhancements, additions, and fixes; many suggested by customers, all designed to make the complex task of responding to potential security incidents faster, easier and more efficient.

IncMan 4.3 includes many new bidirectional integrations from a variety of product categories including threat intelligence, malware analysis, ticket management and endpoint protection, chosen to broaden the orchestration and automation capabilities of our customers.  These new bidirectional integrations include:

With IncMan 4.3, we have also greatly enhanced the flexibility of our R3 Rapid Response Runbooks with the addition of two new decision nodes; Filter and User Choice.  Filter nodes allow users to further filter and refine information returned by previously executed integrations; for example, filtering IT asset information to include only servers, focusing on key assets first.  Unlike automated Enrichment actions, automated Containment actions could have serious unintended impacts on the organization. User Choice nodes allow users to minimize this risk by allowing them to define critical junctions in the workflow at which a human must intervene and make a decision.  For example, human verification may be required before banning a hash value across the enterprise or quarantining a host pending further analysis.

incman soar platform

Improvements to our patent-pending Automated Responder Knowledge (DF-ARK) module allow IncMan to make even more intelligent decisions when suggesting response actions, and enhancements to IncMan’s correlation engine allow users a more advanced view of the threat landscape over time and across the organization.  IncMan’s report engine has been significantly bolstered, allowing users to create more flexible reports for a variety of purposes than ever before. Finally, numerous changes have been made to IncMan’s Dashboard and KPI features, allowing users to create more actionable KPIs and gather a complete picture of the organization’s current state of security at a moment’s glance.

These are just some of the highlights of our latest IncMan release; IncMan 4.3 includes many other enhancements designed to streamline your orchestration, automation and response process.  If you would like a demo of our latest release, please go to our demo request site. Stay tuned to our website for additional updates, feature highlights,  and demos of our latest release.