Supervised Active Intelligence: Taking the Guesswork out of your Cyber Incident Response

In the upcoming months we will share details that outline our successful methodology “Supervised Active Intelligence”. We envision a world where your security team is empowered with all the information they need to make an intelligent, informed security decision based on coordinated information, intelligence and incident enrichment activities as early in the incident response life-cycle as possible.

We speak to a lot of Security Operations Center (SOC) personnel who want information in front of them before they start investigating. This is a part of human nature. We want as much information as we can get in order to make a decision. Too often we find that SOC teams spend most of their time digging around for information that is readily available in our Enrichment package within IncMan™

Conversely another problem we see is that businesses are drowning in technology. In fact, few know how many products they have at their disposal. This is something that’s not too uncommon, the purchase of more products leads to a false sense of security. We even see businesses use manual methods of cataloging and managing cyber/physical incidents by the use of Microsoft Excel

IncMan™ can leverage all of your endpoint/gateway malware analysis, intrusion detection/prevention and even intelligence services and put them in direct control with your Incident response. IncMan™ is able to leverage and directly interface within a single manageable interface. This will not only reduce up-skill for specific interfaces allowing less reliance on specialists, but allows your team to start the following chain of events:

‌• Enrich your team with all the required information to not only provide your immediate reaction teams with the information for decision makers, forensic coverage and reaction protocols
‌• Create your containment actions based on the products you have evaluated to meet a specific requirement in a company policy that aligns with best practice
‌• Mitigate the incident, providing evidence to legal entities, managed service providers and internal teams
‌• Re-mediate and action policy updates to your incident response, orchestrating your team as well as product solutions
‌• Feeding and influence knowledge bases, working with intelligence services and providing more information about what happened to your required services.

If you follow our standards and best practice, this will aid your GDPR readiness, HIPAA compliance, ISO 27001 and many more. Assuring for board members and management when a breach or other cyber events occur.

If you’re interested in seeing how we can work together to grow your incident response capabilities, visit us at and schedule a demonstration of how we can utilize what you already have and make it better.

From Ad-Hoc to SOC: First steps to growing your cyber incident response team capabilities in an ROI driven world

In my role as VP of Services at DFLabs, I get the opportunity to speak to stakeholders at every level pertaining to concerns they have about their current cyber incident response processes and how they are currently dealing with the challenges. From the analyst who deals with an ever-increasing number of alerts to the CISO who is constantly evaluating how best to apply limited funds and personnel, they all have one overwhelming concern; how best to build what they have into what is needed to successfully handle the evolving threats to data security.

Organizations typically will leverage the resources they currently possess. Spreadsheets become incident trackers. Ticketing and project management applications become investigation coordination repositories. Governance, risk and compliance software becomes the reporting platform. While the ROI for leveraging existing resources can’t be understated, the issue quickly becomes one of scalability. These systems comprised of patchwork applications that are unable to work together symbiotically are quickly outgrown.

We can all agree that no single solution is the magic bullet that will solve all incident response challenges. Any progress will begin with a centralized incident response orchestration platform that acts as a force multiplier for your existing personnel and resources. You wouldn’t use a spoon to dig a 6-foot hole when there are tools designed to dig the hole that are more efficient and effective. This platform should include at a minimum:

  • A solid platform of cyber incident management –A cost-effective incident management platform designed for each stage of the incident response life cycle is the foundation for immediate and long-term success and organizational expansion. A successful platform will be able to incorporate your existing infrastructure and personnel and increase their capabilities. It should not require hiring new personnel or expensive professional services to be effective.
  • Actionable intelligence – Intelligence feeds such as TAXII or other feeds that support STIX can add additional information that promotes informed decision making during each stage of the incident response life cycle.
  • Seamless integration with existing and future technologies – To expand with customer and infrastructure needs, an orchestration platform must be able to not only leverage existing technologies but offer the capability to expand for future integrations as needed.
  • True incident orchestration – Provides the ability to utilize Supervised Active Intelligence™ (SAI), to make informed decisions at each stage of the incident response life cycle while providing a 360-degree view of the incident. This includes critical incident enrichment data with a choice of Human to Machine and/or Machine to Machine actions with consistent, defendable, results across a variety of incident response scenarios.

At DFLabs we have integrated these features and more to give stakeholders the tools they require, built on a platform that gives them the confidence they need. DFLabs’ IncMan® is ranked as one of the most innovated incident response orchestration platform that provides the same unparalleled value to the incident responder as it does to the CISO. Our advanced technology empowers our customers to receive, respond and remediate cyber incidents at a total cost of ownership unavailable elsewhere.

If you’re interested in seeing how we can work together to grow your incident response capabilities while keeping an eye on the ROI bottom line, visit us at and schedule a demonstration of how we can utilize what you already have and make it better.