Channel partners, Incident Response, SOC

DFLabs IncMan SOAR Gains Automated Security Integrations


DFLabs has released a new version of its IncMan security orchestration, automation and response (SOAR) platform for MSSPs.

The new release, IncMan SOAR 4.5, provides an open integration framework for customizing and adding automated security integrations, according to a prepared statement. It allows security teams to add and orchestrate functions between IncMan SOAR and third-party products to address security requirements and workflows.

Also, IncMan SOAR 4.5 executes each security integration within a Docker container, DFLabs said. This ensures that security teams can add automated integrations without any coding.

Introducing the IncMan SOAR REST API

In addition to the open integration framework, IncMan SOAR now features a REST application programming interface (API) that allow end users to extend and integrate security automation and orchestration with various security processes.

The IncMan SOAR REST API provides security teams with granular control over security events, DFLabs stated. It supports data ingestion via email and other methods and validates whether security events should be converted into security incidents.

IncMan SOAR 4.5 is now available, and DFLabs intends to launch new platform upgrades in the next few months.

What Is IncMan SOAR?

IncMan SOAR enables MSSPs to assess, investigate and hunt for cyber threats. It is built on the DFLabs R3 Rapid Response Runbook engine and allows end users to orchestrate and automate a variety of incident response activities, including:

  • Data and context enrichment.
  • Incident triage.
  • Stakeholder notification.
  • Threat containment.

MSSPs can use IncMan SOAR to deliver security monitoring and incident response services. They also can leverage IncMan SOAR's pay-as-you grow licensing model to deliver premium and advanced security services and manage more incidents for more customers at a lower overall cost, DFLabs indicated.

DFLabs and the SOAR Market: Here's What MSSPs Need to Know

Founded in 2004, DFLabs allows MSSPs to harness machine learning and automation to orchestrate security operations and incident response. DFLabs helps MSSPs orchestrate the security incident and investigation lifecycle and could capitalize on the rising demand for SOAR tools in the years to come.

Less than 1 percent of security teams larger than five people leveraged SOAR tools for orchestration and automation reasons last year, according to Gartner. Meanwhile, Gartner has projected this figure will rise to 5 percent by 2020.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.