DFLabs has announced a new version of its IncMan security orchestration, automation and response (SOAR) platform at this week's RSA Conference in San Francisco, California.
The new release will enable MSSPs and managed detection and response (MDR) providers to simultaneously manage security operations across multiple customer environments, regardless of the security products deployed at each customer site, DFLabs claims.
IncMan SOAR's new features include vendor-agnostic runbooks that allow MSSPs and MDR providers to execute a single action across various customer environments, DFLabs said. At the same time, MSSPs and MDR providers can use IncMan SOAR to provide customers with control over what actions are allowed in their respective IT environments.
In addition, the new version of IncMan SOAR enables MSSPs and MDR providers to allow customers to determine which intelligence, playbooks, runbooks and other information can be shared, according to DFLabs. This ensures MSSPs and MDR providers can help their customers comply with data security mandates.
The new IncMan SOAR release also automates the collection and reporting of metrics and key performance indicators (KPI) across customer environments, DFLabs indicated. That way, IncMan SOAR provides visibility into customers' infrastructure and security posture.
DFLabs is expected to release its new version of IncMan SOAR globally by the end of June.
IncMan SOAR: Here's What You Need to Know
IncMan SOAR offers a variety of incident lifecycle automation capabilities, including:
- Context enrichment.
- Risk assessment.
- Threat containment.
- Threat hunting and investigation.
- Threat intelligence gathering.
- Triage and notification.
Furthermore, IncMan SOAR provides an open integration framework for customizing and adding automated security integrations. It enables security teams to add and orchestrate functions between IncMan SOAR and third-party products and execute each security integration within a Docker container.
What Is DFLabs?
DFLabs is an Italian SOAR vendor with operations throughout North America, Europe and the Asia-Pacific region. The company currently offers IncMan SOAR to MSSPs, MDR providers, security operations centers (SOCs) and computer security incident response teams (CSIRTs) worldwide.
Also, DFLabs provides a partner program to cybersecurity solution providers. This program enables channel partners to offer IncMan SOAR to their customers.
SOAR Competition
The SOAR market is increasingly crowded with a range of startups and established businesses moving into the market. Recent moves include:
- Splunk added SOAR capabilities to its security information and event monitoring (SIEM) platform in 2018.
- Siemplify quadrupled its bookings & tripled its customer base in 2018, and launched a formal partner program for MSSPs and VARs in February 2019.
- Sophos acquired DarkBytes for managed detection & response (MDR), SOAR & MSSP services in January 2019.
- Syncurity's SOAR platform gained a SentinelOne integration in February 2019.
- Palo Alto Networks announced plans to acquire Demisto, a SOAR startup, in February 2019.
