Hi [[ session.user.profile.firstName ]]

DFLabs - Cyber Incidents Under Control

  • Date
  • Rating
  • Views
  • Unify Operations for Effective Incident Response: DFLabs and PagerDuty Use Case
    Unify Operations for Effective Incident Response: DFLabs and PagerDuty Use Case
    John Moran – Senior Product Manager, DFLabs and George Miranda – Community Advocate, PagerDuty Recorded: May 15 2019 52 mins
    When investigating an active incident there is a vast number of investigational processes and stakeholders to consider. Depending on the type of incident and its severity, security professionals may need the assistance of numerous departments outside of the security operations center.

    The need to work in conjunction with these outside departments can make an incident responder’s job even harder. Each department may have different policies and procedures and escalation processes in place which can cause a responder to waste valuable time trying to decipher. Escalations to an incorrect department or subject matter expert can cause potentially dangerous gaps in an organization’s response.

    In this webinar we will discuss DFLabs’ integration with PagerDuty and how it helps organizations to unify their business operations. By seamlessly combining the automation power of DFLabs’ IncMan SOAR platform with the robust communication features of PagerDuty’s technology, organizations can ensure the most relevant evidence is provided to the correct experts in real-time to contain an active incident.

    Key Takeaways:

    - The benefits of connecting disperse teams during on ongoing incident
    - How PagerDuty’s solution can enforce differing policies, procedures, and escalation processes found in large organizations
    - How IncMan SOAR’s automation and orchestration capabilities can increase the efficiency and effectiveness of your security program
    - How together this joint solution can ensure critical information is provided effectively and efficiently to all relevant stakeholders during an incident

    Note: Your registration information will be shared with PagerDuty who may contact you in follow-up to your registration and/or attendance of this webinar.
  • Provide Better MDR Services to Clients with SOAR for MSSPs
    Provide Better MDR Services to Clients with SOAR for MSSPs
    John Moran, Senior Product Manager, DFLabs and Heather Hixon, Senior Solutions Architecht, DFLabs Recorded: Apr 16 2019 45 mins
    MSSPs face the same challenges that SOCs and CSIRTs are experiencing, including an inundation of security alerts, lack of documented processes and workflows, manual tasks and competition for skilled analysts, but all are faced at a scale multiplied by the number of customers they serve. One of the most pressing is the increasing number of third-party security products they must support in customer environments.

    Performance analytics such as unique KPIs and reporting are also critical assets for MSSPs, for improving service levels and meeting SLAs, while demonstrating value to customers. As service providers, MSSPs are also driven to maximize capabilities and efficiencies to offer their customers the highest quality service at the most competitive prices.

    Security Orchestration, Automation and Response (SOAR) technology is no longer seen as solely a solution for SOCs and CSIRTs. MSSPs are increasingly turning to SOAR solutions to achieve greater internal efficiency, differentiate their services from competitors, and provide advanced Managed Detection and Response (MDR) services.

    IncMan SOAR, DFLabs’ award-winning SOAR platform provides MSSPs with the unique capabilities they need, enabling a multitenant, collaborative approach to security as a service. With IncMan, MSSPs can work seamlessly across multiple customer instances, take as many actions when needed, maintain data segregation and granular access controls, provide per-customer analytics and reporting, while improving their overall effectiveness.

    Join our webinar to learn how SOAR can overcome these MSSP pain points and see firsthand the new features and capabilities of our SOAR solution specifically designed for MSSPs, with more due in Q2 2019.

    Key Takeaways:

    - Common Challenges and Pain Points of MSSPs
    - Benefits of Providing Managed Detection and Response Services
    - Benefits of Utilizing a SOAR Solution
    - New Features and Capabilities of IncMan SOAR for MSSPs
  • Dive Head First into the Endpoint (Without Hitting Your Head)
    Dive Head First into the Endpoint (Without Hitting Your Head)
    John Moran, Senior Product Manager, DFLabs and Chris Berninger, Technical Alliances Engineer, Carbon Black Recorded: Apr 2 2019 54 mins
    Dive Head First into the Endpoint (Without Hitting Your Head): A DFLabs and Carbon Black Use Case

    The time it takes attackers to progress from initial infection to establishing multiple beachheads and beginning data exfiltration is often measured in minutes. Responding effectively under these adverse conditions requires complete network visibility, actionable intelligence and intelligent automation to augment human analysts.

    Carbon Black has long been recognized as the industry leader in endpoint detection and response, providing unmatched visibility into all endpoint activity. By incorporating actionable intelligence into their suite of tools, Carbon Black allows enterprises to respond effectively to both known and unknown threats. Carbon Black Defense brings Carbon Black’s extensive Endpoint Detection and Response (EDR) experience together with their cutting-edge next-generation antivirus technology to provide protection against even the most advanced threats.

    However, when a network event, such as a Web Application Firewall (WAF) or Intrusion Detection System (IDS) alert is the impetus for an alert, correlating endpoint data and identifying and containing the threat is largely a manual process. This allows attackers enough time to begin wreaking havoc on the network.

    In this webinar we will explore DFLabs’ Security Orchestration, Automation and Response (SOAR) solution, IncMan SOAR, and Carbon Black Defense, to show how these industry-leading solutions can work seamlessly together to automatically pivot from the network into the endpoint, automatically identifying and containing unknown threats to immediately reduce the risk to the enterprise.

    Learn how:
    - Carbon Black’s suite of products can improve your security infrastructure
    - IncMan SOAR’s automation and orchestration capabilities can increase the efficiency and effectiveness of your security program
    - Carbon Black and DFLabs together can reduce incident detection and response times
  • Leveraging Your Existing SIEM Solution with SOAR Technology
    Leveraging Your Existing SIEM Solution with SOAR Technology
    Mike Fowler, VP of Professional Services at DFLabs; Christian Have, Chief Product Officer at LogPoint Recorded: Mar 12 2019 42 mins
    Improve Your Incident Response with LogPoint and DFLabs

    Empower your security analysts to accelerate detection and response of cyber incidents by combining the power of SIEM and SOAR.

    Based on the recent joint solution from DFLabs and LogPoint resulting from their deep two-way integration, join this webinar to see how two security operations tools can work seamlessly together fusing intelligence to improve the overall effectiveness and operational performance of your existing security program.

    While a SIEM solution delivers tons of valuable information about the security status of your IT system, a SOAR solution uses this information to automate the response needed to incoming cyber threats. Combining the two will free up valuable time and resources in any security program and make for faster, smarter detection, response, and remediation of potential incidents.

    Learn how to:

    · Respond to all security alerts
    · Automate repeatable, mundane tasks
    · Orchestrate actions across multiple security tools
    · Enrich raw data, allowing for more informed, effective decisions
    · Reduce the mean time to detection and response
    · Increase the ROI on existing security operations tools
  • Automation as a Force Multiplier in Cyber Incident Response
    Automation as a Force Multiplier in Cyber Incident Response
    Mike Fowler, CISSP - VP of Professional Services, DFLabs Recorded: Feb 26 2019 15 mins
    Security analysts are subjected to such a volume and frequency of alerts that over time they can become desensitized to the information they are analyzing, resulting in critical alerts potentially being disregarded or missed.

    When responding to tens of thousands of security alerts a month, how can you reliably distinguish what's important from what's just a noise in the background?

    Join our new webinar to learn how a Security Orchestration, Automation and Response (SOAR) solution can help your overwhelmed cyber response team to "SOAR" above the noise when detecting, responding to and remediating a potential security incident. Our VP of Professional Services, Mike Fowler, will present proven best practices to reduce and avoid alert fatigue.

    Key Takeaways:

    ● What is “Alert/Alarm Fatigue” and why should you care?
    ● What is the impact of alert fatigue on Security Operations and Incident Response?
    ● How you can cultivate a state of continuous alertness by applying the SOC Analyst Sanity Saver
    ● How to reinforce the front line
    ● How to leverage SOAR capabilities that act as a Force Multiplier in Incident Response

    Want to learn more on the topic ahead of the webinar? Download our white paper "Automation as a Force Multiplier in Cyber Incident Response" here: https://bit.ly/2SKN9pL
  • Detect, Analyze & Respond to Advanced Malware Using Orchestration & Automation
    Detect, Analyze & Respond to Advanced Malware Using Orchestration & Automation
    John Moran, Senior Product Manager, DFLabs Mark Mastrangeli, Lead Architect, McAfee, Security Innovation Alliance Recorded: Feb 5 2019 48 mins
    Detect, Analyze and Respond to Advanced Malware Using Security Orchestration and Automation: A DFLabs and McAfee Use Case

    As malware attacks continue, attackers are going to great lengths to obfuscate both the intent and capabilities of their malicious payloads to evade detection and analysis. In addition, the rate at which new malware is being developed has reached staggering new levels. Zero-day malware is increasingly common in all environments and signature analysis is becoming less effective.

    As a result, malware has become increasingly difficult to detect using more traditional detection mechanisms. Once detection occurs, it is often difficult to successfully analyze the malicious file to determine the potential impact and extract indicators. To successfully respond to a potential malware incident to contain the threat and block malicious traffic to minimize the impact, early detection and analysis are critical.

    In this webinar we will discuss how a security operations team can detect, analyze and respond to advanced, evasive malware by using DFLabs’ IncMan SOAR platform integrated with McAfee’s suite of tools including Advanced Threat Defense (ATD), Web Gateway and ePO for malware detection, while further being able to share critical security information using McAfee OpenDXL.

    Key Takeaways:

    Learn how McAfee’s suite of security products combined with IncMan SOAR from DFLabs can automatically detect and respond to malware threats to improve the effectiveness and efficiency of your security program by:

    - Performing advanced malware analysis
    - Enriching alert data
    - Immediately blocking threats
    - Sharing critical threat intelligence

    Your registration information will be shared with McAfee who may contact you in follow-up to your registration and/or attendance of this webinar.
  • Transform Your Security Operations With SOAR Technology -  IncMan SOAR Overview
    Transform Your Security Operations With SOAR Technology - IncMan SOAR Overview
    John Moran, Senior Product Manager, DFLabs Cody Mercer, Manager of Pre-Sales & Sales Marketing, DFLabs Recorded: Jan 29 2019 60 mins
    IncMan SOAR from DFLabs is the only Security Orchestration, Automation and Response (SOAR) platform available capable of full incident lifecycle automation, including built-in, automated threat intelligence gathering, risk assessment, triage and notification, context enrichment, hunting and investigating, threat containment and more.

    This feature rich, unique and scalable solution provides context to security incidents, automates actions, orchestrates response to activities, while enabling full reporting and measurement functionality across all stakeholders. With its Open integration Framework, REST API and Automated START Triage, it is the most open and customizable SOAR platform in the industry, helping organizations to overcome some of the most common challenges and pain points when it comes to incident response.

    Join this webinar to learn how to transform your Security Operations by using SOAR technology and discover how DFLabs can help you to detect, respond to and remediate all security incidents fast, before they impact your organization.

    Key Features & Capabilities:

    - Security Automation and Orchestration
    - Threat Hunting and Investigation
    - Incident Management
    - Flexible Integrations and Event Parsing
    - Forensic Evidence Management
    - Reporting and KPIs
    - Knowledge Transfer & Machine Learning
    - Community Portal and Community Edition
  • AMP Up Your Response with SOAR and Cisco’s Security Suite
    AMP Up Your Response with SOAR and Cisco’s Security Suite
    John Moran Sr. Prod. Mngr DFLabs; Jessica Bair Sr. Mngr Adv.Threat Solutions; Michael Auger, Sr Sec. Solutions Cisco Security Recorded: Jan 11 2019 58 mins
    Presented By:
    John Moran, Senior Product Manager, DFLabs
    Michael Auger, Senior Solutions Security Architect, Cisco Security
    Jessica Bair, Senior Manager, Advanced Threat Solutions, Cisco Security

    Learn how DFLabs’ Security Orchestration, Automation and Response solution, IncMan SOAR, integrates and performs seamlessly with Cisco’s security suite, including its latest integration with Cisco AMP for Endpoints.

    As organizations are exposed to more advanced and frequent attacks, speed of detection and response is critical in reducing financial and reputational damage.

    Cisco AMP for Endpoints leverages cloud-based analytics to detect and respond to advanced threats in real-time. Used with Cisco’s security suite, including Threat Grid, Umbrella and Umbrella Investigate, threats can be assessed, and assessments of the network performed; but this consumes valuable analyst time.

    IncMan SOAR allows security teams to automate repeatable tasks, including enriching initial threat indicators, allowing more time to focus on tasks which require human intervention.

    By combining these solutions, security teams can automate and orchestrate the process from initial alert, to containment and remediation, reducing actionable detection and response times from hours to seconds.
  • DFLabs’ New Open Integration Framework and Customer Community Portal
    DFLabs’ New Open Integration Framework and Customer Community Portal
    John Moran, Senior Product Manager, DFLabs and Heather Hixon, Senior Solutions Architect, DFLabs Recorded: Dec 18 2018 41 mins
    DFLabs’ innovative Open Integration Framework is designed to enable security teams to customize and easily add new automated integrations between their existing security tools and our IncMan SOAR platform, enabling SOCs and MSSPs to add unique incident response actions without the need for complex coding. The new framework is part of DFLabs’ commitment to delivering a more open, community-oriented solution to automation and orchestration, which also includes a new Community Portal.

    The Community Portal serves as a hub for customers, where they can get the latest information and support from DFLabs and interact with other like-minded customers. Moreover, this Community Portal aims to provide a cooperation ecosystem for companies and organizations, where they can share integrations of security tools and IncMan SOAR. This approach will enable our customers to tackle specific use cases by uploading or downloading integration files from the Portal to IncMan SOAR.

    Join this webinar to learn more about these two new exciting features, as well as DFLabs’ other latest developments and enhancements to IncMan SOAR v4.5 including:

    - Open Integration Framework
    - Community Portal
    - Enhanced REST API
    - Automated event triage (START Triage)
    - New bidirectional integrations
    - Improvements to existing integrations
    - And more...
  • Creating a Winning Security Strategy for 2019
    Creating a Winning Security Strategy for 2019
    Israel Barak, Cybereason | Dario Forte, DFLabs Recorded: Dec 5 2018 49 mins
    Cyber attacks on businesses, organizations and critical infrastructure becoming the norm in 2018. Massive breaches are constantly in the news and consumers are demanding stricter data and privacy protections. Cybersecurity has never been more important to organizations, and the investment in security technology has never been greater.

    CISOs are in the spotlight, and are looking to build the best strategy to secure their organizations, customers and users.

    Join top security experts for an interactive Q&A panel discussion on:
    - The key factors CISOs should consider for their cybersecurity strategy
    - The current and future threatscape
    - Platform Security for 2019
    - Technological solutions that make CISOs' lives easier
    - How organizations are coping with the shortage of qualified security workforce
    - How CISOs can better communicate their strategy to the board

    Panelists:
    Israel Barak,CSO, Cybereason
    Dario Forte, CEO, DFLabs

    Panel moderated by:
    Amar Singh, Founder & CEO, Cyber Management Alliance

Embed in website or blog