Hi [[ session.user.profile.firstName ]]

Automation as a Force Multiplier in Cyber Incident Response

Four Best Practices to eliminate Security Analyst Alert Fatigue

Join us in this webinar to learn industry best practices to improve your security analyst’s effectiveness by eliminating Alert Fatigue.

By 2019, ISACA predicts a shortage of 2 million cyber security professionals. This scarcity of skilled labor and a security alert false positive rate of over 52% means that your security team is overstretched and overwhelmed.

Security Analysts are subjected to such a volume and frequency of alerts that they become desensitized to the information they are meant to analyze, resulting in critical alerts being disregarded or missed.

When responding to tens of thousands of security alarms a month, how can you reliably distinguish what's important from what's just a noise in the background?

Join us in this webinar and learn how you can help your overwhelmed cyber response team to "SOAR" above the noise when responding to incidents. Mike Fowler will present proven best practices to reduce and avoid alert fatigue:

● What is “Alert/Alarm Fatigue” and why should you care?
● What is the impact of alert fatigue on Security Operations and Incident Response?
● How you can cultivate a state of continuous alertness by applying the SOC Analyst Sanity Saver
● How to reinforce the front line
● How to leverage automation capabilities to act as a Force Multiplier through Incident Automation and Orchestration

Our webinar presenter, Mike Fowler (CISSP, EnCE), is the Vice President of Professional Services at DFLabs and has over two decades of experience in incident response and forensic investigations.
Recorded Sep 6 2017 33 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Mike Fowler (CISSP, EnCE), VP of Professional Services at DFLabs
Presentation preview: Automation as a Force Multiplier in Cyber Incident Response

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • DFLabs’ New Open Integration Framework and Customer Community Portal Dec 18 2018 3:00 pm UTC 41 mins
    John Moran, Senior Product Manager, DFLabs and Heather Hixon, Senior Solutions Architect, DFLabs
    DFLabs’ innovative Open Integration Framework is designed to enable security teams to customize and easily add new automated integrations between their existing security tools and our IncMan SOAR platform, enabling SOCs and MSSPs to add unique incident response actions without the need for complex coding. The new framework is part of DFLabs’ commitment to delivering a more open, community-oriented solution to automation and orchestration, which also includes a new Community Portal.

    The Community Portal serves as a hub for customers, where they can get the latest information and support from DFLabs and interact with other like-minded customers. Moreover, this Community Portal aims to provide a cooperation ecosystem for companies and organizations, where they can share integrations of security tools and IncMan SOAR. This approach will enable our customers to tackle specific use cases by uploading or downloading integration files from the Portal to IncMan SOAR.

    Join this webinar to learn more about these two new exciting features, as well as DFLabs’ other latest developments and enhancements to IncMan SOAR v4.5 including:

    - Open Integration Framework
    - Community Portal
    - Enhanced REST API
    - Automated event triage (START Triage)
    - New bidirectional integrations
    - Improvements to existing integrations
    - And more...
  • DFLabs IncMan SOAR Platform V4.5: Open Integration Framework and More Recorded: Nov 27 2018 41 mins
    John Moran, Senior Product Manager, DFLabs and Heather Hixon, Senior Solutions Architect, DFLabs
    The latest release of DFLabs IncMan SOAR platform v4.5 includes a range of additional and enhanced features and capabilities highly focused around delivering a more open, extensible and community-oriented solution to some of the most challenging problems facing SOCs, CSIRTs and MSSPs today.

    Key New Features include:

    - Open Integration Framework
    - Enhanced REST API
    - Automated event triage (START Triage)
    - New bidirectional integrations
    - Improvements to existing integrations
    - And more...

    Join this webinar to see first hand how DFLabs’ Open Integration Framework enables security teams to easily add and orchestrate new functions between IncMan SOAR and third party products even without coding experience.

    In addition, learn about additional new features including how IncMan SOAR’s enhanced REST API allows users to extend and integrate security automation and orchestration with other processes in new and exciting ways, as well as how its START Triage module now enables granular control over which events are automatically enriched to validate which should be converted directly into a security incident.
  • Utilizing Recorded Future Threat Intelligence Within DFLabs SOAR Solution Recorded: Nov 20 2018 30 mins
    John Moran, Senior Product Manager at DFLabs and Brian Guessetto, Partner Marketing Manager at Recorded Future
    Automate Enrichment And Simplifying Information Gathering

    As cybersecurity attacks continue to evolve accessing vital threat intelligence information is key. Valuable information is often scattered across many tools with varying degrees of confidence, which leaves investigators without a full understanding of the risk posed to their organization and ultimately prevents confident decision making at the most critical time in an investigation.

    DFLabs integration with Recorded Future’s threat intelligence platform enables simplified and automated information gathering and sharing to provide investigators with crucial details and context surrounding a potential incident.

    Combined with the capabilities of DFLabs security orchestration, automation and response (SOAR) solution, IncMan SOAR; orchestrating the process and automating information gathering allows investigators to better utilize their time investigating an incident rather than focusing their valuable time and effort performing manual information gathering and the data correlation tasks necessary to prioritize an event.

    Join this webinar for an in-depth look at Recorded Future’s integrations with IncMan SOAR from DFLabs to learn how:

    - Recorded Future Threat Intelligence can be orchestrated into the Incident Response process
    - IncMan SOAR can automate Recorded Future’s data enrichment actions
    - Recorded Future combined with DFLabs can automatically identify and respond to threats and remediate potential incidents before they can become a breach

    Your registration information will be shared with Recorded Future who may contact you in follow-up to your registration and/or attendance of this webinar.
  • Using Threat Intelligence Effectively in Security Automation and Orchestration Recorded: Oct 30 2018 54 mins
    John Moran Sr. Prod. Mngr DFLabs; Jessica Bair Sr. Mngr Adv.Threat Solutions; Michael Auger, Sr Sec. Solutions Cisco Security
    Using Threat Intelligence Effectively in Security Automation and Orchestration: A DFLabs and Cisco Use Case.

    Actionable intelligence is critical to responding efficiently and effectively to a potential security incident. Inaccurate or incomplete intelligence can lead to threats dwelling on the network, resulting in increased financial losses and irreparable damage to reputation. Once a threat has been discovered, decisive action must be taken to contain the threat.

    Cisco’s suite of detection, intelligence and response products, including Email Security Appliance, Threat Grid, Umbrella and Umbrella Investigate; offer security practitioners an unparalleled suite of tools, to address all phases of the incident response lifecycle.

    Combining the vast capabilities of Cisco’s suite of security products, with the orchestration and automation power of DFLabs’ IncMan SOAR platform, allows organizations to respond to potential security incidents, with unmatched speed and accuracy.

    Key Takeaways:

    · How Cisco’s suite of security products can improve your security infrastructure
    · How IncMan SOAR’s automation and orchestration capabilities can increase the efficiency and effectiveness of your security program
    · How Cisco security products combined with IncMan SOAR from DFLabs can automatically respond to threats

    Presented by:
    John Moran, Senior Product Manager, DFLabs
    Jessica Bair, Senior Manager, Advanced Threat Solutions, Cisco Security
    Michael Auger, Senior Security Solutions Architect, Cisco Security

    Your registration information will be shared with DFLabs’ solution partner Cisco Security, who may contact you in follow-up to your registration and/or attendance of this webinar.
  • How to Facilitate Knowledge Transfer within SecOps Utilizing SOAR Technology Recorded: Oct 16 2018 52 mins
    Mike Fowler, CISSP, Vice President of Professional Services at DFLabs and John Moran, Senior Product Manager at DFLabs,
    Increased workload coupled with an industry-wide shortage of skilled responders is a common challenge heavily impacting operational performance in Security Operations Centers globally. An integral part of the solution is formulating a methodology to ensure that crucial knowledge is held and transferred between incident responders at all levels and overall retained within the organization.

    By utilizing Security Orchestration, Automation and Response (SOAR) technology, security teams can combine traditional methods of knowledge transfer with more modern techniques and technologies by incorporating machine learning and artificial intelligence capabilities.

    Join this webinar to learn about the benefits of implementing a SOAR solution, such as IncMan SOAR from DFLabs, and see how we can help to ensure that your organization’s knowledge is consistently and accurately retained, used and transferred, while simultaneously contributing to the efficiency and effectiveness of your entire incident response process.

    Key Takeaways:

    - The benefits of using SOAR technology
    - How to overcome the shortage of skilled security operations staff
    - How security orchestration and automation can facilitate knowledge transfer
    - How a SOAR solution can improve your overall security program performance
  • Increase Performance with KPIs for Security Operations and Incident Response Recorded: Sep 25 2018 51 mins
    John Moran, Senior Product Manager at DFLabs,and Mike Fowler, CISSP, Vice President of Professional Services at DFLabs
    Security operations KPIs vary from organization to organization. To be effective, it is crucial that KPIs are selected based on the SMART criteria.

    KPIs provide the critical information required to make fact-based decisions. However, tracking too many KPIs can become a burden to analysts.

    Join our new webinar to discover the best practices for Key Performance Indicators (KPIs) for Security Operations and Incident Response.

    Key takeaways:
    - Why are KPIs important?
    - How to choose the best KPIs?
    - How many KPIs are appropriate to measure?
  • New Features and Capabilities of DFLabs IncMan SOAR Platform V4.4 Recorded: Aug 28 2018 50 mins
    Mike Fowler, Vice President of Professional Services and John Moran, Senior Product Manager at DFLabs
    Mike Fowler, Vice President of Professional Services and John Moran, Senior Product Manager at DFLabs

    Aug 28 2018
    10:00 EDT / 15:00 BST

    The latest release of DFLabs IncMan SOAR platform v4.4 includes a range of additional and enhanced features and capabilities including:

    - Automated event triage (START Triage)
    - New bidirectional integrations
    - Improvements to existing integrations
    - Enhanced flexibility of runbooks
    - And more...

    Join this webinar to get this unique opportunity to take a look at the new and improved IncMan SOAR platform and see first-hand one of the most exciting new features and first of its kind capability, START (Simple Triage And Rapid Treatment) Triage, in action.

    START Triage aims to dramatically reduce the number of security incidents generated from alerts and is being used in production by a major European bank to eliminate manual first line assessment of suspected fraudulent online transactions. IncMan SOAR has reduced triage time by 90% for cyber fraud events generated by its mainframe and other external systems. The flexible, open and customizable architecture of IncMan SOAR’s START Triage allows it to adapt to virtually any use case and data source, including network alerts, endpoint alerts, transaction fraud alerts, physical security events and threat intelligence alerts.
  • Leverage Your SIEM Solution Utilizing SOAR Technology Recorded: Aug 14 2018 43 mins
    Mike Fowler, VP of Professional Services at DFLabs; Christian Have, Chief Product Officer at LogPoint
    Empower your security analysts to accelerate detection and response of cyber incidents by combining the power of SIEM and SOAR.

    Based on a new joint solution from DFLabs and LogPoint resulting from their deep two-way integration, join this webinar to see how two security operations tools can work seamlessly together fusing intelligence to improve the overall effectiveness and operational performance of your existing security program.

    While a SIEM solution delivers tons of valuable information about the security status of your IT system, a SOAR solution uses this information to automate the response needed to incoming cyber threats. Combining the two will free up valuable time and resources in any security program and make for faster, smarter detection, response, and remediation of potential incidents.

    Learn how to:

    · Respond to all security alerts
    · Automate repeatable, mundane tasks
    · Orchestrate actions across multiple security tools
    · Enrich raw data, allowing for more informed, effective decisions
    · Reduce the mean time to detection and response
    · Increase the ROI on existing security operations tools
  • DFLabs IncMan SOAR Platform Overview Recorded: May 22 2018 49 mins
    Mike Fowler, Vice President of Professional Services at DFLabs and John Moran, Senior Product Manager at DFLabs
    Learn how DFLabs IncMan Security Orchestration, Automation and Response (SOAR) platform can help to automate, orchestrate and measure your security operations and incident response processes and tasks.

    Join this webinar and take a look at the latest version of IncMan SOAR, including a range of new features and integrations, and discover how we can help you to leverage your existing technologies and streamline your workflows.

    Keep your cyber incidents under control by orchestrating the full incident response and investigation lifecycle, automate actions, fuse security intelligence and share knowledge with machine learning:

    - Minimize Incident Resolution Time by 90%
    - Maximize Analyst Efficiency by 80%
    - Increase the Amount of Handled Incidents by 300%
  • New Features of DFLabs' IncMan SOAR Platform - Product Overview Webinar Recorded: Apr 10 2018 27 mins
    Steven Ditmore Senior Sales Engineer at DFLabs, and John Moran, Senior Product Manager at DFLabs,
    Learn how DFLabs IncMan can help you automate, orchestrate and measure your security operations and incident response.

    Join this webinar and get the unique opportunity to take a first-hand look at the new version of the IncMan Security Orchestration, Automation, and Response (SOAR) platform.

    See in action new features and functionality including:

    - New bidirectional integrations from a variety of product categories
    - Enhanced flexibility of its R3 Rapid Response Runbooks with the addition of new decision nodes
    - Development of IncMan’s correlation engine to allow users a more advanced view of the threat landscape
    - More intelligent decisions and response actions using the Automated Responder Knowledge (DF-ARK) module
    - Bolstered report engine, allowing users to create more flexible reports for a variety of purposes
    - Improved dashboard and KPI features to gather a complete picture of the organization

    These are just a few of the highlights, IncMan includes many other enhancements designed to streamline your orchestration, automation and response process.
  • KPIs for Security Operations and Incident Response Recorded: Apr 3 2018 51 mins
    John Moran, Senior Product Manager at DFLabs,and Mike Fowler, CISSP, Vice President of Professional Services at DFLabs
    Security operations KPIs vary from organization to organization. To be effective, it is crucial that KPIs are selected based on the SMART criteria.

    KPIs provide the critical information required to make fact-based decisions. However, tracking too many KPIs can become a burden to analysts.

    Join our new webinar to discover the best practices for Key Performance Indicators (KPIs) for Security Operations and Incident Response.

    Key takeaways:
    - Why are KPIs important?
    - How to choose the best KPIs?
    - How many KPIs are appropriate to measure?
  • Increasing the Effectiveness of Incident Management Recorded: Feb 27 2018 57 mins
    John Moran, Senior Product Manager at DFLabs,and Mike Fowler, CISSP, Vice President of Professional Services at DFLabs
    Incidents are fast-paced, dynamic events, forcing responders in to stressful and unfamiliar situations. Ineffective or delayed response to an incident can potentially lead to millions of dollars in lost revenue and damages. Even seasoned response teams require structure and leadership to respond effectively to an incident.

    This webinar offers a deeper look into the Incident Management System (IMS) and explains how when combined with a properly designed and implemented incident response process, the IMS can help organizations achieve a more effective and efficient incident management process, translating directly to a decrease in financial loss and reputational damage from incidents.

    Key Takeaways:

    - One of the core requirements of an IMS is that it must remain both flexible and scalable.
    - The first and most crucial step in implementing an IMS is integrating it into current organization processes and procedures.
    - Incorporating an IMS can elevate incident management to a level which is simply not possible with a more ad hoc system.
    - Utilizing an IMS for every incident large and small alike, will ensure that stakeholders remain proficient and in control of the process.

    Join us on this webinar as we try to answer the common questions surrounding how to increase the effectiveness of incident management, including the best set up of an Incident Management System, its structure and roles, when it should be used, as well as how an organization should go about implementation.
  • DFLabs IncMan Product Overview Recorded: Feb 6 2018 33 mins
    Mike Fowler, CISSP, Vice President of Professional Services at DFLabs, Steven Ditmore Senior Sales Engineer at DFLabs
    Learn how DFLabs IncMan can help you automate, orchestrate and measure your incident response and security operations.

    By joining this webinar you will have the opportunity to discover DFLabs IncMan and how our solution can help you to:

    - Minimize Incident Resolution Time by 90%
    - Maximize Analyst Efficiency by 80%
    - Increase the amount of handled Incidents by 300%
  • DFLabs IncMan Product Overview Recorded: Dec 19 2017 31 mins
    Oliver Rochford, VP of Security Evangelism at DFLabs, Steven Ditmore Senior Sales Engineer at DFLabs
    Learn how DFLabs IncMan can help you automate, orchestrate and measure your incident response and security operations.

    By joining this webinar you will have the opportunity to discover DFLabs IncMan and how our solution can help you to:

    - Minimize Incident Resolution Time by 90%
    - Maximize Analyst Efficiency by 80%
    - Increase the amount of handled Incidents by 300%
  • In-house or Outsourced Security Operations Center? Recorded: Nov 27 2017 34 mins
    Oliver Rochford, VP of Security Evangelism - DFLabs, Sebastian Hess, AIG Cyber Risk Executive for Germany/Austria/Switzerland
    The need to have a Security Operations Center (SOC) is becoming increasingly evident with each passing day, with data breaches being a common occurrence for many organizations around the globe. But, when organizations start thinking about setting up a SOC, they face a big dilemma - whether to build one in-house, or go with an outsourced or managed services model.

    This webinar offers a deeper look into the factors that should play a role in deciding which option is a better fit for organizations, based on their needs and the resources at their disposal.

    Key takeaways:
    - A SOC must strike a proper balance between people, processes and technology
    - People are the key to any SOC, but are scarce due to a skills shortage
    - The right technologies are a key enabler for any SOC, but can often also be remotely delivered
    - Getting processes right in an outsourced SOC model can be challenging, but the unavailability of skilled resources may be the bigger challenge

    Join us on this webinar as we try to answer the question of how best to handle your security needs, by explaining the pros and cons of both an in-house SOC and an outsourced one, so you can make an informed decision that would be best suited for your organization.
  • DFLabs IncMan Product Overview Recorded: Nov 6 2017 28 mins
    Oliver Rochford, VP of Security Evangelism at DFLabs, Steven Ditmore Senior Sales Engineer at DFLabs
    Learn how DFLabs IncMan can help you automate, orchestrate and measure your incident response and security operations.

    By joining this webinar you will have the opportunity to discover DFLabs IncMan and how our solution can help you to:

    - Minimize Incident Resolution Time by 90%
    - Maximize Analyst Efficiency by 80%
    - Increase the amount of handled Incidents by 300%
  • Automate or Die without Dying Recorded: Oct 5 2017 35 mins
    Oliver Rochford, VP of Security Evangelism - DFLabs
    How to safely automate incident response without impacting operational integrity.

    Eager to learn more about incident response automation? In this webinar, you will get to learn expert insight on automation in security operations and incident response, and the reasons behind its renewed emergence as a main topic of discussion among cyber security professionals.

    Automating security operations and incident response in a safe and effective manner is admittedly challenging. However, it still remains highly desirable, considering that manual processes are not suitable for responding to increasingly sophisticated cyber threats.

    Attend this webinar to find out how you can overcome these challenges, and automate incident response processes without impacting operational integrity.

    Presented by DFLabs’ VP of Security Evangelism and former Gartner Analyst, Oliver Rochford, the webinar will address the three automation challenges when considering automating threat containment:

    The 3 Security Automation Challenges:
    1. The SecOps team can assess the impact of the threat, but not the impact on production
    2. You can automate the actions, but not the decision
    3. IT Operations do not trust automation
  • DFLabs IncMan Product Overview Recorded: Sep 26 2017 32 mins
    Oliver Rochford, VP of Security Evangelism; Mike Fowler, VP of Professional Services
    Learn how DFLabs IncMan can help you automate, orchestrate and measure your incident response and security operations.

    By joining this webinar you will have the opportunity to discover DFLabs IncMan and how our solution can help you to:

    - Minimize Incident Resolution Time by 90%
    - Maximize Analyst Efficiency by 80%
    - Increase the amount of handled Incidents by 300%
  • Automation as a Force Multiplier in Cyber Incident Response Recorded: Sep 6 2017 33 mins
    Mike Fowler (CISSP, EnCE), VP of Professional Services at DFLabs
    Four Best Practices to eliminate Security Analyst Alert Fatigue

    Join us in this webinar to learn industry best practices to improve your security analyst’s effectiveness by eliminating Alert Fatigue.

    By 2019, ISACA predicts a shortage of 2 million cyber security professionals. This scarcity of skilled labor and a security alert false positive rate of over 52% means that your security team is overstretched and overwhelmed.

    Security Analysts are subjected to such a volume and frequency of alerts that they become desensitized to the information they are meant to analyze, resulting in critical alerts being disregarded or missed.

    When responding to tens of thousands of security alarms a month, how can you reliably distinguish what's important from what's just a noise in the background?

    Join us in this webinar and learn how you can help your overwhelmed cyber response team to "SOAR" above the noise when responding to incidents. Mike Fowler will present proven best practices to reduce and avoid alert fatigue:

    ● What is “Alert/Alarm Fatigue” and why should you care?
    ● What is the impact of alert fatigue on Security Operations and Incident Response?
    ● How you can cultivate a state of continuous alertness by applying the SOC Analyst Sanity Saver
    ● How to reinforce the front line
    ● How to leverage automation capabilities to act as a Force Multiplier through Incident Automation and Orchestration

    Our webinar presenter, Mike Fowler (CISSP, EnCE), is the Vice President of Professional Services at DFLabs and has over two decades of experience in incident response and forensic investigations.
  • A CISO's Key Challenge: Creating Valid Security Metrics & Reporting For Security Recorded: May 10 2017 52 mins
    Bill Bonney (CISA) Vice President, Product Management, TechVision Research and Dario Forte, CEO, and Founder of DFLabs
    Cyber Security requires organizations to analyze and correlate data derived from the measurement of the right metrics. Every CISO is searching for the best practices for turning metrics and reporting into meaningful data for 3 important data sharing levels within organizations. Managing metrics and reporting for Security Operations and Incident Response can be a time consuming and costly project.

    In this webinar, our speakers will discuss how to strengthen and empower a security team’s ability to quickly assess and remediate security Incidents and data breaches.

    Including:
    • Review CISO’s guide for sharing SecOps and IR data with C-level, VPs, and Directors.
    • Discover true priorities in breach reporting.
    • Learn what organizations can do to improve the automated analysis of incidents.
    • Understand the trends and benchmarks in security automation and orchestration to include metrics and reporting.
    • How to orchestrate and automate processes and machine actions in order to mitigate damages.

    Hear from:
    Bill Bonney, a co-author of the seminal book for new CISOs, the CISO Desk Reference Guide – A Practical Guide for CISOs. Along with his co-authors, Bill has established the standard “go to” reference for setting up an effective Information Security program. Along with Dario Forte, CEO, and Founder of DFLabs who will also be presenting on orchestrate and automate processes. Dario Forte started his career in Incident response as a member of the Italian police. In that role, he has worked with United States governmental agencies including the National Aeronautics and Space Administration (NASA). He is Co-Editor of several ISO Standards within the 27000 series and holds the CFE, CISM and CGEIT certifications. The author of over 50 books and scientific papers, Dario has an MBA from the University of Liverpool and has completed select executive curriculum at the Harvard Business School.
Security Orchestration, Automation and Response (SOAR) Platform
DFLabs is a recognized global leader in security orchestration, automation and response (SOAR). The company is led by a management team recognized for its experience in and contributions to the information security field including co-edited many industry standards such as ISO 27043 and ISO 30121. IncMan SOAR – Cyber Incidents Under Control – is the flagship product, adopted by Fortune 500 and Global 2000 organizations worldwide. DFLabs has operations in North America, Europe, Middle East, and Asia with US headquarters in Boston, MA and World headquarters in Milano, Italy. For more information visit: http://www.dflabs.com or connect with us on Twitter @DFLabs. Demos and/or trials of IncMan SOAR are available immediately.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Automation as a Force Multiplier in Cyber Incident Response
  • Live at: Sep 6 2017 5:00 pm
  • Presented by: Mike Fowler (CISSP, EnCE), VP of Professional Services at DFLabs
  • From:
Your email has been sent.
or close