Hi [[ session.user.profile.firstName ]]

Achieving SOC Excellence with Security Orchestration and Automation

Achieving SOC Excellence with Security Orchestration and Automation: Results from SANS SOC Survey 2019 Report


As cyber threat behavior, business processes and IT technologies are constantly changing, SOC operations are one of the most challenging environments to manage and measure.

In a recently published annual SOC survey report for 2019, SANS highlighted that a lack of skilled staff, budget, and effective orchestration and automation were the most cited reasons for failing to achieve excellence in existing SOCs. On the other hand, success for improving effectiveness and efficiency could be seen as a result from increasing SOC staff in key areas, as well as through the better use of automation to augment existing staff and their skillsets.

In this webinar we will provide a high-level overview of the findings of the survey and then take a deeper dive into how implementing effective orchestration and automation through the use of a Security Orchestration, Automation and Response (SOAR) solution can help to overcome a number of common security operations challenges and pain points, transforming your SOC while improving overall operational performance and success.

We will also cover the unique features and capabilities of DFLabs’ SOAR platform, IncMan SOAR in a short demo.

Key Takeaways:
- Overview of SANS 2019 SOC Survey Findings
- Common Security Operations Challenges and Pain Points
- The Benefits of Orchestration and Automation
- Demo of DFLabs’ IncMan SOAR Platform

A copy of the full 2019 SANS SOC Survey will be available to download during and after the webinar.
Recorded Jul 30 2019 27 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Mike Fowler: VP of Professional Services, DFLabs
Presentation preview: Achieving SOC Excellence with Security Orchestration and Automation

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Un Caso Reale di Automazione della Security: SOAR, Telegram e Processi Sep 22 2020 9:00 am UTC 60 mins
    Andrea Fumagalli, Daniele Antolini e Mauro Necci
    Gli ultimi dieci anni sono stati caratterizzati dall’aumento degli attacchi informatici e dalla conseguente necessità di dotarsi di un elevato numero di tecnologie per rispondere ad esigenze diverse. Questo ha portato ad una crescita esponenziale della criticità di gestione dei processi ICT, con la conseguente necessità di costruire ed implementare dei processi strutturati di risposta agli incidenti informatici.

    In questo webinar, presenteremo un caso reale di implementazione di automazione e orchestrazione all’interno di processi di sicurezza attraverso l’utilizzo della piattaforma DFLabs IncMan SOAR, con una particolare attenzione all’integrazione di Telegram come canale di comunicazione.

    Agenda:

    -Cybersecurity: Criticità della risposta unificata agli incidenti
    -Gestire e orchestrare tante diverse tecnologie multivendor
    -Automazione: velocità di analisi, riduzione degli SLA ed efficienza dei costi di gestione
    -Creazione dei processi di risposta agli incidenti
    -Integrazione con Telegram
  • How to Utilize Security Ratings to Enhance Incident Response Processes Recorded: Jul 30 2020 56 mins
    Heather Sprung, Sr. Solutions Architect, DFLabs and, Matt Ancelin, Sr. Sales Engineer, Security Scorecard
    Ensure a Proactive Approach to your Security Foundation with DFLabs IncMan SOAR and Security Scorecard

    By leveraging their different security findings, organizations can quickly operationalize data through the use of automation and orchestration techniques to ensure a more proactive approach to their security foundation.

    SecurityScorecard provides instant visibility into enterprise security posture as well as the cyber-health of all vendors and partners in any organization’s ecosystem. The platform uses trusted commercial and open-source threat feeds, and non-intrusive data collection methods, to quantitatively evaluate and continuously monitor the security posture of thousands of organizations worldwide. SecurityScorecard delivers the most accurate, transparent, and comprehensive security risk ratings available for small to large enterprises in every industry sector.

    The integration between SecurityScorecard and DFLabs offers third-party vendor health checks, monitoring of vendor risk relationships, and utilization of vulnerability scanning data to confirm or dispute changes in risk score.

    Through this data, clients can leverage the information for actionable insights to ultimately improve their security operations and strengthen their cyber security posture.

    During this webinar we will discuss:

    - How security ratings can drive a successful risk management program
    - Core functions & capabilities of the integration between DFLabs IncMan SOAR and SecurityScorecard
    - Key benefits of SOAR and security ratings for enterprises and MSSPs
    - How to orchestrate all technologies in streamlined processes
  • SOAR Explained: Benefits for Enterprises and MSSPs, SIEM & SOAR, KPIs and More Recorded: Jun 16 2020 55 mins
    Andrea Fumagalli, VP of Engineering at DFLabs, and Enrico Benzoni, Marketing Director at DFLabs
    SOAR has grown exponentially in recent years, both in popularity and demand. An increasing number of enterprises, MSSPs, and security teams have looked for new and innovative solutions to address several pervasive problems, and SOAR quickly became a popular security solution among businesses and organizations.

    In this webinar, we’ll focus on the core functions of Security Orchestration, Automation and Response (SOAR) technology, its unique capabilities, and the most common challenges that SOAR helps resolve.

    We’ll also discuss the key benefits that SOAR as a solution offers to enterprises and MSSPs, the difference between SIEM and SOAR, and how they work together, as well as revealing the most important KPIs for security operations and incident response programs. And at the end, we’ll unravel the unique capabilities that are distinguished only for our IncMan SOAR solution and how it stands out in the crowd.

    Key Takeaways:
    - What is SOAR?
    - Unique capabilities of SOAR
    - The marriage between SIEM and SOAR
    - Key benefits of SOAR for enterprises and MSSPs
    - Core functions & capabilities of DFLabs IncMan SOAR solution
    - Advanced TRIAGE
    - Open Integration Framework
    - Probatory role and chain of custody
    - Reporting and KPIs
  • SOAR Explained: Benefits, Unique Capabilities, SOAR vs SIEM, KPIs and More Recorded: May 26 2020 74 mins
    Andrea Fumagalli, VP of Engineering, DFLabs
    Security Orchestration, Automation, and Response (SOAR) has grown exponentially in recent years, both in popularity and demand. An increasing number of enterprises, SOCs, and MSSPs have looked for new and innovative solutions to address several pervasive problems, and SOAR quickly became a popular security solution among businesses and organizations.

    In this webinar, we’ll focus on the core functions of Security Orchestration, Automation and Response (SOAR) technology, its unique capabilities, and the most common challenges that SOAR helps resolve. We’ll also discuss the key benefits that SOAR as a solution offers to enterprises and MSSPs, the difference between SIEM and SOAR, and how they work together, as well as revealing the most important KPIs for security operations and incident response programs.

    Key Takeaways:
    - What is SOAR?
    - Unique capabilities of SOAR
    - The marriage between SIEM and SOAR
    - Core functions & capabilities of a DFLabs IncMan SOAR solution
    - TRIAGE
    - Open Integration Framework
    - Probatory role and chain of custody
    - Reporting and KPI
    - Key benefits of SOAR for enterprises and MSSPs
  • The Marriage Between SIEM and SOAR Recorded: Nov 12 2019 38 mins
    Mike Fowler, Vice President, Professional Services, DFLabs
    The Marriage Between SIEM and SOAR: Roles and Responsibilities in the Relationship

    With the growing number of tools and technologies being used within security operations to combat the ever-increasing number of security alerts being received, there is still much confusion about what their specific uses and purposes are in order to achieve operational efficiency and effective incident response.

    Many security professionals today still question the difference between (Security Information and Information Management (SIEM) and Security Orchestration, Automation and Response (SOAR) and often ask, “If we have a SIEM tool, do we need SOAR?”

    Although it’s still possible for some SOCs to still function without having a SIEM or SOAR solution in place, many security teams will agree that the success formula is to have both. The amount of security events being generated on a daily basis will likely be a key determining factor for implementing a SIEM tool, and the ability to respond to all of these alerts effectively will likely be a deciding factor when choosing whether to implement a SOAR solution.

    Presented by one of the pioneering leaders within the SOAR market, this webinar will illustrate the functions of SIEM and SOAR, their requirements within SecOps, and how utilizing a SOAR solution can leverage your existing SIEM tool to provide significant value to your security program.

    Key Takeaways
    - The Differences Between SIEM and SOAR
    - The Problems They Can Solve Together
    - The Role of SOAR as an Independent Platform
  • The Evolution of SOAR: Meeting and Exceeding Gartner’s Expectations with DFLabs Recorded: Sep 24 2019 50 mins
    Mike Fowler - VP of Professional Services, DFLabs, and John Moran - Senior Product Manager, DFLabs
    Security Orchestration, Automation and Response (SOAR) today is more than simply a buzzword. For many organizations, it is becoming a primary focus for their SOCs and/or CSIRTs as a solution for addressing the numerous daily security operations challenges they face, as well as a means to improve their operational effectiveness and efficiency, and more importantly their incident response capabilities.

    The evolution of SOAR is in full motion, moving from the product funneling stage to now seeing the strongest vendors and solutions continue to evolve their SOAR capabilities, while others fall by the wayside or get swallowed up by larger companies.

    Watch this webinar to learn about the evolution of SOAR, what a SOAR solution should include according to Gartner, and how DFLabs and its innovative and award-winning IncMan SOAR platform meets and exceeds Gartner’s SOAR criteria, and the industry's evolving expectations with its unique features and capabilities.

    Key Takeaways:

    - Unravel the key customer pain points, challenges and evolving expectations
    - Discover the key requirements a SOAR solution must meet
    - Review Gartner’s recommendations when implementing a full SOAR solution
    - Examine how DFLabs meets and exceeds Gartner’s SOAR criteria
    - And more
  • IncMan SOAR: Developing Next-Generation Security Operations Recorded: Sep 5 2019 57 mins
    John Moran - Senior Product Manager, DFLabs and Heather Hixon - Senior Solutions Architect, DFLabs
    Efficiency and effectiveness are key when it comes to security operations and incident response in terms of both humans and the tools being used. Having the ability to identify and investigate alerts, reduce false positives and respond to the threats that need action in the fastest possible time frame is crucial.

    With increasing numbers of cyber attacks affecting today’s organizations, security analysts are continuously bogged down with a seemingly never-ending stream of alerts that need to be investigated. At DFLabs we believe security teams shouldn't have to sift through this plethora of alerts, wasting precious time and effort with mundane and repetitive tasks to gather the important information they need to identify if the threat is legitimate or a false positive, before then responding to those that need further action in order to be mitigated.

    By utilizing a sophisticated Security Orchestration, Automation and Response (SOAR) solution, such as IncMan SOAR from DFLabs, providing end-to-end incident management with customizable systems and flexibility, automated incident response, dual mode orchestration and more, security operations teams are able to respond more effectively to all alerts, freeing up valuable analyst time which can be used to proactively investigate and hunt for more complex threats.

    Join this webinar to learn what SOAR really is, the key benefits it has to offer, the pain points it can help to resolve, as well as how the unique features and capabilities of DFLabs’ solution can transform your security operations and incident response programs regardless of their size or maturity to keep up with the next-generation cyber attacks affecting our organizations.


    Key Takeaways:

    - The Key Components of SOAR
    - SecOps Challenges SOAR Can Solve
    - The DFLabs Difference
    - An Insight into IncMan SOAR in Action
  • DFLabs and SEMNet: Strengthening Security Operations with SOAR Recorded: Aug 22 2019 59 mins
    Andrea Fumagalli, VP of Engineering at DFLabs and John Chai, Solution Engineer at SEMNet
    In the race to keep up with the increasing number and sophistication of cyberattacks, organizations need to have the capability to not only try to prevent attacks, but to also respond to them when they should occur, before they turn into more damaging security breaches.

    With security operations teams experiencing a number of common challenges and pain points, including a lack of skilled cyber security professionals, a growing volume of security alerts being received, as well as a lack of integration of existing tools in the security tool stack to name a few, organizations are recognizing the need for security orchestration and automation and response (SOAR) technology to help to overcome them.

    Partnering with DFLabs, SEMNet is able to offer its award-winning SOAR solution, IncMan SOAR to customers throughout Asia pacific, providing them with the localized knowledge, guidance and support needed to enable them to successfully implement efficient and effective security operations and incident response programs.

    During this webinar you will learn:

    - What is Security Orchestration, Automation and Response (SOAR) technology?
    - Why there is a growing need for SOAR solutions?
    - The problems SOAR technology can help you solve
    - How it helps to improve security operations and incident response programs
    - How DFLabs and SEMNet partner together to make this possible

    Plus, you will get to see IncMan SOAR live in action, discover some of its use cases and ask any questions you may have.

    Together, DFLabs and SEMNet can ensure security operations teams have the right SOAR solution in place, with standardized processes and workflows to detect, respond to and remediate security incidents in the fastest possible time frame, before significantly impacting your organization.

    Please note: Your registration information will be shared with SEMNet who may contact you in follow-up to your registration and/or attendance of this webinar.
  • Tackling the Top 5 Incident Response Challenges with SOAR Recorded: Aug 20 2019 41 mins
    John Moran, Senior Product Manager, DFLabs
    Incident response can feel like a constant battle, especially for those analysts who are on the front lines of the organization’s response, struggling every day to protect its resources and minimize risk from any potential security events.

    While there are some inherent challenges in incident response which will exist no matter the circumstances, it is the responsibility of security managers and executives to reduce or remove impediments to the incident response process as much as possible. Incident response will never be a frictionless process, however, there are many things we can do to minimize the impediments and provide analysts with the needed resources in order to be successful.

    Year after year, security analysts express the same challenges, across all verticals. Even though we have made many important strides in the past several years, it is clear that our current approach is not adequate to completely solve the most pressing challenges we are facing.

    Incident response analysts typically possess a high drive and passion for their chosen career. Not being given the proper tools to perform a job can be demoralizing and cause the types of analysts you really want on your team to look elsewhere for career satisfaction. With competition for skilled analysts as strong as ever, this is a real concern.

    In order to overcome these challenges, organizations today are increasingly turning to the capabilities of Security Orchestration, Automation and Response (SOAR) technology to help.

    Join this webinar to learn more in-depth about these top 5 incident response challenges and how a SOAR solution can be utilized to successfully resolve them:

    - Shortage of staffing and skills
    - Lack of budget for tools and technology
    - Poorly defined processes and owners
    - Organizational silos between IR and other groups or between data sources and tasks
    - Lack of integration with our other security and monitoring tools
  • Integrated Incident Response: A SANS Survey Recorded: Aug 7 2019 62 mins
    Matt Bromiley, a SANS Digital Forensics and Incident Response instructor,
    Results of the 2019 SANS Incident Response Survey Sponsored by DFLabs

    This incident response (IR) survey is designed to provide insight into the integration of IR capabilities to identify weak spots and best practices for improving IR functions and capabilities. Attendees at this webcast will learn about the experiences of survey participants with regard to:

    - The anatomy of incidents/breaches
    - How quickly organizations were able to react
    - What types of data, tools and information are key to investigations of an incident
    - How successful investigations have been
    - The state of budget and staffing for IR
    - Levels of integration of IR teams and the maturity of IR processes
    - Impediments to IR implementations and plans for improvement

    Best practices and actionable advice will be presented to help organizations improve their IR practices to be more integrated and efficient.
  • Achieving SOC Excellence with Security Orchestration and Automation Recorded: Jul 30 2019 27 mins
    Mike Fowler: VP of Professional Services, DFLabs
    Achieving SOC Excellence with Security Orchestration and Automation: Results from SANS SOC Survey 2019 Report


    As cyber threat behavior, business processes and IT technologies are constantly changing, SOC operations are one of the most challenging environments to manage and measure.

    In a recently published annual SOC survey report for 2019, SANS highlighted that a lack of skilled staff, budget, and effective orchestration and automation were the most cited reasons for failing to achieve excellence in existing SOCs. On the other hand, success for improving effectiveness and efficiency could be seen as a result from increasing SOC staff in key areas, as well as through the better use of automation to augment existing staff and their skillsets.

    In this webinar we will provide a high-level overview of the findings of the survey and then take a deeper dive into how implementing effective orchestration and automation through the use of a Security Orchestration, Automation and Response (SOAR) solution can help to overcome a number of common security operations challenges and pain points, transforming your SOC while improving overall operational performance and success.

    We will also cover the unique features and capabilities of DFLabs’ SOAR platform, IncMan SOAR in a short demo.

    Key Takeaways:
    - Overview of SANS 2019 SOC Survey Findings
    - Common Security Operations Challenges and Pain Points
    - The Benefits of Orchestration and Automation
    - Demo of DFLabs’ IncMan SOAR Platform

    A copy of the full 2019 SANS SOC Survey will be available to download during and after the webinar.
  • Common and Best Practices for Security Operations Centers Recorded: Jul 15 2019 63 mins
    Christopher Crowley, a senior SANS instructor and course author for SANS courses
    Common and Best Practices for Security Operations Centers

    Results of the 2019 SANS SOC Survey Sponsored by DFLabs

    The 2019 SANS Security Operations Center (SOC) Survey is focused on providing objective data to security leaders who are looking to establish a SOC or optimize an existing one. This webcast will capture common and best practices, provide defendable metrics that can be used to justify SOC resources to management, and highlight the key areas that SOC managers should prioritize to increase the effectiveness and efficiency of security operations.

    Key Takeaways:

    - What types of SOC infrastructures are used most frequently
    - How SOCs interact with network operations centers and incident response teams
    - What activities typically define a SOC and how many of them are outsourced
    - Which SOC-related technologies organizations are most satisfied with
    - How organizations use metrics to evaluate SOC performance
    - What challenges inhibit integration and utilization of a centralized SOC model
  • How to Successfully Evaluate SOAR Solutions Recorded: Jun 25 2019 47 mins
    John Moran, Senior Product Manager, DFLabs and Heather Hixon, Senior Solutions Architecht, DFLabs
    Assessing solutions to meet your organization’s specific requirements and use cases

    When investing in a new tool or technology it is important that it fully meets the requirements of the organization, including all of the crucial “must have” aspects, as well as a number of ”would likes” that could also be beneficial.

    With the growing maturity of the SOAR market and an increasing number of vendors in the space now claiming to offer a SOAR solution, evaluating a number of solutions from different vendors can be a daunting and long process if not carried out methodically with clear objectives goals in mind.

    During this webinar we will discuss what a full SOAR solution should entail, common security operations problems that a SOAR solution can help to solve, as well as define a set of criteria that we believe should be taken into consideration when assessing a SOAR solution and vendor.

    Our aim is to cover as many angles and best practices to help provide the information you need to make an informed decision based on your individual organization requirements. DFLabs believes it has one of the most open and industry leading SOAR solutions available in the SOAR market today, which is flexible to adapt to any use case, including those outside the traditional security operations space, but above all we are committed to making sure all potential customers achieve the best possible solution to solving their critical security problems.

    Key Takeaways:
    - The core capabilities and functions of a full SOAR solution
    - SOAR vs. Orchestration and Automation
    - Defining the problems to be solved
    - Criteria for evaluating a SOAR solution
    - Criteria for evaluating a SOAR vendor
  • How to Transform Your Security Operations with SOAR Recorded: Jun 4 2019 59 mins
    John Moran, Senior Product Manager, DFLabs Cody Mercer, Manager of Pre-Sales & Sales Marketing, DFLabs
    Overcoming Common Challenges and Pain Points to Go Above and Beyond Incident Response

    The challenge for any security operations or incident response team is being able to detect and respond effectively to all security alerts, remediating incidents before they lead to an event such as a serious data breach.

    Implementing a SOAR solution accelerates incident response times to a matter seconds, through orchestrating the existing security tool stack and by automating the response actions required. Often an incident is automatically handled and contained before an analyst is even aware of the issue and had time to react.

    Automating and orchestrating mundane and repetitive tasks ultimates improves security operations efficiencies, and as a result, frees up valuable analyst time which can be used to proactively investigate and hunt for more complex threats.

    Hackers have been automating their attacks for decades and a SOAR solution, such as IncMan SOAR from DFLabs, enables you to do the same, plus much more.

    Join this webinar to learn about the key benefits of utilizing SOAR and the unique features and capabilities DFLabs’ solution has to offer. Go above and beyond standard incident response and transform your security program today.

    Key Takeaways:

    - What is SOAR?
    - The benefits of utilizing SOAR technology
    - How SOAR can help to solve common security operations challenges and pain points
    - What is IncMan SOAR from DFLabs and how does it differ to other SOAR solutions?
  • Unify Operations for Effective Incident Response: DFLabs and PagerDuty Use Case Recorded: May 15 2019 52 mins
    John Moran – Senior Product Manager, DFLabs and George Miranda – Community Advocate, PagerDuty
    When investigating an active incident there is a vast number of investigational processes and stakeholders to consider. Depending on the type of incident and its severity, security professionals may need the assistance of numerous departments outside of the security operations center.

    The need to work in conjunction with these outside departments can make an incident responder’s job even harder. Each department may have different policies and procedures and escalation processes in place which can cause a responder to waste valuable time trying to decipher. Escalations to an incorrect department or subject matter expert can cause potentially dangerous gaps in an organization’s response.

    In this webinar we will discuss DFLabs’ integration with PagerDuty and how it helps organizations to unify their business operations. By seamlessly combining the automation power of DFLabs’ IncMan SOAR platform with the robust communication features of PagerDuty’s technology, organizations can ensure the most relevant evidence is provided to the correct experts in real-time to contain an active incident.

    Key Takeaways:

    - The benefits of connecting disperse teams during on ongoing incident
    - How PagerDuty’s solution can enforce differing policies, procedures, and escalation processes found in large organizations
    - How IncMan SOAR’s automation and orchestration capabilities can increase the efficiency and effectiveness of your security program
    - How together this joint solution can ensure critical information is provided effectively and efficiently to all relevant stakeholders during an incident

    Note: Your registration information will be shared with PagerDuty who may contact you in follow-up to your registration and/or attendance of this webinar.
  • Provide Better MDR Services to Clients with SOAR for MSSPs Recorded: Apr 16 2019 45 mins
    John Moran, Senior Product Manager, DFLabs and Heather Hixon, Senior Solutions Architecht, DFLabs
    MSSPs face the same challenges that SOCs and CSIRTs are experiencing, including an inundation of security alerts, lack of documented processes and workflows, manual tasks and competition for skilled analysts, but all are faced at a scale multiplied by the number of customers they serve. One of the most pressing is the increasing number of third-party security products they must support in customer environments.

    Performance analytics such as unique KPIs and reporting are also critical assets for MSSPs, for improving service levels and meeting SLAs, while demonstrating value to customers. As service providers, MSSPs are also driven to maximize capabilities and efficiencies to offer their customers the highest quality service at the most competitive prices.

    Security Orchestration, Automation and Response (SOAR) technology is no longer seen as solely a solution for SOCs and CSIRTs. MSSPs are increasingly turning to SOAR solutions to achieve greater internal efficiency, differentiate their services from competitors, and provide advanced Managed Detection and Response (MDR) services.

    IncMan SOAR, DFLabs’ award-winning SOAR platform provides MSSPs with the unique capabilities they need, enabling a multitenant, collaborative approach to security as a service. With IncMan, MSSPs can work seamlessly across multiple customer instances, take as many actions when needed, maintain data segregation and granular access controls, provide per-customer analytics and reporting, while improving their overall effectiveness.

    Join our webinar to learn how SOAR can overcome these MSSP pain points and see firsthand the new features and capabilities of our SOAR solution specifically designed for MSSPs, with more due in Q2 2019.

    Key Takeaways:

    - Common Challenges and Pain Points of MSSPs
    - Benefits of Providing Managed Detection and Response Services
    - Benefits of Utilizing a SOAR Solution
    - New Features and Capabilities of IncMan SOAR for MSSPs
  • Dive Head First into the Endpoint (Without Hitting Your Head) Recorded: Apr 2 2019 54 mins
    John Moran, Senior Product Manager, DFLabs and Chris Berninger, Technical Alliances Engineer, Carbon Black
    Dive Head First into the Endpoint (Without Hitting Your Head): A DFLabs and Carbon Black Use Case

    The time it takes attackers to progress from initial infection to establishing multiple beachheads and beginning data exfiltration is often measured in minutes. Responding effectively under these adverse conditions requires complete network visibility, actionable intelligence and intelligent automation to augment human analysts.

    Carbon Black has long been recognized as the industry leader in endpoint detection and response, providing unmatched visibility into all endpoint activity. By incorporating actionable intelligence into their suite of tools, Carbon Black allows enterprises to respond effectively to both known and unknown threats. Carbon Black Defense brings Carbon Black’s extensive Endpoint Detection and Response (EDR) experience together with their cutting-edge next-generation antivirus technology to provide protection against even the most advanced threats.

    However, when a network event, such as a Web Application Firewall (WAF) or Intrusion Detection System (IDS) alert is the impetus for an alert, correlating endpoint data and identifying and containing the threat is largely a manual process. This allows attackers enough time to begin wreaking havoc on the network.

    In this webinar we will explore DFLabs’ Security Orchestration, Automation and Response (SOAR) solution, IncMan SOAR, and Carbon Black Defense, to show how these industry-leading solutions can work seamlessly together to automatically pivot from the network into the endpoint, automatically identifying and containing unknown threats to immediately reduce the risk to the enterprise.

    Learn how:
    - Carbon Black’s suite of products can improve your security infrastructure
    - IncMan SOAR’s automation and orchestration capabilities can increase the efficiency and effectiveness of your security program
    - Carbon Black and DFLabs together can reduce incident detection and response times
  • Leveraging Your Existing SIEM Solution with SOAR Technology Recorded: Mar 12 2019 42 mins
    Mike Fowler, VP of Professional Services at DFLabs; Christian Have, Chief Product Officer at LogPoint
    Improve Your Incident Response with LogPoint and DFLabs

    Empower your security analysts to accelerate detection and response of cyber incidents by combining the power of SIEM and SOAR.

    Based on the recent joint solution from DFLabs and LogPoint resulting from their deep two-way integration, join this webinar to see how two security operations tools can work seamlessly together fusing intelligence to improve the overall effectiveness and operational performance of your existing security program.

    While a SIEM solution delivers tons of valuable information about the security status of your IT system, a SOAR solution uses this information to automate the response needed to incoming cyber threats. Combining the two will free up valuable time and resources in any security program and make for faster, smarter detection, response, and remediation of potential incidents.

    Learn how to:

    · Respond to all security alerts
    · Automate repeatable, mundane tasks
    · Orchestrate actions across multiple security tools
    · Enrich raw data, allowing for more informed, effective decisions
    · Reduce the mean time to detection and response
    · Increase the ROI on existing security operations tools
  • Automation as a Force Multiplier in Cyber Incident Response Recorded: Feb 26 2019 15 mins
    Mike Fowler, CISSP - VP of Professional Services, DFLabs
    Security analysts are subjected to such a volume and frequency of alerts that over time they can become desensitized to the information they are analyzing, resulting in critical alerts potentially being disregarded or missed.

    When responding to tens of thousands of security alerts a month, how can you reliably distinguish what's important from what's just a noise in the background?

    Join our new webinar to learn how a Security Orchestration, Automation and Response (SOAR) solution can help your overwhelmed cyber response team to "SOAR" above the noise when detecting, responding to and remediating a potential security incident. Our VP of Professional Services, Mike Fowler, will present proven best practices to reduce and avoid alert fatigue.

    Key Takeaways:

    ● What is “Alert/Alarm Fatigue” and why should you care?
    ● What is the impact of alert fatigue on Security Operations and Incident Response?
    ● How you can cultivate a state of continuous alertness by applying the SOC Analyst Sanity Saver
    ● How to reinforce the front line
    ● How to leverage SOAR capabilities that act as a Force Multiplier in Incident Response

    Want to learn more on the topic ahead of the webinar? Download our white paper "Automation as a Force Multiplier in Cyber Incident Response" here: https://bit.ly/2SKN9pL
  • Detect, Analyze & Respond to Advanced Malware Using Orchestration & Automation Recorded: Feb 5 2019 48 mins
    John Moran, Senior Product Manager, DFLabs Mark Mastrangeli, Lead Architect, McAfee, Security Innovation Alliance
    Detect, Analyze and Respond to Advanced Malware Using Security Orchestration and Automation: A DFLabs and McAfee Use Case

    As malware attacks continue, attackers are going to great lengths to obfuscate both the intent and capabilities of their malicious payloads to evade detection and analysis. In addition, the rate at which new malware is being developed has reached staggering new levels. Zero-day malware is increasingly common in all environments and signature analysis is becoming less effective.

    As a result, malware has become increasingly difficult to detect using more traditional detection mechanisms. Once detection occurs, it is often difficult to successfully analyze the malicious file to determine the potential impact and extract indicators. To successfully respond to a potential malware incident to contain the threat and block malicious traffic to minimize the impact, early detection and analysis are critical.

    In this webinar we will discuss how a security operations team can detect, analyze and respond to advanced, evasive malware by using DFLabs’ IncMan SOAR platform integrated with McAfee’s suite of tools including Advanced Threat Defense (ATD), Web Gateway and ePO for malware detection, while further being able to share critical security information using McAfee OpenDXL.

    Key Takeaways:

    Learn how McAfee’s suite of security products combined with IncMan SOAR from DFLabs can automatically detect and respond to malware threats to improve the effectiveness and efficiency of your security program by:

    - Performing advanced malware analysis
    - Enriching alert data
    - Immediately blocking threats
    - Sharing critical threat intelligence

    Your registration information will be shared with McAfee who may contact you in follow-up to your registration and/or attendance of this webinar.
Security Orchestration, Automation and Response (SOAR) Platform
DFLabs is a recognized global leader in security orchestration, automation and response (SOAR). The company is led by a management team recognized for its experience in and contributions to the information security field including co-edited many industry standards such as ISO 27043 and ISO 30121. IncMan SOAR – Cyber Incidents Under Control – is the flagship product, adopted by Fortune 500 and Global 2000 organizations worldwide. DFLabs has operations in North America, Europe, Middle East, and Asia with US headquarters in Boston, MA and World headquarters in Milano, Italy. For more information visit: http://www.dflabs.com or connect with us on Twitter @DFLabs. Demos and/or trials of IncMan SOAR are available immediately.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Achieving SOC Excellence with Security Orchestration and Automation
  • Live at: Jul 30 2019 3:00 pm
  • Presented by: Mike Fowler: VP of Professional Services, DFLabs
  • From:
Your email has been sent.
or close