Hi [[ session.user.profile.firstName ]]

Common and Best Practices for Security Operations Centers

Common and Best Practices for Security Operations Centers

Results of the 2019 SANS SOC Survey Sponsored by DFLabs

The 2019 SANS Security Operations Center (SOC) Survey is focused on providing objective data to security leaders who are looking to establish a SOC or optimize an existing one. This webcast will capture common and best practices, provide defendable metrics that can be used to justify SOC resources to management, and highlight the key areas that SOC managers should prioritize to increase the effectiveness and efficiency of security operations.

Key Takeaways:

- What types of SOC infrastructures are used most frequently
- How SOCs interact with network operations centers and incident response teams
- What activities typically define a SOC and how many of them are outsourced
- Which SOC-related technologies organizations are most satisfied with
- How organizations use metrics to evaluate SOC performance
- What challenges inhibit integration and utilization of a centralized SOC model
Recorded Jul 15 2019 63 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Christopher Crowley, a senior SANS instructor and course author for SANS courses
Presentation preview: Common and Best Practices for Security Operations Centers

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • The Evolution of SOAR: Meeting and Exceeding Gartner’s Expectations with DFLabs Sep 24 2019 3:00 pm UTC 60 mins
    Mike Fowler - VP of Professional Services, DFLabs, and John Moran - Senior Product Manager, DFLabs
    Security Orchestration, Automation and Response (SOAR) today is more than simply a buzzword. For many organizations, it is becoming a primary focus for their SOCs and/or CSIRTs as a solution for addressing the numerous daily security operations challenges they face, as well as a means to improve their operational effectiveness and efficiency, and more importantly their incident response capabilities.

    The evolution of SOAR is in full motion, moving from the product funneling stage to now seeing the strongest vendors and solutions continue to evolve their SOAR capabilities, while others fall by the wayside or get swallowed up by larger companies.

    Watch this webinar to learn about the evolution of SOAR, what a SOAR solution should include according to Gartner, and how DFLabs and its innovative and award-winning IncMan SOAR platform meets and exceeds Gartner’s SOAR criteria, and the industry's evolving expectations with its unique features and capabilities.

    Key Takeaways:

    - Unravel the key customer pain points, challenges and evolving expectations
    - Discover the key requirements a SOAR solution must meet
    - Review Gartner’s recommendations when implementing a full SOAR solution
    - Examine how DFLabs meets and exceeds Gartner’s SOAR criteria
    - And more
  • IncMan SOAR: Developing Next-Generation Security Operations Recorded: Sep 5 2019 55 mins
    John Moran - Senior Product Manager, DFLabs and Heather Hixon - Senior Solutions Architect, DFLabs
    Efficiency and effectiveness are key when it comes to security operations and incident response in terms of both humans and the tools being used. Having the ability to identify and investigate alerts, reduce false positives and respond to the threats that need action in the fastest possible time frame is crucial.

    With increasing numbers of cyber attacks affecting today’s organizations, security analysts are continuously bogged down with a seemingly never-ending stream of alerts that need to be investigated. At DFLabs we believe security teams shouldn't have to sift through this plethora of alerts, wasting precious time and effort with mundane and repetitive tasks to gather the important information they need to identify if the threat is legitimate or a false positive, before then responding to those that need further action in order to be mitigated.

    By utilizing a sophisticated Security Orchestration, Automation and Response (SOAR) solution, such as IncMan SOAR from DFLabs, providing end-to-end incident management with customizable systems and flexibility, automated incident response, dual mode orchestration and more, security operations teams are able to respond more effectively to all alerts, freeing up valuable analyst time which can be used to proactively investigate and hunt for more complex threats.

    Join this webinar to learn what SOAR really is, the key benefits it has to offer, the pain points it can help to resolve, as well as how the unique features and capabilities of DFLabs’ solution can transform your security operations and incident response programs regardless of their size or maturity to keep up with the next-generation cyber attacks affecting our organizations.


    Key Takeaways:

    - The Key Components of SOAR
    - SecOps Challenges SOAR Can Solve
    - The DFLabs Difference
    - An Insight into IncMan SOAR in Action
  • DFLabs and SEMNet: Strengthening Security Operations with SOAR Recorded: Aug 22 2019 59 mins
    Andrea Fumagalli, VP of Engineering at DFLabs and John Chai, Solution Engineer at SEMNet
    In the race to keep up with the increasing number and sophistication of cyberattacks, organizations need to have the capability to not only try to prevent attacks, but to also respond to them when they should occur, before they turn into more damaging security breaches.

    With security operations teams experiencing a number of common challenges and pain points, including a lack of skilled cyber security professionals, a growing volume of security alerts being received, as well as a lack of integration of existing tools in the security tool stack to name a few, organizations are recognizing the need for security orchestration and automation and response (SOAR) technology to help to overcome them.

    Partnering with DFLabs, SEMNet is able to offer its award-winning SOAR solution, IncMan SOAR to customers throughout Asia pacific, providing them with the localized knowledge, guidance and support needed to enable them to successfully implement efficient and effective security operations and incident response programs.

    During this webinar you will learn:

    - What is Security Orchestration, Automation and Response (SOAR) technology?
    - Why there is a growing need for SOAR solutions?
    - The problems SOAR technology can help you solve
    - How it helps to improve security operations and incident response programs
    - How DFLabs and SEMNet partner together to make this possible

    Plus, you will get to see IncMan SOAR live in action, discover some of its use cases and ask any questions you may have.

    Together, DFLabs and SEMNet can ensure security operations teams have the right SOAR solution in place, with standardized processes and workflows to detect, respond to and remediate security incidents in the fastest possible time frame, before significantly impacting your organization.

    Please note: Your registration information will be shared with SEMNet who may contact you in follow-up to your registration and/or attendance of this webinar.
  • Tackling the Top 5 Incident Response Challenges with SOAR Recorded: Aug 20 2019 41 mins
    John Moran, Senior Product Manager, DFLabs
    Incident response can feel like a constant battle, especially for those analysts who are on the front lines of the organization’s response, struggling every day to protect its resources and minimize risk from any potential security events.

    While there are some inherent challenges in incident response which will exist no matter the circumstances, it is the responsibility of security managers and executives to reduce or remove impediments to the incident response process as much as possible. Incident response will never be a frictionless process, however, there are many things we can do to minimize the impediments and provide analysts with the needed resources in order to be successful.

    Year after year, security analysts express the same challenges, across all verticals. Even though we have made many important strides in the past several years, it is clear that our current approach is not adequate to completely solve the most pressing challenges we are facing.

    Incident response analysts typically possess a high drive and passion for their chosen career. Not being given the proper tools to perform a job can be demoralizing and cause the types of analysts you really want on your team to look elsewhere for career satisfaction. With competition for skilled analysts as strong as ever, this is a real concern.

    In order to overcome these challenges, organizations today are increasingly turning to the capabilities of Security Orchestration, Automation and Response (SOAR) technology to help.

    Join this webinar to learn more in-depth about these top 5 incident response challenges and how a SOAR solution can be utilized to successfully resolve them:

    - Shortage of staffing and skills
    - Lack of budget for tools and technology
    - Poorly defined processes and owners
    - Organizational silos between IR and other groups or between data sources and tasks
    - Lack of integration with our other security and monitoring tools
  • Integrated Incident Response: A SANS Survey Recorded: Aug 7 2019 62 mins
    Matt Bromiley, a SANS Digital Forensics and Incident Response instructor,
    Results of the 2019 SANS Incident Response Survey Sponsored by DFLabs

    This incident response (IR) survey is designed to provide insight into the integration of IR capabilities to identify weak spots and best practices for improving IR functions and capabilities. Attendees at this webcast will learn about the experiences of survey participants with regard to:

    - The anatomy of incidents/breaches
    - How quickly organizations were able to react
    - What types of data, tools and information are key to investigations of an incident
    - How successful investigations have been
    - The state of budget and staffing for IR
    - Levels of integration of IR teams and the maturity of IR processes
    - Impediments to IR implementations and plans for improvement

    Best practices and actionable advice will be presented to help organizations improve their IR practices to be more integrated and efficient.
  • Achieving SOC Excellence with Security Orchestration and Automation Recorded: Jul 30 2019 27 mins
    Mike Fowler: VP of Professional Services, DFLabs
    Achieving SOC Excellence with Security Orchestration and Automation: Results from SANS SOC Survey 2019 Report


    As cyber threat behavior, business processes and IT technologies are constantly changing, SOC operations are one of the most challenging environments to manage and measure.

    In a recently published annual SOC survey report for 2019, SANS highlighted that a lack of skilled staff, budget, and effective orchestration and automation were the most cited reasons for failing to achieve excellence in existing SOCs. On the other hand, success for improving effectiveness and efficiency could be seen as a result from increasing SOC staff in key areas, as well as through the better use of automation to augment existing staff and their skillsets.

    In this webinar we will provide a high-level overview of the findings of the survey and then take a deeper dive into how implementing effective orchestration and automation through the use of a Security Orchestration, Automation and Response (SOAR) solution can help to overcome a number of common security operations challenges and pain points, transforming your SOC while improving overall operational performance and success.

    We will also cover the unique features and capabilities of DFLabs’ SOAR platform, IncMan SOAR in a short demo.

    Key Takeaways:
    - Overview of SANS 2019 SOC Survey Findings
    - Common Security Operations Challenges and Pain Points
    - The Benefits of Orchestration and Automation
    - Demo of DFLabs’ IncMan SOAR Platform

    A copy of the full 2019 SANS SOC Survey will be available to download during and after the webinar.
  • Common and Best Practices for Security Operations Centers Recorded: Jul 15 2019 63 mins
    Christopher Crowley, a senior SANS instructor and course author for SANS courses
    Common and Best Practices for Security Operations Centers

    Results of the 2019 SANS SOC Survey Sponsored by DFLabs

    The 2019 SANS Security Operations Center (SOC) Survey is focused on providing objective data to security leaders who are looking to establish a SOC or optimize an existing one. This webcast will capture common and best practices, provide defendable metrics that can be used to justify SOC resources to management, and highlight the key areas that SOC managers should prioritize to increase the effectiveness and efficiency of security operations.

    Key Takeaways:

    - What types of SOC infrastructures are used most frequently
    - How SOCs interact with network operations centers and incident response teams
    - What activities typically define a SOC and how many of them are outsourced
    - Which SOC-related technologies organizations are most satisfied with
    - How organizations use metrics to evaluate SOC performance
    - What challenges inhibit integration and utilization of a centralized SOC model
  • How to Successfully Evaluate SOAR Solutions Recorded: Jun 25 2019 47 mins
    John Moran, Senior Product Manager, DFLabs and Heather Hixon, Senior Solutions Architecht, DFLabs
    Assessing solutions to meet your organization’s specific requirements and use cases

    When investing in a new tool or technology it is important that it fully meets the requirements of the organization, including all of the crucial “must have” aspects, as well as a number of ”would likes” that could also be beneficial.

    With the growing maturity of the SOAR market and an increasing number of vendors in the space now claiming to offer a SOAR solution, evaluating a number of solutions from different vendors can be a daunting and long process if not carried out methodically with clear objectives goals in mind.

    During this webinar we will discuss what a full SOAR solution should entail, common security operations problems that a SOAR solution can help to solve, as well as define a set of criteria that we believe should be taken into consideration when assessing a SOAR solution and vendor.

    Our aim is to cover as many angles and best practices to help provide the information you need to make an informed decision based on your individual organization requirements. DFLabs believes it has one of the most open and industry leading SOAR solutions available in the SOAR market today, which is flexible to adapt to any use case, including those outside the traditional security operations space, but above all we are committed to making sure all potential customers achieve the best possible solution to solving their critical security problems.

    Key Takeaways:
    - The core capabilities and functions of a full SOAR solution
    - SOAR vs. Orchestration and Automation
    - Defining the problems to be solved
    - Criteria for evaluating a SOAR solution
    - Criteria for evaluating a SOAR vendor
  • How to Transform Your Security Operations with SOAR Recorded: Jun 4 2019 59 mins
    John Moran, Senior Product Manager, DFLabs Cody Mercer, Manager of Pre-Sales & Sales Marketing, DFLabs
    Overcoming Common Challenges and Pain Points to Go Above and Beyond Incident Response

    The challenge for any security operations or incident response team is being able to detect and respond effectively to all security alerts, remediating incidents before they lead to an event such as a serious data breach.

    Implementing a SOAR solution accelerates incident response times to a matter seconds, through orchestrating the existing security tool stack and by automating the response actions required. Often an incident is automatically handled and contained before an analyst is even aware of the issue and had time to react.

    Automating and orchestrating mundane and repetitive tasks ultimates improves security operations efficiencies, and as a result, frees up valuable analyst time which can be used to proactively investigate and hunt for more complex threats.

    Hackers have been automating their attacks for decades and a SOAR solution, such as IncMan SOAR from DFLabs, enables you to do the same, plus much more.

    Join this webinar to learn about the key benefits of utilizing SOAR and the unique features and capabilities DFLabs’ solution has to offer. Go above and beyond standard incident response and transform your security program today.

    Key Takeaways:

    - What is SOAR?
    - The benefits of utilizing SOAR technology
    - How SOAR can help to solve common security operations challenges and pain points
    - What is IncMan SOAR from DFLabs and how does it differ to other SOAR solutions?
  • Unify Operations for Effective Incident Response: DFLabs and PagerDuty Use Case Recorded: May 15 2019 52 mins
    John Moran – Senior Product Manager, DFLabs and George Miranda – Community Advocate, PagerDuty
    When investigating an active incident there is a vast number of investigational processes and stakeholders to consider. Depending on the type of incident and its severity, security professionals may need the assistance of numerous departments outside of the security operations center.

    The need to work in conjunction with these outside departments can make an incident responder’s job even harder. Each department may have different policies and procedures and escalation processes in place which can cause a responder to waste valuable time trying to decipher. Escalations to an incorrect department or subject matter expert can cause potentially dangerous gaps in an organization’s response.

    In this webinar we will discuss DFLabs’ integration with PagerDuty and how it helps organizations to unify their business operations. By seamlessly combining the automation power of DFLabs’ IncMan SOAR platform with the robust communication features of PagerDuty’s technology, organizations can ensure the most relevant evidence is provided to the correct experts in real-time to contain an active incident.

    Key Takeaways:

    - The benefits of connecting disperse teams during on ongoing incident
    - How PagerDuty’s solution can enforce differing policies, procedures, and escalation processes found in large organizations
    - How IncMan SOAR’s automation and orchestration capabilities can increase the efficiency and effectiveness of your security program
    - How together this joint solution can ensure critical information is provided effectively and efficiently to all relevant stakeholders during an incident

    Note: Your registration information will be shared with PagerDuty who may contact you in follow-up to your registration and/or attendance of this webinar.
  • Provide Better MDR Services to Clients with SOAR for MSSPs Recorded: Apr 16 2019 45 mins
    John Moran, Senior Product Manager, DFLabs and Heather Hixon, Senior Solutions Architecht, DFLabs
    MSSPs face the same challenges that SOCs and CSIRTs are experiencing, including an inundation of security alerts, lack of documented processes and workflows, manual tasks and competition for skilled analysts, but all are faced at a scale multiplied by the number of customers they serve. One of the most pressing is the increasing number of third-party security products they must support in customer environments.

    Performance analytics such as unique KPIs and reporting are also critical assets for MSSPs, for improving service levels and meeting SLAs, while demonstrating value to customers. As service providers, MSSPs are also driven to maximize capabilities and efficiencies to offer their customers the highest quality service at the most competitive prices.

    Security Orchestration, Automation and Response (SOAR) technology is no longer seen as solely a solution for SOCs and CSIRTs. MSSPs are increasingly turning to SOAR solutions to achieve greater internal efficiency, differentiate their services from competitors, and provide advanced Managed Detection and Response (MDR) services.

    IncMan SOAR, DFLabs’ award-winning SOAR platform provides MSSPs with the unique capabilities they need, enabling a multitenant, collaborative approach to security as a service. With IncMan, MSSPs can work seamlessly across multiple customer instances, take as many actions when needed, maintain data segregation and granular access controls, provide per-customer analytics and reporting, while improving their overall effectiveness.

    Join our webinar to learn how SOAR can overcome these MSSP pain points and see firsthand the new features and capabilities of our SOAR solution specifically designed for MSSPs, with more due in Q2 2019.

    Key Takeaways:

    - Common Challenges and Pain Points of MSSPs
    - Benefits of Providing Managed Detection and Response Services
    - Benefits of Utilizing a SOAR Solution
    - New Features and Capabilities of IncMan SOAR for MSSPs
  • Dive Head First into the Endpoint (Without Hitting Your Head) Recorded: Apr 2 2019 54 mins
    John Moran, Senior Product Manager, DFLabs and Chris Berninger, Technical Alliances Engineer, Carbon Black
    Dive Head First into the Endpoint (Without Hitting Your Head): A DFLabs and Carbon Black Use Case

    The time it takes attackers to progress from initial infection to establishing multiple beachheads and beginning data exfiltration is often measured in minutes. Responding effectively under these adverse conditions requires complete network visibility, actionable intelligence and intelligent automation to augment human analysts.

    Carbon Black has long been recognized as the industry leader in endpoint detection and response, providing unmatched visibility into all endpoint activity. By incorporating actionable intelligence into their suite of tools, Carbon Black allows enterprises to respond effectively to both known and unknown threats. Carbon Black Defense brings Carbon Black’s extensive Endpoint Detection and Response (EDR) experience together with their cutting-edge next-generation antivirus technology to provide protection against even the most advanced threats.

    However, when a network event, such as a Web Application Firewall (WAF) or Intrusion Detection System (IDS) alert is the impetus for an alert, correlating endpoint data and identifying and containing the threat is largely a manual process. This allows attackers enough time to begin wreaking havoc on the network.

    In this webinar we will explore DFLabs’ Security Orchestration, Automation and Response (SOAR) solution, IncMan SOAR, and Carbon Black Defense, to show how these industry-leading solutions can work seamlessly together to automatically pivot from the network into the endpoint, automatically identifying and containing unknown threats to immediately reduce the risk to the enterprise.

    Learn how:
    - Carbon Black’s suite of products can improve your security infrastructure
    - IncMan SOAR’s automation and orchestration capabilities can increase the efficiency and effectiveness of your security program
    - Carbon Black and DFLabs together can reduce incident detection and response times
  • Leveraging Your Existing SIEM Solution with SOAR Technology Recorded: Mar 12 2019 42 mins
    Mike Fowler, VP of Professional Services at DFLabs; Christian Have, Chief Product Officer at LogPoint
    Improve Your Incident Response with LogPoint and DFLabs

    Empower your security analysts to accelerate detection and response of cyber incidents by combining the power of SIEM and SOAR.

    Based on the recent joint solution from DFLabs and LogPoint resulting from their deep two-way integration, join this webinar to see how two security operations tools can work seamlessly together fusing intelligence to improve the overall effectiveness and operational performance of your existing security program.

    While a SIEM solution delivers tons of valuable information about the security status of your IT system, a SOAR solution uses this information to automate the response needed to incoming cyber threats. Combining the two will free up valuable time and resources in any security program and make for faster, smarter detection, response, and remediation of potential incidents.

    Learn how to:

    · Respond to all security alerts
    · Automate repeatable, mundane tasks
    · Orchestrate actions across multiple security tools
    · Enrich raw data, allowing for more informed, effective decisions
    · Reduce the mean time to detection and response
    · Increase the ROI on existing security operations tools
  • Automation as a Force Multiplier in Cyber Incident Response Recorded: Feb 26 2019 15 mins
    Mike Fowler, CISSP - VP of Professional Services, DFLabs
    Security analysts are subjected to such a volume and frequency of alerts that over time they can become desensitized to the information they are analyzing, resulting in critical alerts potentially being disregarded or missed.

    When responding to tens of thousands of security alerts a month, how can you reliably distinguish what's important from what's just a noise in the background?

    Join our new webinar to learn how a Security Orchestration, Automation and Response (SOAR) solution can help your overwhelmed cyber response team to "SOAR" above the noise when detecting, responding to and remediating a potential security incident. Our VP of Professional Services, Mike Fowler, will present proven best practices to reduce and avoid alert fatigue.

    Key Takeaways:

    ● What is “Alert/Alarm Fatigue” and why should you care?
    ● What is the impact of alert fatigue on Security Operations and Incident Response?
    ● How you can cultivate a state of continuous alertness by applying the SOC Analyst Sanity Saver
    ● How to reinforce the front line
    ● How to leverage SOAR capabilities that act as a Force Multiplier in Incident Response

    Want to learn more on the topic ahead of the webinar? Download our white paper "Automation as a Force Multiplier in Cyber Incident Response" here: https://bit.ly/2SKN9pL
  • Detect, Analyze & Respond to Advanced Malware Using Orchestration & Automation Recorded: Feb 5 2019 48 mins
    John Moran, Senior Product Manager, DFLabs Mark Mastrangeli, Lead Architect, McAfee, Security Innovation Alliance
    Detect, Analyze and Respond to Advanced Malware Using Security Orchestration and Automation: A DFLabs and McAfee Use Case

    As malware attacks continue, attackers are going to great lengths to obfuscate both the intent and capabilities of their malicious payloads to evade detection and analysis. In addition, the rate at which new malware is being developed has reached staggering new levels. Zero-day malware is increasingly common in all environments and signature analysis is becoming less effective.

    As a result, malware has become increasingly difficult to detect using more traditional detection mechanisms. Once detection occurs, it is often difficult to successfully analyze the malicious file to determine the potential impact and extract indicators. To successfully respond to a potential malware incident to contain the threat and block malicious traffic to minimize the impact, early detection and analysis are critical.

    In this webinar we will discuss how a security operations team can detect, analyze and respond to advanced, evasive malware by using DFLabs’ IncMan SOAR platform integrated with McAfee’s suite of tools including Advanced Threat Defense (ATD), Web Gateway and ePO for malware detection, while further being able to share critical security information using McAfee OpenDXL.

    Key Takeaways:

    Learn how McAfee’s suite of security products combined with IncMan SOAR from DFLabs can automatically detect and respond to malware threats to improve the effectiveness and efficiency of your security program by:

    - Performing advanced malware analysis
    - Enriching alert data
    - Immediately blocking threats
    - Sharing critical threat intelligence

    Your registration information will be shared with McAfee who may contact you in follow-up to your registration and/or attendance of this webinar.
  • Transform Your Security Operations With SOAR Technology - IncMan SOAR Overview Recorded: Jan 29 2019 60 mins
    John Moran, Senior Product Manager, DFLabs Cody Mercer, Manager of Pre-Sales & Sales Marketing, DFLabs
    IncMan SOAR from DFLabs is the only Security Orchestration, Automation and Response (SOAR) platform available capable of full incident lifecycle automation, including built-in, automated threat intelligence gathering, risk assessment, triage and notification, context enrichment, hunting and investigating, threat containment and more.

    This feature rich, unique and scalable solution provides context to security incidents, automates actions, orchestrates response to activities, while enabling full reporting and measurement functionality across all stakeholders. With its Open integration Framework, REST API and Automated START Triage, it is the most open and customizable SOAR platform in the industry, helping organizations to overcome some of the most common challenges and pain points when it comes to incident response.

    Join this webinar to learn how to transform your Security Operations by using SOAR technology and discover how DFLabs can help you to detect, respond to and remediate all security incidents fast, before they impact your organization.

    Key Features & Capabilities:

    - Security Automation and Orchestration
    - Threat Hunting and Investigation
    - Incident Management
    - Flexible Integrations and Event Parsing
    - Forensic Evidence Management
    - Reporting and KPIs
    - Knowledge Transfer & Machine Learning
    - Community Portal and Community Edition
  • AMP Up Your Response with SOAR and Cisco’s Security Suite Recorded: Jan 11 2019 58 mins
    John Moran Sr. Prod. Mngr DFLabs; Jessica Bair Sr. Mngr Adv.Threat Solutions; Michael Auger, Sr Sec. Solutions Cisco Security
    Presented By:
    John Moran, Senior Product Manager, DFLabs
    Michael Auger, Senior Solutions Security Architect, Cisco Security
    Jessica Bair, Senior Manager, Advanced Threat Solutions, Cisco Security

    Learn how DFLabs’ Security Orchestration, Automation and Response solution, IncMan SOAR, integrates and performs seamlessly with Cisco’s security suite, including its latest integration with Cisco AMP for Endpoints.

    As organizations are exposed to more advanced and frequent attacks, speed of detection and response is critical in reducing financial and reputational damage.

    Cisco AMP for Endpoints leverages cloud-based analytics to detect and respond to advanced threats in real-time. Used with Cisco’s security suite, including Threat Grid, Umbrella and Umbrella Investigate, threats can be assessed, and assessments of the network performed; but this consumes valuable analyst time.

    IncMan SOAR allows security teams to automate repeatable tasks, including enriching initial threat indicators, allowing more time to focus on tasks which require human intervention.

    By combining these solutions, security teams can automate and orchestrate the process from initial alert, to containment and remediation, reducing actionable detection and response times from hours to seconds.
  • DFLabs’ New Open Integration Framework and Customer Community Portal Recorded: Dec 18 2018 41 mins
    John Moran, Senior Product Manager, DFLabs and Heather Hixon, Senior Solutions Architect, DFLabs
    DFLabs’ innovative Open Integration Framework is designed to enable security teams to customize and easily add new automated integrations between their existing security tools and our IncMan SOAR platform, enabling SOCs and MSSPs to add unique incident response actions without the need for complex coding. The new framework is part of DFLabs’ commitment to delivering a more open, community-oriented solution to automation and orchestration, which also includes a new Community Portal.

    The Community Portal serves as a hub for customers, where they can get the latest information and support from DFLabs and interact with other like-minded customers. Moreover, this Community Portal aims to provide a cooperation ecosystem for companies and organizations, where they can share integrations of security tools and IncMan SOAR. This approach will enable our customers to tackle specific use cases by uploading or downloading integration files from the Portal to IncMan SOAR.

    Join this webinar to learn more about these two new exciting features, as well as DFLabs’ other latest developments and enhancements to IncMan SOAR v4.5 including:

    - Open Integration Framework
    - Community Portal
    - Enhanced REST API
    - Automated event triage (START Triage)
    - New bidirectional integrations
    - Improvements to existing integrations
    - And more...
  • Creating a Winning Security Strategy for 2019 Recorded: Dec 5 2018 49 mins
    Israel Barak, Cybereason | Dario Forte, DFLabs
    Cyber attacks on businesses, organizations and critical infrastructure becoming the norm in 2018. Massive breaches are constantly in the news and consumers are demanding stricter data and privacy protections. Cybersecurity has never been more important to organizations, and the investment in security technology has never been greater.

    CISOs are in the spotlight, and are looking to build the best strategy to secure their organizations, customers and users.

    Join top security experts for an interactive Q&A panel discussion on:
    - The key factors CISOs should consider for their cybersecurity strategy
    - The current and future threatscape
    - Platform Security for 2019
    - Technological solutions that make CISOs' lives easier
    - How organizations are coping with the shortage of qualified security workforce
    - How CISOs can better communicate their strategy to the board

    Panelists:
    Israel Barak,CSO, Cybereason
    Dario Forte, CEO, DFLabs

    Panel moderated by:
    Amar Singh, Founder & CEO, Cyber Management Alliance
  • DFLabs IncMan SOAR Platform V4.5: Open Integration Framework and More Recorded: Nov 27 2018 41 mins
    John Moran, Senior Product Manager, DFLabs and Heather Hixon, Senior Solutions Architect, DFLabs
    The latest release of DFLabs IncMan SOAR platform v4.5 includes a range of additional and enhanced features and capabilities highly focused around delivering a more open, extensible and community-oriented solution to some of the most challenging problems facing SOCs, CSIRTs and MSSPs today.

    Key New Features include:

    - Open Integration Framework
    - Enhanced REST API
    - Automated event triage (START Triage)
    - New bidirectional integrations
    - Improvements to existing integrations
    - And more...

    Join this webinar to see first hand how DFLabs’ Open Integration Framework enables security teams to easily add and orchestrate new functions between IncMan SOAR and third party products even without coding experience.

    In addition, learn about additional new features including how IncMan SOAR’s enhanced REST API allows users to extend and integrate security automation and orchestration with other processes in new and exciting ways, as well as how its START Triage module now enables granular control over which events are automatically enriched to validate which should be converted directly into a security incident.
Security Orchestration, Automation and Response (SOAR) Platform
DFLabs is a recognized global leader in security orchestration, automation and response (SOAR). The company is led by a management team recognized for its experience in and contributions to the information security field including co-edited many industry standards such as ISO 27043 and ISO 30121. IncMan SOAR – Cyber Incidents Under Control – is the flagship product, adopted by Fortune 500 and Global 2000 organizations worldwide. DFLabs has operations in North America, Europe, Middle East, and Asia with US headquarters in Boston, MA and World headquarters in Milano, Italy. For more information visit: http://www.dflabs.com or connect with us on Twitter @DFLabs. Demos and/or trials of IncMan SOAR are available immediately.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Common and Best Practices for Security Operations Centers
  • Live at: Jul 15 2019 2:00 pm
  • Presented by: Christopher Crowley, a senior SANS instructor and course author for SANS courses
  • From:
Your email has been sent.
or close