Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    DFLabs Looks to Improve SOAR With Open Integration Framework

    By
    Sean Michael Kerner
    -
    November 7, 2018
    Share
    Facebook
    Twitter
    Linkedin
      DFlabs IncMan

      DFLabs announced a new version of its IncMan SOAR (Security Orchestration Automation and Response) platform on Nov. 7, providing organizations with a new open model for enabling integration with security tools.

      The IncMan SOAR 4.5 release adds a new open integration framework that makes it easier for organizations to connect disparate security tools together for a more seamless security remediation workflow. The DFLabs update also improves the START Triage module that can be used to limit false positives and reduce the number of alerts that generate incidents that need to be remediated.

      “The new open integration framework is really designed to change the way that we at DFLabs develop our integrations with third-party products, but also change the way that customers can interact with them,” John Moran, senior product manager at DFLabs, told eWEEK.

      SOAR is an emerging area of IT cyber-security that blends alerts with the automated orchestration of different security controls for incident remediation. The State of SOAR Report 2018, released on Sept. 6, found that the high volume of security alerts experienced by many organizations is driving increased demand for SOAR technologies.

      One of the main differentiators between DFLabs’ open integration framework and what some of the other SOAR vendors are doing is the ability to define integrations in a text-based format that works at the action level, Moran said. As such, he explained that instead of having one giant file that defines all the IncMan SOAR integrations with a specific vendor technology, DFLabs just has individual files that define each action.

      How It Works

      Creating integrations with different security technologies via the open integration framework is enabled via the innovative use Docker containers.

      By creating an integration definition container with DFLabs’ open framework and then allowing users to upload individual action files, users just code their new action in its own integration action file, without worrying about messing up anything that already exists, Moran said. By using Docker containers, it makes it very easy for users to share integrations with other customers, he added. Python, Perl, PowerShell and bash scripting are all supported options for programming the integration containers.

      “So the user has the ability to specify what Docker container they would like to execute each integration in, and that allows for increased security and it allows users to use whatever third-party libraries they may need,” he said.

      Start Triage

      The IncMan SOAR 4.5 release also benefits from a series of other features, including an expanded REST API. Additionally, the Start Triage module has been enhanced to provide organizations with new capabilities. Moran explained that a common problem for many IT organizations is they get a high volume of alerts but don’t have proper scoring mechanics in place of the severity of all the incoming information.

      “In the 4.5 release, we have the ability to create triage events from any log source to help weed out false positives,” he said. 

      Now an organization can create a rule that says, for example, if an endpoint detection and response (EDR) solution generates a syslog message with a score of 50 or greater, create an incident out of it, he said. Conversely, if the score is less than 50, the alert will move to the triage module, where a security analyst can perform additional enrichment to make a determination to see whether the alert is an actual incident or not.

      Looking forward, Moran said DFLabs will continue to make its SOAR platform more open. He commented that the open integration framework is a first step in the direction of having a more open development process and community environment surrounding DFLabs overall.

      “I think over the next several months, you’re going to see some other announcements and some other features and products coming out to further achieve a more open community-based feel to the platform and to our services,” he said.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×