DFLabs Unveils Machine Learning Powered First Responder Automation for Security Operations

DFLabs IncMan orchestrates the intelligence-driven SOC and CSIRT

BOSTON--()--DFLabs, the leader in Security Automation and Orchestration Technology, announced today the release of its new “Playbook Recommendation and Intelligent Selection Mechanism” (DF-PRISM), enhancing DFLabs’ security automation and orchestration (SAO) platform with incorporated proprietary machine learning. The system uses patent pending advanced methods and algorithms to ingest operational intelligence such as security incident and resolution data to recommend playbooks and actions based on historical incident response activities. This approach minimizes the resources and time required to successfully analyze and respond to ongoing incidents, while maximizing the effectiveness and efficiency of security teams.

At its core, DFLabs’ SAO enables security organizations to take a gradual “crawl, walk, run” path to developing efficient processes for successfully responding to and managing threats as well as hardening security controls. Beginning with “Human Guided Learning” and evolving to “Human Supervised Learning,” users can create and apply simple, linear or conditional playbooks that combine manual, semi-automated and automated actions. Decision-making and conditional responses can be made manually by humans, automatically by machine, or a hybrid of the two – depending on the needs, requirements and maturity of the organization.

Mature organizations can leverage DF-PRISM’s advanced “Runbooks.” These support complex and stateful logical decision making to enable an advanced and adaptive threat management program. Runbooks can be used to fully automate the triage, hunting and investigation and containment of incidents using conditional responses that allow users to pursue a variety of alternative responses.

“In developing DF-PRISM, we built a technology that enables users and the system to learn together and lets humans determine their level of involvement in responding to and managing threats,” said Dario Forte, chief executive officer and founder, DFLabs. “Users get immediate value by tracking and responding to threats, then over time the system builds a knowledge base of responses that can be relied on to automatically manage the entire incident response process.”

According to recent research from Enterprise Strategy Group (ESG) titled “Next Generation Cybersecurity Analytics and Operations Survey,” commissioned by DFLabs and other technology vendors, 92% of respondents have deployed, plan to deploy or are interested in deploying machine learning technology to support automation and orchestration. The top drivers are accelerating incident detection (29%) and accelerating incident response (27%).

The research also found that 21% of respondents will deploy machine learning because they hope the technology can help them maximize the productivity of their existing staff to compensate for their inability to hire enough new security operations personnel.

“Enterprises are finding it challenging to rapidly respond to security incidents across a continuously growing attack surface and with limited resources, resulting in a large window of opportunity for attackers to execute the full kill chain and the potential for minor incidents to evolve into full blown breaches,” said Oliver Rochford, vice president of Product Marketing, DFLabs. “Augmenting analysts’ smart eyeballs with machine learning will help organizations to reduce the time from breach discovery to containment, while also aiding in building, retaining and transferring of institutional knowledge about past incidents and threats.”

Innovative Threatscape Modeling

Leveraging machine learning, DF-PRISM constructs a model of the threatscape based on known and historical incidents, scoring and evaluating any incident based on unique and shared indicators and attributes and their relevance. The algorithms use this model to propose playbooks for similar or related threats. Threats known to the model are considered to have greater relevance, are scored more reliably, and are assigned a greater urgency and higher prioritization.

Key benefits include:

  • Intelligence-guided false positive reduction
  • Improves the response time by up to 80%
  • Automatically correlates and re-applies playbooks across Tenants in multi-user and MSSP environments

DF-PRISM is available immediately with version 4.2 of IncMan, which also includes:

  • New Dual-Mode Playbook engines
  • An advanced correlation engine
  • An observables investigation view
  • A unique set of features based upon machine learning and supervised active intelligence to guide first responders

The current integration library is composed of over 100 different playbooks and connectors, which can be customized by and shared between users without requiring scripting or coding.

About DFLabs

DFLabs – Cyber Incidents Under Control – is a recognized global leader in security automation and orchestration technology. The company is led by a management team recognized for its experience in and contributions to the information security field including the co-editing of many industry standards such as ISO 27043 and ISO 30121. Its flagship product, IncMan, has been adopted by Fortune 500 and Global 2000 organizations worldwide. DFLabs has operations in Europe, North America and EMEA. For more information, visit www.dflabs.com or connect with us on Twitter @DFLabs.


Kesselring Communications
Leslie Kesselring, 503-358-1012

Release Summary

Advanced machine learning technology recommends playbooks and actions for a “crawl, walk, run” path to automating security incident response.


Kesselring Communications
Leslie Kesselring, 503-358-1012