DFLabs, the award-winning Security Orchestration, Automation and Response (SOAR) vendor, announced a new version of its DFLabs IncMan SOAR platform tailored for the needs of Managed Security Service Providers (MSSPs) and Managed Detection and Response (MDR) service providers.
IncMan SOAR now enables MDR providers and MSSPs to centrally perform one-to-many operations across multiple customer environments regardless of the security products deployed at each location, while providing flexible deployment options for regulatory compliance and granular analytics for reporting.
DFLabs is demonstrating the MSSP-centric version of IncMan SOAR this week at RSA Conference 2019.
“Managed Security Service Providers face many of the same challenges as an internal security operations center only on a much larger scale, especially those who offer managed detection and response,” said Michele Zambelli, CTO of DFLabs. “This new version of IncMan SOAR enables MSSPs and MDRs to work seamlessly across multiple customer instances, take one to many actions when needed, maintain data segregation and granular access controls, and provide per-customer analytics and reporting.”
Vendor agnostic Runbooks
One of the leading challenges faced by MSSPs is the increasing number of third party security products they must support in customer environments. For example, an action as simple as querying a firewall may involve interacting with a dozen different technologies.
IncMan SOAR now provides a vendor agnostic Runbook capability which enables MSSPs to execute a single action across any number of client technologies such as blocking a malicious IP address, while providing each customer the ability to maintain control over what actions are allowed.
Customer-specific privacy controls
While information sharing between MSSPs and their customers is a vital tool in detecting and responding to security incidents, legal and regulatory mandates often require MSSPs to support data storage and communication options that comply with privacy and confidentiality directives.
IncMan SOAR enables MSSPs to put customers in control of their data, allowing them to determine which intelligence, Playbooks, Runbooks and other information can be shared with the service provider and its other customers.
Granular reporting and analytics
Performance data and analytics are also critical assets for MSSPs, for both improving service levels and demonstrating value to customers. IncMan SOAR automates the collection and reporting of metrics and key performance indicators (KPI) across one or more environments, providing deep visibility into all facets of each customer’s security infrastructure and security posture, as well as MSSP actions and their outcomes.