Date: 19 July 2017
In our latest edition of Executive interviews series we interviewed Dario Forte, CEO and founder of DFLabs, to discover more about DFLabs, their products and services, the benefits of using automation and orchestration for incident response, and how they help with GDPR breach notification requirements.
What is the main benefit of using automation and orchestration in incident response?
For DFLabs, the main benefit for using automation and orchestration is that it significantly reduces reaction times. Previously, incidents were conducted by hand through the analyst and that required days. Now, it can be conducted in minutes automatically by machines. This is a very positive impact on risk management and, of course, reaction times; an important metric for security and chief security officers.
Machine learning can help security operations centres to automatically reproduce playbooks, once the playbooks themselves have been validated. That constitutes a huge amount of time saved because you don’t need to re-invent the wheel if a solution to a particular problem has already been applied somewhere else.
Machine learning can then ‘learn’ what’s been applied before, validate the activity and reproduce it in order to save time when it comes to security incident response.
So, how can security automation help with GDPR’s Breach Notification Requirement?
Dario believes there are two main benefits. Firstly, repeatability of actions, particularly when GDPR is asking for incident tracking and data breach notification. Automation saves people time during the notification process, which everybody knows cannot be longer than 72 hours.
Secondly is the potential to capitalise on GDPR investment by applying the same investment to the other security fields. For example, you can buy one solution and be compliant with GDPR and at the same time, reduce reaction times in order to be more effective, and reduce the risk.
What differentiates DFLabs’ IncMan from other products?
There are several ways to automation in security, and there’s incident response. One is purely machine-to-machine and one is machine-to-humans. At DFLabs, Dario tries to cover the entire spectrum, performing automation at machine-to-machine level and at machine-to-humans level.
The second differentiation point is definitely their knowledge base. DFLabs, once a platform has been installed, also provide a knowledge base automatically which is continually updated. In addition new content can be added and applied immediately to solve incidents. This is what Dario calls Supervised Active Intelligence. So, there is no proprietary language that needs to be invented and it is an open platform, and it’s this knowledge base that has created over one hundred pre-built playbooks that come with their IncMan platform.
What is the real uniqueness of DFLabs compared to other providers?
Dario believes that while other vendors are simply applying playbooks based upon rules or an ‘if when’ kind of approach, DFLabs is different. Their machine learning engine continuously checks for modifications and new playbooks that can be applied to solve an incident. So, humans are still in control but the machine can provide a lot of value. The majority of the benchmarks that we are currently doing with our customers is confirming that reaction times are reduced by over 80%. That means a lot of money saved and a better value when it comes to reaction.
To watch the full Exclusive Interview with Dario Forte, CEO and founder of DFLabs, in full click here.
Next Generation Cybersecurity Analytics and Operations Survey conducted by ESG.
Following a survey of 412 IT & cybersecurity professionals, security orchestration and incident response specialists DFLabs have produced a report into their findings demonstrating some insightful results.
Download the full report today.
