DFlabs IncMan - Incident Management Suite


Published on

Welcome to the DFLabs IncMan Suite, an IT security incident tracking software solution that enables the management of every kind of information security incident.

IncMan can manage over 170 information types and supports the entire incident management process from security to fraud, including digital forensics, case management and incident tracking.

IncMan is comprised of three modules that can operate autonomously or in concert to provide a complete centralized incident management solution. IncMan can be readily integrated with your existing security infrastructure (i.e. SIEM, automated Incident Response tools, etc.) and can be fully customized. IncMan is designed with the needs of the entire enterprise in mind, from top management to the responders and analysts who need a complete tool to manage all phases of security incident response. The IncMan® Suite is a security management software designed for the needs of Computer Security Incident Response Teams (CSIRT) and allows support for multiple constituent organizations.

IncMan® supports all certification and accreditation processes required by sections 3505 and 3544 of the US Federal Information Security Management Act (FISMA), as well as the ability to report and manage incidents associated with government facilities and systems. The IncMan Suite also provides a turnkey solution for compliance with the whistleblower requirements of Sarbanes-Oxley sections 301 and 302. Finally, DFLabs IncMan Suite may be also used to Manage the Reporting of Cyber Security Risks and Incidents to the SEC.

IncMan is offered as a pre-packaged virtual machine or hardware appliance for easy deployment. IncMan is available in either an annual renewable or perpetual license options suitable for organizations of any size. We also offer including customized training which can include topics on incident management, audit, information security, law enforcement, computer forensics, e-discovery, incident tracking and evidence/asset tracking software.

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

DFlabs IncMan - Incident Management Suite

  1. 1. DFLabsIncManOverviewAugust 2012
  2. 2. Company Overview  DFLabs - Specializing in IT Governance, Risk and Compliance (GRC) - IncMan Suite – Comprehensive Security Incident & Investigation Management Solution - PTK Forensics – Computer Forensics - Consulting & Services - R&D  More than 2.3 Petabytes of Incident Data in the past 3 years.  DFLabs is Preferred Partner for Beazely International (Lloyds of London) Data Breaches Practice.  ISO SC27 and SC7 Co-Editor (27043)  IncMan Suite – Developed over the last 7 years based on consulting experience with leading, global companiesPage  2
  3. 3. IncMan Summary IncMan Suite is a comprehensive IT GRC, incident & investigation management solution that simplifies the management of every kind of incident and control (security, cyber, physical, ethics & fraud) to reduce risk, response time & costs. Key Features & Benefits o End-to-End Management – Complete case & incident Life Cycle Management: automated incident capture, task/resource management, digital forensics, evidence/investigation, tracking & reporting o Reduce Risk – Compress the time required to prioritize, assign, investigate, manage and remediate incidents and threats o Improve Efficiency – Reduce the costs and simplify the management of all your resources. Personnel know exactly what to do & when with complete access to information o Automated & Independent – IncMan is an independent, IODEF compliant platform that integrates with other products: HP ArcSight, Encase, RSA enVision, NetWitness, FTK, X-ways and others o Focused: IncMan is focused on IT GRC and Security Needs, because that’s the main customer priority o Agile, Modular, Open architecture – Modular design easily adapts to the needs & processes of each enterprise. You just need to buy the module(s) you need. o Whistleblower Support - Provides compliance for whistleblower SOX 301 and 302 o Assure Compliance - Supports certification and accreditation processes required by sections 3505 and 3544 of the Federal Information Security Management Act (FISMA) o Excellent Price/Value Ratio.Page  3
  4. 4. IncMan Suite - Comprehensive SecurityIncident Management Security Operations Centers Investigations, Risk, Audit and Compliance Officers Prioritization | Case Mgmt | Artifact Analysis | Resource/Task Mgmt Impact/Cost Analysis | Evidence/Chain of Custody | External/Law Enforcement Security Incidents Compliance Incidents Security Incidents Log Web/Appl Whistle Blower SIEM Management Scanning ERP & HR Locations Configuration Identity & Vulnerability Management Access Management Health and Safety Forensic, Audit, e-Discovery Firewall / IPS Anti-Virus & End-Point / IDS White Listing Security Financial Systems IT Security, APT, Incident Fraud, Theft & Physical Security Response InvestigationsPage  4
  5. 5. IncMan Suite - Modules CompRisk Incidents are mapped to IT risk repositories and help the GRC team to evaluate incident’s risk to the organization IMAN DIM ITILity IMAN manages IT and corporate Digital Investigation Manager ITILity provides troubleshooting security incidents. The tool (DIM) is designed for IT and help desk support to covers all aspects concerning environments during incident manage IT incidents under the incident management whether response and forensics ITIL standard simple or complex. The IMAN operations. DIM enables users module supports anonymous to catalog all the relevant reporting of incidents and ethics information and automatically violations. imports data generated by other applications.Page  5
  6. 6. IncMan Top Features  Interfaces and manages 170+ categories of data, onto an encrypted database  Provides Total Role Management of users  Platform Independence, no client needed  IODEF Compliant  IT GRC Features: IT Security and Compliance Controls, Risk Management, Audit  Wizard - The user is able to generate their own templates with the use of the wizard. IncMan can be completely modeled on the customer investigation process.  Knowledge base - The users have a searchable knowledge base that can be “populated” by the internal forensic team with Pdf, Text, Html etc. Users can also receive immediate feedback about potential regulations that could have been violated during a particular incident or case.  Incident Vs case - User is able to decide how to manage incidents and cases at repository level. This allows investigators to dynamically manage and modify priorities and case information.  Agile reporting – Comprehensive suite of baseline reports & dashboards are provided along with complete flexibility to refine & tune the reports & dashboard to address your needs & processes  Secure access - IncMan allows encrypted access to the application and can also be integrated with the existing PKI and/or advanced authorization methods.  Case notes – IncMan has a complete case notes management capability, which can be used anytime during the operations. No more need of external tools.Page  6
  7. 7. Key Differentiators  Solution breadth & depth- With over 170 different security incident categories, IncMan has the largest number of incident data set available in the market. Unlike the competition, IncMan also supports digital investigation, forensics and cyber fraud intelligence sharing  Ease of use- The average of implementation time (excluding customizations) is 25 days.  Evidence and event certification. Our architecture guarantees the forensic certification of all data and events handled by the system.  SaaS and Cloud Ready. IncMan is a web application with no software client needed. Security is guaranteed both in house and in the Cloud. IncMan is also a great solution for SaaS architectures and It can work with customer based incidents (aka commercial)  Open architecture: IncMan can integrate and interoperate with any external security tool available in the market. That means: having a single incident and case management platform, unlike most security tools, which typically concentrate on their vertical platform, with limited interoperability with external platforms  Data reusability . IncMan ensures the reusability of the incident workflow and the automatic knowledge base management (policy and procedures). IT GRC process can be automated through integration with various compliance and security monitoring systems. Incidents originated from these systems can be mapped to IT risk repositories and help the IR team to evaluate incident’s risk to the organization  Multiple management views: IncMan’s agile reporting framework supports multiple management views from the same data set. Supporting the needs of large enterprises and cloud service providers. A Read Only View is available (i.e. for external customers/users)Page  7
  8. 8. IncMan Features Features D.I.M. IMan ITILity Case management X X Investigators management X X X Report PDF X X X Report Encrypted (GnuPG) X X Report XML (IODEF) X Dashboard X X X Task X X Engagement form X Whistleblower report X Search X X X Messaging X X X Template wizard X X Report wizard X X Host management X X Photos management X Evidence management X Clone management X Clone log management (log parsing) X Note management X X X Assessment management X X X Record management X X X CoC management X X Timeline management X X X Method management X Expectation management X Integration (ArcSight, Netwitness, SysLog tool) X Integration (PTK, FTK, X-Ways, Encase, ArcSight, Envision etc) X Ticket management XPage  8 management Solution X
  9. 9. Example CSIRT/SOC: Incident Informationflow CSIRT/SOC Operators Incident A and Supervisors (Internal) Dashboard C-Level Reports Information AutomationIncident B(Customers) Data search Service Follow UpIncident C(Blended)Page  9
  10. 10. IncMan Suite – Dashboard •The IncMan Dashboard is designed in order to render the maximum visual impact in a format studied for the immediate comprehension of data using a combination of graphics, scales and visual indicators. •The dashboard supplies other data related to all cases and incidents managed. •A series of predefined models is ready to use, such as for example, those which allow to weigh direct and indirect impacts of the incident.Page  10
  11. 11. IncMan Suite – Role management Role managementPage  11
  12. 12. IncMan Suite – Wizard templatePage  12
  13. 13. Incident NotesPage  13
  14. 14. IncMan Suite – SearchIncident Management Suite offers a search section where all users have thepossibility to search inside the information memorized for every sections. Thanks tothis feature, operators of the Incident Response Team or the application users havethe possibility to search inside the information memorized for every case, incident,ticket and solutions.Page  14
  15. 15. IncMan Suite – Report managementIncMan Suite integrates a new section dedicated to reports that allows to generatePDF, XML (IODEF Compliants) files in order to exchange documents.Page  15
  16. 16. IncMan Suite integrations•Log management/SIEM management •Arcsight •Xpolog •Envision •Symantec •AV/UTM/IPS/IDS •Basically all the SIEM that can generate parsable content-•Vulnerability Assessment tools: •Nessus & co.•Forensic and Incident Response products •Encase Enterprise •PTK •FTK •X-Ways •Oxygen •Hardware acquisition tools (SOLO3, SOLO4, Tableau TD1, Logicube) •Mobile•Network forensic •NetwitnessPage  16
  17. 17. Business Case 1: Financial Group:European Banking & Insurance - Europe The customer is one of the largest insurance and banking group in Europe with 30,000+ employees. DFLabs also provided the Professional Services and the ConsultingPage  17
  18. 18. Banking Group – Global Group IT andSecurity ProviderThe Customer is the Global IT Supplier for the Bank Group – Security Operation Center with 40FTE, more than 300 Incident per Year, Based Upon RSA Envision Coordinating more than 1,200 Servers output via RSA enVision Automate internal compliance monitoring & reporting at SOC Level Provide management with a dashboard all the needed KPIsPage  18
  19. 19. Federal PoliceThe Customer has been contracted by the Indonesian Government, to implement the Incidentand Digital Investigation Laboratory for an asian National PoliceCoordinating the incidentsand forensics/ evidenceinvestigations for theIndonesian NationalPoliceGuaranteeing VPNaccess from externalconstituenciesGuaranteeing segregationand effective IncidentManagement at the sametimePage  19
  20. 20. THANKS Dario V Forte, CFE, CISM. CGEIT, Founder and Ceo DFLabs Italy, Info@dflabs.com www.dflabs.com