DFLabs and BMC Remedy: Streamline Incident Management and Issue Tracking. INTEGRATION BRIEF
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
INTEGRATION BRIEF DFLabs and BMC Remedy: Streamline Incident Management and Issue Tracking. Integrate IncMan’s Orchestration, Automation and Response capabilities with your existing BMC Remedy solution.
Solution Overview.
Security incidents are complex and DFLabs IncMan SOAR allows teams
dynamic events, requiring coordinated to aggregate these data sources into
Different teams often
participation from multiple teams a single pane of glass to prioritize use isolated solutions,
across the organization and seamless what is critical and needs immediate
information flow between all teams in attention and requires a platform that making the sharing of
real-time. Different teams often use can consolidate disparate technologies
isolated solutions, making the sharing of and alerts and provide a cohesive
information a difficult,
information a difficult, manual process. and comprehensive capability set to manual process.
Integrating the organization’s issue orchestrate incident response efforts.
tracking through BMC Remedy with
The Problem.
Security incidents are complex and Faced with a continued onslaught of
dynamic events, requiring the coordinated security incidents, organizations must find
participation from multiple teams across ways to maximize the utilization of their
the organization. For these teams to limited resources to remain ahead of the
work with maximum efficiency, as a single attackers and ensure the integrity of the
body, it is critical that information flow organization’s critical resources.
seamlessly between all teams in real-
time.
The DFLabs and BMC Remedy Solution.
Security Operations Teams struggle DFLabs IncMan SOAR and BMC Remedy Combining IncMan SOAR, BMC Remedy
to gain visibility of threats and rapidly solve these specific challenges: and other security products enables
respond to incidents due to the Enterprises to:
•H
ow can I integrate the power of
sheer number of different security
IncMan SOAR into my existing issue • Reduce incident resolution time by 90%
technologies they must maintain and
management process?
manage and the resulting flood of alerts. •M
aximize security analyst efficiency by
Aggregating these into a single pane of •H
ow can I enable all teams to work as 80%
glass to prioritize what is critical and a single, unified body to increase the
• Increase the number of handled
needs immediate attention requires a efficiency of the response process?
incidents by 300%
platform that can consolidate disparate
•H
ow can I quickly communicate critical
technologies and alerts and provides a
information to those outside the
cohesive and comprehensive capability
security team?
set to orchestrate incident response
efforts. By integrating with BMC
Remedy, DFLabs IncMan extends these
capabilities to Remedy users, combining
the Orchestration, Automation and
Response power of IncMan with the
organization’s existing issue tracking
process.DFLabs IncMan SOAR Overview.
LEADERSHIP CSIRT SOC TICKETING SYSTEM
SYSLOG
SIEM
EMAIL MSSP/ ONPrem
API
WEB FORM
TICKET
USER
CORRELATION MACHINE THREAT
ENGINE LEARNING INTELLIGENCE
HUMAN TO INCIDENT
MACHINE CREATED
SUPERVISED ACTIVE
INTELLIGENCE™
3RD PARTY
INTEGRATION
TEAM
ASSIGNED
MACHINE TO
MACHINE
R3 RUNBOOK
CHALLENGES
About BMC Remedy.
•H
ow can I integrate the power
BMC Remedy IT Service Management you manage the impact of technology of IncMan SOAR into my existing
Suite (BMC Remedy ITSM Suite) provides changes on business and business issue management process?
out of-the-box IT Information Library changes on technology - in real time •H
ow can I enable all teams to
(ITIL) service support functionality. and into the future. In addition, you work as a single, unified body
BMC Remedy ITSM Suite streamlines can understand and optimize the user to increase the efficiency of the
and automates the processes around experience, balance current and future response process?
IT service desk, asset management, infrastructure investments, and view
•H
ow can I quickly communicate
and change management operations. It potential impact on the business by using
critical information to those
also enables you to link your business a real-time service model.
outside the security team?
services to your IT infrastructure to help
DFLABS AND
BMC REMEDY SOLUTION
About DFLabs IncMan SOAR. • Integrate IncMan SOAR into
the existing issue management
process
DFLabs IncMan Security Orchestration, IncMan SOAR uses machine learning and
Automation and Response (SOAR) Rapid Response Runbooks (R³ Runbooks) •E
nable separate teams to work as
platform automates, orchestrates and as a force multiplier that has enabled a single, unified body
measures security operations and security teams to reduce average
•C
ommunicate critical information
incident response tasks, including threat incident resolution times by 90% and
and tasks outside the security
validation, triage and escalation, context increase incident handling by 300%.
team
enrichment and threat containment.
RESULTS
•R
educe Incident resolution time
by 90%
•M
aximize security analyst
efficiency by 80%
• Increase the number of resolved
incidents by 300%Use Case.
An alert of a host communicating with The automated workflow of IncMan’s
a potentially malicious domain has Rapid Response Runbooks means that an
automatically generated an incident IncMan incident and BMC Remedy issue BMC REMEDY ACTIONS
within IncMan SOAR. This alert is will have been automatically generated, Notification
automatically categorized within IncMan and these enrichment actions through the
based on the organizations policies, Quick Integration Connector with BMC Add Workinfo to Ticket
which initiates the organization’s Domain Remedy and other enrichment sources Create Ticket/Issue
Reputation Runbook, shown below: will have already been committed before
Close Ticket
an analyst is even aware that an incident
Through this runbook, IncMan
has occurred.
automatically gathers domain reputation
information for the domain which Both IncMan and BMC Remedy users
generated the alert. If the resulting are now able to perform their respective
domain reputation information indicates tasks, knowing that they are each
that the domain may be malicious, working with the same information, and
IncMan will use an Notification action to can continue to do to as the incident
automatically create a new Issue within progresses.
BMC Remedy, allowing Remedy users to LEARN MORE
Harnessing the power of BMC Remedy’s
immediately begin next steps.
industry leading issue tracking solution, For more information on how to take
Next, using additional Enrichment along with the Orchestration, Automation your incident response to the next
actions, IncMan will automatically gather and Response capabilities of DFLab’s level with DFLabs IncMan SOAR,
additional information regarding the IncMan SOAR solution, organizations can contact your DFLabs representative
suspicious domain, such as WHOIS and elevate their incident response process, or visit www.dflabs.com.
geolocation information. IncMan will then leading to faster and more effective
automatically update the BMC Remedy response and reduced risk across the
issue with this information. Finally, a entire organization.
screenshot of the page (if applicable), is
taken and added to IncMan.About DFLabs.
DFLabs is an award-winning and increasing the return on investment for CONTACT US
recognized global leader in Security existing security technologies.
Orchestration, Automation and Response US – +1 201 579 0893
As its flagship product, IncMan SOAR has
(SOAR) technology. UK – +44 203 286 4193
been adopted by Fortune 500 and Global
Its pioneering purpose-built platform, 2000 organizations worldwide. IT – +39 037 832 416
IncMan SOAR, is designed to manage,
The company’s management team has
measure and orchestrate security E – sales@dflabs.com
helped shape the cyber security industry,
operations tasks, including security
which includes co-editing several industry
incident qualification, triage and
standards such as ISO 27043 and ISO
escalation, threat hunting & investigation
30121.
and threat containment.
DFLabs has operations in Europe, North
lncMan SOAR harnesses machine
America and EMEA.
learning and automation capabilities to
augment human analysts to maximize the For more information visit
effectiveness and efficiency of security www.dflabs.com or connect with us on
operations teams, reducing the time Twitter @DFLabs.
from breach discovery to resolution and
About BMC.
BMC helps customers run and reinvent Learn more at www.bmc.com and follow
their businesses with open, scalable, us on Twitter at @BMCSoftware.
and modular solutions to complex IT
problems. Bringing both unmatched
experience in optimization and limitless
passion for innovation to technologies
from mainframe to mobile to cloud and
beyond, BMC helps more than 10,000
customers worldwide reinvent, grow,
and build for the future success of their
enterprises, including 92 of the Forbes
Global 100.You can also read
