Welcome to the DFLabs IncMan Suite, an IT security incident tracking software solution that enables the management of every kind of information security incident. IncMan can manage over 170 information types and supports the entire incident management process from security to fraud, including digital forensics, case management and incident tracking. IncMan is comprised of three modules that can operate autonomously or in concert to provide a complete centralized incident management solution. IncMan can be readily integrated with your existing security infrastructure (i.e. SIEM, automated Incident Response tools, etc.) and can be fully customized. IncMan is designed with the needs of the entire enterprise in mind, from top management to the responders and analysts who need a complete tool to manage all phases of security incident response. The IncMan® Suite is a security management software designed for the needs of Computer Security Incident Response Teams (CSIRT) and allows support for multiple constituent organizations. IncMan® supports all certification and accreditation processes required by sections 3505 and 3544 of the US Federal Information Security Management Act (FISMA), as well as the ability to report and manage incidents associated with government facilities and systems. The IncMan Suite also provides a turnkey solution for compliance with the whistleblower requirements of Sarbanes-Oxley sections 301 and 302. Finally, DFLabs IncMan Suite may be also used to Manage the Reporting of Cyber Security Risks and Incidents to the SEC. IncMan is offered as a pre-packaged virtual machine or hardware appliance for easy deployment. IncMan is available in either an annual renewable or perpetual license options suitable for organizations of any size. We also offer including customized training which can include topics on incident management, audit, information security, law enforcement, computer forensics, e-discovery, incident tracking and evidence/asset tracking software.

1. DFLabs
IncMan
Overview
August 2012

2. Company Overview
 DFLabs - Specializing in IT Governance, Risk and Compliance (GRC)
- IncMan Suite – Comprehensive Security Incident & Investigation Management Solution
- PTK Forensics – Computer Forensics
- Consulting & Services
- R&D
 More than 2.3 Petabytes of Incident Data in the past 3 years.
 DFLabs is Preferred Partner for Beazely International (Lloyds of London)
Data Breaches Practice.
 ISO SC27 and SC7 Co-Editor (27043)
 IncMan Suite – Developed over the last 7 years based on consulting
experience with leading, global companies
Page  2

3. IncMan Summary
IncMan Suite is a comprehensive IT GRC, incident & investigation management
solution that simplifies the management of every kind of incident and control
(security, cyber, physical, ethics & fraud) to reduce risk, response time & costs.
Key Features & Benefits
o End-to-End Management – Complete case & incident Life Cycle Management: automated incident
capture, task/resource management, digital forensics, evidence/investigation, tracking & reporting
o Reduce Risk – Compress the time required to prioritize, assign, investigate, manage and remediate
incidents and threats
o Improve Efficiency – Reduce the costs and simplify the management of all your resources. Personnel
know exactly what to do & when with complete access to information
o Automated & Independent – IncMan is an independent, IODEF compliant platform that integrates with
other products: HP ArcSight, Encase, RSA enVision, NetWitness, FTK, X-ways and others
o Focused: IncMan is focused on IT GRC and Security Needs, because that’s the main customer priority
o Agile, Modular, Open architecture – Modular design easily adapts to the needs & processes of each
enterprise. You just need to buy the module(s) you need.
o Whistleblower Support - Provides compliance for whistleblower SOX 301 and 302
o Assure Compliance - Supports certification and accreditation processes required by sections 3505 and
3544 of the Federal Information Security Management Act (FISMA)
o Excellent Price/Value Ratio.
Page  3

4. IncMan Suite - Comprehensive Security
Incident Management
Security Operations Centers
Investigations, Risk, Audit and Compliance Officers
Prioritization | Case Mgmt | Artifact Analysis | Resource/Task Mgmt
Impact/Cost Analysis | Evidence/Chain of Custody | External/Law Enforcement
Security Incidents Compliance Incidents Security Incidents
Log Web/Appl Whistle Blower
SIEM
Management Scanning
ERP & HR Locations
Configuration Identity & Vulnerability
Management Access Management Health and Safety
Forensic, Audit, e-Discovery
Firewall / IPS Anti-Virus & End-Point
/ IDS White Listing Security Financial Systems
IT Security, APT, Incident Fraud, Theft & Physical Security
Response Investigations
Page  4

5. IncMan Suite - Modules
CompRisk
Incidents are mapped to IT risk repositories and help the GRC team to evaluate incident’s risk to the
organization
IMAN DIM ITILity
IMAN manages IT and corporate Digital Investigation Manager ITILity provides troubleshooting
security incidents. The tool (DIM) is designed for IT and help desk support to
covers all aspects concerning environments during incident manage IT incidents under the
incident management whether response and forensics ITIL standard
simple or complex. The IMAN operations. DIM enables users
module supports anonymous to catalog all the relevant
reporting of incidents and ethics information and automatically
violations. imports data generated by
other applications.
Page  5

6. IncMan Top Features
 Interfaces and manages 170+ categories of data, onto an encrypted database
 Provides Total Role Management of users
 Platform Independence, no client needed
 IODEF Compliant
 IT GRC Features: IT Security and Compliance Controls, Risk Management, Audit
 Wizard - The user is able to generate their own templates with the use of the wizard. IncMan can
be completely modeled on the customer investigation process.
 Knowledge base - The users have a searchable knowledge base that can be “populated” by the
internal forensic team with Pdf, Text, Html etc. Users can also receive immediate feedback about
potential regulations that could have been violated during a particular incident or case.
 Incident Vs case - User is able to decide how to manage incidents and cases at repository level.
This allows investigators to dynamically manage and modify priorities and case information.
 Agile reporting – Comprehensive suite of baseline reports & dashboards are provided along
with complete flexibility to refine & tune the reports & dashboard to address your needs &
processes
 Secure access - IncMan allows encrypted access to the application and can also be integrated
with the existing PKI and/or advanced authorization methods.
 Case notes – IncMan has a complete case notes management capability, which can be used
anytime during the operations. No more need of external tools.
Page  6

7. Key Differentiators
 Solution breadth & depth- With over 170 different security incident categories, IncMan has the largest
number of incident data set available in the market. Unlike the competition, IncMan also supports digital
investigation, forensics and cyber fraud intelligence sharing
 Ease of use- The average of implementation time (excluding customizations) is 25 days.
 Evidence and event certification. Our architecture guarantees the forensic certification of all data and
events handled by the system.
 SaaS and Cloud Ready. IncMan is a web application with no software client needed. Security is
guaranteed both in house and in the Cloud. IncMan is also a great solution for SaaS architectures and It
can work with customer based incidents (aka commercial)
 Open architecture: IncMan can integrate and interoperate with any external security tool available in the
market. That means: having a single incident and case management platform, unlike most security tools,
which typically concentrate on their vertical platform, with limited interoperability with external platforms
 Data reusability . IncMan ensures the reusability of the incident workflow and the automatic knowledge
base management (policy and procedures). IT GRC process can be automated through integration with
various compliance and security monitoring systems. Incidents originated from these systems can be
mapped to IT risk repositories and help the IR team to evaluate incident’s risk to the organization
 Multiple management views: IncMan’s agile reporting framework supports multiple management views
from the same data set. Supporting the needs of large enterprises and cloud service providers. A Read
Only View is available (i.e. for external customers/users)
Page  7

8. IncMan Features
Features D.I.M. IMan ITILity
Case management X X
Investigators management X X X
Report PDF X X X
Report Encrypted (GnuPG) X X
Report XML (IODEF) X
Dashboard X X X
Task X X
Engagement form X
Whistleblower report X
Search X X X
Messaging X X X
Template wizard X X
Report wizard X X
Host management X X
Photos management X
Evidence management X
Clone management X
Clone log management (log parsing) X
Note management X X X
Assessment management X X X
Record management X X X
CoC management X X
Timeline management X X X
Method management X
Expectation management X
Integration (ArcSight, Netwitness, SysLog tool) X
Integration (PTK, FTK, X-Ways, Encase, ArcSight, Envision etc) X
Ticket management X
Page  8 management
Solution X

9. Example CSIRT/SOC: Incident Information
flow
CSIRT/SOC Operators
Incident A and Supervisors
(Internal)
Dashboard
C-Level
Reports
Information
Automation
Incident B
(Customers) Data search
Service Follow Up
Incident C
(Blended)
Page  9

10. IncMan Suite – Dashboard
•The IncMan Dashboard is designed in order to render the maximum visual impact in a format studied
for the immediate comprehension of data using a combination of graphics, scales and visual
indicators.
•The dashboard supplies other data related to all cases and incidents managed.
•A series of predefined models is ready to use, such as for example, those which allow to weigh direct
and indirect impacts of the incident.
Page  10

11. IncMan Suite – Role management
Role management
Page  11

12. IncMan Suite – Wizard template
Page  12

13. Incident Notes
Page  13

14. IncMan Suite – Search
Incident Management Suite offers a search section where all users have the
possibility to search inside the information memorized for every sections. Thanks to
this feature, operators of the Incident Response Team or the application users have
the possibility to search inside the information memorized for every case, incident,
ticket and solutions.
Page  14

15. IncMan Suite – Report management
IncMan Suite integrates a new section dedicated to reports that allows to generate
PDF, XML (IODEF Compliants) files in order to exchange documents.
Page  15

16. IncMan Suite integrations
•Log management/SIEM management
•Arcsight
•Xpolog
•Envision
•Symantec
•AV/UTM/IPS/IDS
•Basically all the SIEM that can generate parsable content-
•Vulnerability Assessment tools:
•Nessus & co.
•Forensic and Incident Response products
•Encase Enterprise
•PTK
•FTK
•X-Ways
•Oxygen
•Hardware acquisition tools (SOLO3, SOLO4, Tableau TD1, Logicube)
•Mobile
•Network forensic
•Netwitness
Page  16

17. Business Case 1: Financial Group:
European Banking & Insurance - Europe
The customer is one of the largest insurance and banking group in Europe with 30,000+
employees.
DFLabs also provided the Professional Services and the Consulting
Page  17

18. Banking Group – Global Group IT and
Security Provider
The Customer is the Global IT Supplier for the Bank Group – Security Operation Center with 40
FTE, more than 300 Incident per Year, Based Upon RSA Envision
Coordinating more than
1,200 Servers output
via RSA enVision
Automate internal
compliance monitoring
& reporting at SOC
Level
Provide management
with a dashboard all the
needed KPIs
Page  18

19. Federal Police
The Customer has been contracted by the Indonesian Government, to implement the Incident
and Digital Investigation Laboratory for an asian National Police
Coordinating the incidents
and forensics/ evidence
investigations for the
Indonesian National
Police
Guaranteeing VPN
access from external
constituencies
Guaranteeing segregation
and effective Incident
Management at the same
time
Page  19

20. THANKS
Dario V Forte, CFE, CISM. CGEIT, Founder and
Ceo DFLabs Italy,
Info@dflabs.com
www.dflabs.com