- SOAR 101
We are pleased to announce that D3’s integration with McAfee Enterprise Security Manager (ESM) has been certified by McAfee. The integration brings together D3’s industry-leading security orchestration, automation, and response (SOAR) platform with McAfee’s powerful SIEM with a host of features to speed response, automate actions, generate better metrics, and capture comprehensive data sets for compliance and evidence preservation.
The integration provides the following key features:
Using McAfee ESM and D3 in conjunction, gives companies the opportunity to automate incident response and via D3’s playbooks and orchestrate security actions across a library of security integrations. D3 can act as a single interface for bringing together a company’s SIEM, threat intelligence, and SOAR.
Having a certified integration between the two systems helps solve one of the most pressing problems in most security teams: insufficient numbers of skilled cybersecurity professionals. The integration helps close this skills gap in several ways. First, by automating repetitive processes to save analysts time. Second, by providing contextual data such as threat intelligence and linked incidents, the solution raises the ability of analysts of all experience levels. Third, it also helps solve regulatory pressure by automating the documentation of incident records, evidence, approvals, and compliance obligations.
Use Case: D3 + McAfee ESM
To illustrate how a SOC might use this integration, let’s use the example of a brute force attack and look at how the incident would be handled.