D3 Joins the Microsoft Intelligent Security Association

D3 Joins the Microsoft Intelligent Security Association

(Update: 5/3/2022) Read D3’s Article on the MISA Security Blog

Since we initially published this article, we’ve further developed our collaboration with Microsoft. We now offer 33 integrations with Microsoft tools. D3 SOAR automated incident response playbooks can orchestrate across Azure Sentinel and other cloud tools, on-premise Microsoft tools, and hundreds of tools by other vendors. Read our article on the MISA blog about how D3 integrates with Microsoft here.


D3 Joins the Microsoft Intelligent Security Association

The fight against sophisticated cybersecurity threats requires collaborative effort between the best minds in the industry. That’s why we’re pleased to announce that D3 Security has joined the Microsoft Intelligent Security Association (MISA), a group of technology providers who have integrated their solutions with Microsoft products to provide customers better protection, detection, and response. MISA enables D3 to develop closer integration and collaboration with Microsoft, bringing our next-generation SOAR capabilities to a broad scope of security use-cases. The result of our MISA membership will be some of the best possible solutions for joint customers of D3 and Microsoft.

D3 integrates with numerous Microsoft products, including:

  • Microsoft Azure Sentinel
  • Azure Security Center
  • Microsoft 365 Security and Compliance
  • Azure Active Directory
  • Microsoft Graph Security API


Security Operations with the D3 SOAR Platform Integrated with Microsoft

These integrations support many use cases that security teams regularly struggle with. Take for example, cryptojacking, which can be difficult to detect and remediate. With D3’s integrations with Microsoft, the workflow might look like this:

  1. Azure Sentinel captures the activity of a virtual machine on the organization’s Azure instance interacting with a cryptomining domain.
  2. Azure Sentinel generates an alert, which is ingested into the D3 SOAR platform, where analysts start investigating the incident.
  3. D3 analyzes the alert and generates the appropriate playbook, which orchestrates multiple actions across Azure, including:
    • Blocking the URL on cloud subnets
    • Quarantining the virtual machine by changing rules in the network security group
    • Finding active processes on the virtual machine
    • Tagging virtual machines
    • Taking a snapshot of the virtual machine
    • Disabling the affected Azure Active Directory account
  4. The D3 playbook can also orchestrate actions on on-premises systems as a response to the cloud event, including:
    • Finding all machines accessed by the compromised user
    • Searching for malicious processes
    • Blocking URL on on-premises firewall
    • Quarantining affected assets
  5. D3 can disable the affected user account on Active Directory (which will be synced back to Azure Active Directory)


The Challenge of Hybrid Security

As you can see in the above use case, D3 is able to act as a single interface for managing incidents that span across on-premises systems and cloud systems, such as those hosted on Azure. Most companies now find themselves in some form of hybrid environment like this, with some systems locally hosted and some in the cloud. Without a solution like D3 to sit in between these environments, managing security holistically can be time-consuming and unwieldy. This results in poor visibility and information silos that allow incidents to slip by unnoticed.

Now that D3 has joined MISA, we can ensure integrations with Azure systems that allow D3 to complement existing cloud security tools while simultaneously aggregating data and orchestrating actions across critical on-premise tools such as a SIEM.

This capability is bolstered by D3’s unique ability to correlate events against the MITRE ATT&CK framework. During a complex incident, D3 can establish the kill chain of the attack by uncovering the connections between each technique used by the adversary. So even when, for example, an adversary uses a compromised user account to move from an on-premises system to a cloud environment, D3 can see their entire path because it is aggregating data from both environments.

To read more about D3 manages the challenge of hybrid security, read our recent solution guide, titled D3 SOAR for Hybrid Environments.


The Path Forward

We’re thrilled to be part of this group of leading-edge security companies and to be working with Microsoft more closely going forward. We think our membership in MISA will bring clear benefits to Azure and D3 customers very soon.

To learn more about how D3 NextGen SOAR integrates with Microsoft tools, check out our Azure Sentinel Solution Guide.

Walker Banerd

Walker is the Communications Manager at D3. He leads the writing of D3's blog, as well as white papers, industry briefings, and other thought leadership. Walker's expertise is translating technical concepts into easily understandable content, with a focus on software, cybersecurity, and compliance solutions.

XGEN SOAR demo image

Deep-Dive SOAR Demo

Do you want to see D3 in action? Join us for a 25-minute deep-dive demo and see how our award-winning Security Orchestration, Automation, and Response (SOAR) platform helps security teams accelerate incident response, scale processes, and learn from every incident.