The fight against sophisticated cybersecurity threats requires collaborative effort between the best minds in the industry. That’s why we’re pleased to announce that D3 Security has joined the Microsoft Intelligent Security Association (MISA), a group of technology providers who have integrated their solutions with Microsoft products to provide customers better protection, detection, and response. MISA enables D3 to develop closer integration and collaboration with Microsoft, bringing our next-generation SOAR capabilities to a broad scope of security use-cases. The result of our MISA membership will be some of the best possible solutions for joint customers of D3 and Microsoft.
D3 integrates with numerous Microsoft products, including:
- Microsoft Azure Sentinel
- Azure Security Center
- Microsoft 365 Security and Compliance
- Azure Active Directory
- Microsoft Graph Security API
Security Operations with D3 SOAR integrated with Microsoft
These integrations support many use cases that security teams regularly struggle with. Take for example, cryptojacking, which can be difficult to detect and remediate. With D3’s integrations with Microsoft, the workflow might look like this:
- Azure Sentinel captures the activity of a virtual machine on the organization’s Azure instance interacting with a cryptomining domain.
- Azure Sentinel generates an alert, which is ingested into the D3 SOAR platform, where analysts start investigating the incident.
- D3 analyzes the alert and generates the appropriate playbook, which orchestrates multiple actions across Azure, including:
- Blocking the URL on cloud subnets
- Quarantining the virtual machine by changing rules in the network security group
- Finding active processes on the virtual machine
- Tagging virtual machines
- Taking a snapshot of the virtual machine
- Disabling the affected Azure Active Directory account
- The D3 playbook can also orchestrate actions on on-premises systems as a response to the cloud event, including:
- Finding all machines accessed by the compromised user
- Searching for malicious processes
- Blocking URL on on-premises firewall
- Quarantining affected assets
- D3 can disable the affected user account on Active Directory (which will be synced back to Azure Active Directory)
The Challenge of Hybrid Security
As you can see in the above use case, D3 is able to act as a single interface for managing incidents that span across on-premises systems and cloud systems, such as those hosted onAzure. Most companies now find themselves in some form of hybrid environment like this, with some systems locally hosted and some in the cloud. Without a solution like D3 to sit in between these environments, managing security holistically can be time-consuming and unwieldy. This results in poor visibility and information silos that allow incidents to slip by unnoticed.
Now that D3 has joined MISA, we can ensure integrations with Azure systems that allow D3 to complement existing cloud security tools while simultaneously aggregating data and orchestrating actions across critical on-premise tools such as a SIEM.
This capability is bolstered by D3’s unique ability to correlate events against the MITRE ATT&CK framework. During a complex incident, D3 can establish the kill chain of the attack by uncovering the connections between each technique used by the adversary. So even when, for example, an adversary uses a compromised user account to move from an on-premises system to a cloud environment, D3 can see their entire path because it is aggregating data from both environments.
To read more about D3 manages the challenge of hybrid security, read our recent solution guide, titled D3 SOAR for Hybrid Environments.
The Path Forward
We’re thrilled to be part of this group of leading-edge security companies and to be working with Microsoft more closely going forward. We think our membership in MISA will bring clear benefits to Azure and D3 customers very soon.
To learn more about how D3 NextGen SOAR integrates with Microsoft tools, check out our Azure Sentinel Solution Guide.
