We are pleased to announce that D3 has joined Chronicle’s network of technology partners as an Index Partner. Chronicle will also join the D3 CONNECT partner program. The partnership will be supported by a robust integration between D3’s next-generation SOAR platform and Chronicle’s cloud-based security analytics platform.
In addition to the obvious complementary nature of our platforms, D3 and Chronicle also share a commitment to fair and cost-effective licensing structures. Neither of our solutions charges users extra for ingesting more data or executing more workflows. This provides a significant advantage to:
- smaller SOC teams, who may have tighter budgets or not know exactly how much usage of the platform they will require; and
- larger SOC teams that are doing many types of investigations, such as analytics, incident response, threat hunting, etc.
What Can D3 and Chronicle’s Joint Security Operations Solution Do?
Integrating D3 and Chronicle enables a combined analytic and investigative solution that can scale with no added cost. Chronicle is able to ingest data from across a customer’s environment, including their SIEM, endpoint tool, syslog, and more. It also aggregates information from third-party threat intelligence sources to help contextualize network activity. Chronicle normalizes, indexes, correlates, and analyzes that data to create curated dashboards that help security analysts identify and make sense of suspicious activity in their environment.
Joint users will be able to enrich alerts in D3 with Chronicle data, giving them valuable intelligence related to indicators like IP addresses and domains. Chronicle enrichment can be added to D3’s codeless playbooks as a drag-and-drop automated action. D3 can then orchestrate the appropriate response to the threat across the entire environment. The integration will take advantage of the full suite of API calls offered by Chronicle, ensuring that the joint solution has maximal functionality.
D3’s ability to reveal adversary behaviors by correlating events with the MITRE ATT&CK framework can be used to further enrich events. During complex investigations, the ATT&CK framework will help users uncover the extent of the attack and any related events. This information can be used to narrow down searches for additional information in Chronicle.
What Types of Clients Can Benefit Most From This Partnership?
The joint solution of D3 and Chronicle will bring benefits to a wide range of organizations, including:
- Mid-sized enterprises that need data analytics and security automation, but do not have the size to necessitate a conventional SIEM. These businesses may also benefit from the ease of use provided by Chronicle because they lack the internal expertise to create their own search strings and detection analytics.
- Large enterprises that have dedicated incident response and threat hunting teams. Because conventional SIEMs charge based on data volume, sophisticated teams that are highly active end up being extremely expensive. Because D3 and Chronicle both charge a simple per-user rate, the joint solution is perfect for mature security teams.
- Channel partners, such as value-added resellers, who want to offer a combined analytics and SOAR solution. This is often in place of a conventional SIEM, because of their high cost. D3 is the ideal complement to Chronicle in these situations because D3 is the leading independent SOAR vendor. Most other SOAR platforms are owned by larger security companies, which negatively impacts their interoperability with tools that are owned by competitors. D3 and Chronicle are the rare combination that can promise a truly vendor-agnostic solution.
Learn More About D3 SOAR
As our partnership develops, keep an eye out for more content about using D3 and Chronicle together to bolster your security operations. If you want to learn more about D3 SOAR, why not check out this two-minute video about our codeless playbooks.