- SOAR 101
VANCOUVER, British Columbia–D3 Security, an innovator in security orchestration, automation and response (SOAR) technology, has released Attack Investigator, a unique solution that utilizes the MITRE ATT&CK framework to identify and address the entire kill chain of complex attacks. Attack Investigator is a significant enhancement to existing SOAR capabilities that allows organizations to predict attacker behavior and focus remediation efforts effectively for more conclusive incident response. Attack Investigator streamlines the identification of incidents by allowing security teams to monitor attack progress in real time, correlate incidents with known adversary behaviors, and take appropriate action with the assistance of decision-tree-based playbooks.
Attack Investigator delivers proactive intervention against ongoing attacks by treating every event as a link in a large chain of adversarial intent instead of solely isolated incidents. By enabling visualizations of what the attack is and how far it has progressed, organizations are able to proactively intervene before the kill chain is complete.
“As Sherlock Holmes once said, ‘There is a strong family resemblance about misdeeds, and if you have all the details of a thousand at your finger ends, it is odd if you can’t unravel the thousand and first.’ This is exactly what we are doing with Attack Investigator,” said Gordon Benoit, President of D3 Security. “By embedding the entire MITRE ATT&CK framework, we are now able to use MITRE’s database of thousands of past attacks to assess current actions. If you uncover one step in the attack, you can predict the next one. Phishing investigations are just one of the many use cases where this rings true.”
According to the recent 2019 Verizon Data Breach Investigations Report, phishing is involved in nearly a third (32%) of all data breaches and 78% of cyber-espionage incidents. Attack Investigator enhances phishing investigations by actively searching for steps that an adversary might take after a successful phishing attempt, such as credential dumping or querying the system registry. Rather than a SOC analyst sorting through hundreds of events to determine which computer on a network of thousands has been compromised, Attack Investigator correlates the relevant events, narrows down the list of potentially compromised computers, and analyzes logs for evidence of compromise. Through the MITRE ATT&CK framework, Attack Investigator can identify an adversary’s techniques and continuously survey across the D3 database and other SOAR integrations to find other traces of the kill chain.
Empowering organizations in the fight against advanced persistent threats and sophisticated adversaries is a necessity in today’s threat landscape; therefore, SOAR technology must evolve beyond the linear process of ingesting alerts and automating simple response actions. For this reason, D3 has fully embedded the MITRE ATT&CK framework into its SOAR 2.0 platform and launched Attack Investigator. To learn more about Attack Investigator, please read D3’s SOAR 2.0 Whitepaper here.
About D3 Security
D3 Security provides security orchestration, automation, response (SOAR) and case management solutions that are trusted by leading organizations around the world, including 100+ of the Fortune 500. Security operations and incident response teams depend on D3 SOAR to increase the speed and quality of investigations, automate incident response workflows, rapidly identify false positives, and dramatically reduce mean-time-to-respond (MTTR). D3 SOAR offers 400+ integrations and actions, including a fully automated MITRE ATT&CK Kill Chain Search that can analyze adversarial intent and predict malicious behavior by correlating security events with the world’s largest knowledgebase of cyber attack techniques and tactics. For more information, please visit https://d3security.com.
Do you want to see D3 in action? Join us for a 25-minute deep-dive demo and see how our award-winning Security Orchestration, Automation, and Response (SOAR) platform helps security teams accelerate incident response, scale processes, and learn from every incident.REGISTER NOW