RSA 2018 Recap: Show Me the Orchestration (and the Metrics)

By Stan Engelbrecht April 24, 2018 events, incident-response, security-orchestration-automation-response

In the cybersecurity world, it’s hard to think of an event more important than each year’s RSA conference. No other event gives us the chance to engage with customers, prospects, partners and industry analysts, the way RSA does.

From our perspective as a vendor, it seems that each year has a bit of a theme. Last year, attendees and industry analysts wanted to know what our “take”, “view”, or “perspective” was on automation, artificial intelligence, and so on. This year, however, the debate seemed to have been resolved, and attendees were less interested in conceptual discussions. It was all about real-world solutions: here’s my use-case; show me what your platform can do.

Here are some of the specific questions we frequently heard on the show floor at RSA 2018.

“How does your orchestration platform differ from others in the marketplace?”

As we mentioned, conference attendees wanted to get straight to the facts, and with so many companies touting their orchestration and automation capabilities, people wanted to know what sets D3’s technology apart.

David Monahan, an analyst at EMA, recently described D3 as “the most robust incident platform I’ve ever seen”. That’s because we combine SOAR—security orchestration, automation and response—with an enterprise-grade incident/case management platform for collaboration, investigation, and analysis reporting.

While there are many things that set D3 apart, this ability to truly support the entire lifecycle is probably the most significant. Because of our years of experience in incident response and case management, our orchestration and automation features are complemented with a feature set that no one else can match.

D3’s SOAR technology automates machine-to-machine workflow, and orchestrates human processes, while documenting every incident, action, and outcome in a comprehensive audit trail. Our incident management workflow extends from the SOC into forensics, legal, HR, PR, fraud, risk, and corporate security—providing a definitive record of incident root causes, corrective actions, and risk to the organization.

“How do you support your solution?”

With so many software vendors at RSA, attendees also wanted to know how we support our technology and customers. With all the startups in the industry, buyers are wary of solutions that look good on paper, but are just dropped off on the customer’s doorstep without any ongoing support.

D3’s support is driven by the skill and commitment of its people (including several CISSP-designated cyber experts), its experience (8+ years in incident response), and its dedication to empowering users with full control of the platform.

Taken together, these attributes help D3 ensure its customers are always getting the most possible value out of the platform. We begin by installing an industry-tailored system template that is already granular and comprehensive, and then give you the ability to customize and automate even more capabilities over time.

Users have full administrative control over everything in the system. Some customers like to do everything themselves, and in D3 they can do that without requiring any outside support. Other customers are more comfortable working with the D3 Customer Success team, led by CISSPs who can help guide their usage of D3.

Our Customer Success and Account Management teams are vertically aligned, meaning that customers are engaged by people who are a part of their own industry and are familiar with the relevant threats, regulations and trends. In the security and compliance world, we think this is an important distinction that helps our customers be successful.

“Can your orchestration solution also solve my reporting and analysis challenges?”

We also heard from attendees who said increased attention from executives and boards has placed quite a reporting burden on SOC and IR teams, who are already way too busy managing security operations. D3 helps these folks by making reporting easy, no matter what data they need. We do this in three primary ways:

Dashboards: In D3, dashboards can be easily created and published, offering a powerful way to measure, share, and act on intelligence. Every field in D3 is reportable, meaning dashboards can be created around:

  • SOC metrics;
  • Trend reports;
  • Threat intelligence and SIEM alerts;
  • Personas (e.g. CISO, SOC team leader, forensic investigator);
  • and more.

Turnkey and Custom Reports: SOCs need both the time-savings of a turnkey report library, and the flexibility of a custom report engine. D3 provides both, including 50+ turnkey reports that are ready to use on day one. We also provide reports for industry-specific compliance and threats, such as ICT malware for the manufacturing industry. The custom report engine is highly intuitive, featuring drag-and-drop report-building, pivot tables, and several formats from which to choose.

Report Sharing: It is often overlooked, but the ability to share reports and intelligence is critical for the SOC. D3 offers several methods of sharing reports, with some of the most valued being:

  • Daily, weekly, and monthly reports sent automatically based on the date
  • Incident-based reports triggered by the volume or severity of incoming incidents
  • Risk-based reports triggered when risk to the organization reaches a certain threshold

“Are you going to the party later?”

Okay, maybe this wasn’t one of the most pressing questions that we heard, but RSA is also a lot fun, and we really enjoyed attending the social events and meeting people from across the industry.

If you also have questions about D3, and how it fits into the landscape of SOAR, incident response, and case management, check out our Product Guide. It’s a great way to get a sense of all that D3 has to offer.

Stan Engelbrecht

Stan Engelbrecht

Stan is the director of D3’s cybersecurity practice and an accredited CISSP. Stan is involved throughout the product delivery and customer success lifecycle, and takes particular interest in working with customers to configure organization- and industry-tailored solutions. You can find Stan speaking about cybersecurity issues at conferences, in the media, and as the chapter president for a security special interest group.


Comments

comments for this post are closed