RSA Conference is the ‘Super Bowl’ of cybersecurity expos, where the world’s leading security professionals gather to share their knowledge and help shape the future of infosec. After a gap year, this year’s conference was a good comeback, with over 26,000 attendees, and plenty of interesting sessions and keynotes. The theme for the 2022 RSA Conference was “Transform”, and judging by the big trends at the conference, there seems to be a big drive towards automation and managed security services. More importantly for us, it made for one heck of an opportunity to connect with people. We got to meet with our friends and partners from ZeroFox, Cybereason, Digital Shadows, Elastic, Exabeam, CrowdStrike, Recorded Future, Trellix, Webroot, and MITRE. We also got to meet up with many of our channel partners (CDW, Stealth, ISH Tecnologia, VerSprite, Credence, SRG) over beer and basketball at the D3 Partner hour, and at other events during the show. We relished the opportunity to speak with many security leaders from around the world who came over to our booth to ask questions about our SOAR platform. Here are some of the most frequently asked questions we encountered during the conference.
What is the main difference between D3 Security and other SOAR vendors?
The difference is that D3 NextGen SOAR is the best independent SOAR platform on the market. It’s comprehensive and powerful, yet easy-to-use and flexible. Being vendor-neutral ensures our integrations are deep and up to date with all products; we don’t have adversarial relationships with any integration partners. We have great relationships with your firewall, EDR, and SIEM vendor. Not all SOAR vendors can say that.
We’ve got MITRE ATT&CK in our DNA. That is, our platform tracks, searches for, correlates, and reports on the threats and adversary tactics being used against your environment. The result is better and more focused response workflows, but also far better visibility. For our MSSP clients, MITRE ATT&CK capabilities open an entire world of premium services, from TTP-based trend reports to Level 3 threat hunting services.
Our playbooks are designed for SOC analysts who need to quickly build, test, and deploy playbooks without having to code. It enables junior analysts to lock on to, and harness powerful orchestration capabilities. Our playbooks are faster and more flexible. The ability of our nested playbooks to run tasks independently and in parallel will help you reduce incident response times significantly compared to other SOAR products. We’ve heard one SOC leader say to us that what would take 10 minutes on a rival SOAR solution would take three minutes on our SOAR platform. Our drag-and-drop visual playbook editor lets your SOC team harness built-in playbooks, hundreds of integrations, and utility commands, and a playbook testing panel brings provable ROI from speed and efficiency gains.
D3’s Event Pipeline processes incoming data and automatically normalizes, tags, and analyzes each alert using its playbook-powered event-processing engine. It auto-dismisses false positives to streamline the incident response process, making it easier to address meaningful alerts. The Event Pipeline is built on a distributed NoSQL microservices architecture, making it capable of handling massive amounts of data generated by SecOps tools and teams.
D3’s case management features are best of breed. They help your team collaborate, visualize, track, and conduct investigations in a meticulous, efficient manner. Our case management module helps cross-functional teams collaborate on incidents through mind-maps that provide a timeline view of events, incidents, and artifacts.
Is the platform difficult for analysts or non-programmers to learn and use?
The D3 platform is intuitive and easy to use. If your team has minimal Python or coding skills, our no-code security automation platform empowers you with the ability to set up and modify connections (integrations), IR playbooks, trend reports, and other capabilities. And for those security pros who prefer the flexibility and transparency of coding their own integrations and playbooks, D3 SOAR provides a command-line interface, plus access to event logs and other valuable raw data. You can create and test new playbooks in minutes using a visual editor that lets you drag and drop tasks and actions into place.
Can D3 do cloud or on-premise?
Both. Our SOAR platform supports both cloud and on-prem configurations. D3 integrates with hundreds of products and can drive alerting from any source. D3 SOAR’s architecture is designed to be flexible enough to support hybrid deployments, which allows organizations to host D3 SOAR in a SaaS environment and access on-premises devices, tooling, and data centers. Your SOC team can have full visibility and can gather information and key context from all areas of your organization’s infrastructure. It’s also designed to support multi-cloud environments (Azure, AWS, and Google Cloud), where workloads are spread across different clouds and on-premises systems.
Where does D3 rank in industry reports from Gartner, Forrester, etc?
Gartner’s 2020 Market Guide for Security Orchestration, Automation and Response Solutions (their most recent SOAR market guide) features D3 Security, highlighting our powerful playbooks, integrations, role-based access controls, case management, and MITRE ATT&CK capabilities. Get your copy here.
D3 Security has also been recently covered in Forrester’s Now Tech for SOAR, and KuppingerCole’s Leadership Compass for SOAR, where we were named a Leader in SOAR, and the top vendor-agnostic solution. Get your copy of the report here.
Do MSPs and MSSPs use D3 SOAR?
The answer is a resounding yes. MSSPs are flocking to D3 right now, thanks to true multitenancy, configurable access controls, monthly pricing, and the ability to connect to client tools without configuration. We’ve previously written about how MSPs and MSSPS can increase their margins and provide MDR services. D3 Chronos, our new offering for MSSPs, helps managed security service providers automate many aspects of SecOps without being burdened by long implementations, major upfront costs, or steep learning curves.
How can we get started with the platform?
Check out our resources section, where you can learn more about our platform, and access case studies, analyst reports, webinars, whitepapers, and more. To get started with a demo and chat with our SOAR experts about the use cases you care about, fill out the form here.