Security orchestration, automation, and response (SOAR) platforms are a force multiplier in the SOC because of how they make other security tools more effective. This is especially true when you combine D3 SOAR with the Fortinet Security Fabric. With this unique partnership, you don’t just get certified “Fabric Ready” integrations between D3 and FortiGate, FortiSIEM, FortiSandbox, FortiMail, FortiAnalyzer, FortiClient, and FortiClient EMS. You also get a centralized platform from which to orchestrate security actions across the Fortinet Security Fabric at machine speeds.
Reason #1: A True Single Pane of Glass
D3 SOAR integrates with the Fortinet Security Fabric, which gives security analysts a single screen from which to manage their entire security stack. This is a crucial advantage of combining D3 and Fortinet, because it eliminates the need for analysts to move from system to system, manually gathering data and correlating it across tools.
This benefit is well illustrated by the use-case of network traffic investigations. Without a SOAR platform, analyzing network traffic is a laborious process that involves combining dense data from several sources to generate timelines and insights. With D3, analysts can use pre-built commands to gather that data—such as alarm details, event logs, and statuses—from all their Fortinet tools and bring it into D3 for incident response investigation, all without switching screens.
Reason #2: Automated and Accelerated Response
Having the entire Fortinet Security Fabric in your environment has many benefits, but it doesn’t give you true security orchestration. Even when changing rules in FortiGate, analysts aren’t able to orchestrate changes to systems other than their firewall.
With D3, when threats are detected by Fortinet tools, D3 ingests and enriches the alerts and takes action. D3 can trigger an automated response playbook or guide human analysts through the response process with the ability to orchestrate across the Fortinet security fabric without leaving the D3 interface. D3’s MITRE ATT&CK kill chain discovery capabilities also compare all indicators of compromise against known attack techniques and tactics to predict adversary behavior and correlate events.
Time is of the essence during security incidents, and D3 can help you reduce your time to remediation by 90% or more, with automated response to endpoint malware, brute force login attempts, and other SIEM alarms.
Reason #3: Benefits of an Open Platform
Unlike D3, which is a truly open platform, many SOAR solutions have become just one small tool within a larger security company’s offering. This has predictably led to tethering of SOAR tools to their parent company’s products, at the expense of integration quality with third-party competitors such as Fortinet.
This increasing balkanization of the SOAR market is beginning to worry potential SOAR buyers because while “tethered” SOAR platforms might maintain legacy or basic integrations with Fortinet tools, they are unlikely to innovate and support these integrations over the long-term, creating uncertainty and difficult-to-automate technology gaps.
The safest choice is a conflict-free, open SOAR platform, capable of the highest quality orchestration and automation across Fortinet products and your entire security infrastructure. The alternative—a tethered SOAR tool with an equally tethered development roadmap—will increasingly address only select pieces of your infrastructure as the cybersecurity marketplace becomes more competitive.
To learn more about what makes D3 a certified member of Fortinet’s Fabric-Ready Partner Program, and how that partnership enables fast, intelligent, and conclusive incident response, check out our Fortinet solution guide. To learn more about D3’s MITRE ATT&CK kill chain discovery capabilities, which can intelligently correlate events and data from Fortinet tools, check out our SOAR 2.0 whitepaper.
