Three Case Studies That Every MSSP Professional Should Read

With our NextGen SOAR platform, D3 Security has become the preferred choice for leading managed security service providers (MSSPs) and managed detection and response (MDR) firms. These MSSPs and MDRs range in size and maturity, but what they all have in common is ambitious goals that couldn’t be achieved with their previous tools.

There are several reasons that MSSPs and MDRs choose NextGen SOAR, including:

  • Vendor-Agnostic Integrations. As one of the few independent SOAR vendors, D3 is able to maintain fully featured integrations with virtually any security tool. We don’t play favorites, and we always enable our customers to use their preferred tools.
  • Scalability. NextGen SOAR can dynamically scale using containerized proxy agents to accommodate massive flows of data that are required by MSSPs and MDRs.
  • Full Multitenancy. Unlike most SOAR platforms, NextGen SOAR fully segregates client sites and data, so managed service providers can easily switch between client environments, without compromising security.
  • Easy Onboarding. NextGen SOAR users can largely automate the process of onboarding a new client in a D3 playbook. Codeless playbooks and integrations make it easy to deploy workflows for new clients and easily swap out tools to customize each playbook.
  • Event Pipeline. The core service of most MSSPs is tier-1 alert handling, which NextGen SOAR’s Event Pipeline automates almost entirely. The Event Pipeline filters alerts down by 90-98%, so that analysts only have to deal with true security incidents, not false positives and other noise.

In this blog, we’ll look at three recent SOAR deployments that helped managed service providers meet their business goals. The first was with a growing MSSP that benefitted from a streamlined SOAR package. The second was a full-scale implementation of NextGen SOAR at a large international MSSP. And the third was a collaboration with a global MDR leader, who needed a hyper-scalable SOAR partner to enable their ambitious plans for growth. You can read about each project in detail in the linked case studies.

Read more: Why NextGen SOAR is the Best Automation Solution for MSSPs


SOAR for Growing MSSPs

This MSSP had a small team that was stretched thin, which had caused its growth to stagnate. It desperately needed automation to increase its efficiency, but didn’t need many of the features that SOAR can offer. Furthermore, with their team already at max capacity, they couldn’t afford to spend months in a POC evaluation. For these reasons, they had previously ruled out adding SOAR.

D3 solved their problems with a streamlined SOAR package designed to help MSSPs leverage automation to increase their capacity and revenue. Instead of a lengthy implementation, D3 was able to get up and running within two weeks, focusing on two global playbooks for alert triage and incident enrichment.

This simple deployment of automation meant that the MSSP team had 90% fewer alerts to handle manually, freeing up huge amounts of precious time for their team. They’ve been able to scale their client base with minimal increases to headcount, putting them on track to double their client base by the end of their first year with D3.

Read the complete case study here.


SOAR to Revitalize Established MSSPs

This European MSSP had hundreds of analysts and customers, but they were feeling pressure from the growing market share of MDR providers and other emergent competitors. They needed automation to streamline their tier-1 services, but they also needed to expand their offerings to compete with MDR and EDR vendors.

In order to reinvigorate their business, they made the switch from their legacy automation solutions to NextGen SOAR. They were able to deploy playbooks at scale, with simple drag-and-drop editing to customize each playbook to their clients’ environments. They made the most of D3’s vendor-agnostic integration library, integrating 45 different tools from their clients’ stacks.

The MSSP also enabled higher-tier services like end-to-end incident response and threat hunting, leveraging D3’s ‘MDR Toolkit’, a collection of features designed to help MSSPs go beyond tier-1 tasks and keep pace with MDRs.

With tier-1 work largely automated, the MSSP is adding new clients again, focusing on upskilling their existing team, and planning more new services to offer in the coming year.

Read the complete case study here.


SOAR for Hyper-Scalable MDR

SOAR isn’t just for MSSPs; MDR firms also use SOAR to orchestrate their managed response services. But it has to be the right tool, as this global MDR leader found out when they ran into massive performance issues with their SOAR tool. They already had more than 1000 customers, and had plans to triple their customer base in the next year, which they knew couldn’t be achieved with their existing tools.

They replaced their underperforming SOAR tool with NextGen SOAR, which had the scalability and multitenancy to keep up with the massive volume of alerts they needed to ingest. D3 provided containerized proxy agents, orchestrated with Kubernetes, so that the MDR could dynamically scale their resources as needed. NextGen SOAR’s multitenancy kept the MDR’s client data and workflows safely segregated, but maintained a global view of alerts that analysts could work from.

With so many new clients, automatic onboarding was also a huge part of the project. D3 and the MDR worked together to create a system that integrated with a ticketing tool to trigger automated playbooks to generate everything the new customer needed. The whole thing requires just a few clicks for the MDR.

The MDR firm also launched a managed XDR service that uses NextGen SOAR to ingest and enrich a wide range of telemetry so it can be presented to clients.

Read the complete case study here.


Why Leading Managed Service Providers Choose D3 NextGen SOAR

Whatever your situation is as an MSSP or MDR, D3 has the solution you need. Unlike other SOAR vendors, we build our technology with the challenges faced by MSSPs in mind—not as an afterthought. Book a demo to learn how we can help you optimize your security operations and reach your business goals.

Social Icon
Walker Banerd

Walker is D3 Security's Director of Content Marketing. He leads the writing of D3's blog, as well as white papers, industry briefings, and other thought leadership. Walker's expertise is translating technical concepts into easily understandable content, with a focus on software, cybersecurity, and compliance solutions.