Energy and Utilities

From Chevron to Exelon,
Leading Energy Companies Choose D3 Security


D3 is a full-enterprise solution that consolidates management of cybersecurity incidents, investigations, and analysis. Offering streamlined reporting solutions, D3 can capture events and manage the response—allowing utilities to safely and consistently produce, distribute and deliver their products within the NERC Compliance framework.

Manage Threats

  • Malware

  • Data Breach

  • State-Sponsored Attacks

Overcome Challenges

  • Security Resource Shortage

  • SCADA Network Security

  • IP Threat Management

Ensure Compliance



  • Regional Reporting


guard tour

Full spectrum of situational awareness

The energy sector’s utilities and regulators rely on D3 because it is a single incident management solution that enables situational awareness across the full spectrum of cyber threats, physical threats, risk assessments, and the status of compliance with standards such as NERC CIP.

Implement the NIST Incident Handling Guide

D3 helps utility organizations adopt the NIST Cybersecurity Framework and NIST 800-61 Incident Handling Guide by building processes into the software and guiding its usage through automation-powered playbooks. Over time, users clone and enhance workflows with custom procedures, such as threat intelligence enrichment and increased collaboration.

incident response software

Enable flow of actionable intelligence

Making it easy to share actionable intelligence and relevant information across a utility—whether through task collaboration, data correlation or user search—eases risk-informed decision making. In addition, D3 is used to share reports with information centers and the regional reliability councils of NERC.

Create playbooks, risk assessments & metrics

D3’s extensive platform provides utilities with a library of NIST-based playbooks and the ability to create custom playbooks based on other methodologies like those provided by COBIT or ISO. As well, D3 supports various risk assessment formats including those needed by NERC or CFATS reporting, and incident metrics that standardize threat tracking across multiple locations, such as a utility’s many substations.

“Cyber risks are a rising intangible peril that threatens assets and revenues and creates rising liabilities for energy companies. In a period of unprecedented change and transition, along with significant needs for investment, the sector must look to better manage and finance cyber risks.”


Andrew George

Chairman of the Energy & Power Practice for Marsh