2-MINUTE PHISHING PLAYBOOK:
- Ingest/parse event via phish inbox
- Upload/fetch report from sandbox
- Correlate against threat intel
- Convict true incident
- Ban the hash, enable network scan
- Quarantine affected endpoints
- Notify stakeholders
“D3 HELPS ANALYSTS MAKE A GREATER INDIVIDUAL IMPACT”
According to the bank’s Director of SOC, D3 SOAR has “scaled” the impact of individual SOC analysts. “We’ve automated every lookup, correlation, task-assignment, and follow-up, allowing analysts to focus on tasks, such as threat hunting, that give our organization a better bang for its buck.”
“THE INCIDENT RESPONSE IMPROVEMENTS HAVE REDUCED THE RISK WE FACE”
According to the bank’s CSO, D3 SOAR helped the bank adopt an “automation-first mentality”. Extending automation and orchestration from the SOC to data privacy, forensics and corporate security groups, “simply would not be possible without D3’s powerful playbook engine and its data-visualization aids.”
