D3’s integrations with Microsoft tools enable security analysts to focus their investigative efforts while letting D3 Smart SOAR orchestrate and automate the analysis, prioritization, remediation, and audit trail generation. For example, signals in Azure Sentinel trigger automated playbooks in Smart SOAR that orchestrate and automate security actions across Microsoft tools as well as unlimited third-party products. Integrations with on-premise and cloud-based deployments of Active Directory are used to expand the understanding of an event with identity information and then rapidly manage users during response workflows. The integrated solution achieves consistent security outcomes and end-to-end management of incident response across cloud, on-premise, and hybrid environments.
|Azure Sentinel||Gather critical information, trigger playbooks, and add new rules for monitoring and detection.|
|Azure REST||Create and manage integrations, analytic rules, incidents, entity operations, dashboards, and bookmarks.|
|Azure Security Center||Validate threats and orchestrate end-to-end response for attacks on cloud, IoT, and hybrid environments.|
|Graph Security API||Enrich GSAPI alerts with security telemetry and threat intelligence while unleashing an incredible amount of data from Microsoft products.|
|Exchange Web Services||Ingest BEC alerts, perform enrichment, and automate response.|
|Azure Active Directory||Enrich security events with identity data and orchestrate actions such as restricting access when credentials have been compromised.|
|Office 365 (O365)||Access, enrich and integrate Excel, One Drive, One Note, Outlook, and Teams into your playbooks.|
Phishing, malware, and brute force attacks can flood your security team with alerts, overwhelming analysts who rely on manual processing and stale procedures. In this scenario, dangerous threats can be missed, causing dwell and remediation times to become bloated. Combining Microsoft tools like Azure Sentinel, Security Center, and Active Directory with D3 Smart SOAR streamlines and automates much of the enrichment, remediation, and case management process, helping security teams to better manage barrages of alerts, while reducing human error and MTTR. Events from Microsoft detection tools are fed through D3’s Event Pipeline to eliminate false positives and escalate only genuine incidents to analysts. The analyst can then trigger the appropriate playbook, which will enrich the incident with more data, including user information from Active Directory, and orchestrate the response across unlimited tools.
Organizations are increasingly moving their workloads to cloud platforms like Azure, but many retain a hybrid environment, with some systems still hosted on-premise. This hybrid model creates an issue around security, because the company is left managing two sets of security tools—one in the cloud and one on-premise. During a cybersecurity incident, adversaries don’t necessarily care where your servers are. If an attacker compromises multiple user credentials, they will start moving throughout your systems with little regard for which is cloud and which is on-premise. D3 Smart SOAR integrates with Azure Sentinel, the rest of the Azure stack, and the on-premise stack to create a single SecOps interface for the entire hybrid environment. Azure Sentinel and Smart SOAR users can enrich alerts with threat intelligence, identify MITRE ATT&CK techniques, run automation-powered playbooks to respond to incidents, and much more—across cloud and on-premise systems. For example, in a phishing attack that resulted in compromised user credentials, an analyst using Smart SOAR could disable the user’s access in Azure Active Directory, query Azure Sentinel for additional data, search across Office 365 mailboxes for more instances of the phishing email, and remove the malicious attachment from computers using the on-premise EDR tool, all from the centralized Smart SOAR workbench.
Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.