When a potential phishing email is detected, D3 strips out all of the elements for analysis, including the URL of any links in the email. The elements are checked against threat intelligence and historical incident data and given a risk score. If any URLs are found to be malicious, D3 can blacklist them in Zscaler, directly from the automated playbook. The playbook will also orchestrate any other necessary tasks across the security infrastructure, such as blocking the sender’s domain, deleting the email from inboxes, and scanning for any other affected endpoints.
Updating firewall Allowlists and Denylists to respond to new threat intelligence or internal policies can be a time-consuming process. When done manually, Allowlists and Denylists usually need to be updated one-by-one. When a Zscaler user needs to make bulk updates to their firewall rules, they can run an automated playbook in D3 to make all of the updates at once, including assigning URLs to categories within Zscaler.
Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.