SOAR 2.0: Redefining SOAR with the MITRE ATT&CK Framework

SOAR 2.0: Redefining SOAR with the MITRE ATT&CK Framework

Evolving from Event-Based to Intent-Based Response

SOAR platforms are broadly effective at the linear process of intaking events and orchestrating response actions. However, they vary widely in their ability to support larger investigations that identify the entire scope of an incident. D3 is the first SOAR provider to fully embed the MITRE ATT&CK matrix into its platform to enable a live and contextual cyber kill chain framework. This empowers users to investigate how events fit into larger incidents, based on IOCs and attack techniques.

Download this Whitepaper to Learn:

  • The key differences between event-based (SOAR 1.0) and intent-based (SOAR 2.0) response.
  • Why event-based SOAR can miss major cyber attacks by focusing too narrowly on individual events.
  • How D3’s ATTACKBOT uses the MITRE framework to correlate events contextually with other links in the cyber kill chain at near real time.
  • The benefits of having D3 SOAR 2.0 during each stage of a phishing investigation.