D3 XGEN SOAR for Unauthorized Endpoint Access Attacks

 

Endpoint Protection, Step by Step

Step 1:   A potential unauthorized access event is ingested into D3 from an integrated endpoint protection tool and the analyst triggers the Endpoint Protection – Unauthorized Access playbook.

Step 2:   In the incident analysis stage, D3 retrieves processes from an integrated EDR tool, the user audit log, host information, and user details from Active Directory. D3 also orchestrates a search for related SIEM events.

Step 3:   D3 then extracts artifacts from the collected data and determines if critical assets are involved.

Step 4:  In the data aggregation stage, D3 assembles the investigation data for the analyst to review and then sets the incident severity.

Step 5:   5. In the remediation stage, D3 blocks users as necessary via Active Directory.

 

Benefits of Automated Endpoint Incident Response

 

✔  Stop the Spread of Malware

When a suspicious file is detected on an endpoint, D3 can rapidly determine what you’re dealing with, find out how far the compromise has reached, and prevent any further damage.

✔  Go Beyond EDR

Whether or not you have an EDR tool, D3 enables high-fidelity incidents for better analysis and response, by orchestrating across SIEM, threat intelligence sources, Active Directory, and other tools.

✔  Protect Critical Assets

D3 can quickly find out if critical assets or users are involved in an endpoint security event and escalate the severity of the incident appropriately.

✔  Enrich Endpoint Events

D3 extracts the artifacts from endpoint events and automatically checks them against integrated threat intelligence sources.

 

XGEN SOAR demo image

XGEN SOAR Demo

Speak to a SOAR expert about your automation strategy.

See our product in action.

Let's Get Started