NextGen SOAR allows security teams to quickly determine the level of risk associated
with suspicious endpoints and define an effective response process. When a potentially
compromised endpoint is detected, the solution can detonate suspicious files in a
sandbox, query endpoints for other instances of the file, and quarantine endpoints. A
unified dashboard enables greater visibility into and faster responses to threats that
impact multiple systems across the enterprise.
Endpoint Protection, Step by Step
A potential unauthorized access event is ingested into D3 from an integrated endpoint protection tool and the analyst triggers the Endpoint Protection – Unauthorized Access playbook.
In the incident analysis stage, D3 retrieves processes from an integrated EDR tool, the user audit log, host information, and user details from Active Directory. D3 also orchestrates a search for related SIEM events.
D3 then extracts artifacts from the collected data and determines if critical assets are involved.
In the data aggregation stage, D3 assembles the investigation data for the analyst to review and then sets the incident severity.
In the remediation stage, D3 blocks users as necessary via Active Directory.
Benefits of Automated Endpoint Incident Response
Stop the Spread of Malware
When a suspicious file is detected on an endpoint, D3 can rapidly determine what you’re dealing with, find out how far the compromise has reached, and prevent any further damage.
Go Beyond EDR
Whether or not you have an EDR tool, D3 enables high-fidelity incidents for better analysis and response, by orchestrating across SIEM, threat intelligence sources, Active Directory, and other tools.
Protect Critical Assets
D3 can quickly find out if critical assets or users are involved in an endpoint security event and escalate the severity of the incident appropriately.
Enrich Endpoint Events
D3 extracts the artifacts from endpoint events and automatically checks them against integrated threat intelligence sources.
Get Started with D3 Security
One platform to stop alert overwhelm. Transform how your security team works, by focusing its resources on real threats.