Endpoint Protection, Step by Step

Step 1:
A potential unauthorized access event is ingested into D3 from an integrated endpoint protection tool and the analyst triggers the Endpoint Protection – Unauthorized Access playbook.
Step 2:
In the incident analysis stage, D3 retrieves processes from an integrated EDR tool, the user audit log, host information, and user details from Active Directory. D3 also orchestrates a search for related SIEM events.
Step 3:
D3 then extracts artifacts from the collected data and determines if critical assets are involved.
Step 4:
In the data aggregation stage, D3 assembles the investigation data for the analyst to review and then sets the incident severity.
Step 5:
In the remediation stage, D3 blocks users as necessary via Active Directory.

Benefits of Automated Endpoint Incident Response

Checked Icon

Stop the Spread of Malware

When a suspicious file is detected on an endpoint, D3 can rapidly determine what you’re dealing with, find out how far the compromise has reached, and prevent any further damage.
Checked Icon

Go Beyond EDR

Whether or not you have an EDR tool, D3 enables high-fidelity incidents for better analysis and response, by orchestrating across SIEM, threat intelligence sources, Active Directory, and other tools.
Checked Icon

Protect Critical Assets

D3 can quickly find out if critical assets or users are involved in an endpoint security event and escalate the severity of the incident appropriately.
Checked Icon

Enrich Endpoint Events

D3 extracts the artifacts from endpoint events and automatically checks them against integrated threat intelligence sources.

Get Started with D3 Security

One platform to stop alert overwhelm. Transform how your security team works, by focusing its resources on real threats.