An incident response platform with built-in root cause and corrective action
D3 Security’s incident response platform provides a full-lifecycle remediation solution and a single tool to determine the root cause and corrective action of any incident. The system’s playbook library and orchestration engine guide responders at each step—from detection through resolution—while a powerful intelligence layer generates metrics, trend reports and actionable intelligence for all stakeholders.
Manage alerts from any source
Easily log an incident
A D3 Security user can easily log an incident in the platform and quickly trigger task assignments, notifications, knowledge base correlations, and playbook deployment.
Streamline alert investigation
Integration with leading SIEM platforms enable automatic and streamlined alert escalations that can include mapping of valuable contextual data into D3 Security.
Respond to threat intelligence
Integration with Threat Intelligence platforms allow organizations to apply custom filters that can create or enrich incident records through the presence of IOCs, exploits or keywords.
Intake secure, global reports
D3 Security’s customizable webform—called eAlert—provides organizations with a secure portal through which stakeholder groups or a global workforce can submit incident records.
How Our Full-Lifecycle Solution Helps You
Focus on the alerts that matter
Two-way integration with leading SIEM platforms including HPE ArcSight, Splunk and IBM QRadar enable the escalation of alerts into D3 by user-prompted or automated search parameters. Analysts are then guided through triage and response stages while D3 automatically writes status updates back to the SIEM.
Respond with industry-leading playbooks
Imagine responding to an incident with the power of the NIST, SANS and Carnegie Mellon standards, and the experience of 100+ of Fortune 500 organizations, all built into your playbook library. With D3 that’s exactly what you get, plus you can easily create your own playbooks from our customizable templates.
Enrich incident response with threat intelligence
Integration with global threat intelligence feeds such as FireEye iSIGHT or IBM XForce speeds incident triage and response, and eases search and correlation activities. D3 also provides its powerful Entities database that can dynamically link related IOCs, incidents and attack vectors, and display their relationships in dashboard, list and visual formats.
Report on any data in the system
With D3 you can report, analyze and trend on any field in the system, including its unlimited custom fields. The result is an incident response platform that can generate actionable analytics—such as root cause analysis and corrective action assignment—in addition to incident counts, category insights, trending, benchmarking and time/cost calculations.
How We Unleash the Power of Your Data
Incident counts and category metrics
D3 Security’s incident response platform tracks the number of incidents and produces metrics for incident category. severity, vector, and impact. More turnkey and custom filters are available.
Incident response time and benchmarking
Extensive timeline metrics include incident response time, category averages and benchmarking, time to each processing stage, difference between initial and final threat assessments, and more.
Incident-cost and Incident-impact calculations
D3 Security has the ability to calculate the financial impact of individual incidents and category averages, in addition to investigative, workload and special tool usage costs.
Evidence, forensic and legal reporting
Tracking physical and digital evidence, eDiscovery, forensic processing, HR/legal endorsement and data retention enable in-depth compliance, legal and transparency reports.
Root cause analysis and corrective action assignment go beyond typical incident response to eliminate cyber threats at their source
Root Cause Analysis
Unique among incident response platforms, D3’s Root Cause and Corrective Action module guides responders to full and conclusive remediation, thus eliminating recurrence and optimizing Incident Response resource usage.
Corrective Action Assignment
Root cause analysis is only effective when you can also identify, and carry out, a subsequent corrective action. D3’s corrective action tool allows users to configure, select and apply corrective actions.
Affected Asset Locator
Affected assets are those which require corrective action. With D3, you can search and assign corrective actions to any entity, be they servers, applications, facilities, employee groups and more.