Press release

D3 Security Redefines SOAR by Operationalizing the MITRE ATT&CK Framework

0
Sponsored by Businesswire

D3
Security
, an innovator in security orchestration, automation and
response (SOAR) technology, today announced it has operationalized the
MITRE ATT&CK framework, enabling the intelligent correlation of security
events against the world’s largest knowledgebase of adversary tactics
and techniques. Ushering in a shift from event-based to intent-based
response, D3’s SOAR 2.0 treats events as links in a chain of adversarial
intent, rather than as isolated occurrences. This allows security teams
to proactively intervene before the chain is complete, armed with a
reliable understanding of what the attack is, how far it has progressed,
and what the adversary is likely to do next.

To date, SOAR platforms have been broadly effective at the linear
process of intaking events and orchestrating response actions. However,
they vary widely in their ability to support larger investigations that
identify the entire scope of an incident, because they take an
event-based approach to incident response. While effective in handling a
high volume of alerts and leveraging automation to stop simple threats,
this method takes a very narrow view on cybersecurity and fails to
capture the context of attacks. Observing that the industry was in need
of an evolved approach to SOAR, D3 has built a live and contextual cyber
kill chain framework—based on the MITRE ATT&CK matrix—into its platform
to investigate how events fit into larger incidents, based on IOCs and
attack techniques.

When an event is ingested into D3, the system strips out IOCs and enters
them into a kill chain discovery process, which identifies the ATT&CK
techniques and tactics being used, and uses that information to search
for correlated events. As more events are found, their IOCs and
contextual data are entered back into kill chain discovery, continuously
expanding the operator’s view of the incident.

D3’s SOAR 2.0 allows operators to predict adversary behavior based on
patterns that MITRE has analyzed across their expansive knowledgebase of
cyber attacks and threat indicators. This means that security teams do
not need to search for needles in haystacks or hope that detection tools
will catch every important event. Instead, security operations and
incident response teams can focus their efforts on the traces of
attacks, techniques, and tactics that are highly correlated,
prioritized, or in need of human attention. Enhanced by the
behavior-based MITRE ATT&CK framework, D3 SOAR 2.0 helps to protect
organizations from zero-day attacks, IOC modification by adversaries,
and other techniques that are effective against signature-based systems.

“D3 has always believed that SOAR should become more
intelligent—contextualizing data and making it readily available to
enhance the speed and quality of operators’ decision-making. By
operationalizing the MITRE ATT&CK framework through our SOAR platform,
we are giving organizations the best possible chance to disrupt cyber
attacks and data breaches before they are completed,” said Gordon
Benoit, President of D3 Security. “We are thrilled to launch the SOAR
market forward into this next phase, where every event is placed into
the context of what the attacker is trying to do, and how you can stop
them.”

To learn more about how D3’s SOAR 2.0 utilizes the MITRE ATT&CK
framework to uplevel security operations and incident response teams’
ability to respond to threats, please read D3’s white paper here.

About D3 Security

D3 Security provides security orchestration, automation, response (SOAR)
and case management solutions that are trusted by leading organizations
around the world, including 100+ of the Fortune 500. Security operations
and incident response teams depend on D3 SOAR to increase the speed and
quality of investigations, automate incident response workflows, rapidly
identify false positives, and dramatically reduce mean-time-to-respond
(MTTR). D3 SOAR offers 400+ integrations and actions, including a fully
automated MITRE ATT&CK Kill Chain Search that can analyze adversarial
intent and predict malicious behavior by correlating security events
with the world’s largest knowledgebase of cyber attack techniques and
tactics. For more information, please visit https://d3security.com.