Detect and respond to email threats
D3 Security is a SOAR platform that ingests data from any cloud, on-premises, or external server to analyze and create a pipeline for the best action. From this data, D3 will normalize, deduplicate, and triage alerts before the security operation center of a company will see it. This results in over 90% of threats being safely dismissed. The data can be consolidated to related cyber-attacks, TTPs, and historic data to give analysts a clear picture of the threats being conducted. D3 will then respond to these threats with a response playbook to provide processes of how to mitigate these threats in the future.
Mimecast and D3 provide an integrated solution to improve detection, stop threats, augment security insights and centralize response across security functions. Email attack investigations usually require pivoting from one suspicious indicator to another to gather critical evidence, grabbing and archiving evidence and finalizing a resolution – manually running these commands traps analysts in a screen-switching cycle. By integrating Mimecast with D3, SecOps teams can standardize their incident response processes, execute repeatable tasks at scale, accelerate the time it takes to detect and protect against email-borne attacks and optimize resources.
Mimecast + D3 Integration Use Cases:
- Phishing Alert Enrichment and Response: Mimecast detects a suspicious email and the alert is escalated to D3. D3 triggers a phishing playbook to strip the email. If a threat is confirmed. D3 can orchestrate a response through Mimecast
- Complex Email Threat Investigation: Using D3's event Pipeline, Mimecast can automate tasks to eliminate up to 98% of benign events so real threats can be addressed. For email alerts ingested from Mimecast, this includes: artifact extraction and correlation, de-duplication, threat intelligence enrichment, and assignment to the appropriate analyst if necessary.
- Alert prioritization: Increase efficiency and effectiveness by prioritizing the most pressing threats.
- Threat intelligence: Unifying aggregation, scoring, and sharing of threat intelligence with playbook-driven automation across the security estate.