D3 Security leads the SOAR industry with innovative automation, transforming global companies' security operations by addressing the increase in cyberattacks.
| Product | Mindshare (%) |
|---|---|
| D3 Security | 6.1% |
| VMware Carbon Black Cloud | 9.2% |
| ServiceNow Security Operations | 9.0% |
| Other | 75.7% |
Amid rising cyber threats, D3 Security's Smart SOAR enhances security teams' efficiency by automating alert handling and eliminating disjointed tool navigation. Its Event Pipeline streamlines alerts with data normalization and triage, only escalating genuine threats. Clients achieve improved MTTD and MTTR through proactive threat management, enabling rapid response to identified threats.
What are the standout features of D3 Security?In sectors like finance and healthcare, D3 Security's implementation helps organizations enhance security posture by integrating easily with existing systems. This reduces operational burdens, allowing teams to focus on critical security tasks.
S&P Global, Scotiabank, Cybereason, Cummins
| Author info | Rating | Review Summary |
|---|---|---|
| Senior Manager Security Operation Center at The Bank of Punjab | 4.0 | We use D3 Security for automated integration across 20 departments, appreciating its open API for easy tool integration. Reporting requires improvement, but the ROI is exceptional. D3's direct team collaboration outperformed alternatives like IBM Resilient and FortiSOAR. |
| Senior Manager Security Operation Center at The Bank of Punjab | 5.0 | We use D3 Security for automation and reporting, benefiting from its intuitive GUI and over 450 connectors for seamless integration. While custom reporting needs improvement and Linux hosting would be beneficial, automation has greatly improved our resource management and ROI. |
The main use cases of this solution include:
It is an out-of-the-box automated integration with our 20 departments. We perform L1 LiveOps automatically through the portal.
We direct log ingestion from other sources, bypassing the need to send logs to SIEM first. Critical log forwarding and server-side code execution. Integration with threat intelligence.
The open API for integrating any available tools not currently offered in D3, without any recurring cost. So, it is one of the most valuable aspects for me.
Reporting needs improvement. MTTR and MTTD metrics aren't directly available in playbooks and require manual effort to achieve.
I have been using this solution for over a year.
Unlike our previous service-based incident response product, which had many issues, D3 has been very stable. They even proactively update machines if they find bugs, notifying us about scheduled upgrades to fix issues we might not even be aware of. This proactive support is invaluable compared to our previous situation of constantly chasing QA tasks around the clock.
The stability and future potential of D3 are impressive.
It's very scalable. We evaluated its ability to function in a cluster environment and allow module updates without needing to update everything else. It's flexible and easily expands to accommodate our needs, unlike our previous products.
We have around five end users using this solution.
We are really happy with the support team. We achieved all the targets we set and the overall ROI.
We thought QRadar integration would be easier with Resilient product, but their integration method wasn't good. They used an app for data fetching and required several manual tasks, including professional services for integration and playbook creation.
FortiSOAR seemed promising with its deep integration and easy playbooks, but the main dealbreaker was our desire for principal participation in future deployments, particularly for integrations and network aspects.
With Forti, we would have to work with a local partner, whereas D3 allowed us to work directly with their team within three days.
Since D3 itself handled the configuration without involving any partners, it was very smooth. We were up and running in two days, as documented, so it's quite easy for them to set up in an on-premises environment.
Since it is Docker-based as well, it was easy to set up.
D3 offers exceptional value for the investment.
We follow a different procurement process. For example, Fortinet qualified technically but lost out in the financial stage due to a two-stage bidding process.
So, pricing can be subjective and depend heavily on local partners and competition. However, I found D3 Security to be more cost-effective than Fortinet, especially considering the valuable knowledge transfer they provide.
We evaluated IBM Resilient and FortiSOAR.
Before committing, I recommend a Proof of Concept (POC) or demo first. This way, you can see if the product aligns with your specific use cases and security needs. Knowledge transfer is key, and D3 Security's team excels in this area.
During the POC, your analysts gain valuable product knowledge, putting them ahead of the curve for deployment. In our case, the learning curve was steep initially, but by the end of the POC, my team was already building playbooks independently. D3 Security also schedules dedicated knowledge transfer sessions during the POC, making it a win-win for both parties.
Since technology transfer is crucial for government entities like ours, this approach eliminates the need for additional learning after deployment, unlike with certain competitors like the Fortinet FortiSOAR case.
While Fortinet FortiSOAR achieved the desired tasks, its knowledge transfer process was lacking, leaving us with a shaky foundation. D3 Security's approach solidifies the learning and empowers our team.
Overall, I would rate the solution an eight out of ten.
We use the tool for automation and reporting. It helps to automate our playbooks.
The solution's valuable feature is its GUI. It has more than 450 connectors, which are excellent for connecting devices and automating integration. The solution has all the features we need. We deployed it in our environment, and it's fully integrated. Thanks to their open APIs, the seamless integration makes everything work well together.
The reporting, especially custom reporting, needs to be improved. Additionally, it would be better if it could be hosted on Linux.
I have been using the product for more than one year.
D3 Security is stable.
Until now, we have been able to scale the solution to a mid-level, and the installation itself is designed with the capability to scale further as needed. My company has more than 10,000 users.
The solution offers different SLAs. If you opt for 24/7 support, you can expect the fastest response from them.
Positive
We have used IBM QRadar and Fortinet. However, we only tested them and did not use them on a production scale. Fortinet and D3 Security are both good, but D3 Security is cheaper than Fortinet. However, IBM QRadar is far less expensive than both.
The tool's deployment is easy because the D3 Security team handles it themselves. They provided us with the package and deployed the solution. It took one week to complete.
Deploying and maintaining the solution only requires one engineer. The deployment takes just a few hours, though the overall project time was one week.
We have seen a better ROI, particularly in terms of resource burnout. Automating tasks has provided significant relief for our personnel, and it has also improved retention.
It was easy to integrate the tool with our infrastructure because all the APIs are pre-built. We just created a drag-and-drop prompt to integrate the solution with our infrastructure. I rate the overall solution a ten out of ten.
Everyone needs to evaluate this solution according to their organization's needs because it can integrate well, but this depends on the technology you already have in your organization. It is an automation tool for detection and response, and while integration is possible, using legacy products could create issues. Some legacy products are closed systems and do not expose their APIs to other vendors. In such cases, you could run into problems. If you are considering this solution, check which APIs are available before you proceed. Otherwise, you may get the solution, but you must spend time on integrations. They provide integration support, but it's not automatic; it will take time.
