D3 Security in Vancouver provides a platform for security orchestration, automation, incident response, as well as investigation and case management. Core components of the D3 platform include integrations with SIEM and threat intelligence platforms, a NIST-compliant playbook library, a case management module for guided investigations, and analytics toolsets.
N/A
FortiSOAR
Score 8.0 out of 10
N/A
CyberSponse was a security orchestration, automation and response (SOAR) solution, now known as FortiSOAR. Fortinet acquired and now supports the solution (December 2019).
D3 is clearly tailoring their approach to large organizations with a significant geographical footprint who are largely in need of a tool that provides robust analytics and activity graphing to analyze productivity and supervisory efficiency at the executive level. However, small to medium-sized organizations and those with narrow geographical footprints may find the investment vastly more expensive than the return. The implementation of minimum purchasing guidelines means that smaller departments will be forced into purchasing tools they have little to no use for, and medium-size departments will be paying a high price for features they do find helpful but could get elsewhere for a substantially lower price. Additionally, small to medium-sized users may find that D3's focus on large organizational level tools is less helpful than some smaller competitor's software which provides a number of capabilities with more operational relevance for environments like office buildings, college campuses, university police departments, and housing associations. Overall, I would recommend D3 to large organizations who have need of the advanced tools included in their more expensive modules. The lack of some smaller levels of customization, 1st line operational features, and the high-end user interface is less important at that level of implementation.
Most organization with medium & maturity SOC struggle with alert fatigue & false positives with addressing alert volume is result in increasing risk of critical alerts being masked by trivial one , in this situation FortiSOAR help in case management : rapidly response in case of crises also. FortiSOAR is designed very well where Fortinet have other stack of security component also like Fortinet NGFW & Forti SIEM etc.. Fortinet NGFW can and generate the FortiSOAR instance through FortiCloud for Customer . However In absence of FortiFabric it require lot of connectors to work well the solution.
Training Services- Fortinet offers courses geared towards administration and designed and development of FortiSOAR , Which required multiples access , we need all training services with self pace basis , I think here Fortinet need to improve.
Licensing Model- Being as a new technology Licensing model should be crystal & Clear, be it Concurrent Users or The number of FortiSOAR nodes there should be no ambiguity .
Done prove of concept (POC) thoroughly , where we judged the solution on every aspect & We came to know FortiSOAR will work well in our environment as it is blended with features like Case managements , Product Flexibility * Scalable Architecture . These features were much required to optimum use of our SOC solution. Since we have all the Fortinet security stack in our environment it helped us a lot in selection (POC) and also commercially.
