D3 is the first SOAR vendor to embed the MITRE framework into their tool to make it more granular and more proactive.
Vancouver-based SOAR [security orchestration, automation and response] vendor D3 Security, which moved to a more structured approach to its channel a year ago, has seen strong growth in the program since launch. Part of that is due to their release in July of their ATTACKBOT solution that leverages the MITRE ATT&CK framework to better identify and respond to complex attacks. Part is due to increasing the enablement resources available to partners.
“Last fall, we had just gotten serious about our global partnerships, and have close to 50 partners around the world right now,” said Alex MacLachlan, D3 Security’s Director of Marketing. “We are working with dozens of partners actively on POC projects. We have fairly long sales cycles, but in terms of new leads coming in, we are now at about 60 per cent coming in through partnerships and 40 per cent coming in direct. We are looking for revenues to catch up to that.”
This increase is fairly broad in its scope.
“Our growth has doubled in North America year-over-year,” MacLachlan said. “We are doing very well in the Middle East, which is very concerned about cyber attacks. That’s where their security budget is. Anna Golod, our Director of Global Channel Partnerships is working with several resellers and distributors in that area.”
Golod had been the Partnership Manager, and rose to the channel director role several months ago when her predecessor left to pursue another opportunity
“A lot has changed since then,” Golod said. “This year, we have put more focus on enablement, and increasing the resources available to partners. We have taken elements of the sales team, hired new people and shifted priorities to enablement. That’s a recent change. We also made sure they have all the marketing material they need, and have been creating joint marketing brochures and collateral.”
D3 has also deepened strategic partnerships with other key security ISVs.
“We’ve had integrations with over 200 solutions for some time now, but we have really strengthened our partnerships with Fortinet, McAfee, Crowdstrike and Lastline, and are doing more interesting things in terms of integrations,” MacLachlan said. “Companies have been reacting to Palo Alto Networks’ acquisition of Demisto earlier this year, and work with us to counter that.”
Another key development has been D3’s operationalization of the MITRE ATT&CK framework in the spring, and the release two months ago of ATTACKBOT, a solution that utilizes the MITRE ATT&CK framework to enhance their platform’s proactive capabilities, to better predict attacker behavior and focus remediation efforts, thus improving incident response.
“This has been a really exciting quarter for us,” MacLachlan said. “We have brought to market our first MITRE ATT&CK framework. MITRE is a quasi-government research organization that tracks cyberthreats, and they have created a knowledge base over the last decade and mapped them all to this framework of techniques and tactics. We have embedded that framework into our tool. When a new event is brought into the matrix we map it and keep investigators focused on critical threats.”
MacLachlan emphasized that this has created a solution which is unique in the market, and is thus a differentiator for D3 and their partners.
“It is unique,” he said. “We call it intent-based SOAR, and it is a way to remove all the hay from the haystack. It is unique. Companies like Crowdstrike and Fireeye which have incident response services have developed their own incident response services rather than leveraging MITRE. Some of the endpoint companies do use the MITRE framework for endpoints, but just map events without automating a response. D3 has been a technology leader in the SOAR space, and we think people are gong to come down this path. Right now, we are the first in MITRE this way.”
“When you add the fact that this solution has the MITRE ATT&CK framework built in, this gives us and our customers the best possible chance to disrupt cyber-attacks and data breaches before they do damage,” said Dildeep Singh, Director of Cyber Security at 2B Innovations, a new UAE-based D3 Security channel partner. “This is a huge advantage we have not had before. Our framework now gives granular control over security operations architecture, so we can tweak our modelling, machine learning, orchestration, enrichment, correlation, aggregation, visualization and automated response strategies.”