Skip to main content
Skip table of contents

Data Segregation

LAST UPDATED: SEP 26, 2024

Overview

D3 SOAR employs a multi-layered approach to data segregation, ensuring data remains distinct across various entities. This document explains the various layers and mechanisms D3 uses to maintain data compartmentalization.

User-Level Segregation

User-level segregation is achieved through D3's user management system, including a hierarchical model that manages Users, Groups, Roles. Let's take a look at each entity.

  • Users: Every D3 user needs a unique account, which includes login credentials and contact details. A user's access is determined by their role and group affiliations

  • Groups: These are clusters of D3 users. Groups play a pivotal role in determining data access and aligning with an organization's access control strategy.

  • Roles: A user is assigned a specific role, dictating their platform access. Roles can be customized to mirror an organization's or SOC team's hierarchy.

To manage users, groups and roles, navigate to Configuration > Organization Management.

Multitenant Segregation

D3 SOAR ‘s approach to multitenancy allows for flexible and secure data management across different organizational structures. This can be implemented at two distinct levels: through site-based segregation and the creation of distributed sub-tenants.

Site-Level Segregation

Group 1 (1).jpg

Sites segregate data across organizational entities. For organizations, these might be departments, while for MSSPs, they represent distinct clients. Components segregated by sites include:

  • Connections

  • Data Ingestion Schedules

  • Playbooks

  • Global Lists

  • Webhooks

  • Automation Rules

  • Agents

  • Reporting Dashboards and Widgets

Sites are categorized as internal or client:

CLIENT SITES

INTERNAL SITES

Purpose

For individual clients/entities.

For centralized SOC teams in large organizations.

Multi-tenancy

Each client gets a unique site.

Organizations manage multiple sites.

Data Sharing

Data is not shared between client sites, with the exception of connectors if enabled.

Cross-site sharing is possible based on permissions.

Use Case

Best for MSSPs.

Suited for large organizations with varied jurisdictions.

Data Isolation

Each site ensures data privacy.

Data centralization or isolation depends on organizational needs.

User Access

Users access only their designated client site.

Users might access multiple sites based on roles.

To manage sites, navigate to Configuration > Organization Management.

Sharing Connections Between Sites

Integration connections and ingestion API keys can be configured to be shared between all internal sites or client sites.

Distributed Multi-tenancy Segregation

Distributed multi-tenant implementation of D3 SOAR is offered to meet data residency requirements. Under this model, a master tenant manages sub-tenants, each hosted on distinct servers in varied geographic locations. For instance, a master tenant could oversee sub-tenants in the US, Europe, and APAC.

The term "distributed" emphasizes that data is spread across multiple servers and locations rather than being centralized. This approach ensures compliance with regional data regulations and offers enhanced data security.

All sub-tenants retain the segregation layers mentioned earlier, ensuring consistent data management across the board.

ALERT

Distributed multi-tenancy is not offered by default and may incur higher hosting costs due to the need for multiple server instances. Contact D3 Security to learn more.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.