Cupertino, Calif. — May 30, 2016 — Demisto, Inc., an innovator in Security Operations technology, has introduced Demisto Enterprise, the industry’s first Bot-powered security ChatOps platform to automate and streamline security operations and incident management processes. With Demisto, security analysts can finally scale their time and effort during critical incident investigation stages while sharing knowledge and working collaboratively for faster resolution.
The company’s Security Operations Platform unveils two new technology applications never before seen in the security industry. Demisto combines the industry’s first intelligent security bot for automating playbooks and response tasks, and for detecting duplicate incidents with the industry’s first security ChatOps-based platform for ticketing, collaboration and reporting. The unique combination delivers automated investigation and response workflows, and auto documentation of evidence; while providing collaboration and transparency for IT teams and management.
With today’s launch, for the first time security operations teams have a collaborative interface that enables analysts to chat, take notes, run queries against security products and trigger response actions from an incident’s “war-room” to increase productivity, sharing and learning. Demisto Enterprise’s playbook-driven incident management processes help security operations teams respond faster to incidents and be better prepared. It is also the only system with complete journaling and evidentiary support for forensics information, chats and notes. The solution has already gained traction with enterprises and MSSP partners as it enables them to scale their scarce yet critical resources through automation and collaboration.
“We are excited to adopt ChatOps as the way to run our Virtual Security Operations center,” said Steve Struthers, VP & CTO, Dyntek. “Demisto Enterprise helps us reduce manual investigation tasks and documentation. It is very hard to find and hire security analysts, so we decided to create a virtual SOC and hire the best talent around the world. Demisto’s approach combines the power of collaboration with automation to deliver unparalleled efficiencies.”
Demisto also announced its formal company launch and latest round of funding led by Accel. See accompanying company launch announcement issued by Demisto at: https://www.demisto.com/demisto-company-launch-press-release.
According to Gartner, “Rather than to seek full automation of all SOC activities, enterprises should seek ‘automatability’ – the capability of being automated as higher levels of confidence are achieved. Even then, analytics-driven, human-augmented security decision support systems will be used to provide the SOC analyst with the context of the recommended action, along with the details behind the verdict and recommended action. An analyst can then initiate the automated response or action. In this way, a human is still involved in the process, but the process itself is highly automated to make effective use of scarce SOC resources.” 1
Demisto Enterprise’s intelligent automation is provided by DBot, a first-of-its-kind security chatbot. DBot automates actions across security products and correlates artifacts across incidents by using sophisticated patterns and powerful search capabilities. DBot searches in past and ongoing forensic investigations, and proactively alerts the users when duplicate or related incidents are identified. The playbooks were developed by security and incident response experts, while following NIST and other regulatory documents. To help create best practices, new playbooks can be created to satisfy compliance and audit requirements, or for interactive modeling and training of analysts.
DBot enables collaboration via ChatOps, a new concept for security teams. Demisto Enterprise ChatOps allows analysts to share insights and information, and to direct DBot to take actions on their behalf. DBot securely captures all information shared and actions taken within the context of an investigation’s “war-room” for complete journaling and evidentiary support.
DBot integrates and can communicate with dozens of products, enabling it to cover the entire security incident lifecycle from creation to close. The third party integrations include products across a wide array of categories, including security products, communication products and IT systems. The list of integrations includes Palo Alto Networks, Tanium, Carbon Black, CrowdStrike, VirusTotal, IBM X-Force Exchange, McAfee ESM, Splunk ES, HP ArcSight, Check Point, FireEye, Exabeam, Slack, Active Directory, Office 365, Twilio, PagerDuty, and many others. More information on integrations and partner solutions is available at https://www.demisto.com/demisto-partner-launch-press-release.
“We are excited to partner with Demisto to combine the rich endpoint data and threat intelligence from Falcon Connect with the automation capabilities of Demisto Enterprise,” said George Kurtz, co-founder and chief executive officer, CrowdStrike. “This is a great example of how CrowdStrike’s API-first strategy enables our customers to respond faster and with better accuracy to incidents and save precious time and resources.”
“As an industry we have overlooked the importance of security operations and incident response for too long,” said Rishi Bhargava, Demisto co-founder and VP Marketing. “Our new platform is designed to close the wide gap that slows down the process of responding to incidents and attacks, as well as vastly improve other daily security operations tasks that are performed manually and inefficiently. Combining automation, ChatOps, in-process playbooks, case management and social learning, Demisto Enterprise is the only product that truly revolutionizes the way security operations are done, while deriving significant additional value from the security products that are already deployed in customers’ environments.”
Availability and Pricing
The Demisto Enterprise Security Operations Platform is available today directly from www.demisto.com. Pricing is calculated based on active platform users.
Note 1 – Gartner, Inc., “The Five Characteristics of an Intelligence-Driven Security Operations Center,” by Oliver Rochford and Neil MacDonald, Nov. 2, 2015.
About Demisto
Demisto helps Security Operations Centers scale their human resources, improve incident response times, and capture evidence while working to solve problems collaboratively. Demisto Enterprise is the first comprehensive, Bot-powered Security ChatOps Platform to combine intelligent automation with collaboration. Demisto’s intelligent automation is powered by DBot which works with teams to automate playbooks, correlate artifacts, enable information sharing and auto document the entire incident lifecycle. Demisto is backed by Accel and has offices in Silicon Valley and Tel Aviv. For more information visit www.demisto.com or email [email protected].
