Security Ops Platform Adds Integrated Threat Intelligence
Demisto Optimizes Incident Response with Industry’s First Threat Intelligence Integrated Comprehensive Incident Management Platform -- Demisto Enterprise 2.0 Security Operations Platform Adds Integrated Threat Intelligence and Automates Threat Hunting to Help SOC Analysts Improve Remediation Actions and Reduce Risk
CUPERTINO, Calif., Feb. 9, 2017 -- Demisto, Inc., an innovator in Security Operations technology, today introduced the Demisto Enterprise 2.0 Security Operations Platform, the industry’s first comprehensive incident management platform to offer integrated threat intelligence. The new capabilities enable customers to integrate leading threat feeds with Demisto to manage indicators and automate threat hunting operations, saving time and significantly reducing the risk of exposure.
With this new release, Demisto offers the industry’s most comprehensive Security Operations Platform with automation playbooks, 100+ product integrations, incident case management, threat feed aggregation and incident correlation, and “Demisto Insights” -- the first-of-its-kind machine learning to help analysts with best next steps during an investigation.
“Demisto’s comprehensive incident response and automation platform has allowed Cylance® to architect an adaptable, security capability that allows me to capitalize on the innovation of my streamlined team of security experts,” said Steve Mancini, Senior Director of Information Security at Cylance. “With Demisto’s latest release, the enhanced CylancePROTECT® integration strengthens our collaboration and enables us to quickly gain valuable threat intelligence about the malicious code that Cylance prevents from executing.”
The incident response (IR) process in security operations has suffered from a long mean time to resolution (MTTR) and lack of security skillset availability. DBot, the Demisto security chatbot, utilizes machine learning to acquire and analyze data about analysts’ typical actions during investigations. With this advanced learning, DBot can now help analysts with the best next steps during the course of an investigation, accelerating the IR process and increasing the efficacy of response, especially important with inexperienced analysts.
The new Indicator Repository, unique to Demisto, allows customers to manage threat indicators on the same platform where they perform investigations. Customers can import indicators (using STIX and other formats) and leverage Demisto’s automation and playbooks with historical threat feed correlation to automatically hunt for these indicators across the enterprise and learn which indicators may be related to discovered incidents.
“With these new enhancements, Demisto now extends the value delivered by the platform to automated threat hunting and threat indicator correlation, moving beyond incident response and into threat management,” said Dan Sarel, Co-Founder and VP of Products of Demisto. “We’ve enhanced our dominance in the market by helping analysts improve SOC activities by investing more in case management, orchestration and automation capabilities. Now with the ability to manage threat indicators in the same platform, our offering has become the solution of choice for customers looking to manage their SOC efficiently.”
As a result of customer feedback, Demisto Enterprise 2.0 introduces dozens of product improvements, including usability enhancements such as flexible and rich reporting, improved evidence tracking and collection, and new playbook creation options for maximum flexibility. The new release delivers dozens of additional integrations requested by customers, bringing the total Demisto orchestration and automation ecosystem to 100+ integrated third party products and services. For example, the new enhanced Splunk app integrates with the Splunk Adaptive Response to automatically trigger actions and create incidents in Demisto. And enhanced integration with Slack allows analysts to execute Demisto commands from the Slack channel and get security data quickly without leaving the Slack interface.
The new Demisto solution will be demonstrated publicly for the first time Feb. 13-16 at the RSA Conference 2017. For more information on scheduling a meeting or private demo, please email us.
Availability and Pricing
Demisto Enterprise 2.0 is generally available today, with annual pricing starting at $100,000 for up to two analysts.
Demisto helps Security Operations Centers increase efficiency, improve incident response times and processes. Demisto Enterprise combines security orchestration, collaboration and threat management to reduce manual work and provide decision support for SOC analysts. At the heart of Demisto’s technology is DBot, a security chatbot that is integrated with dozens of products and understands hundreds of security commands. Demisto is backed by Accel and other prominent investors and has offices in Silicon Valley and Tel Aviv. For more information, visit the company's website or email firstname.lastname@example.org.
Posted: 2017-02-14 @ 5:23am PT
Although I understand the glamour around some of the names mentioned above, there are other solutions out there that have been developing in the same direction for a while now. Take for instance Reveelium, a behavior analysis solution. I found their recent article to describe very well the dependence relationship between ML and the operator.