Demisto has built a Collaborative security Bot to help security analysts save time. Demisto Enterprise is one of the industry’s first Bot-powered security ChatOps platform to automate and streamline security operations and incident management processes. Below is our interview with Rishi Bhargava, Demisto Co-Founder & VP of Marketing:
Q: Could you explain the most prominent advantages of Demisto Enterprise platform?
A: The most prominent advantages are that Demisto Enterprise takes care of ALL security operations and incident response management tasks. Prior to Demisto you could have found tools that try to solve the orchestration challenges, tools that provide ticketing and case management, tools that provide automation, etc. Also while customers may have had playbooks and other plans in place to deal with security incidents, those were in most cases followed manually. Finally, as a result of the disjointed way that security operations were managed in the past, collaboration between security team members was limited at best.
Demisto changes this dramatically, and now enterprises can manage the entire process, including orchestration and automation of all security tools, including running playbooks automatically with or without human intervention. This includes open and closing cases, assigning tasks to other team members, and in general turning the security operations day-to-day work into a much more collaborative and efficient process. Our latest announcements take this all a step further by expanding collaboration to become not only inter-organization but also providing the means for organizations to collaborate with each other and use the intelligence of multiple organizations to create improved methods of responding to attacks.
Q: You’ve recently announced an open industry standard (COPS, Collaborative Open Playbook Standard); tell us something more?
A: Our experience tells us that the sophistication of cyber criminals keeps progressing and has widened the gap that allowed enterprises to defend themselves. At Demisto we are convinced that the only way we can fight back is if we join forces and if we bring many experts together to protect ourselves vs. having each enterprise cope on their own. It is collaborative knowledge (you can call it crowd wisdom too) that we believe will help enterprises close the gap they need to protect themselves. COPS is all about that. It is a way for enterprises to share their methods of responding to attacks so that they can learn from each other and from leading experts, and continuously improve their posture based on lessons that other organizations have learned.
To make this clearer let’s take an example. You are an organization that faces ransomware for the first time, what do you do? Today maybe you would call an expert or two, but you won’t even know whether their advice is the best advice for you or not. You would have to also translate their advice to steps you need to take with your tools and resources. COPS changes this. Now you will be able to download from the web playbooks that show step by step how other enterprises deal with Ransomware. And better than that – if you use Demisto you will be able to immediately put the playbook into action and start dealing with your ransomware situation.
COPS also promises, once other vendors adopt it (and we already see interest from other vendors) that you will be able to use the playbooks in the future not only with Demisto but with other vendors. This makes it a lot easier for enterprises to use COPS, knowing that they are not tied to a single vendor. This too comes from our strong believe that collaboration (in this case between security vendors) is the only way to combat criminals.
Q: Demisto has built the industry’s largest incident response community using Slack; could you tell us something more about the community?
A: We are more than 600 members now. The Digital forensics, Incident Response (DFIR) community is made of security analysts from all over the world. Most are analysts that deal with incidents on a daily basis and some are folks working for other security vendors. A lot is happening in the community – analysts discuss the tools they are using, ask each other questions around DFIR tools and other security tools, share information about new types of attacks they witness, and more. When we started Demisto we wanted to join such a community and could not find one, so we decided to create one in the spirit of collaboration that we all believe in. The community is a great resource for us too – we learn a lot about the members’ challenges, about the tools they are using, etc., and this immediately translated into making our products better by answering the challenges that the members have in common.
Q: Could you tell us more about your pricing plans?
A: We have three versions. We have a free edition that allows users to get to know our product, create and share playbooks, and more. We also have an Enterprise product that enterprises use to manage their security operations and incident response. The Enterprise product is priced according to the number of security analysts in the organization. Finally we have a multi-tenant version of the product that is used mostly by managed security providers and managed SOC providers. The latter has a special pricing for providers.
Q: You announced $6 million in Series A funding earlier this year, what are your plans for the future?
A: Our plan is to continue building a great company with great products. We feel extremely lucky to have the backing of Accel and some of the security industry’s most known leaders. The A round gives us the runway we need to turn Demisto into a very successful company. We started about a year ago and we couldn’t have hoped to achieve so much by now. We have the best possible engineering team that built a very strong technology in minimal time. The products are already installed in large enterprises around the world, and we already have revenue.Activate Social Media: