Demisto is the company behind Demisto Enterprise, a security operations platform mixing intelligent automation scale and collaborative human social learning. The platform also uses DBot, the first intelligent security chatbot that understands and responds to 100s of security commands. Below is our recent interview with Slavik Markovich, Co-founder and CEO of Demisto:
Q: Demisto is a security startup, tell us something more about the company and your core competence?
A: Demisto was created by people who believe that security operations today are missing a key solution to handling security incidents and breaches.
Our comprehensive platform combines security orchestration, case management, collaboration and threat management to reduce manual work and provide decision support for SOC (security operations center) analysts. Demisto simplifies the way enterprises manage incident response and their SOC with its automated and collaborative platform, and it delivers unprecedented insight and resolution into complex threats.
Our platform integrates with a growing list of partner products (100 and counting) – from end-point and network security to malware analysis and SIEM. By integrating with Demisto, partners enable their products with the industry’s first Bot-powered security ChatOps platform for automating playbooks and response tasks, and detecting duplicate incidents.
Demisto reduces mean time to response (MTTR) and company risk by:
• Providing a comprehensive Incident Case Management system with SLA management, analyst assignments and metrics tracking,
• Enabling full incident automation where appropriate and providing a clearly defined workflow via a playbook which analysts use to document the investigation, and
• Empowering effective collaboration between analysts for Tier 2 and Tier 3 incident resolution.
Q: You’ve recently raised a $20 million Series B funding round; tell us something more?
A: The funding underscores our unique positioning in the crowded security space as a much-needed solution. Our B round was led by Jay Leek, who’s been leading investors in the cyber security market with unparalleled success for several years now. We are also fortunate to have Slack, as a strategic investor who we look up to as a company that revolutionized its space.
Last but not least, Accel Partners, who believed in us 18 month ago when we were at very early stages, participated in the Series B round and continues to be an amazing partner for us.
Q: What are some of the ROI stats you can share?
A: Customers benefit from using Demisto because it directly addresses their pain in fighting alert fatigue, reducing the time it takes to resolve security issues (also known as MTTR), developing consistent incident management process, and blocking threats faster. With Demisto, we like to think we can help companies achieve ROI from the war room to the board room. CSOs reduce company risk by being proactive in threat hunting, and realize a 30 percent reduction in MTTR. They also can provide consistent incident management process and metrics. It’s also a life saver in the war room, as it reduces alert volume by 95 percent, automates security operations for analysts to increase productivity, and maximizes value from the current security product investments. Esri, a Demisto customer, has been able to achieve this ROI in a very short period of four months by building their own custom playbooks. They have been able to reduce the total alert volume from 10,000 per week to only 500 alerts per week that require a review.
Q: What advantage does Demisto have over its competitors?
A: Demisto offers a comprehensive platform combing security orchestration, case management, collaboration and threat management that no other incident response vendor can provide. Such unique features were built into the product from the ground up, making the solution work seamlessly together.
Adding case management and collaboration as an afterthought to an automation product is difficult, as is turning a case management offering into a full-fledged SOC orchestration solution. To date, no product other than Demisto Enterprise can do this well.
In addition, Demisto’s platform was built not only for enterprises but for MSSPs and SOC-as-a-Service providers. MSSPs are already using our platform, which was designed from the ground up as a multi-tenant solution where many customers can be managed under the same umbrella while maintaining strict separation between them.
Q: Who is your ideal customer and why?
A: Our solution is ideal for any company that wants to build a world-class SOC organization. Organizations that have purchased a SIEM system need Demisto to manage, automate, and collaborate on how to best triage the growing number of alerts. We are industry agnostic, as such requirements are similar for banks, retail, telco, healthcare etc.
Q: What have been some major milestones for Demisto over the last 12 months?
A: In May 2016 Demisto closed a $6 million Series A round of funding from top-tier venture capital firm Accel, and security industry luminaries, including Cylance Founder, President and CEO, Stuart McClure; Lookout Co-Founder and CTO, Kevin Mahaffey; and Blue Coat President and COO, Michael Fey.
Also in May 2016 Demisto announced the general availability of Demisto Enterprise, the industry’s first comprehensive platform that combines security orchestration, automation, and collaboration to reduce manual work and provide decision support for SOC analysts.
In December 2016 we crossed the milestone of integration with more than 100 products. It was at this time we started key partnerships with lead security companies and MSSPs.
Earlier this year, in January, our customer, Esri, won the CSO50 award from IDG’s CSO for its automated incident response and threat management project.
In February we closed a $20 million Series B round of funding. As mentioned earlier, as part of the round, we announced the appointment of ClearSky Managing Director Jay Leek to our Board of Directors. Round participants also included Accel, Slack Fund and other strategic investors.
Also in February we launched our latest product of Demisto Enterprise version 2.0. The new capabilities enable customers to integrate leading threat feeds with Demisto to manage indicators and automate threat hunting operations, saving time and significantly reducing the risk of exposure.
Finally, last month we crossed over more than 1300 members to our incident response community – the largest in the security industry. And we marked doubling our workforce in less than a year.Activate Social Media: