SSupported by cloud hosting provider DigitalOcean – Try DigitalOcean now and receive a $200 when you create a new account!

Demisto – Taking On Incident Response With Machine Learning & Automation

Listen to this article

Demisto is the first product to unify security orchestration, incident management and interactive investigation into one solution. Their machine-learning engine is unique as it learns from the real-life analyst interactions and past investigations. So the platform (and you!) gets smarter with every analyst action. To find out more about their platform we sat down with Rishi Bhargava, Co-founder & VP of Marketing at Demisto:


Q: Tell us something more about Demisto?

A: Demisto Enterprise delivers a complete solution that helps Tier-1 through Tier-3 analysts and SOC managers to optimize the entire incident life cycle while auto documenting and journaling all the evidence. More than 100+ integrations enable security orchestration workflows for incident management and other critical security operation tasks.

Demisto helps organizations attain and retain quality employees, document processes, and leverage the most ROI out of their security arsenal.

Demisto_PlatformRecommended: eMoov Raises $11.59M Series B Funding To Provide A Transparent And Disruptive, ‘Self-Service’ Real Estate Software

Q: Machine learning is a hot topic in security. How does it work in your product?

A: In addition to helping analysts automate mundane tasks, the Demisto platform learns from the analysts as they resolve incidents. Demisto is powered by DBot, a force multiplier in the security stack. With its machine learning suggestions, DBot enhances security operations by helping SOC teams with analyst assignment suggestions, playbook enhancements, and best next steps for investigations.

Such machine learning capabilities are first in the industry, as Demisto learns from analysts’ and SOC managers’ actions – actions which are high fidelity signals rather than security product data. This model enables the most accurate results for each customer as we learn from the customer’s environment rather than generic security data.

Demisto offers the industry’s most comprehensive Security Operations Platform with pre-built automation playbooks, more than one hundred integrations, incident case management, threat feed aggregation and correlation with incidents, and now adds machine learning that improves the analysts’ productivity.

Q: Why is machine learning important to the industry?

A: The security industry faces a significant shortage of skilled analysts according to the latest research report, “The State of Incident Response”. More than 90 percent of the respondents indicated they are challenged finding experienced employees with the necessary skill sets. The study found it takes an average of 9 months from the initiation of a hiring requisition until the new hire is fully trained. Since the need is frequently identified long before the hiring process begins, companies are without a resource – from the point where a need is identified until the point they have fully trained analysts – for almost a year. On the retention side, more than one-third of IR staff leaves within 3 years.

Automation can help reduce manual work and alert fatigue, but automation is not enough. Security products need to learn from analysts’ actions so they can help train younger, less experienced analysts to solve problems faster.

This is the first time in security industry when a company is attempting to learn from experts rather than from past, historical data. And the Demisto platform is redefining how SOC teams approach internal investigations via machine learning, collaboration and historical threat feed correlation to save time, ensure consistency, and reduce risk.

Demisto_Scalable_PlatformRecommended: Customer 360 Insights Platform FullContact Offers a Cross-Platform Solution For Building Strong Customer-Client Relationships

Q: What are some of your customer success stories?

A: We’ve seen significant traction of our product throughout the US, EMEA, and Asia. Some of our customers include a F25 healthcare organization, one of the largest online gaming companies in the world, as well as a leading endpoint security vendor – they all use Demisto to help alleviate alert fatigue, reduce response times, and strengthen their overall security posture.

Customers tell us every day how easy it is to use the product. Analysts are no longer required to be experts at using the plethora of security products leveraged by the SOC; they just live in Demisto and get up to speed in record time.

The fortune 25 healthcare organization uses Demisto for managing the abuse mailbox and automating the response to end users for phishing emails. They found that they were at a constant backlog of 5000 unaddressed emails without Demisto. Within 2 months of the deployment, Demisto brought the backlog to zero and helped reduce risk of exposure by analyzing all user reported malicious activity.

Q: What is your Go To Market Strategy?

A: We are 100% channel friendly. In fact, we recently announced our new formalized channel partner program, and our new VP heading it up.

Demisto’s Nucleus Partner Program enables partners with a practical solution that addresses multiple trends in the information security industry – end users saturated with tools that don’t interoperate, alert fatigue from numerous tools, and an insufficient supply of skilled personnel. Demisto integrates with hundreds of security products and collaboration platforms. Our strong integration with disparate solutions is a key tenet of Demisto’s value prop and enables partners to add more value and monetize their customer base. For example, as Demisto was built with multi-tenancy from day one, it provides MSSPs with a remotely managed service for their customers – a service with strong margins and reduced operational costs for SOCs.

Demisto offers an aggressive discount and adoption model that equips partners to allow any of their end users to create, automate and orchestrate SOC and IR (incident response) playbooks with greater ease and economics than ever before. Unlike other solutions on the market, Demisto has an open playbook architecture that encourages sharing and collaboration between customers across various vertical markets.

Activate Social Media: