Demisto Enterprise

Demisto Enterprise helps Security Operations Centers scale their resources, improve incident response times, and capture evidentiary support while working and solving problems the way humans are wired to – together. Demisto’s solution, Demisto Enterprise, is the industry’s first comprehensive, Bot-powered Security ChatOps Platform to combine intelligent automation with collaboration. Demisto’s intelligent automation is powered by DBot which works with teams to automate playbooks, correlate artifacts, enable information sharing and auto document the entire incident lifecycle. Demisto was founded by four experienced security experts who have each held executive positions in Intel Security. The company is backed by Accel Partners with participation from Cylance CEO Stuart McClure, Lookout CTO Kevin Mahaffey and Bluecoat President Mike Fey and other security leaders. Demisto has offices in Silicon Valley and Tel Aviv.

Demisto’s mission is to make the life of Security Operations analysts productive and impactful while helping scale scarce security talent for our customers. Demisto’s ChatBot-based approach to automating security operations, documenting the entire incident lifecycle, and enhancing collaboration goes beyond security automation to create an efficient and streamlined Security Operations Center.

Demisto Enterprise’s intelligent automation is provided by DBot, a first-of-its-kind security chatbot. DBot automates actions across security products and correlates artifacts across incidents by using sophisticated patterns and powerful search capabilities. DBot searches in past and ongoing forensic investigations, and proactively alerts the users when duplicate or related incidents are identified. The playbooks were developed by security and incident response experts, while following NIST and other regulatory documents. To help create best practices, new playbooks can be created to satisfy compliance and audit requirements, or for interactive modeling and training of analysts.

DBot enables collaboration with ChatOps, a new concept for security teams. Demisto Enterprise ChatOps allows analysts to share insights and information, and to direct DBot to take actions on their behalf. DBot securely captures all information shared and actions taken within the context of an investigation’s “war room,” for complete journaling and evidentiary support.
DBot integrates and can communicate with dozens of products. The third party integrations include products across different categories including security products, communication products and IT systems. The list includes Palo Alto Networks, Tanium, Carbon Black, CrowdStrike, VirusTotal, IBM X-Force Exchange, McAfee ESM, Splunk ES, HP ArcSight, Check Point, Fireeye, Exabeam, Slack, Active Directory, Office 365, Twilio, PagerDuty and many others.

What sets apart this product in the software application space
Demisto’s technology introduces collaboration as a major part of the SOC workflow and enables detection of duplicate incidents being investigated and education of junior analysts, who learn from senior analysts by following their example.

The company is already changing the way enterprises and SOC professionals think about information security. With Demisto, for the first time, IT security operations teams have a collaborative interface that enables analysts to chat, take notes, run queries against security products, and trigger response actions from an incident’s “war-room” to increase productivity, sharing and learning, all while cutting incident response times. Demisto’s playbook-driven incident management processes help security operations teams respond faster to incidents and be better prepared. It is the only system with complete journaling and evidentiary support for forensics information, chats and notes.

Another way the company is changing information security is by creating playbooks which help analysts follow a prescribed process where needed. It also provides extensive automation capabilities to handle tasks that are repeated, do not require human intervention, and currently take unnecessary manual labor.

Demisto provides real time and Historical Situational Awareness by collecting historical data about past security incidents thus improving the real time analysis of ongoing incidents and helping the analyst make decisions faster by being armed with more knowledge. The company enables the security managers to measure the entire incident response process like never before – with metrics such as types of incidents, analyst workload, skill required to solve the incidents, and level of automation; and use these metrics to improve overall security posture of the organization.

With Demisto, for the first time ever Security Operations teams have a collaborative interface (incident war-room) that enables analysts to chat, take notes, run queries against security products and trigger response actions to increase productivity, sharing and learning. Demisto Enterprise’s playbook-driven incident management processes help Security Operations teams respond faster to incidents and be better prepared. It is also the only system in the industry with complete journaling and evidentiary support for forensics information, chats and notes.

The platform enables customers to respond faster to security incidents, handle large volume of alerts with limited resources, enhance team knowledge and skillset, and build an effective Security Operations program.

For more information, please visit

WWPI – Covering the best in IT since 1980