- Company (that provides the nominated product / solution / service): Demisto
- Website: https://www.demisto.com/
- Company size (employees): 100 to 499
- Country: United States
- Type of solution: Software
- Approximate number of users worldwide: N/A
What other awards did this nomination receive in the previous 12 months?
• Gartner Cool Vendor in Security Operations and Vulnerability Management (link: https://blog.demisto.com/demisto-named-2018-gartner-cool-vendor-in-security-operations)
• 2018 Cybersecurity Breakthrough Award - Overall SOAR Solution Provider of the Year
• IT World Awards – Silver – Hot Technologies and Products (http://www.networkproductsguide.com/world/)
• Infosecurity Products Guide 2018 - Global Excellence Gold Award https://www.demisto.com/news/demisto-soar-platform-most-innovative-security-software-2018/
• CRN Emerging Vendors 2018 https://www.demisto.com/news/demisto-2018-crn-emerging-vendor/
In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:
Demisto is the only Security Orchestration, Automation, and Response (SOAR) platform to unify incident management, security orchestration and automation, and interactive investigation onto one single console. This ensures that users can leverage Demisto’s capabilities across the incident lifecycle, from ingestion to resolution. Orchestration and playbooks help execute the structured part of response, the War Room acts as the platform for unstructured response, and incident management helps security teams oversee the end-to-end progress of the incident.
Demisto’s machine learning primes security teams to improve with each incident. By analyzing incident, indicator, and analyst data, Demisto provides insights to simplify workflow creation, increase analyst productivity, and improve efficiencies in security operations. This means that Demisto’s benefits to end users will never plateau. For example, Demisto suggests the best-placed analyst owners for each incident, commonly used security commands for incidents, relevant playbook tasks and arguments, and which experts to invite for consultation in complex incidents.
Demisto Enterprise is a SOAR platform that combines security orchestration, incident management, and interactive investigation into a seamless experience. This platform enables security operations teams to accelerate incident response times, create consistent processes, and increase analyst productivity.
Security Orchestration and Automation
Demisto’s automation-friendly playbooks help SOC teams eliminate labor-intensive work, focus on more complex threats, and reduce alert fatigue. These playbooks simplify the setup of complex use cases through an extensive filter and transformer library, 45+ out-of-the-box templates, and an intuitive graphical drag-and-drop layout.
Demisto’s orchestration engine leverages hundreds of integrations across product categories such as SIEMs, EDR, malware analysis, threat intelligence tools, and more. Playbooks coordinate across tasks, products, and stakeholders to standardize and scale response while retaining human control.
Demisto’s fully featured case management helps SOC teams ingest alerts from a range of sources, run custom searches and queries, track granular SLAs, and visualize vital data in a tailored manner. Each incident has six distinct and focused views that together cover the lifecycle.
Each aspect of Demisto’s incident management is customizable, including incident types and labels, indicator types and labels, summary layouts, and workflows. All collected data can be sliced, stacked, and visualized from scratch through fully configurable dashboards and reports.
In addition to playbooks, Demisto also facilitates agile, real-time response through a virtual War Room for each incident. The War Room is powered by ChatOps and helps analysts converse with each other for joint investigations, run real-time security actions through a CLI, and auto-document all commands, notes, and evidence on one console.
Demisto learns from incident data and analyst actions to provide ML suggestions that increase analyst productivity, simplify workflow creation, and improve the efficiency of security operations and incident response.