12.08.2019 In our latest article we review new to market Security Orchestration product Demisto – it’s sure to enable your team a better nights sleep.
In recent years organisations have invested billions of dollars into Cyber Security products. Many companies now have product from 20 to 150 different security vendors, and managing these products becomes time consuming and complex. Most of these products do not communicate to each other or have any kind of unified interface even if they came from the same vendor, but especially if they are from different vendors. Security Orchestration tools aim to improve this situation by closing gaps in an automated and scalable way. Security Orchestration helps connect disparate security technologies through standardised and automatable workflows. This enables security teams be more effective in their operations and incident response capabilities. Demisto has entered that market as a Security Orchestration tool owned by Palo Alto Networks.
Key features of Demisto:
- Visual playbooks that can be fully automated or interactive depending on business needs.
- The ability to ingest logs from a variety of sources and respond via programmable playbooks.
- Standardised security processes across any vendors products and organisational teams.
- Machine learning to help provide insights to increase incident responder productivity, accelerate playbook development, and enable more efficient security operations.
Example business use cases:
- Respond to a phishing campaign by automatically ingesting events from email inboxes and having Demisto automatically coordinate across threat intelligence tools, sandboxes, and EDR applications.
- Automatically provide enrichment to indicators of compromising by consulting other security products for relevant intelligence. Have Demisto provide alerts for other machines with the same indicators of compromise or perform automatic isolation and remediation.
- Search for threats throughout your environment by scheduling checks for indicators of compromise based on threat intelligence feeds, and automatically have Demisto create incidents with severity based on the findings.
Feel free to reach out to us at [email protected] for more information about Demisto.