法人向けサイバーセキュリティ用チャットボット「DBot」およびセキュリティプラットフォームを開発

Demisto provides Security Platform that combines orchestration, incident management and interactive investigation into a seamless experience.

The most persistent security challenges faced by organizations are the growing number of alerts, the difficulty in hiring and retaining qualified talent, and the lack of standardized and enforced incident response processes. Demisto Enterprise is a comprehensive Security Operations Platform that combats these challenges by combining security orchestration, incident management, and interactive investigation into a seamless experience.

This platform enables security operations teams to:
• Reduce MTTR by 30%,
• Create consistent and audited incident management processes, and
• Increase analyst productivity.

Security Orchestration and Automation
Demisto’s automation-friendly playbooks help SOC teams eliminate labor-intensive work, focus on more complex threats, and reduce alert fatigue. These playbooks simplify the setup of even complex use cases through an extensive filter and transformer library, 40+ out-of-the-box templates, and an intuitive graphical drag-and-drop layout.
Demisto’s orchestration engine leverages 170+ integrations across product categories such as SIEMs, EDR, malware analysis, threat intelligence tools, and more. Playbooks coordinate across tasks, products, and stakeholders to achieve the ideal interplay between people, process, and technology.

Incident Management
Demisto’s fully featured case management suite helps SOC teams ingest alerts from a range of sources, run custom searches and queries, track granular SLAs and metrics, and visualize vital data in a tailored manner. Each incident has five distinct and focused views that together cover the entire lifecycle.

Each aspect of Demisto’s incident management is customizable, including incident types and labels, indicator types and labels, summary layouts, and response workflows. All collected data can then be sliced, stacked, and visualized from scratch through fully configurable dashboards and reports.

Interactive Investigation
As a complement to standardized and automated playbooks, Demisto also facilitates agile, real-time response through a virtual War Room for each incident. The War Room is powered by ChatOps and helps analysts converse with each other for joint investigations, run real-time security actions through a CLI, and auto-document all commands, notes, and evidence on one console.

Machine Learning
Demisto has the industry’s first Security Operations Platform that learns from analysts’ actions and incident data to drive leaner response processes and more optimized incident response. Machine learning helps analysts during an investigation by suggesting the best methods to resolve an incident, the best analysts to own incidents, and similar incidents to the one at hand. This is the first instance in the security industry where a solution learns from experts as well as historical security data.