We have exciting news to share! Gartner has named Demisto a ‘Cool Vendor’ in the field of security operations and vulnerability management for 2018. Our platform was identified as a front-runner in helping security teams prioritize vulnerabilities, identify and respond to security events that represent risk, and focus on high-value activities in the process.
Time to SOAR
In their analysis, Gartner highlights alert volume as the chief challenge facing security teams today. Gartner says:
“The vulnerabilities associated with IT assets may number in the tens of thousands, and present huge challenges to the IT operations groups responsible for fixing them. Identifying the activities that represent risk to the business, investigating these and responding to them is complicated by the large number of events to assess, and the expertise needed to investigate them.”
With ballooning alert numbers on one side and resource pressures on the other, SOAR (Security Orchestration, Automation, and Response) tools are perfectly placed to bridge the gap. Scalable enrichment and response workflows help reduce alert numbers and false positives, while also increasing the speed and accuracy of response to help short-staffed security teams increase their efficiencies.
In a detailed research report focusing on SOAR published earlier this year, Gartner estimates the share of organizations with security teams larger than five people that will leverage SOAR tools for orchestration and automation will rise from less than 1% today to 15% in 2020.
Why We’re ‘Cool’
Gartner attributes Demisto’s rise as a complete Security Orchestration, Automation and Response (SOAR) vendor to the following factors:
User Interface: An early focus on user interface rather than just APIs has played a critical part in our growth. A visual playbook editor that allows for easy creation, modification, and replication of modular workflows has facilitated quick realization of the platform’s value for end users.
Machine Learning: Machine learning is a concept that is as tricky to follow through and execute on as it is tempting to include in marketecture. Our platform has been built with machine learning from the ground up, culminating with insights that simplify workflow creation, increase analyst productivity, and improve response efficiency.
Flexibility: Demisto strives to adapt to user needs and requirements without necessitating lock-in. For instance, our playbooks can be used both as reactive workflows in response to incident ingestion and proactive workflows as on-demand or scheduled Jobs. This makes Demisto a valuable solution for both security operations and incident response.
Moreover, the product can be deployed both on-premise and as a cloud service, tailoring installation and use to end user requirements.
Collaboration: Structured playbooks are rarely the be-all and end-all response for complex security incidents. For real-time investigation, each incident in Demisto has a War Room where analysts can conduct joint investigations, run interactive security commands, and have their actions documented at a single source.
These incident investigations can also be mirrored on Slack, ensuring that security teams aren’t taken away from a platform they’re already comfortable with while also keeping investigation records updated within Demisto.
“We are delighted to be named a 2018 Gartner Cool Vendor,” said Rishi Bhargava, Demisto co-founder and VP of Marketing. “With the adoption of SOAR tools continuing to gather pace, we are excited to play a role in writing this industry’s story. We strive to build on our strengths and continue innovating with the goal to help SOCs improve their overall security posture.”
If you’re interested in learning more about Demisto’s approach to SOAR, you can download the Free Community Edition below.