Your Security Operations teams need a lot of security tools to deal with constantly changing and complex threats. But with so many tools, they can waste time chasing data and performing repetitive tasks. So, why not equip them with rich, correlated data, and automate repeatable tasks so they can focus their time and energies efficiently on incident resolution
Users can now leverage Demisto’s security orchestration and automation capabilities with Devo’s real-time, context-rich data insights for efficient incident response.
- Hunt and investigate IOCs in Devo and leverage Demisto playbooks to automate and manage analyst response
- Enrich all your security data and detect real-time threats with Devo and trigger automated workflows and response with Demisto
- Leverage hundreds of Demisto third-party product integrations to coordinate response across security functions based on insights from Devo.
- Run 100s of commands (including for Devo) interactively via a ChatOps interface while collaborating with other analysts and Demisto’s chatbot.
USE CASE #1
Automated Incident Enrichment and Response
If SOCs use different solutions for security analytics and incident response, it can be tough to track the lifecycle of an incident due to fragmented information and lack of central documentation. Instead, analysts are stuck completing low-level tasks and manually building the workflow rather than quickly resolving an incident.
SOCs can use Devo for high-volume, high-velocity data correlation, enrichment and visualization, and Demisto Enterprise for security task orchestration and automation to trigger playbooks at incident creation. These playbooks will orchestrate response actions across the entire stack of products for a single seamless workflow. For example, analysts can create tickets, quarantine endpoints, retrieve PCAPs, and send emails as automated playbook tasks.
Devo’s context-rich, real-time security data analytics coupled with Demisto playbooks speed incident triage and resolution. The seamless workflow enables analysts to gain a comprehensive view of the incident’s lifecycle, access all documentation in a single platform, and speed investigative and response actions through automated insight.
To learn more about our integration with Devo, view our joint solution brief:
USE CASE #2
Proactive and Scheduled Network Security Management
While automated playbooks can reduce analyst workloads, a forensic investigation usually requires additional tasks, such as pivoting across multiple data views to gather critical evidence, drawing relationships between different incidents, and defining remediation steps. Analysts need full access to all of their security data, with context, to enable them to make accurate and rapid decisions.
After running playbooks, analysts can then gain greater visibility and new, actionable insights into the attack by running Devo commands in the Demisto War Room to draw on all security data, context, and threat intelligence. The War Room will document all analyst actions and suggest the most effective analysts and command-sets with time.
The War Room allows analysts to quickly pivot on all security data in Devo and run unique commands relevant to incidents in their network, from a single window. All participating analysts will have full task-level visibility into the process and be able to run and document commands from the same window. Auto-documentation of all automation and analyst actions allow for reports to be generated quickly for executive review or post-investigation debriefs.
We hope you found this integration overview useful. To explore Demisto in greater detail, you can download our free community edition below.