Cyber threats are increasing by the day, cybercriminals are becoming more skilled, and the costs of repairing the damage done by a breach are skyrocketing. As the adoption of mobile, web application and Internet of Things is increasing, the threat surface is greater than ever and speedy responses to threats are vital to the health of every organization. Integrating Demisto’s security orchestration and automation capabilities with tCell’s cloud-based application security features gives DevSecOps an edge in the ongoing battle for security dominance.
What Demisto Offers - Security Orchestration
Demisto is a comprehensive security operations platform — providing full incident management, security orchestration and automation, and interactive investigation, all built on a bedrock of machine learning insights. Workflows, human tasks, and automation are woven together to help reduce the mean time to resolution, increase productivity, and create consistent processes for incident management.
What tCell Offers - Application Security
Cloud-first organizations benefit from tCell's cloud-based application security, whether the apps are cloud-based or on-premises. Advanced runtime application self-protection functionality keeps web applications secure through browser-side instrumentation, cloud-based analytics, and server-side instrumentation. It is ideal for organizations using microservices or agile methodology that desire protection without the need for network or code changes.
The Benefits of Integrating tCell and Demisto
Individually, tCell and Demisto provide security professionals with a number of benefits. Combined, the benefits are multiplied so that the whole is truly greater than the sum of the parts.
- Increased visibility into both the application and the context of the attacks allow real-time blocking of intruders and fast remediation using security orchestration.
- Custom security rule sets can be designed and deployed that are based on information generated by the RASP solution in tCell.
- Security orchestration improves context and accuracy through correlation of data spanning multiple streams.
- Playbook-driven remediation and triage of events happening at the application level allow faster responses and less human intervention.
- DevOps teams are exposed to production security events.
- Webhook alert integration promotes collaboration across teams.
- The cloud-based tCell analytics platform provides deep insight and visibility into the leading styles of attacks based on OWASP.
- The tool for content security policies in tCell can be correlated with XSS data feeds and DOM-based instrumentation.
Case Study: Veeva Systems
Veeva Systems is a leading provider of software for the life-sciences industry. The company's clients range from emerging biotech firms to some of the largest pharmaceutical corporations in the world. In an industry in which compliance is heavily regulated, tools are needed that will deliver fast, effective protection against breaches and attacks. The most troublesome issue for Veeva was the inadequacy of the collaboration between security and development teams that impaired the ability to remediate situations quickly and effectively.
Veeva chose Demisto as the security orchestration platform and integrated tCell into the platform. When tCell detects an attack, Demisto runs a Veeva-defined playbook that initiates the remediation process. The playbook automatically identifies the required teams and generates the necessary tickets. Developers are provided with contextual data needed to rapidly make the required fixes. If additional information is needed, Demisto can provide enriched data on the attack to locate any correlations involving multiple streams of data.
As a result, Veeva's incident response and security teams have the actionable intelligence they need for timely, accurate responses. The integration of Demisto and tCell has allowed Veeva to focus on security orchestration rather than the noise.
Cyber threats are not going to disappear, so the need to protect API services and web applications will remain a critical part of cybersecurity. However, development and operations must be intricately involved with security for protection to be adequate. Combining tCell and Demisto is an effective way to provide the security that your organization needs.