Demisto – a comprehensive Security Orchestration, Automation and Response (SOAR) Platform

    Demisto, a Palo Alto Networks company, is a comprehensive Security Orchestration, Automation and Response (SOAR) Platform that combines orchestration, incident management and interactive investigation to serve security teams across the incident lifecycle with a seamless experience. With Demisto, security teams can standardize processes, automate repeatable tasks and manage incidents across their security product stack to improve response time and analyst productivity.

Demisto’s orchestration engine automates security product tasks and weaves in human analyst tasks and workflows. Demisto Enterprise, powered by its machine learning technology, acquires knowledge from the real-life analyst interactions and past investigations to help SOC teams with analyst assignment suggestions, playbook enhancements, and best next steps for investigations. The platform (and you) get smarter with every analyst action. With Demisto, security teams build future-proof security operations to reduce MTTR, create consistent incident management processes, and increase analyst productivity.

KEY BENEFITS

1.Consistent, transparent, and documented processes
   •   Playbook-driven response actions and investigation queries.
   •   Auto-documentation of all investigations and historical searches.
   •   Automatic detection of duplicate investigations.
   •   Search across investigations, indicators, and evidence.

2.Quicker resolution times and better SOC efficiency
   •   Customizable playbook portfolio to automate redundant and repeatable steps.
   •   Virtual “War Room” for joint, real-time investigations.
   •   Granular tracking of incident and analyst metrics.

3.Improved analyst productivity and enhanced team learning
   •   Visual maps of related incidents for quick detection of duplicates.
   •   Real-time collaboration and unstructured investigation support.
   •   ML-powered insights for task-analyst matching, ownership, and response actions.
   •   Mobile application for on-the-go case management.

4.Flexible and scalable deployment
   •   Solution available as cloud-hosted or on premise deployment.
   •   Supports full multi-tenancy with data segregation and scalable architecture.
   •   Engine proxy to handle segmented networks.
   •   Multi-tier configurations for improved load management.

For further information about Dimasto, please contact Mr Bread Wong of UDS Data Systems Ltd ([email protected], Tel  +852 2851 0271) for details.