Demisto also becomes the first SOAR vendor to add chat support for their mobile application.
In March, Palo Alto Networks completed their acquisition of a SOAR [Security Orchestration, Automation, and Response] platform with their acquisition of Demisto. They have now released their first major update of the product since the acquisition. Demisto 5.0 is primarily about making enhancements to visualization to make its use easier by SOC teams. They have also improved scalability by allowing a server to support multiple databases instead of the previous one, and have improved their chat support by making chat available on the mobile app.
Palo Alto Network paid a lot of money [$560 million] to acquire Demisto because it filled a key void for the company, said Rishi Bhargava, one of Demisto’s founders, who is now VP Product Strategy, at what is now Demisto, a Palo Alto Networks company. SOARs are all about making SOC teams’ lives easier by increasing the level of automation around security orchestration and incident management.
“Palo Alto Networks concluded that to have a complete security solution, they needed to have a SOAR to enhance their presence in the SOC,” Bhargava said. “They wanted to provide a complete security solution, and over the last two years, a SOAR has become part of that. Just being present in the network is no longer a complete solution. Us and Phantom were the leaders in this market, and they decided to buy us.”
Bhargava emphasized that Demisto’s Go-to-Market strategy involves dealing with companies who compete with Palo Alto Networks.
“The reality is that the commitment to staying independent has not changed,” he said. “We have executive level commitment to keep Demisto separate, and this commitment is not just verbal. We have continued to integrate with everyone out there including the competition. We just released an integration with SentinelOne, which competes with Traps, Palo Alto Networks’ endpoint solution. The ecosystem that we have developed over the last 3-4 years has been expanded with new integrations at the same pace as before, if not faster. We do new integration releases every two weeks.”
Palo Alto Networks is integrating Demisto’s technology into Cortex, the second generation of their Application Framework ecosystem designed to encourage third parties to build security apps on the Palo Alto Networks platform.
“Demisto has an integration within Cortex, but it is handled the same as any other partner integration,” Bhargava said.
A major change with the 5.0 release was to implement a new user interface.
“We changed how the alerts are visualized for the end user,” Bhargava indicated. “The use case for the product is expanding tremendously. We used to be used just for SOC alerts. Now we are used more broadly for cloud security and compliance. The question became how to best visualize the data, because each incident or alert can look different. So we made the UI very customizable for different security uses.”
Changes in visualization are also fundamental to enhanced threat intelligence in this release.
“We have enhancing how each indicator is visualized in the context of an incident, so that more details can be provided for each indicator,” Bhargava said.
How Demisto scales the data to the back end has also been revamped.
“It is now significantly different,” Bhargava said. “Before, we had a one to one model where one server was tied to one database. This worked. We had some very large customers, and it met their needs. But now it is easier to support many databases on the back end.”
Finally, Demisto has introduced chat support in the mobile application.
“This is very unique,” Bhargava said. “None of the SOAR players have a mobile app out there. We were the first to provide chat, and now we are the first to provide it within the mobile app.”
Looking forward, Bhargava said that in addition to a continuous flow of new integrations, they are planning for additional use cases.
“More and more use cases define our roadmap,” he said. “We have had a lot of interest from partners around this, and we are developing new integrations for them.”
Demisto v5.0 is available now.