Demisto is now Cortex XSOAR, but the big news around the evolution of the platform is the addition of threat intelligence capabilities.
Palo Alto Networks has reintroduced the Demisto SOAR platform they acquired in 2019 with the new brand of Cortex XSOAR. They have also significantly extended its capabilities adding threat intelligence and using the platform’s existing automation capabilities to automate that threat intelligence management.
The plan was always to integrate the Demisto technology into Cortex, the second generation of Palo Alto Networks’ Application Framework ecosystem designed to encourage third parties to build security apps on the Palo Alto Networks platform, even though the SOAR was originally branded as Demisto, a Palo Alto Networks company.
“It takes time to rebrand a product and get the right messaging and naming,” said Rishi Bhargava, who was a Demisto co-founder and is now VP, Product Strategy at Palo Alto Networks. For Palo Alto Networks as a whole, aligning the Demisto sales and marketing into one motion was efficient. What has not changed is that the product team is still intact, with the same leadership.”
Bhargava also stressed that the basic philosophy underlying the product has not changed despite the new name.
“The core value is integration with third party vendors and the third party ecosystem,” he said. “We still believe the new Cortex XSOAR has to integrate with not only PAN but third party vendors. We have added over 100 third party integrations in the last year.”
A key strength of a SOAR is its ability to make SOC teams’ lives easier by increasing the level of automation around security orchestration and incident management. The Palo Alto Networks platform provides for the automation of hundreds of security use cases, with playbooks that orchestrate response actions across more than 350 third-party products. With this release of the rebranded offering, the platform leverages the original Demisto automated security incident case management platform to address threat intelligence management, through an optional module.
“Previously, threat intelligence was a separate product completely, and the SOC budget was SIEM, SOAR and threat intelligence,” Bhargava said. “We don’t think that threat intelligence should not be a standalone. Our view is that it is a core part of the SOC, and the SOAR should include that. Some analysts like Gartner have also hinted towards having this same view.
“Customers still thought threat intelligent management was a big pain point,” Bhargava added. “The other vendors out there who did this did it in a different silo, and automation did not apply to it. We have an amazing automation platform, so the same way we applied it to alerts, we applied it to threat intelligence, and that is what is different about the Cortex XSOAR platform.”
Building threat intelligence into their SOAR does not mean that Palo Alto Networks’ strategic alliances with threat intelligence providers are toast.
“Security is a world of co-operation, and we recognize that no customer will only have Palo Alto Networks products,” Bhargava said. This just extends co-opetition with other vendors.
Demisto customers will be migrated to Cortex XSOAR upon general availability, expected in March 2020, with an option to evaluate the new Threat Intel Management module at no additional cost.