Introductions
Ask questions by using text box in right hand area of the GoToWebinar platform, as the audience will be on mute
Everyone will receive recording and slides by Friday
Speakers:
Michael Feiertag, CEO of tCell
Rishi Bhargava, Co-founder of Demisto
Rishi BhargavaCo-Founder
Demisto
Michael FeiertagCEO and Co-Founder
tCell
AppSec is Now Top Priority
6
1/3 of all breaches originate
as Web App Attacks.
85% of apps use libs with
known vulnerabilities
©2017 tCell
We’re Flooded With Noise
7
100,000 XSS attack
attempts to find one vuln
Average attacker tries
1200 different attacks
©2017 tCell
8
tCell’s Application Immune System
Delivers what’s neededSee risks
See attacks, block attackers
Separate attack from breach
Easy to deployNo perf impact
No code changes
No network changes
©2017 tCell
SOC Challenges
Growing Alerts: >10K alerts per week
IR Process: No consistent process, no metrics/run over email
Lack of Skilled analysts: 2 million analysts shortage
Long MTTR & Risk:Weeks to resolve each detected incident
“Our MTTR is too long.
Every added day
translates into lost
money and company
brand risk”
– CISO
“The few, experienced
security experts are
overwhelmed with the
growing number of
alerts.”
– SOC Director
“I spend too much
time with too many
products to manage
incident response.”
- IR Analyst
Why Demisto?
Automation and Orchestration
Increase efficiency and leverage existing investments
Collaboration and Learning
Enhance team performance with collaboration and machine learning
Complete Case Management
Incident response
process, track metrics
and goals
The connected fabric for your security infrastructure and teams
The connected fabric for your security infrastructure and teams
Complete Case Management
Incident response
process, track metrics
and goals
Automation and Orchestration
Increase efficiency and leverage existing investments
Collaboration and Learning
Enhance team performance with collaboration and machine learning
Why Demisto?
Stage 1
Consistent and
documented process
Stage 2
Automate redundant
and repeatable steps
Stage 3
Enhance team
performance and
learning
SOC ChallengesWhy Demisto?
Reduced MTTR & Reduced
Operational Risk
The connected fabric for your security infrastructure and teams
Complete Case Management
Incident response
process, track metrics
and goals
Automation and Orchestration
Increase efficiency and leverage existing investments
Collaboration and Learning
Enhance team performance with collaboration and machine learning
Automate Playbooks for
Incidents and Security Operations
Automation Playbooks:
120+ Extensible Integration |
~1000 Security Actions
Historical correlation of all
Indicators across incidents
Auto-detection of indicators
and STIX import
Import STIX and analyze indicators
cross incidents
Comprehensive SLA
Tracking & Metrics
Evidence Collection and Journaling
Meets Regulatory Mandates
and Compliance
Real-Time Collaboration
and Hand-Offs
DBot ChatOps capability for
real-time interactive investigation
with experts and tools
Auto Documentation for all
investigation actions
Case Management, Automation & Collaboration
Demisto Enterprise
Real-Time Interactive Investigation
Incident ManagementIntelligent Automation
Threat Management
*Learning DBot empowers Tier 1 through 3 analysts
Get smarter with each incident
DBot learns from analyst actions and historical information
Custom suggestions for incident assignment
Identify experts for each type of incident
Best products and commands suggestions for resolving incidents
DBot: Force multiplier for your analysts
The Demisto Community
Build IR playbooks and
automation scripts
Over ~1000 automations
to use for free and
contribute back
Based on the open COPS
standard
Share security playbooks, tools, and knowledge with peers
2,000 security experts and
growing from 53 time zones
Open source integrations
and automations
Open Playbook Standard
(COPS)
The Largest IR community
Questions & Resources
Follow-up email will be sent with webinar recording
Resources[Solution Brief]: Learn more about the tCell and Demisto integrationhttps://go.demisto.com/hubfs/Resources/Solution_Briefs/tcell/Demisto-tcell-Solution-Brief.pdf
[Research Report]: See the latest stats on the State of Incident Response 2017https://goo.gl/a6WvxV
[Monthly Demisto Product Demo]: Sign up for a Demisto product demo https://goo.gl/SBWdRf