Security Doesn’t Have to be ScaryHow tCell and Demisto Battle the Bad Guys

Introductions

Ask questions by using text box in right hand area of the GoToWebinar platform, as the audience will be on mute

Everyone will receive recording and slides by Friday

Speakers:

Michael Feiertag, CEO of tCell

Rishi Bhargava, Co-founder of Demisto

Rishi BhargavaCo-Founder

Demisto

Michael FeiertagCEO and Co-Founder

tCell

tCell: Web Application SecurityProtecting apps where it matters most: Runtime

AppSec is Getting Harder

4©2017 tCell

AppSec is Now Top Priority

5©2017 tCell

AppSec is Now Top Priority

6

1/3 of all breaches originate

as Web App Attacks.

85% of apps use libs with

known vulnerabilities

©2017 tCell

We’re Flooded With Noise

7

100,000 XSS attack

attempts to find one vuln

Average attacker tries

1200 different attacks

©2017 tCell

8

tCell’s Application Immune System

Delivers what’s neededSee risks

See attacks, block attackers

Separate attack from breach

Easy to deployNo perf impact

No code changes

No network changes

©2017 tCell

tCell: Product Demo

Automation, Orchestration and Beyondfrom the War Room to the Board Room

SOC Challenges

Growing Alerts: >10K alerts per week

IR Process: No consistent process, no metrics/run over email

Lack of Skilled analysts: 2 million analysts shortage

Long MTTR & Risk:Weeks to resolve each detected incident

“Our MTTR is too long.

Every added day

translates into lost

money and company

brand risk”

– CISO

“The few, experienced

security experts are

overwhelmed with the

growing number of

alerts.”

– SOC Director

“I spend too much

time with too many

products to manage

incident response.”

- IR Analyst

A NEW MODEL IS NEEDED

Why Demisto?

Automation and Orchestration

Increase efficiency and leverage existing investments

Collaboration and Learning

Enhance team performance with collaboration and machine learning

Complete Case Management

Incident response

process, track metrics

and goals

The connected fabric for your security infrastructure and teams

The connected fabric for your security infrastructure and teams

Complete Case Management

Incident response

process, track metrics

and goals

Automation and Orchestration

Increase efficiency and leverage existing investments

Collaboration and Learning

Enhance team performance with collaboration and machine learning

Why Demisto?

Stage 1

Consistent and

documented process

Stage 2

Automate redundant

and repeatable steps

Stage 3

Enhance team

performance and

learning

SOC ChallengesWhy Demisto?

Reduced MTTR & Reduced

Operational Risk

The connected fabric for your security infrastructure and teams

Complete Case Management

Incident response

process, track metrics

and goals

Automation and Orchestration

Increase efficiency and leverage existing investments

Collaboration and Learning

Enhance team performance with collaboration and machine learning

Automate Playbooks for

Incidents and Security Operations

Automation Playbooks:

120+ Extensible Integration |

~1000 Security Actions

Historical correlation of all

Indicators across incidents

Auto-detection of indicators

and STIX import

Import STIX and analyze indicators

cross incidents

Comprehensive SLA

Tracking & Metrics

Evidence Collection and Journaling

Meets Regulatory Mandates

and Compliance

Real-Time Collaboration

and Hand-Offs

DBot ChatOps capability for

real-time interactive investigation

with experts and tools

Auto Documentation for all

investigation actions

Case Management, Automation & Collaboration

Demisto Enterprise

Real-Time Interactive Investigation

Incident ManagementIntelligent Automation

Threat Management

*Learning DBot empowers Tier 1 through 3 analysts

Get smarter with each incident

DBot learns from analyst actions and historical information

Custom suggestions for incident assignment

Identify experts for each type of incident

Best products and commands suggestions for resolving incidents

DBot: Force multiplier for your analysts

The Demisto Community

Build IR playbooks and

automation scripts

Over ~1000 automations

to use for free and

contribute back

Based on the open COPS

standard

Share security playbooks, tools, and knowledge with peers

2,000 security experts and

growing from 53 time zones

Open source integrations

and automations

Open Playbook Standard

(COPS)

The Largest IR community

Integration DemoSee the power of tCell and Demisto together

Q&ATaking live questions

Questions & Resources

Follow-up email will be sent with webinar recording

Resources[Solution Brief]: Learn more about the tCell and Demisto integrationhttps://go.demisto.com/hubfs/Resources/Solution_Briefs/tcell/Demisto-tcell-Solution-Brief.pdf

[Research Report]: See the latest stats on the State of Incident Response 2017https://goo.gl/a6WvxV

[Monthly Demisto Product Demo]: Sign up for a Demisto product demo https://goo.gl/SBWdRf