Demisto, an innovator in†Security Automation and Orchestration technology, announced its new interoperabilities with the RSA NetWitness and RSA Archer suite of products. As a result, users can orchestrate and automate security workflows, as well as enrich incidents with network and security analytics, to reduce organizational risk, accelerate incident response, and improve overall security posture.
Demisto’s bi-directional interoperabilities enable incident response analysts to get broad visibility across logs, packets, and endpoints from the RSA NetWitness Suite and ingest security incidents from the RSA Archer Suite into Demisto’s Security Operations Platform to automate triage and response through specific Demisto playbooks. For the RSA NetWitness Suite, the interoperability accelerates response to detections by enabling coordinated actions with other security products, automated playbooks, interactive running of commands, and ChatOps-powered collaboration. For the RSA Archer Suite, the interoperability infuses full automation into the security incident management process in response to security alerts through playbooks reducing manual actions to eliminate errors and user fatigue.
“Users of the RSA NetWitness Suite are now able to experience an even more streamlined triage and response to incidents through Demisto’s automation and playbooks,” said Mike Adler, VP Product, RSA NetWitness Suite. “The rich data collection and analytics capabilities of the RSA NetWitness Suite combined with Demisto’s orchestration allows our users to coordinate all product actions in one window and workflow, streamlining their security response while still maintaining complete investigation trail.”
The Demisto interoperabilities deliver new functionality within the RSA Ready program. First, the ability to query data from the RSA NetWitness and RSA Archer products and run commands interactively through Demisto’s ChatOps interface while collaborating with other analysts reduces response times for incidents and enhances analyst learning and task-based accountability to solidify best practice response procedures. Second, the built-in machine learning bot studies and learns analyst actions to provide insights on top-performing analysts, analyst-task matching, and effective investigation commands for specific incidents to help establish best practices and train junior analysts.
“This interoperability enhances the industry-leading functionality of RSA’s solutions by streamlining the capabilities through automation and playbooks,” said Rishi Bhargava, co-founder of Demisto. “By ingesting alerts from multiple sources and triggering automated playbooks for triage and response, Demisto’s interoperability with these RSA products will ensure that analysts are able to orchestrate mundane tasks and collaborate for deeper, sophisticated investigations.”
Demisto’s integrations with the RSA NetWitness and RSA Archer products are bi-directional, enabling analysts to fetch data from the RSA products into Demisto for further investigation, and to push results from Demisto to update RSA NetWitness Suite’s records and RSA Archer Suite’s incidents. The incident results can be pushed back into the RSA NetWitness software for log management and further enrichment. Resolving security incidents with RSA Archer software is also made easier by automatically triggering Demisto playbooks upon incident creation in RSA Archer software. Using Demisto also allows analysts to weave in 140+ other security product integrations, in addition to orchestrate end-to-end incident response and management from ingestion to resolution.†
Demisto Enterprise integrates with more than 140 security products and enables customers to build playbooks for different security operations. These playbooks can include automation tasks or best practice steps to be followed in case of a security incident. Demisto’s playbooks help reduce MTTR (Mean Time to Response) for security incidents. In addition, the case management and machine learning capabilities help security teams save resources and time while enforcing rigor and process to incident response.