Demisto, an incident response and security operations platform provider, now enables Amazon Web Services (AWS) customers to use its Security Orchestration, Automation and Response (SOAR) technology to unify workflows across cloud and on-premise infrastructure.
The Demisto-AWS integration provides automated and keyless cloud security incident response, according to a prepared statement. AWS customers can leverage Demisto Enterprise to coordinate response and operational actions across their cloud and on-premise environments. Demisto Enterprise also provides identity and access management (IAM) roles to streamline credential transfer and management across AWS environments.
What Is SOAR?
SOAR tools typically leverage machine-readable and stateful security data to provide reporting, analysis and management capabilities to support operational security teams, Gartner says.
SOAR tools can be deployed across cloud and on-premise infrastructure without the need for credential management. They enable organizations to address IT staff shortages, alert fatigue, evolving cyber threats and the need for a central repository and action center for security operations centers (SOCs), technology research firm Gartner indicated.
Also, SOAR tools promote repeatable and scalable cloud security incident response, Demisto said. They unify incident response and drive security orchestration workflows for incident management and other security operations tasks.
Approximately 15 percent of organizations are projected to leverage SOAR tools by 2020, Demisto co-founder Rishi Bhargava stated. As such, MSSPs that integrate Demisto Enterprise and other SOAR tools into their portfolios could help customers improve their security posture and reduce risk in the foreseeable future.
How Can MSSPs Use Demisto Enterprise?
Demisto Enterprise is a multi-tenant solution that combines security orchestration, incident management, machine learning and interactive investigation capabilities, according to the company. It allows MSSPs to automate security tasks, reduce mean time to response (MTTR) and simplify incident management processes.
MSSPs also can use Demisto Enterprise to analyze metrics and trends from collected incident data across customer networks, Bhargava noted. That way, MSSPs can alleviate the shortage of trained security personnel, automate repetitive tasks and limit alert fatigue.
Furthermore, Demisto Enterprise provides automated playbooks and customer access functionalities to help MSSPs speed up incident response, the company said. It enables MSSPs to collaborate with customers in real-time to drive mutual trust and transparency.
In addition to the AWS partnership, Demisto recently has announced integrations with the following cybersecurity companies:
Guidance Software: Orchestrates incident response across multiple security products and provides forensic-grade threat remediation.
Securonix: Provides cyber threat investigation data with user context, activity timelines and violations.
Wipro: Delivers automated incident response as a managed security service.
Demisto is a channel company that integrates with more than 160 security products. It also enables organizations to build playbooks for different security operations, the company said, and reduce the number of alerts requiring human review by as much as 95 percent.