Chatbots have been around since the 1960s, but they're now experiencing a true rebirth in new-gen tech, thanks to high-visibility companies Facebook (Messenger), Apple (Siri), IBM (Watson), WeChat and Google (Assistant), which are championing them and all their intelligence capabilities in upgraded platforms.
Thus, as trends such as this one start to get traction, other companies take notice and see what value the little automatons can bring to their own product lines.
Demisto, a Cupertino, California-based startup founded by former Intel McAfee engineers, has taken the chatbot ball and run with it in an effort to solve communication issues for security teams.
Demisto Enterprise, which launched itself and the new product on May 25, claims to be the industry's first bot-powered security ChatOps platform to automate and streamline security operations and incident-management processes. Using Demisto, data flows are automated, enabling security analysts to scale up or down their time and effort during incident investigation stages, while sharing knowledge and working collaboratively for faster resolution.
Demisto Mission: To Improve Security Efficiencies
And security breaches cannot be resolved fast enough.
"Our mission is to improve the efficiencies of security operations centers (SOCs), and to make life easy for security analysts," Rishi Bhargava, Demisto co-founder and vice-president of marketing, told eWEEK. "The first problem we saw was this: Security products do not talk to each other. You cannot run workflows and automations across security products. Second, it is very hard to hire skilled security analysts. Third, it's hard to do enterprise collaboration well.
"Demisto is using automation, bots and ChatOps to create an environment in which two (security) analysts can solve incidents together," he said.
Everybody wants easy. Good, tight security, by its nature, is never easy.
For the record, chatbots—short for chat robot—are applications designed to simulate conversation with human users using artificial intelligence. They are tailor-made for messaging services because they are fast and lightweight. Chatbots can talk to other chatbots in addition to humans; Demisto makes full use of the bot-to-bot aspects of chatbots.
Conversation-Driven Development Approach
ChatOps, a term widely credited to GitHub, is all about conversation-driven development. By bringing dev tools into conversations—say on Slack or Chatter—and using a chatbot modified to work with key plugins and scripts, teams can automate tasks and collaborate, working better, cheaper and faster.
Demisto Enterprise's intelligent automation is provided by the company's patent-pending DBot, a first-of-its-kind security chatbot. DBot automates actions across security products and correlates artifacts across incidents by using sophisticated patterns and powerful search capabilities, Bhargava said.
DBot integrates and can communicate with dozens of products, enabling it to cover the entire security incident life cycle from creation to close, Bhargava said. The third-party integrations include products across a wide range of categories, including security products, communication products and IT systems.
The list of integrations includes Palo Alto Networks, Tanium, Carbon Black, CrowdStrike, VirusTotal, IBM X-Force Exchange, McAfee ESM, Splunk ES, HP ArcSight, Check Point, FireEye, Exabeam, Slack, Active Directory, Office 365, Twilio and PagerDuty, among others.
Application Looks Into the Past for Perspectives
DBot searches in past and ongoing forensic investigations and proactively alerts the users when duplicate or related incidents are identified. Its record books were developed by security and incident response experts and follow NIST (National Institute of Standards and Technology) standards and other regulatory documents.
The company also announced a Series A funding round of $6 million. The round was led by Accel with participation from Cylance CEO Stuart McClure, Lookout CTO Kevin Mahaffey and Bluecoat President Mike Fey. All of them are security industry veterans.
Demisto's Enterprise Security Operations Platform is available now, and more information is available here. Pricing is based on the number of active platform users, Bhargava said.