Security chatbot startup Demisto today lived up to the origins of its name by demystifying at least two things: First, the company lifted a shroud of secrecy as it emerged from stealth with $6 million in funding from Accel and several security industry executives. Second, the firm unveiled an intelligent security bot that promises to simplify and streamline the work of corporate security operations.
The company’s announcement is well-timed given the burgeoning interest in bots, but CEO Slavik Markovich said the timing is coincidental and driven solely by customer need. “The number of threat events that companies are facing is higher than ever, and being able to protect and detect networks is more complex,” said Markovich.
Well-publicized and costly hacks — think Sony, Home Depot, and the IRS to name a few — have made rapid incident response times critical to network security. Yet ironically, as new tools are developed to thwart each new type of threat, an analyst’s ability to react has slowed in some cases. “The average security analyst has to access three or four different products and follow perhaps 10 steps in order to identify and blacklist a malicious file,” said Markovich.
Demisto’s bot addresses this challenge by integrating with more than 30 security tools from companies like Check Point and Carbon Black to provide a unified interface that sits atop their software. The bot eliminates an analyst’s need to toggle between discrete security tools by working across them to automate routine tasks such as identifying a virus or blocking an IP address.
Integrating with established security vendors via an open API also provides a built-in market strategy for the new company. Markovich explains that Demisto’s sales approach will vary based on the potential client and the degree of integration with their partners. “We’re not going to follow a reseller model,” Markovich said. “In some cases, we might be pitching a joint solution, while in others we might be listing each other’s name on our websites and working things out as they arise.” Developing a sales and marketing team will be a primary use of the new investment.
Based in Cupertino, California, Demisto’s founders began work on their security chatbot in July 2015. In December of that year the team released an open source bot on Slack called DBot. Markovich said the bot is used by more than 600 companies and was a way of giving back to the security community. The company’s commercial product is powered by DBot.
This April, Demisto produced a well-received beta version. “We had a good surprise in that we had been on a journey to combine automation and collaboration across products in a single platform,” said Rishi Bhargava, cofounder and vice president of marketing. “The positive feedback on our collaborative interface was an aha moment.”
Reducing the complexity of network security may also help ease the shortage of qualified professionals. “The need for security analysts and the lack of workers with the right skill set can be addressed by chatbots like ours,” said Bhargava.
Available now as part of Demisto’s Enterprise Security Operations Platform, the chatbot contains two intelligent functions with two more on the way. First, the bot is able to identify duplicate issues detected across a company’s network, say one at a data center in the U.S. and one at a data center in Germany. This prevents two redundant tasks from being executed. Second, when a threat is identified, the bot gathers up assets and information resources related to it, speeding the response time of an analyst. By year end, Bhargava said, the bot will have the capability to learn stages of threat investigation, which will speed identification; after that will come the ability to recommend corrective actions.