Demisto today announced that it has raised $43 million to simplify security management, even as the complexity of security threats and the tools to address them seems to be expanding almost daily.
The company has helped carve out a spaced dubbed “Security Orchestration, Automation and Response,” or SOAR, a concept that refers to coordinating the teams and tools a company has for defending itself against hackers and other digital threats.
“There are a lot of security tools and not enough manpower,” said Demisto CEO Slavik Markovich. “We thought Slack was pretty cool, and we thought managing security should be like that. Sharing and talking to each other should be as easy as chatting on Slack.”
The SOAR space is still somewhat new, but it is gaining recognition from investors and enterprise customers. Earlier this year, Splunk acquired Demisto rival Phantom for $350 million. According to 451 Research, the issue facing many enterprises is that labor represents about 40 percent of their cybersecurity costs, but teams are often inefficient, chaotic, and slow to respond to security notifications.
That’s precisely the problem Demisto set out to solve when it was founded in 2015.
Today, Demisto offers a version that companies can install internally, as well as one that is cloud-based. The service offers a visual dashboard that centralizes all the information being generated by the range of security products deployed and keeps all people involved in security at a company in constant contact.
When some part of the system throws off a notification about a potential security issue, Demisto enables team members to quickly assign responsibility and respond to the issue. Using its machine learning technology, it then generates a playbook for how the company should respond in the future, and in many cases it can even automate those responses.
“You get an alert, but how do you go about resolving that alert?” Markovich said. “No one has a way to follow up and make sure it’s executed the way it should be executed. So we collect those alerts and then create a playbook that allows you to automate a larger part of the incident resolution part. And if there’s a step that needs to be done by a human, we make sure that’s being done in a way that’s following the playbook.”
As security team members are debating issues and figuring out how to respond, Demisto also provides a chatbot that can answer questions and facilitate discussions. Demisto says its service has helped some customers cut instances in which a human needs to intervene by as much as 95 percent.
The round was led by Greylock Partners, which has a long history backing security startups, and brings the company’s total funding to date to $69 million. Additional participants in this round include early investors Accel Partners and ClearSky Security.
“There are lots of interesting problems to solve in security,” said Sarah Guo, general partner at Greylock Partners. “At Greylock, we try to focus on problems that are important enough or strategic enough to support a large company. Modern security is all about operations, tool fragmentation, and people management. These are not necessarily the sexiest problems to solve on the surface. But I think Demisto has a category-defining product that has the right integration and workforce automation to enable collaboration.”
The company plans to use the money to expand its marketing and customer acquisition efforts, as well as to continue developing the product and adding new features, Markovich said.
“The market is still very early,” he said. “And it’s growing very fast.”