Demisto Introduces Industry’s First Machine Learning Incident Response Platform that Gets Smarter with Every Analyst Action


Dan Spalding

(408) 960-9297

Demisto Introduces Industry’s First Machine Learning Incident Response Platform that Gets Smarter with Every Analyst Action


Demisto Enterprise Learns from Dynamic Customer Environments and Analyst Actions to Optimize Incident Response and Help Train the Next Wave of Security Analysts

CUPERTINO, Calif. — June 28, 2017 — Demisto, Inc., an innovator in Security Automation and Orchestration technology, today introduced the industry’s first Security Operations Platform that learns from analysts’ actions used to resolve incidents to optimize future incident response. The new machine learning-based technology, called “Demisto Insights” and available in the latest version of Demisto Enterprise, helps analysts during an investigation by suggesting the best methods to resolve an incident. Such machine learning technology marks the first time in the security industry when a solution learns from experts rather than relying only on past historical security data.

The security industry faces a significant shortage of skilled incident response (IR) analysts. While automation is being used to help analysts reduce manual work, organizations need to be able to learn from experienced analysts’ actions to help educate and train younger analysts to solve problems faster. With this new release, Demisto offers the industry’s most comprehensive Security Operations Platform with pre-built automation playbooks, more than one hundred integrations, incident case management, threat feed aggregation and correlation with incidents, and now machine learning that improves the analysts’ productivity.

“Like Cylance, Demisto is applying machine learning and automation to today’s overly complex incident response process,” said Steve Mancini, senior director of information security at Cylance. “The Demisto platform is redefining how my team approaches internal investigations through the use of machine learning, collaboration and historical threat feed correlation to save time, ensure consistency, and reduce risk.”

“Demisto Insights” collects key findings from analysts as they resolve incidents. Using unique machine learning technology it also suggests the best team members to handle the incident, and best next steps to resolve the incident that will continually enhance playbooks. This type of machine learning is unique in the industry because the Demisto platform learns from analysts’ and SOC managers’ actions which are high fidelity signals rather than static security product data. This model enables accurate results for each customer as Demisto learns the unique customer environment rather than generic security data.

“Demisto was already leading the industry in helping organizations with significant cost and security risk reduction during the incident management life cycle by leveraging our unique automation and collaboration features,” said Dan Sarel, Demisto co-founder and VP Products. “With these new enhancements, we now extend the value delivered by the platform to make it even easier and faster for analysts to respond to incidents. The platform significantly reduces adoption time and time to value with our new machine learning capabilities and updated graphical interface.”

The latest release of Demisto Enterprise enhances the playbook authoring interface and also provides a live runtime review of the playbook execution. In addition, a new language called “Demisto Transform” has been introduced which helps IR analysts build complex playbooks for automation much faster and without writing any code. All these capabilities enhance the experience of security analysts by making it even easier to build automations and to review the results of the investigation. The platform highlights the findings in a single, improved view to give analysts all the details needed for decision making.

In addition, Demisto’s new release offers numerous product integrations as well as 50 additional enhancements. For example, Demisto’s new and improved incidents page helps SOC managers have a better view of the SOC status and allows them to more easily manage their teams. Also, the new incident summary page delivers a quick view of the main findings in each incident, helping managers get a quick view of the ongoing events and helping analysts who join an investigation get quickly oriented. For a complete list of Demisto’s new integrations and release enhancements, see

Pricing and Availability
Demisto’s new Enterprise Security Operations Platform is generally available today, with annual pricing starting at $100,000 for up to two analysts. A fully multi-tenant Demisto solution for MSSP that provides SOC-as-a-Service is also available from Demisto. For more information, see

About Demisto
Demisto Enterprise is the first and only comprehensive Security Operations Platform to combine security orchestration, incident management, machine learning from analyst activities, and interactive investigation. Demisto’s orchestration engine automates security product tasks and weaves in the human analyst tasks and workflows. Demisto enables security teams to reduce mean time to resolution (MTTR), create consistent incident management process, and increase analyst productivity. Demisto is backed by Accel and other prominent investors and has offices in Silicon Valley and Tel Aviv. For more information, visit or email


Demisto is a registered trademark of Demisto in the United States and other countries. All rights reserved. All other company and product names are either trademarks or registered trademarks of their respective companies.