yoshitaka272 - Fotolia
Palo Alto Networks this week rolled out Demisto version 5.0, a security orchestration, automation and response platform, following its acquisition of Demisto in February.
Demisto 5.0's UI is customizable depending on incident types and lets users visualize and act on threat indicator intelligence to help security teams manage and automate incident response. The load management and scaling of resources aim to help an organization be secured as its size grows, according to Palo Alto Networks.
Updates to the security orchestration, automation and response (SOAR) platform include the following features:
- Improved user interface: The Demisto 5.0 platform comes with a new incident summary page that provides a short summary of critical information about the incident so users no longer have to scroll down, according to the company.
Incidents on Demisto now have "out of the box" tabs that provide best practices to categorize information. Users can also create incident layouts from scratch to highlight a specific incident type. Meanwhile, administrators can grant access for users of relevant roles to view sensitive information in an incident.
The updated UI also include the following features:
- Global navigation: The main navigation panel in Demisto 5.0 is by default collapsed to improve visibility across the Demisto environment; and
- Customizable "Investigation" page: Each incident has a customizable page on which users can select what, where and how to visualize information.
- Enhanced threat intelligence: The threat intelligence feature in the new Demisto SOAR platform enables users to access threat indicator intelligence from integrated sources and take action on them, according to Palo Alto Networks. Users can create custom indicator layouts that display relevant data for each type.
- Database scaling: Demisto 5.0 offers multi-tier configurations that help IT teams scale and manage resources. Customers can now install the Demisto app server and databases on separate machines to ensure consistent speed of deployment.
There are two multi-tier configurations that Demisto 5.0 supports:
- One app server and one database server on separate machines; and
- One app server and multiple database servers on separate machines.
- SOAR for mobile: The new Demisto SOAR platform includes a mobile application that provides chat support and lets users add relevant stakeholders on the go. In addition, through settings on the desktop app, customers can choose to receive notifications on email, Slack, Mattermost or the mobile app.
A technology that help organizations collect security threats data and alerts from different sources, SOAR products are gaining popularity and adoption rate among businesses aiming to improve security operations centers. Gartner predicted the SOAR technology market will rise from a 1% adoption rate in 2018 to 15% by 2020.
Gartner's 2019 Market Guide for SOAR products included Demisto, IBM, ATAR Labs and Cyberbit. IBM Resilient aims to speed up integration with organizations' existing security and IT infrastructures; the platform provides intelligence and incident context, actionable security alerts and product simulations for employee training. Demisto integrates with IBM Resilient Systems for orchestration of ticketing and case management tasks, according to the company. ATAR SOAR platform collects data from a security operations center to provide metrics that shows insight into how the SOC is performing, according to the company. Cyberbit touts a platform that increases security operation center's efficiency and visibility while reducing response time, according to the company.