Esri is a global organization that helps more than 350,000 customers worldwide solve tough problems through advanced geospatial technology. Securing the many diverse digital assets of both the company and its customers is one of Esri's most important challenges. Last year it deployed Demisto Enterprise to streamline its Security Operations Center (SOC) activities with automated playbooks, response tasks and collaboration for improved responses to all relevant security alerts. As a result of efficiencies realized, Esri can now manage the long-term costs of its SOC operations by optimizing current security infrastructure and resources. Specifically, Demisto's automation and collaboration have reduced the volume of alerts requiring active analyst review from 10,000 per week to roughly 500 per week, a reduction of approximately 95 percent.
"To protect our infrastructure and private information, we have integrated a security product portfolio of some of the world's leading security solutions," said Gaye Stevens, CSO at Esri. "This security product portfolio identified more than 10,000 incidents and alerts per week, which presented us with challenges when trying to analyze and respond to these alerts with limited resources and time."
"The stakes have never been higher when it comes to protecting an organization's sensitive data from criminals and breach," said Joan Godchild, editor-in-chief of CSO. "Security leaders are expected to not only deliver protection, but also to drive business initiatives. Our annual CSO50 Awards recognize security projects that enhance defense and also deliver ROI."
Launched in 2013, the CSO50 Awards recognize 50 organizations for security projects and initiatives that demonstrate outstanding business value and thought leadership. The CSO50 Awards are scored according to a uniform set of criteria by a panel of judges that includes security leaders, industry experts, and academics. Awards will be presented at the CSO50 Conference + Awards.
To handle large volume of alerts, Esri's team built playbooks for each type of incident, and selected Demisto to automate closure of incidents that are easily resolved as false positives. Through Demisto's automation, these playbooks now codify analysts' knowledge and integrate it with all security products in Esri's environment. Demisto also helps identify and close duplicate incidents to reduce time spent on redundant investigations. And when analyst intervention is required, Demisto's ChatOps facilitates collaboration to resolve issues much faster than before using the team's combined knowledge.
"The automation infused into our security infrastructure by Demisto complements our existing SIEM and network monitoring solutions, allowing our SOC team to realize greater efficiencies," said Sean Kohlmeier, Esri incident response lead. "Demisto enables auto-closing of incidents based on correlations and collection of results from other tools that were previously not readily available. Automating these mundane tasks allows our analysts to focus on decision making instead of collecting evidence, reducing a major portion of time our teams previously spent running separate tools and performing repetitive tasks."
"Esri is a good example of how organizations can gain greater efficiency in their SOC activities and automate response to incidents by using automated playbooks, case management and collaboration, and we are pleased to see them recognized for their efforts with a prestigious CSO50 Award," said Rishi Bhargava, Demisto co-founder and VP of Marketing. "Demisto also allows the Esri team to benefit from its auto-documentation capability, reducing the manual documentation process and enabling the analysts to spend time solving problems instead of filling out documents and assembling reports."
Demisto Enterprise's intelligent automation is powered by DBot, a security chatbot. DBot automates actions across security products and correlates artifacts across incidents by using sophisticated patterns and powerful search capabilities. DBot searches through past and ongoing forensic investigations, and proactively alerts the users when duplicate or related incidents are identified. The playbooks were developed by security and incident response experts, following National Institute of Standards and Technology (NIST) and other regulatory documents. To create new best practices, additional playbooks can be created by users to satisfy compliance and audit requirements, or for interactive modeling and training of analysts.
CSO is the premier content and community resource for security decision-makers leading "business risk management" efforts within their organization. For more than a decade, CSO's award-winning web site ( CSOonline.com), executive conferences, strategic marketing services and research have equipped security decision-makers to mitigate both IT and corporate/physical risk for their organizations and provided opportunities for security vendors looking to reach this audience. To assist CSOs in educating their organizations' employees on corporate and personal security practices, CSO also produces the quarterly newsletter Security Smart. CSO is published by IDG Enterprise, a subsidiary of IDG. Company information is available at www.idgenterprise.com.
Demisto helps Security Operations Centers scale their human resources, improve incident response times, and capture evidence while working to solve problems collaboratively. Demisto Enterprise is the first comprehensive, Bot-powered Security ChatOps Platform to combine intelligent automation with collaboration. Demisto's intelligent automation is powered by DBot which works with teams to automate playbooks, correlate artifacts, enable information sharing and auto document the entire incident lifecycle. Demisto is backed by Accel and has offices in Silicon Valley and Tel Aviv. For more information, visit www.demisto.com or email firstname.lastname@example.org.
Demisto is a registered trademark of Demisto in the United States and other countries. All other company and product names are either trademarks or registered trademarks of their respective companies.
Contact: Dan Spalding Email Contact (408) 960-9297