Demisto emerges from stealth with $6M Series A and smart bot to help automate security ops

Demisto, a company founded by four security industry pros, emerged from stealth today with a pretty cool bot-driven security platform and $6 million in Series A.

The round was led by Accel with participation from Cylance CEO Stuart McClure, Lookout CTO Kevin Mahaffey and Bluecoat President Mike Fey, all security industry veterans.

What makes all of these companies so interested in Demisto is that it has created a way  to communicate across a variety of security products in an automated fashion, while providing a way for security personnel with varying levels of experience to communicate with one another inside a built-in chat interface. What’s more, it automates the responses to common security issues inside organizations and leaves an audit trail of all activity for compliance or internal monitoring purposes automatically by capturing all of the interactions inside the chat client.

Demisto chat interface.

Demisto chat interface. Photo courtesy of Demisto.


“If you look at the security space, each company has its own API and UI to run their [product]. What customers don’t have is a cross-product workflow,” Demisto CEO and co-founder Slavik Markovich told TechCrunch. That’s what Demisto is attempting to solve with this product.

One of the biggest issues companies will face moving forward is finding qualified security personnel, says Jake Flomenberg, who is leading the investment for Accel. By providing a way for humans to communicate with each other and for a smart bot to take care of some standard house-cleaning activities around security automatically, it enables the humans in the equation to solve problems faster and more efficiently than they could without the bot.

The bot, known as DBot, can automatically carry out different tasks or a security analyst could interact with the bot by entering commands in the chat client. What’s really interesting though is that the bot can learn based on its interactions to improve the responses and begin to understand best practices and make suggestions based on what it’s learned — and the more data it has, the better it should perform.

For such a sophisticated product, it follows a fairly simple workflow. You start by signing into your company’s security tools such as Palo Alto, Splunk or Carbon Black using your product’s log-in credentials and the bot connects to whatever services you link to.

DBot goes into gear when it receives an incident report from one of the connected services. It attempts to solve the problem by following the steps outlined in a pre-configured playbook. If it is unable to solve the problem on its own or if it requires human assistance, it can communicate the relevant information to a security analyst via the chat client for deeper analysis when required.

You could think of DBot as a trusted third party that works with a company’s security personnel and interacts with them inside the product’s chat client.

The company, which officially launched in July, 2015 currently has 18 employees. It has been in Beta with the product since April 1st and reports having paying customers (although it wouldn’t say how many). The engineering team is based in Tel Aviv with sales and marketing based in an office in Cupertino. The company plans to build out that sales marketing team and go-to market ability with this round of funding.