Cylance and Demisto: Optimizing Security Operations

The Cylance Axiom Alliances Program is a community of cybersecurity solution providers working together to deliver a prevention-first approach to security.

Unlike other ecosystems built around the assumption of compromise, Axiom vendors are committed to using artificial intelligence (AI) to continuously prevent adversaries from harming organizations by delivering added security controls that, when combined, minimize an organization’s attack surface and enable swift action across the organization’s entire environment, whether it be on-premises, IoT devices, hosted, or public cloud.

Cylance and Demisto

Cylance and Demisto formed a technology alliance to help customers improve their Security Operations Center (SOC) by automating workflow tasks, improving accuracy and response time to alerts and investigations.

Value Statement

The integration between Cylance and Demisto allows organizations to automate significant portions of the alert workflow. This frees up security analysts’ time to focus on more critical tasks and concentrate on more important decisions.

Whenever executives hear of a new emerging threat, their first question is invariably, “Are we protected?” The second question, sometimes panicked, sometimes calm, is, “Why?”

With CylancePROTECT® installed, organizations can be assured of protection for greater than 99% of instances. Protection doesn’t stop there. Demisto Enterprise delivers a complete solution that helps Tier-1 through Tier-3 analysts and SOC managers optimize the entire incident life cycle while auto documenting and journaling all the evidence.

For too long, fearing inadequate collaborating data, SOC analysts have had to switch between several application views to build a story and make decisions around every incident. Through the technology alliance forged by Cylance and Demisto, Cylance technology seamlessly communicates a rich data feed about malicious activity to Demisto.

This enriched data is corroborated with other key findings based on automated playbooks, building out an accurate and dependable evidence board and incident timeline. With the Cylance-Demisto technology alliance, customers can expect to see a measured increase in prevention, protection, and ease of threat management.

Use Case

Lower Mean Time to Respond (MTTR) to Alerts:

  • Challenge: SOC analysts must sort through and prioritize thousands of alerts before performing investigations involving research and correlation, which can be time consuming and prone to error.
  • Solution: With Cylance’s prevention-first methodology, which lowers noise (less infections, alerts, remediations, and re-imaging), and Demisto’s Orchestration Platform that can automate all data aspects, operations, and response actions of alert-based workflows, customers can respond faster with greater efficiency and accuracy to modern threats.
  • Additional Benefit: With the above solution, SOC analysts will get more time back to perform more important tasks for the security organization.

Cylance Axiom Alliances Program

To accelerate achieving these results, Cylance implemented a comprehensive framework to guide the growth and maturation of its strategic relationships. Cylance recognizes the need for tactical success to fuel mutual investment.

Cylance executes on a straightforward engagement model to drive short term wins and build momentum for relationships within its alliance partners and the customer community. This model successfully activates relationships and builds momentum to drive growth.

More information on the program is available HERE.