LLMpediaThe first transparent, open encyclopedia generated by LLMs

Demisto (company)

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: FireEye Hop 4
Expansion Funnel Raw 1 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted1
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Demisto (company)
NameDemisto
TypePrivate
IndustryCybersecurity
FateAcquired by Palo Alto Networks
Founded2015
FoundersEmmanuel Marot, Slavik Markovich
HeadquartersMenlo Park, California
Key peopleRaman Karanam, Emanuel Marot, Slavik Markovich
ProductsSecurity orchestration, automation, and response (SOAR), case management, playbooks

Demisto (company) was a cybersecurity startup that developed security orchestration, automation, and response software intended to accelerate incident response and streamline security operations center workflows. Founded in 2015, the firm offered a platform combining automated playbooks, case management, and collaboration features targeted at enterprises, managed security service providers, and government agencies. The company gained attention in the cybersecurity industry and was acquired by Palo Alto Networks in 2019.

History

Demisto was founded in 2015 by Emmanuel Marot and Slavik Markovich, entrepreneurs with prior experience in application security and systems engineering. The company established headquarters in Menlo Park, California, while maintaining engineering teams in Israel, reflecting ties to Silicon Valley and the Israeli cybersecurity ecosystem that also produced firms like Check Point Software Technologies, Palo Alto Networks, and CyberArk. Early growth was driven by interest from security operations teams at technology firms including LinkedIn, Slack, and Symantec, as well as interest from financial institutions and healthcare providers reacting to breaches and compliance incidents such as those involving Equifax and Anthem.

During 2016–2018, Demisto expanded its product offerings and integrated with a growing list of security vendors including Splunk, CrowdStrike, FireEye, and Microsoft. The company raised venture capital from investors such as Greylock Partners, Sequoia Capital, and CRV, joining peers like Tanium and Cylance in the enterprise security funding landscape. In 2019, Palo Alto Networks announced the acquisition of the company to augment its security operations portfolio, integrating capabilities alongside products from companies such as Evident.io and RedLock.

Products and Technology

The core offering was a Security Orchestration, Automation, and Response (SOAR) platform that combined automated playbooks with human-in-the-loop workflows, ticketing-style case management, and real-time collaboration features similar to those in Slack, Microsoft Teams, and Atlassian products. The platform provided integrations with threat intelligence providers like Recorded Future and Anomali, endpoint detection tools such as Carbon Black and CrowdStrike, and network security products from vendors like Fortinet and Check Point.

Demisto's playbook engine used an orchestration framework that supported Python scripting and REST API connectors to integrate with security information and event management systems like Splunk, LogRhythm, and IBM QRadar. The product emphasized alert triage automation, remediation actions (for example, using APIs exposed by Cisco, Juniper, or Palo Alto Networks firewalls), and case workflow management that interfaced with IT service management systems like ServiceNow and JIRA. The company also developed a community-driven marketplace of playbooks and integrations, analogous to ecosystems led by vendors such as Elastic and Red Hat.

Architecturally, the platform combined a web-based console for analysts, chat-based incident collaboration, and backend orchestration services that could be deployed on-premises or in cloud environments provided by Amazon Web Services, Microsoft Azure, and Google Cloud Platform. The design sought to reduce mean time to response (MTTR) metrics commonly tracked by security operations teams at institutions like banks, healthcare systems, and retail chains.

Market and Customers

Demisto targeted security operations centers (SOCs) within enterprises across sectors including finance, healthcare, retail, and government. Notable customers and partners included large technology companies, multinational banks, and managed security service providers (MSSPs) who required scalable orchestration capabilities. The company competed in a market alongside vendors such as Swimlane, Siemplify, Rapid7, and Phantom (acquired by Splunk), while also collaborating with incumbent network and endpoint vendors.

The platform appealed to organizations focused on incident response maturity models used by CERT teams, Computer Emergency Response Teams, and security organizations within universities and research institutions. It addressed compliance-driven use cases influenced by regulations and standards like PCI DSS and HIPAA, and was adopted by enterprises seeking to automate repetitive tasks commonly handled by security analysts.

Funding and Corporate Structure

Demisto raised multiple rounds of venture capital prior to acquisition, with participation from prominent firms in the Silicon Valley investment community. Investors included Greylock Partners, Sequoia Capital, and CRV, placing Demisto among a cohort of cybersecurity startups that secured mid-stage funding to scale engineering and go-to-market operations. The corporate structure featured dual operations in the United States and Israel, enabling a blend of sales, marketing, and customer success functions in Menlo Park and engineering and research centers in Tel Aviv and other Israeli tech hubs.

Following the 2019 acquisition, Demisto's assets and teams were integrated into Palo Alto Networks' products and business units, aligning with the acquirer's strategy of expanding cloud-delivered security services and enhancing the Cortex product suite.

Acquisitions and Partnerships

Before being acquired, Demisto established partnerships and integrations across the cybersecurity ecosystem, working with vendors such as Splunk, CrowdStrike, FireEye, Microsoft, Cisco, and ServiceNow. The company maintained a technology partner program that enabled joint go-to-market efforts with platform and channel partners including Amazon Web Services, Google Cloud Platform, and VMware.

In 2019, Palo Alto Networks announced the acquisition of Demisto, folding its SOAR capabilities into the Palo Alto Networks Cortex portfolio to strengthen threat detection and automated response offerings. This acquisition joined a wave of consolidation in the security market that included deals involving vendors such as Splunk with Phantom, and Cisco with Duo Security.

Security Research and Community Contributions

Demisto fostered a community of security practitioners who contributed playbooks, integrations, and use-case templates via a marketplace model, encouraging crowdsourced automation similar to contributions seen in open-source projects maintained by organizations like the Apache Software Foundation and Linux Foundation. The company published white papers, case studies, and blog posts addressing incident response methodologies and automation best practices used by incident responders at CERT, SANS Institute alumni, and major enterprise SOCs.

Security research tied to the company emphasized operational workflows, threat hunting techniques, and automation strategies to combat threats from notable adversaries and campaigns tracked by threat intelligence teams such as Mandiant and CrowdStrike. After acquisition, many of these community contributions continued through Palo Alto Networks' developer and developer-community initiatives, expanding the reach of automated response content across the industry.

Category:Cybersecurity companies