This morning Palo Alto Networks announced its intent to acquire Demisto.
Demisto has certainly come a long way since I first met the founders 3.5 years ago. When we sat down together, Slavik and Rishi came armed only with a somewhat unrefined slide deck and a prototype. To give you a sense, the first slide of that deck contains a logo that looked like this:
At the time, I believed the incident response market was ripe for disruption. The majority of spend in this market was (and still is) human capital related. Articles began to increasingly tout the shortage of qualified security professionals. CISOs were warming up to the idea that software can measurably improve the efficiency of their incident response organizations.
Demisto could thus frame itself as an efficiency multiplier against this large, existing headcount spend. Humans are in the loop when needed but can leverage playbooks to orchestrate/automate all of the existing security software and tools that are already in place. Instead of being yet another tool for yet another threat vector, Demisto offers CISOs the unique opportunity to maximize the value they are getting out of their human and software resources.
Demisto taps into what has now become a more obvious trend around the automation of parts of any knowledge worker’s job — from development to sales to more verticalized business processes. It’s not about AI taking jobs away from people or solving the hardest of problems — in fact, it can sometimes be almost the opposite. If software can automate or give employees accelerators for just a fraction of the mundane work they have to do each day, they now have additional time to focus on more impactful and more intellectually stimulating work. Over time, if the system is able to learn and make recommendations based on the behavior of experts within an organization, the performance of all employees improves.
It was this vision that the Demisto founders painted in my mind that motivated me to write the first check into the company and lead Demisto’s Series A.
It was not that others didn’t recognize the need in some basic way — it’s not as if Demisto has no competitors. Demisto, in my opinion, simply has always had a differentiated depth of understanding of the opportunity in front of them as well as a differentiated approach to tackle it.
Demisto has a differentiated team — Slavik, Guy, and Dan had all worked together for over a decade (and all 3 had worked with Rishi for 4 years), and each had unequivocally proven prowess in their respective functional areas. To this day, Demisto continues to hire some of the best talent across the globe.
Demisto has a differentiated product — the team understood from the outset the value of the data being collecting as the lifeblood of process improvement and automation. They built in product features like messaging that may seem trivial or non-core but are essential to understanding the flow of information around a security incident in totality.
Demisto even has a differentiated go-to-market — while Demisto successfully employs direct and indirect enterprise sales efforts, they enjoy a significant number of inbound leads through its free edition and engagement with the digital forensics and incident response community.
I couldn’t be happier for Dan, Guy, Rishi, Slavik and the rest of team Demsito! With Palo Alto Networks’ reach and support, Demisto has a differentiated future ahead — an opportunity to have reach and impact at a much broader scale and on a platform at the very heart of the security strategy for many companies.
While I will miss working with the Demisto team, I am grateful to have been on part of their journey and am excited for what lies ahead for them.