Devo and Detecteam unite to automate detection for cyber teams

Devo has announced a strategic technical partnership with Detecteam to provide an integrated solution aimed at automating and enhancing detection engineering for security teams.

The collaboration brings together Devo's security data analytics and threat detection capabilities with Detecteam's REFLEX platform, which specialises in attack simulation and detection lifecycle management.

The partnership was formed in response to increasing challenges faced by security teams, who often struggle to keep pace with rapidly evolving cyber threats and the demands of creating, validating, and deploying effective threat detections.

According to the companies, the integrated offering enables security teams to automate the entire detection lifecycle. The approach incorporates real-world attack scenarios and continuous validation, which allow for automatic generation, deployment, and testing of detections in real time.

This is designed to transform processes that typically require weeks of manual work into more dynamic and responsive workflows, the companies said.

Michelle Abraham, Senior Research Director, Security and Trust, for IDC, commented on the challenges that security teams face with detection and response technologies. 

"In IDC's Worldwide Views on SIEM Survey, 34% of respondents reported that needing staff dedicated to SIEM was one of the greatest challenges to using the full capabilities of their SIEM," Abraham said. "The Devo and Detecteam partnership reduces that strain by empowering security teams to automate detection engineering without requiring dedicated resources."

The integrated solution is structured to deliver several operational benefits, including quick adaptation to emerging threats through the rapid transformation of threat intelligence into actionable detections, as well as proactive validation that ensures Devo's detections are tested continuously against real-world attack scenarios.

The solution also aims to address expertise shortages in the sector. Integration between Devo and Detecteam is expected to accelerate detection development and deployment by up to 95%, reducing the reliance on specialist personnel and associated costs.

Fred Wilmot, Chief Executive Officer and Co-Founder of Detecteam, explained the practical advantages for customers. "With our joint solution, customers can validate their readiness to face threats and create actionable data and detections in Devo. This partnership removes complexity and manual effort, cutting down critical response time so teams can adapt faster to real-world threats - not just theoretical ones."

Devo has separately announced several new features within its Security Data Platform. The upgraded platform is intended to improve security team workflows across threat detection, investigation, and response functions - collectively referred to as unified TDIR (Threat Detection, Investigation, and Response) workflows.

Key features of the updated platform include accelerated incident resolution through customisable case templates and one-click report generation, which are intended to reduce analyst workload and incident response times. There is also rapid automation deployment, where organisations can deploy playbooks across multiple domains, reducing set-up times for organisations with varied operational environments.

Among the enhancements is the ability to create and deploy custom Python scripts, enabling the automation of complex security tasks and maximising operational efficiency.

Jason Mical, Field Chief Technology Officer for Devo, addressed the ongoing challenge of alert fatigue among security professionals. "Security teams are still overwhelmed by alerts, holding them back from proactive detection and investigation. These platform enhancements, combined with the Detecteam integration, provide security teams with a holistic, automated approach to detections and investigations, reducing the time they spend on repetitive, mundane tasks."