Summary

The modern security operations center (SOC) is besieged by chronic skilled labor shortages, exploding volumes of security alerts, and expectations of board-level reporting of significant security incidents. JASK's technology integrates application, directory, log and network data to power artificial intelligence (AI) and machine learning (ML) engines in automating event investigation activity and reducing the impact of alert storms. The company enables SOCs to optimize human analyst resources, allowing experts to spend more time hunting down threats because they spend less time on mundane data-processing tasks.

The 451 Take

The modern SOC juggles demands for minimizing damage from threats, maintaining the infrastructure of security products, and practicing good hygiene by proactively closing vulnerabilities. All of that activity typically ends up in a workflow for human experts to resolve. JASK applies AI and ML techniques to process information much like a tier one or tier two security analyst would do. Lots of vendors claim that, though. We believe the true sustaining differentiation lies in how the company's service unifies application operations data, directory access data, log data and network traffic that drives analytics and SOC workflows. Possession of the data in JASK's cloud service gives the vendor the potential opportunity to penetrate deeper into customer accounts with enhanced AI/ML insights, advanced threat detection and automated workflows.

Context

JASK was founded in 2015 with the vision of modernizing security operations centers. In particular, artificial intelligence and machine learning are key innovations in allowing the company to automate repetitive data collection and analysis tasks. Analysts then have more time to hunt threats, create security services and reduce risks for the business.

The vendor has offices in San Francisco and Austin, Texas, and has taken in $39m in venture capital, including a $25m series B round in June. JASK counts Battery Ventures, Dell Technologies Capital, Kleiner Perkins, TenEleven Ventures, Draper Nexus and Vertical Ventures as primary investors.

 

Products

JASK first started shipping its Autonomous Security Operations Center (ASOC) product in 2017. Since then, ASOC has rung up more than 20 paying customers, including Encompass Health, the University of Lethbridge, IDT and Veeva Systems. It is noteworthy that in addition to augmenting traditional security information and event management (SIEM) deployments, ASOC has also reportedly displaced legacy SIEMs such as Micro Focus ArcSight and Splunk Enterprise Security.

ASOC streams data from on-premises collectors up to its Elastic-based storage clusters hosted in the AWS cloud. AI/ML algorithms condense vast amounts of data into a lesser number of streamlined signals representing a combination of events and activities that SOC analysts should investigate. The multi-tenancy aspect of cloud storage frees security operations from managing SIEM datacenters, allows capacity to scale to support new analytics and data sources, and provides JASK the opportunity to readily apply threat knowledge gained from one customer experience across all of its customers.

The inclusion of network traffic in the ASOC architecture is an attractive feature. ASOC uses open source Bro packet capture filtering to lessen parsing overhead of network traffic. Given the high bandwidth of network traffic, it makes sense to employ Bro to remove extraneous information from the network while allowing JASK to control the amount of storage necessary for analyzing network data. Too much network data needlessly consumes resources – too little removes the opportunity for greater insight into alerts.

The primary value of ASOC is its ability to automate alert validation work, using AI/ML to condense large numbers of alerts into a manageable level of signals. Each signal comes with correlated information pre-packaged from ASOC, allowing security operations to quickly address problems. A lower-level SOC vendor would have to consult logs for such linkages as IP addresses, servers logged into, critical data accessed, external domains in the communications path, and the like. The use of AI/ML promises to reduce the mean time to detect and remediate metrics.

JASK prices ASOC by the number of employees, avoiding consumptive pricing models governed by the amount of data or alerts generated. We like this strategy – as a young company, its emphasis should be on capturing new accounts. JASK will have years to upsell new products and services to grow revenue.

 

Competition

Our Voice of The Enterprise: Information Security, Budgets and Outlook 2017 survey research showed that two of the top five security pain points were 'accurate, timely monitoring of security events' and 'staffing information security.' In a highly contested security operations market, JASK addresses persistent SOC problems that most enterprises struggle with.

We see the company's rivals coming from three different directions:

  • SIEM vendors, backed by compliance mandates, have formed the core of a SOC strategy for decades. It is our belief that every enterprise approached by JASK sales channels will have a SIEM deployed with workflow features that ASOC will have to either augment or replace – JASK will have to earn every single customer. The SIEM sector is led by the big three of IBM, Micro Focus and Splunk, which are challenged by the likes of ATT/AlienVault, Datadog, Exabeam, Gravwell, LogRythym, McAfee, Rapid7, Seceon, Securonix and Sumo Logic. Of these, Splunk with Phantom automation and orchestration and IBM with QRadar and Resilient will represent the stiffest competition.

  • Practically all of the security automation and orchestration (SAO) providers feature the ability to condense alerts, optimize security workflows and help SOC experts spend more time improving the security profile. SAO firms use terms such as playbooks and cases to define workflows in a manner suitable for customization. While JASK can send insights to a SAO platform such as Splunk Phantom or Demisto, experienced SAO vendors that will vie with ASOC's workflow claims include CyberSponse, D3 Security, Demisto, DF Labs, LogicHub, Resolve Systems, Respond Security, Siemplify and Swimlane. Large service providers such as Dell SecureWorks and ServiceNow that extend IT practices with security product lines will also be a factor.

  • The new class of competitors for SOC budget allocations come from the network traffic analytics (NTA) segment. The AI/ML analysis of network traffic promotes the ability to detect and respond to threats in real time, without the requirement to manage data older than 30 days. Each issue NTA detects bubbles up to a SOC workflow for human remediation, which will catch the eyes of enterprises evaluating JASK. We see this dynamic at work with Citrix Security Analytics and FireEye Security Orchestrator, as well as privately held vendors Awake Security, Bandura, Corelight, Darktrace, ExtraHop, Gigamon, ProtectWise, SecBI and Vectra Networks.
Eric Ogren
Senior Analyst, Security

Eric Ogren is a Senior Analyst with the Information Security team. Eric has extensive experience in software development, technology marketing, and as a security industry analyst. Prior to joining 451 Research, Eric held marketing leadership positions with security vendors such as RSA Security and OKENA, and technology vendors such as Digital Equipment.

Jeremy Korn
Research Associate

Jeremy Korn is a Research Associate at 451 Research. He graduated from Brown University with a BA in Biology and East Asian Studies and received a MA in East Asian Studies from Harvard University, where he employed quantitative and qualitative methodologies to study the Chinese film industry.

Aaron Sherrill
Senior Analyst

Aaron Sherrill is a Senior Analyst for 451 Research covering emerging trends, innovation and disruption in the Managed Services and Managed Security Services sectors. Aaron has 20+ years of experience across several industries including serving in IT management for the Federal Bureau of Investigation.

Want to read more? Request a trial now.