The modern security operations center (SOC) is besieged by chronic skilled labor shortages, exploding volumes of security alerts, and expectations of board-level reporting of significant security incidents. JASK's technology integrates application, directory, log
The 451 Take
The vendor has offices in San Francisco and Austin, Texas, and has taken in $39m in venture capital, including a $25m series B round in June.
ASOC streams data from on-premises collectors up to its Elastic-based storage clusters hosted in the AWS cloud. AI/ML algorithms condense vast amounts of data into a lesser number of streamlined signals representing a combination of events and activities that SOC analysts should investigate. The multi-tenancy aspect of cloud storage frees security operations from managing SIEM datacenters, allows capacity to scale to support new analytics and data sources, and provides JASK the opportunity to readily apply threat knowledge gained from one customer experience across all of its customers.
The inclusion of network traffic in the ASOC architecture is an attractive feature. ASOC uses open source Bro packet capture filtering to lessen parsing overhead of network traffic. Given the high bandwidth of network traffic, it makes sense to employ Bro to remove extraneous information from the network while allowing
The primary value of ASOC is its ability to automate alert validation work, using AI/ML to condense large numbers of alerts into a manageable level of signals. Each signal comes with correlated information pre-packaged from ASOC, allowing security operations to quickly address problems. A lower-level SOC vendor would have to consult logs for such linkages as IP addresses, servers logged into, critical data accessed, external domains in the communications path, and the like. The use of AI/ML promises to reduce the mean time to detect and remediate metrics.
We see the company's rivals coming from three different directions:
- SIEM vendors, backed by compliance mandates, have formed the core of a SOC strategy for decades. It is our belief that every enterprise approached by
JASKsales channels will have a SIEM deployed with workflow features that ASOC will have to either augment or replace – JASK will have to earn every single customer. The SIEM sector is led by the big three of IBM, Micro Focus and Splunk, which are challenged by the likes of ATT/AlienVault, Datadog, Exabeam, Gravwell, LogRythym, McAfee, Rapid7, Seceon, Securonix andSumo Logic. Of these, Splunk with Phantom automation and orchestration and IBM with QRadar and Resilient will represent the stiffest competition.
- Practically all of the security automation and orchestration (SAO) providers feature the ability to condense alerts, optimize security workflows and help SOC experts spend more time improving the security profile. SAO firms use terms such as playbooks and cases to define workflows in a manner suitable for customization. While
JASKcan send insights to a SAOplatform such as Splunk Phantom or Demisto, experienced SAO vendors that will vie with ASOC's workflow claims include CyberSponse, D3 Security, Demisto, DF Labs, LogicHub, Resolve Systems, Respond Security, Siemplifyand Swimlane. Large service providers such as Dell SecureWorks and ServiceNow that extend IT practices with security product lines will also be a factor.
- The new class of competitors for SOC budget allocations come from the network traffic analytics (NTA) segment. The AI/ML analysis of network traffic promotes the ability to detect and respond to threats in real time, without the requirement to manage data older than 30 days. Each issue NTA detects bubbles up to a SOC workflow for human remediation, which will catch the eyes of enterprises evaluating
JASK. We see this dynamic at work with Citrix Security Analytics and FireEye Security Orchestrator, as well as privately held vendors Awake Security, Bandura, Corelight, Darktrace, ExtraHop, Gigamon, ProtectWise, SecBI and Vectra Networks.
Eric Ogren is a Senior Analyst with the Information Security team. Eric has extensive experience in software development, technology marketing, and as a security industry analyst. Prior to joining 451 Research, Eric held marketing leadership positions with security vendors such as RSA Security and OKENA, and technology vendors such as Digital Equipment.
Jeremy Korn is a Research Associate at 451 Research. He graduated from Brown University with a BA in Biology and East Asian Studies and received
Aaron Sherrill is a Senior Analyst for 451 Research covering emerging trends, innovation