JASK, the provider of the industry’s first Autonomous Security Operations Center (ASOC) platform, announced new dynamic multi-cloud visibility and workload monitoring features that extend its leadership position as the market’s first cloud-native SIEM.
The enhanced capabilities include advanced analytics expressly designed to process the constantly changing, high-volume data unique to AWS and Microsoft Azure cloud environments. JASK will demonstrate these capabilities at RSA Conference in San Francisco.
JASK is a SIEM in the cloud, for the cloud. The ASOC platform was built in AWS by some of the world’s foremost architects in cloud-native development, including Rob Fry, VP of Engineering at JASK and former lead architect for cloud security at Netflix – the largest public cloud-native company in the world. As a result, JASK ASOC uniquely understands what cloud data to monitor and how to monitor it.
“Legacy SIEM products were designed for use cases and include analytics for traditional on-premises architectures,” said Fry. “The methodologies that power these SIEMs to analyze on-premises data streams from firewalls, proxies and hosts don’t apply to cloud data. With integrations and analytics built for both AWS and Azure, JASK ASOC provides organizations with unprecedented visibility into cloud environments because it understands how to monitor cloud data, where workloads may come and go within hours or minutes and clusters it with on-premises data to streamline analyst workflows.”
As a cloud-native platform, JASK ASOC fully leverages the elastic capabilities of cloud computing, such as horizontal-scaling data-ingestion pipelines, to ensure it scales to handle any data volume that customers desire.
The cloud also affords JASK the processing power necessary for the analytics that provide automated alert triage, ensuring seamless monitoring of both cloud and on-premises infrastructure in a single platform.
JASK ASOC now includes integrations with AWS CloudTrail, AWS GuardDuty and VPC Flow Logs to ingest, aggregate and analyze dynamic workload information about user activity, malicious behavior and IP traffic as part of JASK Insights. For example, JASK ASOC can correlate an alert about an open S3 bucket with information about who opened it and who accessed it to tell security analysts a story about what happened with S3 and address the issue immediately.
JASK ASOC also fully supports the Microsoft Graph Security API to ingest a robust set of Azure cloud data and information related to Microsoft users, applications and events into its advanced SIEM platform.
Through this support, JASK uniquely integrates with Microsoft Azure Event Hubs to stream millions of events per second from OneDrive, Exchange, Azure Active Directory and Office 365 to the ASOC platform for processing, correlation and analysis.