JASK and Corelight offer new threat detection capabilities and accelerate incident response times

JASK, the provider of the industry’s first cloud-native SIEM platform, announced a partnership and technology integration with Corelight, provider of the most powerful network visibility solution for cybersecurity.

Through the integration between the JASK Autonomous Security Operations Center (ASOC) platform and Corelight Sensors, joint customers can unlock new threat detection capabilities and dramatically accelerate incident response times.

Alert fatigue caused by the overwhelming volume of data and alerts is impacting today’s security operations center (SOC) teams’ efficiency and ability to reduce operational risk. The joint solution combines Corelight’s network security monitoring capabilities with JASK’s advanced behavior analytics and automated incident response capabilities.

Customers can stream Corelight’s network logs and extracted files to JASK for security analysis, producing a finely tuned group of JASK Insights, as well as an ability to query Corelight’s underlying logs to further investigate those Insights. As a result, customers obtain fast, actionable insight into their network traffic to accelerate incident response and unlock new threat hunting ground.

“Corelight and JASK bring rich protocol-specific logs together with other security data sources to both generate meaningful insights and accelerate those prioritized investigations,” said Brian Dye, chief product officer at Corelight.

“This integration helps overburdened security teams to be more productive and puts them in a better position to protect their organizations.”

The integration provides three distinct security capabilities and workflows based on the following use cases:

  • Reducing alert noise, accelerating incident response workflows: By streaming its logs to JASK, Corelight complements the platform’s endpoint and application data with critical visibility into the network attack surface. Security Insights provide a focused set of high-value, risk-prioritized alerts that append the relevant environmental context analysts need to quickly assess and respond.
  • Unlocking new hunting ground for threat hunters: Via JASK’s Investigations workflow threat hunters can dive into Corelight’s network traffic logs and easily identify suspicious trends and anomalous network activity such as DNS queries to non-existing domains, the use of self-signed certificates, and the top bandwidth consumers by IP address.
  • Analyzing files for malware: In addition to generating comprehensive network logs, Corelight Sensors reassemble and extract files at wire speed. Customers can stream these files (such as PDFs and executables) to the JASK platform for file analysis to detect malware using additional 3rd party platforms.

“JASK and Corelight have complementary missions to help security analysts defend their organizations more effectively and free them to do the work that truly matters,” said Ken Liao, vice president of product marketing at JASK. “Our mutual customers will benefit greatly from this integration, which offers them more meaningful insights, while cutting down on the noise.”