Heather Wright was in San Jose as a guest of NetEvents
As security analysts become increasingly overburdened by the volume of alerts coming in from multiple cybersecurity systems, one startup has developed an AI-powered autonomous security ops platform to streamline the process while retaining the human element.
Jask, a two-year old Silicon Valley startup, has developed a platform which automates the correlation and analysis of threat alerts to help security analysts focus on the highest-priority threats.
“We are not solving a problem, we’re solving the problem, which is the human impact of cybersecurity,” explained Jask chief marketing officer Greg Fitzgerald. “The key is that humans are not scalable. They’re now dealing with more than they can possibly imagine in terms of all these alerts.”
The firm’s platform ingests data from multiple security systems within an organisation, along with network, user device and application data (including information from the cloud), and provides an intelligence layer that visualises all stages of the cybersecurity scenario, finding connections between events and providing ‘insights’ on those threats.
Subsequently, security analysts are presented with a raft of visualised intel in the form of circles made up of segments, or in Jask terms ‘signals’. Those signals represent actions on the network, such as a lateral movement with increased traffic or failed logins.
According to Jask, on their own the signals might mean nothing and may have been too insignificant to have raised a flag for a security analyst, but when interrelated with other events could potentially indicate a security incident.
“We’re applying very very smart algorithms and use cases, such as what does a DDoS attack look like? What is ransomware? What does an Active Directory attack look like?” Fitzgerald added.
Using data from existing customers, the Jask platform identifies potential correlations and interlinked events and finds connections, Fitzgerald said would be overlooked by humans to create the insights.
He said analysts on average worked with information from 17 cybersecurity products in a company, with each one producing alerts that need following up. Wading through those alerts, finding the relevant information and determining whether to escalate an issue to the next level takes time – with research showing incident response times of around 180 to 200 days.
“By then the bad guys have come and gone,” said Fitzgerald, noting that Jask applies artificial intelligence and machine learning in order to make the human – rather than the product – smarter.
“It’s evolved to where the technology is no longer to make a widget, but to make it so humans can digest information that is physically impossible to collect in a very quick amount of time,” he said.
Fitzgerald said humans remained a critical element to the system.
“Jask tells you there’s a problem. But where you start is your choice. Who works on it is your choice. We just say you have a problem with these 11 security alerts going into one insight,” he said.
“The computer doesn’t make a decision. We leave that to a human to discern because what happens in one company will mean nothing to one industry but everything for another and only a human has the ability to discern that,” Fitzgerald said. “Humans are still smarter than computers.”
A cloud-based application hosted on Amazon Web Services, Jask – the name is taken from Just Ask – was co-founded by Greg Martin, who also founded threat intelligence platform company ThreatStream, now known as Anomali, and Damian Miller.
The company, which merged from stealth a year ago, with US$12 million in funding from investors including Dell Technologies Capital and TenEleven Ventures, has just released new enhancements to the platform, including a one-click discovery of a compromise via the Task Navigator investigation console; multi-asset data ingestion; query flexibility and analyst team workflow support.