Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    JASK Applies AI to Security Incident Analysis, Management

    By
    Wayne Rash
    -
    May 24, 2018
    Share
    Facebook
    Twitter
    Linkedin
      RASK Security Analysis

      SAN JOSE, CA—Imagine a security analysis platform that can comb through the thousands of alerts you’re getting from your intrusion detection system, your firewalls and your log files and look for connections between seemingly minor events to develop a picture of what may become a major security incident.

      Then imagine that it uses that information to present an evaluation of the potential security incident in a way that lets you see that the threat may be along with correlated data.

      This is exactly what JASK (and acronym comprised of “Just Ask”) is intended to do. JASK can accept input from a variety of security appliances, software packages, log files and combine it with a vast database of previous security incidents as well as warnings from security services and then look for patterns.

      It learns from patterns previously seen from other JASK users to analyze and evaluate those incidents. Then it presents them with its appraisal of the threat level and the degree of confidence. A security analyst can click on the display of an evaluated series of incidents to get a detailed explanation of the factors that prompted the system to display an alert.

      “We have a huge corpus of knowledge,” explained Greg Fitzgerald, CMO of JASK. He added that because each organization is different, JASK will still have a learning curve as it begins being used in a new organization, but “It gets smart fast,” he said.

      While I was discussing a demonstration of JASK at the NetEvents conference at the Hayes Mansion here, I saw what the company calls an “Insight” presented as an insider threat. The Insight was a circle with several small segments, each with a level of severity indicated by color. Those segments are called “Signals” and they represent a particular action taking place on the network that taken together can indicate a security threat.

      Click on each one of those segments and it spells out exactly what happened. In one case it might be a series of failed logins. In another it might be a series of horizontal network connections that don’t normally exist. Or it might be a large data transfer.

      The segments, or Signals, in themselves might be minor, but it’s the correlation that makes them important enough to become an Insight. In the case I was looking at, the Insight revealed an IP address, which revealed the identity of a specific employee’s workstation. In this case it even had the employee’s photo.

      The confluence of information was enough to warrant a discussion with the employee, but the fact that the person’s photo was included also meant that it was possible to tell if the employee assigned to that workstation was actually the one using it. This could have been a disgruntled employee getting ready to leave the company, but it also could have been someone else at that employee’s workstation, quietly stealing data while the employee was away.

      What’s important about the JASK software is that it can discover events that would probably never be noticed by a human analyst that’s confronted by thousands of incidents on a daily basis. In the demonstration incident I saw each of the individual Signals that made up the Insight was too minor to come to the attention of an analyst. It was only when they were examined together that their importance became apparent

      This sort of pattern is very common for major security breaches. A series of small incidents, perhaps a phishing email sent to an administrative employee that harvests credentials, followed by an email to the CFO or the CEO designed to elicit a cash transfer might get the attention of a security analyst if the events had been noticed.

      But tie that to a hacking incident that reveals the employee phone book and then to a series of other phishing emails that weren’t acted on, along with emails from an outside server spoofed so that they seemed to be from an inside server are all indications that an attack is about to begin.

      A warning like that, received in a timely manner, would be crucial to preventing a breach. It may also point up potential security weaknesses that can be fixed before serious data loss happens.

      What makes JASK unusual, along with the machine learning and AI that allow it to make those correlations, is the fact that it doesn’t need to supplant your existing security structure. It makes use of the output of whatever security systems the customer is already using. It can also extract data from your existing log files and from your raw network traffic. All you need to do is provide access.

      JASK is a cloud-based application that lives on Amazon Web Services. It can use data from other cloud services or from on-premises sources. The pricing model for JASK is fairly simple, starting at $100 per user per year with volume discounts for larger organizations. Fitzgerald said that the largest customer is a Fortune 100 company with over 300,000 users, but that it can scale down to single user companies.

      This is a significant step in solving the problem that plagues corporate IT security operations. They have just too much security data and no efficient way to sort through it. Many, if not most, major breaches were obvious when they were analyzed after the fact.  But when they happened the signs were too small to be noticed. Now JASK has found a way to make sure they’re not missed.

      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a freelance writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×