The JASK ASOC (Autonomous
Security Operations Center) open API platform has broad and flexible ingestion
capabilities to support logs and endpoint/network sources while providing user
and entity attribution. It uses an agentless collection methodology with
passive software sensors that report metadata to the JASK platform and
encompasses three types: network sensor, log sensor and active directory
sensor.Network sensors monitor network segments, extracting
metadata with deep packet inspection. Log sensors are used for the collection
of existing detection tools including SIEM solutions. Data is accepted as
syslog locally while all parsing and processing is done by the JASK cloud
platform. Active Directory Sensors gather information from the AD and extract
event log data from a subset of event log types. This automatically scalable,
cloud-native platform aims to address analyst overload by providing rapidly
digestible information of real-time results, quick search functionality, and
enriched data.The dashboard is clean and modern, housing some
informational widgets with items like insights, entities and signal coverage by
attack stage. They can’t be moved around the dashboard, nor did we see an
option to add custom widgets. Any available insights will be shown at the
bottom of the dashboard. The navigation page is intuitive and keeps the
platform simple, but there did not appear to be a way of reaching documentation
links or a knowledgebase from the portal dashboard.Signals are points of
interest that essentially look at events and build relationships between other
events to stitch together a story for the analyst. This is provided with an
algorithm that monitors events and looks for patterns and correlations. While
investigating, analysts can record comments and see threat intelligence matches
as well as top-to-bottom coverage of all the DNS request information they could
want.Another simplification is the correlation of entities
provided by an insight engine that is running continuous evaluation. This
displays information that analysts can drilldown into to see anything they want
or need to know about an HTTP request. It automatically correlates the flow
with the HTTP record, saving them time with initial investigations.The setup was relatively
straight forward. We were given a different set of instructions from the UI of
the dashboard we were working in, and still were able to find the correct
location of the sensor key within minutes.Starting price is $125
per monitored employee for 1,000 employees. Basic support is part of the SaaS
Agreement. Additional fee-based support includes Gold (12/5) and Platinum (24/7
support and Technical Account Manager) beginning at 20 percent of the license
fee cost.Tested by Matthew Hreben
Content
JASK ASOC
Product title
JASK ASOC
Product info
Vendor: JASK
Price :Starts at $125 per monitored employee for 1,000 employees.
Contact: jask.com
Strength
Automatic scaling.
Weakness
The widgets on the dashboard lack customizability.
Verdict
Strong native cloud SIEM solution with very little setup time compared to your traditional on premises SIEM solutions.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds