JASK,
the provider of the industry’s first cloud-native SIEM platform, today
announced a partnership and technology integration with Corelight,
provider of the most powerful network visibility solution for
cybersecurity. Through the integration between the JASK Autonomous
Security Operations Center (ASOC) platform and Corelight Sensors, joint
customers can unlock new threat detection capabilities and dramatically
accelerate incident response times.
Alert fatigue caused by the overwhelming volume of data and alerts is
impacting today’s security operations center (SOC) teams’ efficiency and
ability to reduce operational risk. The joint solution combines
Corelight’s network security monitoring capabilities with JASK’s
advanced behavior analytics and automated incident response capabilities.
Customers can stream Corelight’s network logs and extracted files to
JASK for security analysis, producing a finely tuned group of JASK
Insights™, as well as an ability to query Corelight’s underlying logs to
further investigate those Insights. As a result, customers obtain fast,
actionable insight into their network traffic to accelerate incident
response and unlock new threat hunting ground.
“Corelight and JASK bring rich protocol-specific logs together with
other security data sources to both generate meaningful insights and
accelerate those prioritized investigations,” said Brian Dye, chief
product officer at Corelight. “This integration helps overburdened
security teams to be more productive and puts them in a better position
to protect their organizations.”
The integration provides three distinct security capabilities and
workflows based on the following use cases:
-
Reducing Alert Noise, Accelerating Incident Response Workflows:
By streaming its logs to JASK, Corelight complements the platform’s
endpoint and application data with critical visibility into the
network attack surface. Security Insights provide a focused set of
high-value, risk-prioritized alerts that append the relevant
environmental context analysts need to quickly assess and respond. -
Unlocking New Hunting Ground for Threat Hunters: Via JASK’s
Investigations workflow threat hunters can dive into Corelight’s
network traffic logs and easily identify suspicious trends and
anomalous network activity such as DNS queries to non-existing
domains, the use of self-signed certificates, and the top bandwidth
consumers by IP address. -
Analyzing Files for Malware: In addition to generating
comprehensive network logs, Corelight Sensors reassemble and extract
files at wire speed. Customers can stream these files (such as PDFs
and executables) to the JASK platform for file analysis to detect
malware using additional 3rd party platforms.
“JASK and Corelight have complementary missions to help security
analysts defend their organizations more effectively and free them to do
the work that truly matters,” said Ken Liao, vice president of product
marketing at JASK. “Our mutual customers will benefit greatly from this
integration, which offers them more meaningful insights, while cutting
down on the noise.”
To learn more about the integration between JASK and Corelight, please
download this data sheet: https://secure.jask.com/SolutionBriefCorelight_CFTYSolutionBrief_Corelight.html
About JASK
JASK is modernizing security operations by
delivering an advanced SIEM platform that provides better visibility,
better automation and a better architecture. Built on cloud-native
technologies, the JASK Autonomous Security Operations Center (ASOC)
platform streamlines security analyst workflows by automating many of
the repetitive tasks that restrict productivity, freeing them for
higher-value roles like threat hunting and vulnerability management,
while addressing the escalating talent shortage. www.jask.com
View source version on businesswire.com: https://www.businesswire.com/news/home/20190507005163/en/