IT security vendor JASK is the latest vendor to offer an Artificial Intelligence (AI) based solution for security teams. It has announced the general availability of JASK Trident at Black Hat in Las Vegas. The company is claiming that Trident can speed up the operational efficiency of security operations by 10x. This is a significant claim that, if accurate, will get it a lot of attention in an increasingly crowded space.
Greg Martin, CEO and co-founder, JASK commented: “With millions of cybersecurity jobs going unfilled, CISOs and managers of security operations centers across industries like financial, manufacturing, healthcare, and retail are looking for ways to improve their teams’ abilities to mitigate cyberattacks. Trident accelerates the rate at which analysts can identify and react to threats and empowers them to make informed decisions faster and with more precision.”
What does JASK Trident do?
Like other AI-based solutions for IT security teams, JASK is aiming to speed up the process of identifying attacks. It refers to this as alert triaging and it is what any AI or machine learning solution is good at. That is, ingesting very large disparate amounts of data, comparing that data to known attack indicators and patterns and refining the data down to key alerts. The massively reduced set of alerts can then be managed by security analysts.
While all of this can be done by the security analyst, the time taken to do just the reduction of alerts is hours if not days. Inside a lot of security teams this grunt work is slowing down the detection of attacks.
Exactly what JASK Trident does, according to the press release is:
- Monitors networks end to end, surfacing and triaging the most relevant attacks using advanced AI, while providing a clear picture of the attack surface.
- Applies machine learning-based analytics to detect potential malicious behaviors by assets and users across the network.
- Offers modern ad-hoc data exploration and visualization capabilities through “notebooks.”
- Allows security analysts to configure any external and internal context enrichment that operationalizes data aggregation to dramatically reduce time to insight.
Using cloud to speed things up
JASK has chosen to make Trident available as a cloud-based solution. The advantage of this is access to processing and storage resources. What is not clear is whether customers get a unique instance, a fully shared or public instance or a hybrid instance. This will be important to a lot of potential customers.
A fully private instance would need continuous access to public security intelligence. Using a fully shared or public system would raise questions over anonymisation of data sent to the cloud. A hybrid solution is what most customers will want. It will allow them to collate their logs in the cloud and have Trident access the logs to do the triage. It would allow Trident to use a growing common set of security intelligence while retaining customer data security.
Trident is built on open source technology. This will allow customers to integrate it with their existing tools. This will appeal to those customers who want to add an AI solution without being forced down a vendors entire security stack.
What does this mean?
There is a growing move to use AI for security intelligence. It’s ability to ingest, process and analyse vast amounts of disparate data at high-speed is highly desirable. This is not just about refining the mass of alerts down to a critical few. It is about allowing security analysts to bring their human intelligence to bear on the problem in a timely fashion.
This is becoming a very crowded market. It seems every week brings the announcement of a new AI, machine learning or cognitive solution for security teams. The question is how many of these will be around in three years? Some will survive and grow, others will be acquired by larger vendors and many will quietly fail. At the moment it is far too soon to know which fate is waiting for JASK Trident.