Continuous Intelligence and cybersecurity vendor Sumo Logic has acquired JASK Labs. The deal will see the JASK Autonomous Security Operations Centre (ASOC) integrated into Sumo Logic’s Continuous Intelligence offering. In doing so, it gives Sumo Logic’s existing security solution greater visibility of what is happening in the cloud. More importantly for customers, the deal will speed up the delivery of actionable intelligence that they can quickly consume.
In a statement Ramin Sayar, president and CEO of Sumo Logic said: “Security in the modern world is moving from a human-scale problem to a machine-scale problem.
“Customers are looking for a new approach to help them overcome the pain and complexity around an increasingly perimeter-less world. The JASK team are experts in helping customers navigate this new world. By aligning our efforts as a single team, we are able to democratize security intelligence for all.”
The terms of the deal were not announced. JASK Labs had previously raised $39 million across three separate funding rounds (Source: Crunchbase). While the two companies share a number of investors in common, there is no suggestion this influenced the acquisition.
The growing security challenge of the cloud
Security of assets in the cloud is increasingly becoming a challenge for enterprise IT teams. They lack the tools to give them visibility into both assets on their own site and in the cloud. Additionally, as enterprises move towards a multi-cloud world they are faced with integrating different security solutions.
This is a non-trivial task. It is far more than just importing different feeds into a single Security Information and Event Management (SIEM) solution. The volume of data is just one of the problems. Another is the speed with which information can be imported and then correlated to deliver viable intelligence for security teams. That data then has to be assessed and, at present, security analysts are struggling to make sense of the number of alerts they get.
Agile processes and DevOps are taking advantage of the cloud to deploy applications, services and micro-services faster than ever before. Technologies such as serverless, containers and orchestration are enabling this. The problem for security teams is how to keep all of this secure. DevSecOps is a good thing if you are able to integrate your security into the DevOps process. For many organisations security is unable to keep up with the speed with which DevOps is scaling IT. It is this type of challenge in particular that makes JASK Labs attractive to Sumo Logic.
A demand for automation and actionable intelligence
There is no question that security analysts are struggling to convert security alerts into actions. This is where the combination of Sumo Logic and JASK comes in. Sumo Logic already provides a platform to deal with multi-cloud environments. JASK adds automation and new workflows for security analysts.
To be effective, however, this combination has to do more than simply import data into a super SIEM. Such a move would worsen rather than improve the situation for security analysts.
What Sumo Logic and JASK are saying is that the automation can be used to reduce the number of alerts. It makes it easier to verify alerts and decide on what actions need taking. On its own, this just reduces the number of alerts, albeit making them more trustworthy. What is being promised here is that the alerts sent to the security analyst will contain actionable intelligence.
What is meant by actionable intelligence? Many security alerts just warn that something is wrong or that something has been detected. They do not provide a set of steps to take to remedy the alert. That is left to the security team. Actionable intelligence is different. It provides much more detail on the alert, on the systems that are vulnerable and on what needs to be done to remediate that alert.
Sumo Logic already delivers actionable intelligence through its existing SIEM solution. JASK is delivering a greater degree of automation. More importantly, JASK has been written as a cloud-native application. This means that it is designed to monitor and secure technologies such as containers and orchestration.
Enterprise Times: What does this mean?
There are two schools of thought when it comes to cloud security. The first is to abandon any real effort to secure the cloud and instead hand everything over to a Cloud Security Provider. Given the cost of attracting security staff, this approach appeals to SME’s in particular. However, it is not a long-term solution and does not shift ultimate responsibility for data security. A CSP will make best effort to protect systems but when it goes wrong, liability for any data loss is still that of the enterprise.
Larger enterprises have invested in building their own security processes. They want to deploy these across all systems they are using especially where data is concerned. Part of this requires them to be able to monitor what is happening. The problem they face is how to do that across systems that are architecturally different and where the security tools they are using may not even run. In addition to this, the speed with which cloud can scale means that they are struggling to manage any management data they do get.
This is where Sumo Logic and JASK believe they have the answer. They can deliver a single SIEM solution that is designed for multi-cloud environments. As part of this acquisition they can also automate large amounts of the mundane work that the security analyst is struggling with. Alerts can also be turned into actionable intelligence. This means that IT security teams can quickly provide remediation requirements to operations teams.
At its recent Illuminate conference, Sumo Logic talked about the need to widen its partner ecosystem. This acquisition will certainly help with that.