JASK Nets $25M for Smarter SOCs

Security3Shield

By: R. Scott Raynovich

Security automation startup JASK today announced it has closed $25 million in Series B funding, led by Kleiner Perkins with participation from early investors, including Battery Ventures, Dell Technologies Capital, TenEleven Ventures, and Vertical Venture Partners. The round brings JASK’s total funding to $39 million.

JASK is targeting a growing problem for security operations professionals: Alert bloat. A proliferation of security information and event management (SIEM) data in security operations centers (SOCs) is generating an overwhelming amount of work for SOC analysts. JASK believes the solution is to aggregate these alerts, apply artificial intelligence to detect anomalies or patterns, and automate detection of real threats, an approach it’s calling the autonomous SOC. 

The Martin-Schlein Connection

JASK reunites an experienced team, including priror investors. CEO and CoFounder Greg Martin is an serial security technology entrepreneur who also founded Anomali (formerly ThreatStream), a pioneer in the threat intelligence field. He was also the chief architect at ArcSight, which was acquired by HPE. He's been a cybersecurity advisor to the FBI, Secret Service and NASA; Chief Information Security Officer (CISO) at Sentinel IPS; and Security Operations practice lead at ArcSight. The team is rounded out by a number of security industry veterans including Chief Marketing Officer Greg Fitzgerald, who was formerly the Chief Marketing Officer of endpoint security company Cylance. 

Ted Schlein, a Kleiner Perkins General Partner, is joining Jask’s board of directors. Schlein has worked in the past with JASK co-founders Martin and Damian Miller, who led the security operations practice at ArcSight through its acquisition by HP. Schlein was the original investor in ArcSight, in addition to other industry players including Carbon Black and Mandiant. ArcSight was acquired by HP for $1.5 billion in 2010.

JASK's Martin started as a self-trained hacker in rural Waxahachie, Texas, where he learned about computers and networks in high school. Perhaps bored with life in small-town Texas, Martin stayed up late chatting on hacker forums. He got his first real-life experience working at an Internet Service Provider (ISP) as a teenager when the ISP was hacked, which energized his passion in cybersecurity. After working for the Secret Service and the FBI with about 50 cases, Martin moved to ArcSight, where he wrote a popular open-source security application called ArcOSI, which automated security intelligence feeds. 

Last year, JASK raised a Series A round of $12 million led by Dell Technologies Capital, with existing investors Battery Ventures and Vertical Venture Partners participating in the round.

Automating Security Analysis

In a recent briefing on JASK, CMO Fitzgerald told Futuriom that the software functions as a security analyst's automated assistant, designed to help speed up the job and free up time for more important tasks. 

"We make data ingest easy and open up the data. An analyst has all the context they need to make a decision. They can label and assign it and we can can learn from that," said Fitzgerald."[Security analysts] can replicate their existing workflow."

The company is targeting one of the largest pain points in the massive security operations business. Currently there's a talent crisis in security operations, with more than 1 million unfilled positions because companies can't find individuals with the skills to be security analysts. Many of these analysts are overwhelmed by the amount of data generated by SIEMs and other security tools. 

Is JASK a SIEM Killer?

The security operations business is also complex, requiring high-level integration of dozens of security apps, a process Futuriom detailed in our SysSecOps report in 2017. These applications generate large volumes of data and alert, but there is not always a way to make sense of the data. Security SIEM tools such as Splunk and ArcSight have become ubiquitous in security organizations, but JASK is proposing to apply higher-level AI and analytics to these tools to speed up the processing of the information. That's a large market. 

One of the questions that evolved at the recent NetEvents conference in San Jose, where JASK was briefing reporters and analysts, was whether the product can replace SIEMs such as Splunk, which some IT sources say has become notoriously expensive. 

Jask's Fitzgerald said JASK won't likely Splunk right way, but he did point out that it could be an evolutionary process. "People are going to leverage JASK in combination with Splunk or they would use it to displace data from Splunk." 

Regardless of whether JASK threatens Splunk or HPE right away, it's clearly a startup to watch that has identified an important new trend in the need to automate SOCs.