WavebreakmediaMicro - Fotolia

JASK buy may boost security analytics in Sumo Logic SIEM

Sumo Logic has acquired JASK, an automated SOC that will be most useful for security analytics and alert reduction features within Sumo Logic's SIEM.

The consolidation between IT operations management and security operations vendors continued this week with Sumo Logic's acquisition of JASK security analytics for SIEM.

JASK, a privately held company in Austin, Texas founded in 2016, has about 100 employees. All will join Sumo Logic's security engineering team, according to a Sumo Logic press release, and JASK CEO Greg Martin has been named vice president and general manager of Sumo Logic's security business unit. Terms of the acquisition were not disclosed, but JASK had amassed a total of $39 million in venture capital funding, according to company disclosures.

JASK bills itself as an automated security operations center (SOC), but Sumo Logic customers say its major value lies in the security alert reduction and correlation features it can add to Sumo Logic's security information and event management (SIEM) software.

"JASK is a kind of virtual SOC, an AI engine that overlays Sumo Logic's log data, and escalates alerts," said William Dougherty, VP of IT and security at Omada Health, a behavioral healthcare provider in San Francisco, which uses Sumo Logic for operational log collection and analysis, and some security log collection, but looks to Threat Stack for SOC capabilities. "It will be useful, as Sumo Logic's security toolset has historically been weaker than its operations analytics."

Sumo Logic first rolled out a security analytics platform three years ago, and added SIEM features in September 2018. JASK brings further security analytics IP and machine learning algorithms to the product, and a network of channel partners and MSPs that offer SOC services to customers. JASK has its own tech support team as well, but two-thirds of its business came through channel partners in the first quarter of 2019.

[It] will extend the toolset SecOps staff are already using, and offer better context for data from a security perspective.
Bill DoughertyVP of IT and security, Omada Health

Such third-party services are a tougher sell for Dougherty, who prefers Threat Stack's internal SOC team.

"It's tough as a customer to have two or three partners instead of one, because it's more likely there's finger-pointing when something goes wrong," he said. The largest enterprise Sumo Logic customers are more likely to run their own SOC than to outsource it to a vendor or MSP, he said.

Still, news of Sumo Logic's acquisition of JASK is welcome for Dougherty.

"It's a great move for them, and will extend the toolset SecOps staff are already using, and offer better context for data from a security perspective," he said. "It's good to see them investing in their business."

JASK may not replace Threat Stack for SOC functions in his shop, but Dougherty added he's interested in investigating the available integration between the two tools, which became available in June.

A maelstrom of security analytics products

Still, the demand for a single source of data and analytics for both IT ops and security data is clear, analysts said, and the most competitive vendors in the space long-term will be those that offer effective aggregation and curation points for such data.

"The real game, especially for security vendors, is in the market's data problem," said Charles Betz, analyst at Forrester Research. "The vendors who are going to matter at the end of the day are the ones who are playing the role of Bloomberg, Reuters and Dunn & Bradstreet in IT -- analyzing and curating common data sets."

Still, Sumo Logic has plenty of competition in that area, as DevSecOps goes mainstream and enterprises look to drastically reduce the number of tools they use and vendors they buy from. Most immediately, it must catch up with Splunk, which has an enterprise security SOC product that has been in production for years. Splunk Mission Control is also in beta, and there's Elastic, which is still polishing its security integrations and interfaces but has all the pieces in place, from a SIEM tool rolled out this year to data collectors for both back-end servers and endpoints.

More broadly, Sumo Logic must rise above the noise of a whole universe of vendors, occupying several points of focus along the Agile and DevOps workflow stream, that now look to build in security, from Atlassian in the Agile software planning market to AIOps and IT automation vendors such as Flexera.

However, the days when security and IT ops duplicated efforts are long gone, Betz said, and IT operations management (ITOM) tools have won the battle when it comes to which side will handle data collection and analysis prior to security enforcement functions.

"Security has to use ITOM tools for data collection," Betz said. "There always has to be some level of independence for the security team, but security vendors largely haven't been able to keep up in data management."

Dig Deeper on IT operations careers and skills