ASOC Goes Beyond SIEM

If you had a chance to stop by JASK’s booth at BlackHat a couple of weeks ago, you might have had an opportunity to catch a glimpse of our new UI.  It’s a modern take on “leveling up” what’s important to SOC analysts and drives their focus on any given day.. If you haven’t seen our new UI, fear not… now that the JASK team had a chance to recover from the tribulations of “hacker summer camp”, we have taken the initial feedback we’ve received during the demos and finalized the improvements to rollout this out to our customers.  These new changes are coming this week!

Below is a review of what’s new and exciting in this latest update, but most importantly, we share some of the thinking and motivation behind the new features.

Rethinking Modern SOC Dashboard and Workflow

The most important aspect of the new landing page is its purpose. Instead of focusing primarily on statistics about data, we have given higher prominence to the inner workings of the insights produced by the ASOC platform…

Our objective is to not only describe the information coming in from customer environments, but to support the success of security operations teams by helping them with managing the automation on top of it.

JASK’s new ASOC dashboard is tasked with observing the entire flow from incoming source data to remediation steps.

In specific terms, this means more granular views into JASK Signal and Insight generation, clearer contextual understanding of attack progression along the kill chain, and better exposure of the daily beat of SOC teams using JASK, including the actions launched from within.

There are quite a few forward looking changes in the application, from the new Navigation Bar and improved Search panel, to elevation of the latest AI-derived Insights to the front page. (“What should I be working on first,” you ask? Well, now we have that covered.)

That being said, there are a couple of new views worth spending a bit more time on: Activity Stream and Signal Generation charts. Let’s dig in.

Activity Stream

The idea behind the Activity Stream is to bring front and center the daily operations of your team. Did someone leave a comment? Create a new Rule? Launch an Action? The ‘daily business’ of your teammates is now available as a stream of activity in real time.

Signal Generation

At JASK, Signals are notable events which may be generated from the following types of content:

  • Alerts generated by 3rd party detection tools,
  • Threat Intelligence feeds (Crowdstrike, Anomali, Open Source, etc)
  • Customer and JASK defined Patterns (“Rules and Heuristics”)
  • Anomaly Detection (Machine Learning based behavioural detections).

Signals Over Time shows what type of content have been generating Signals daily in the past two weeks. The time aspect of this chart helps with better understanding Signal generation activity from historical perspective. Whether you plug in a new Threat Intelligence source, or disable a particularly noisy (and useless) Pattern, it’s easy to observe the impact the changes make in terms daily Signal volume.

Signal Coverage by Attack Stage is a 2-day snapshot presented as a Marimekko chart. In a single view, it answers a handful of very important questions:

  • How well does my detection toolkit adhere to popular standards, like MITRE ATT&CK or the stages of Cyber Kill Chain?
  • What are the gaps in the detection coverage, and which areas might be over-represented?
  • What type of content is helpful in which detection category?
  • What might be the opportunities for improvement in coverage?

A well thought out visualization can pack a lot of useful information into a small area on-screen, and that’s exactly what we’re after with this view.

“Wait, You’re Telling Me Something Might Need Work?”

It’s important to admit that we will always be in a constant state of improvement, so customer feedback on what works and does not is paramount to our team! At JASK, we strongly believe that transparency is key to customer’s success. Highlighting potential gaps is our way to reiterate the commitment to our customers to continue working together, in order to improve not only our customers’ experience, but our capabilities as a vendor as well. We believe that everybody wins when we’re transparent about what we do and how we do it.

So, let us know what you think! Does the new direction resonate based on your experience? What can we do better? Is anything missing? Let is know at [email protected]

As always, stay in touch as we press on with rolling out new features and improvements.

Share on