1-800-335-0403 Blog Careers Contact Us
Post

Beyond SIEM, Beyond Orchestration


JASK AND DEMISTO FOR AUTOMATED SECURITY OPERATIONS AND INCIDENT RESPONSE

Key Benefits:

  • Welcome to the future of cybersecurity: use two integrated AI-driven Cloud-based platforms to reduce organizational risk and empower security analysts.
  • Reduce triage time and improve MTTR: automatically turn data to Insights, and Insights to immediate actions with AI-driven leaders JASK and Demisto.
  • Ingest rich, correlated, contextual data and alerts from JASK into Demisto for automated playbook-driven response.

New forms of sophisticated cybersecurity threats are continually emerging to target enterprises by utilizing multiple attack vectors and entry points. In this environment, security teams often waste time collecting data from disparate sources; manually correlating this data and performing repeatable tasks. The modern SOC needs security tools that empower analysts with rich, correlated data, and automate repeatable tasks to give analysts the time to and energy they need for incident resolution.

Users can now leverage Demisto’s security orchestration and automation capabilities with JASK’s AI-driven, autonomous security operations capabilities for efficient and accelerated incident response.

 

Integration Features

  • Easily set up an integration to ingest JASK Insights to create incidents in Demisto and trigger automated triage, enrichment, and response.
  • Search for specific JASK Insights, Signals, and entities from within Demisto.
  • Share entity whitelists, blacklists and details between platforms.
  • Leverage hundreds of Demisto product integrations to enrich JASK Insights and coordinate response across security functions.

 

Use JASK and Demisto integrated platforms to collaborate, investigate, and document.


USE CASE #1

Automated insight ingestion, enrichment, and response

Challenge:

SOCs use multiple solutions for data/log enrichment and incident response, making it tough to track the lifecycle of an incident due to transitioning between screens, fragmented information, and lack of single-window documentation. TIER 1 Analysts spend too much time completing manual mundane tasks rather than threat hunting and  resolving incidents.

Solution:

SOCs use JASK for aggregated alerts (“Insights”) and data enrichment and push events to Demisto Enterprise for security orchestration and automation respectively. The modern SOC can automate incident creation in Demisto for each insight type in JASK. It can also trigger playbooks to execute upon incident creation. These playbooks will orchestrate enrichment and response actions across the entire stack of products that a SOC uses in a single screen and seamless workflow.

For example, analysts can create tickets, quarantine endpoints, retrieve pcaps, and send emails as automatable playbook tasks.

Benefit:

JASK’s rich alerts and data coupled with Demisto playbooks can speed up incident triage and resolution. Analysts can get a comprehensive view of the incident’s lifecycle, access documentation from a single source, and forego the need to switch between screens while performing investigation actions.


 

USE CASE #2

Interactive, real-time investigation for complex threats

Challenge

An attack investigation usually requires pivoting from one suspicious indicator to another to gather critical evidence, drawing relations between incidents, and finalizing resolution. Running these commands traps analysts in a screen-switching documentation-chasing vicious cycle during an investigationand  after it ends.

Solution

Security analysts can then gain greater visibility and new actionable information about the attack by running JASK commands in the Demisto War Room. For example, if playbook results show signal details from JASK, analysts can get a list of records related to that signal and access entity whitelists by running the respective JASK command. They can go directly to JASK to drill-down on that specific signal. Analysts can also run commands from other security tools in real-time using the War Room, ensuring a single-console view for end-to-end investigation.

Benefit

The Demisto War Room and JASK’s easy access to data allows analysts to quickly pivot and run uniquecommands relevant to incidents in their network from a common window. All participating analysts will have full task-level visibility of the process and be able to run and document commands from the same window. They will also prevent the need for collating information from multiple sources for documentation.

 

About JASK

JASK is modernizing security operations to reduce organizational risk and improve human efficiency. Through technology consolidation, enhanced AI and machine learning, the JASK Autonomous Security Operations Center (ASOC) platform automates the correlation and analysis of threat alerts, helping SOC analysts focus on highest-priority threats, streamlining investigations and delivering faster response times.

 

About Demisto

Demisto is the only Security Orchestration, Automation and Response (SOAR) Platform that combines orchestration, incident management and interactive investigation into a seamless experience. Demisto’s orchestration engine automates security product tasks and weaves in human analyst tasks and workflows. Demisto Enterprise, powered by its machine learning technology, acquires knowledge from the real-life analyst interactions and past investigations to help SOC teams with analyst assignment suggestions, playbook enhancements, and best next steps for investigations. The platform (and you) get smarter with every analyst action. For more information, visit www.demisto.com or email [email protected].

 

Share on
CLOSE