X
98233

Sumo Logic gains SOC automation capabilities by reaching for JASK

November 4 2019
by Scott Crawford


Introduction


With a war chest bolstered in May, Sumo Logic has added JASK to its portfolio to heighten competition against strategic vendors in security and IT operations, combining automation with analytics to optimize security operations centers (SOCs). The move should give it a stronger stance versus public rivals as it moves toward its own expected IPO.

Snapshot Snapshot

Acquirer

Sumo Logic

Target

JASK

Subsector

Information security

Deal value

Not disclosed

Date announced

November 4, 2019

Closing date

Announced as closed

Advisers

Momenum Cyber (JASK)

The 451 Take

With a recent valuation that took it into 'unicorn' territory, Sumo Logic has continued to challenge incumbents in security and IT operations by building on its born-in-the-cloud advantages. As the company heads toward an anticipated IPO, its recently augmented funding – now totaling $340m – gives it the ammunition it needs to build out a portfolio that challenges competitors more comprehensively. FactorChain brought a security investigation platform to Sumo Logic in 2018, and JASK boosts this previous investment in an area recently embraced by major incumbents such as Splunk and IBM: security automation and orchestration (SAO). JASK's approach is distinctive from other SAO players, however, in being less of a general-purpose platform applicable to a variety of tasks, and concentrating instead on coupling analytics and automation with security expertise that specifically aims to optimize security operations. This capability is needed when that expertise is at a premium, and security teams are overwhelmed not only with data volume but also with the range of challenges that stretch them to their limits across increasingly complex terrain.

Deal details


Terms of the transaction were not disclosed, but it had been rumored for days before it was announced. JASK had invested heavily in personnel and the channel well before its product had gained significant traction, but a scale-back of this strategy earlier this year suggests a modest valuation for a business that had raised $39m in venture capital, most recently a $25m series B round in June 2018 led by Kleiner Perkins. Sumo Logic, meanwhile, joined the stratospheric ranks of security's already-overweight unicorn contingent with funding recently enhanced by a $110m series G round led by Battery Ventures, and including new investors Tiger Global Management and Franklin Templeton – giving it a billion-plus valuation. The added financing should help in part to support acquisitions needed to grow the buyer's portfolio in anticipation of its planned IPO.

Deal rationale


Security information and event management (SIEM) remains the most important technology for security operations, according to recent 451 Research findings.

Figure 1
Figure 1: Which of the following information security tools are most important to your organization's security operations center? Top 5 responses:
Source: 451 Research's Information Security, Organizational Dynamics 2019

As Sumo Logic continues to boost its stance against public competitors in both SIEM and IT operations, JASK should give it a presence needed to vie more directly with the likes of Splunk, IBM and others that have invested in security automation. These firms recognize that security operations staff are not only often overwhelmed with data, but also face a daunting range of challenges that threaten to exceed the capabilities of human analysts. Automation has accordingly become increasingly visible in security, with approaches ranging from task automation to incident response and investigative workflow, to automating the validation of security controls via techniques such as breach and attack simulation.

JASK has stood apart from several other security automation players by emphasizing the optimization of security operations such as monitoring, triage and prioritization, which aligns with Sumo Logic's primary security segment. It should also complement Sumo Logic's purchase of FactorChain for security investigation, helping to give it a more comprehensive security operations portfolio while also extending its focus on cloud resources, which further supports the vendor's differentiation as one of the original born-in-the-cloud contenders in security and IT operations management.

Target profile


Austin, Texas-based JASK was launched in 2015 by CEO Greg Martin, who was also the founder of threat intelligence platform vendor Anomali and had previously led the security operations practice at SIEM incumbent ArcSight (now part of Micro Focus). CTO Rob Fry, meanwhile, had developed the FIDO open source security operations orchestration platform while with Netflix (FIDO in this case standing for Fully Integrated Defense Operation, not to be confused with the Fast Identity Online authentication alliance).

JASK's Autonomous Security Operations Center product combines analytics and workflows to help automate the triage of alerts and focus analysts' efforts on the highest-priority issues without neglecting the breadth of data available to security operations technologies such as SIEM. The company has taken in $39m in venture capital, with Battery Ventures, Dell Technologies Capital, Kleiner Perkins, TenEleven Ventures, Draper Nexus and Vertical Ventures as primary backers. At the time of its sale, JASK had just under 100 employees, all of whom are expected to join Sumo Logic, where Martin will become VP and general manager of the combined security business going forward.

Acquirer profile


Sumo Logic differentiated early with an entirely cloud-based 'as a service' offering in the SIEM and IT operations information management and alerting sectors. This differed from legacy approaches predicated on the deployment and maintenance of the technology on-premises. Many organizations held to this philosophy in part due to concerns about exposing such sensitive data in the cloud. Sumo Logic overcame those concerns with the values of a cloud-based model: reduced deployment and maintenance burdens in exchange for a subscription-based approach, which reduces time to value for customers and also enables the provider to bring new features to market quickly. Its approach directly challenged another disruptor, Splunk, which had upended existing players with its flexible embrace of virtually any operational data via search. Today, many of its rivals have also embraced a SaaS offering, reflecting Sumo Logic's success with the model and its ongoing accessibility to organizations that would otherwise be challenged to embrace such technology and realize its value.

The vendor was founded in 2010 and is based in Redwood City, California. Led by CEO Ramin Sayar and co-founding CTO Christian Beedgen, it currently claims over 2,000 customers for its Continuous Intelligence Platform worldwide. Investors in addition to its series G round backers include Accel Partners, DFJ Growth, Greylock Partners, IVP, Sapphire Ventures, Sequoia Capital and Sutter Hill Ventures.

Competition


The Sumo Logic-JASK combination most notably challenges Splunk, which acquired Phantom in 2018, and IBM's QRadar, which picked up Resilient Systems in 2016. Other competitors in security have also added automation and orchestration to their portfolios, notably FireEye with its purchase of Invotas in 2016 and Palo Alto Networks with its reach for Demisto earlier this year. More recently, cloud hyperscalers have gotten more directly into the SIEM act. Microsoft, which in 2017 bought Hexadite to help automate security investigation and response and incorporated it into Microsoft Defender Advanced Threat Protection, has introduced Azure Sentinel as a disruptive entry in the SIEM space. Other potential disruptors in security operations include Google Cloud's recent incorporation of Chronicle as well as Amazon Web Services, whose acquisition of threat-hunting platform Sqrrl in 2018 was initially intended for internal operations, but remains provocative for its potential.

A range of other players further contend for security operations budget, not only in SIEM and security automation but also in a variety of segments and emerging focal areas such as network visibility, detection and response (NVDR). In SIEM, the field includes AT&T via its AlienVault buy, Gravwell, LogRythym, McAfee, Seceon and, more recently, Elastic's introduction of a supported SIEM offering that reflects the success of the open source ELK stack. Automation specialists more squarely in the SAO camp include CyberSponse, D3 Security, DF Labs, LogicHub, Resolve Systems, Respond Software, Siemplify and Swimlane. Vendors extending into security operations include Exabeam and Securonix, whose products were originally predicated on technologies such as behavioral analytics, while Rapid7's acquisitions of Logentries and NetFort give it a presence in both SIEM and NVDR, respectively.