Reducing Operational & Security Risks at Jacada

Jacada is a customer service automation company that builds software designed to future-proof the customer experience with robotic automation and artificial intelligence. The company builds and offer a variety of solutions designed to help automate customer interactions, conversations and related processes, including AI-powered chat bots, voice bots and other tools for customer assistance and task management. 

Business Drivers for Improved Cloud Monitoring

Jacada’s innovative technology has seen significant adoption and growth in the past few years as organizations strive to automate their customer-facing business processes and services. These organizations embrace Jacada’s robotic process automation and AI driven technology, but also demand high performance, as the applications are used for customer support and service. Timely and effective customer support upholds a brand’s reputation and can preserve revenue.

The Jacada DevOps team has long been up to the task, with services and backing infrastructure built on AWS across three different regions, and a number of tools to help deliver performance across their production environment.

However, as the company’s client base grew over the past few years, added volume and stress on their infrastructure created a noisy cloud environment that required additional oversight, monitoring and troubleshooting by their DevOps team. 

Alon Ben Haim, the DevOps Manager for Jacada, explains that the business recognized the critical role that better infrastructure and application monitoring would play in ensuring a performant environment for their end users.

According to Alon, the business drivers included:

Getting Proactive: The ability for his team to have the visibility into issues before users were impacted

We knew that by monitoring operational events, we could anticipate any system issues before they impacted our customers. This helps us respond faster and reduce the duration of the issues.

Improving Threat Intelligence: Getting better at detecting suspicious activity and security risks

Monitoring security events helps us to detect suspicious activity before any damage is caused, and with the right monitoring, we can detect when someone is trying to attack us and take sensitive data from our environment.

Regulatory and Compliance Drivers

Better monitoring also supports a variety of compliance regulations that require the monitoring of audit, security and operational events.

Transition to Business Intelligence and Analytics

If done right, we can monitor and analyze events and use them as a form of business intelligence. We can identify patterns of usage in our platform that help us to manage and make important business decisions.

Getting Started: Initial Challenges with Log Management and Monitoring

One of the first steps that the Jacada team took to improve their monitoring and observability strategy was to implement a solution to monitor their logging pipeline from their cloud infrastructure. Unfortunately, their deployment faced some challenges.

According to Alon, “the beginning was quite difficult for us since our services and backing infrastructure are built on AWS across a few different regions for our multi-tenancy and private cloud environments. Before using Logz.io, and due to the security needs of our customers which required compliance with Safe Harbor principles, our logging architecture consisted of separate Graylog deployments in each environment.”

Since each of these deployments were isolated, Jacada’s visualizations and dashboards could not be migrated from one region to another. Their DevOps team also encountered availability issues that resulted in log data being lost.

The Benefits and Limitations of an Open Source Approach

With their Graylog deployment, Jacada’s team continued to encounter lost logs and issues scaling and maintaining the platform. The DevOps team eventually initiated a search for an alternative, and were immediately pulled by the gravitational force of open source.

“The benefits of open source are tremendous and these projects have gained huge popularity in the DevOps field in recent few years,” said Alon. “Open source provides us flexibility, speed, and cost-efficiency and the industry was continuing to push us to embrace an open source first approach when designing and implementing our DevOps lifecycle.”

Starting with a small deployment, the DevOps team first leveraged the open source  ELK platform to triage the issues they encountered with Graylog. Although ELK provided an alternative solution to managing their logging pipeline, it was also unwieldy in scale, with frequent requirements around upgrades, parsing and maintenance. 

As great as open source tools are, they do not come without challenges. When deployed in production, they will most likely cost the organization in terms of the time and resources required to deploy, scale and maintain them over time

Alon, DevOps Manager

The Logz.io Difference: Scaling for Success

While embracing the fundamental capabilities of ELK, but recognizing the short falls of managing the platform, the DevOps team opted to find a managed solution to improve their observability experience. 

“As our business grew, the volume of logs and the maintenance costs grew too, and as a result of the issues we had with open source ELK, we began to search for a reliable and hosted ELK solution. Logz.io met all of these requirements since it is robust, stable, secure and cost-efficient.”

To begin seeing value from Logz.io, Alon’s team implemented a more streamlined process to ship logs to Logz.io.

We already had Logstash instances for aggregating and processing logs with Graylog so the process of shipping the log data into the Logz.io ELK Stack was extremely simple and took a total of two days.

From a technical perspective, the same Logstash instances were configured to output data to the Logz.io Logstash listeners and over time Jacada migrated their shipping method to Filebeat

The DevOps teams send a variety of logs across numerous data sources, including MongoDB, Docker, Nginx, and LaunchDarkly. There are multiple AWS data sources incorporated including AWS CloudWatch, and AWS CloudTrail. The team uses Live Tail to see the raw log output of their environment, which helps is cases where the team wants to view the effect of specific actions, when reproducing errors for example. 

According to Alon, after the migration to Logz.io, suddenly, the “logs became more “Accessible” for all teams. Whereas in the past developers would need the direct involvement of the DevOps team to gain access to, and analyze, specific log data, developers can now access Logz.io and independently create their own visualizations and alerts.”

In addition, the company’s previous architecture made it impossible to get a comprehensive view across all AWS regions. But with Logz.io, Jacada has now built a series of Kibana dashboards to monitor user interactions with the company’s services, with visualizations broken down into the different regions. 

Improving Visibility Across the Stack and Troubleshooting Faster with AI-Powered Insights

Early on, using Logz.io’s AI technology, Cognitive Insights, the DevOps team also uncovered a number of business critical events that would otherwise have passed under the radar. 

Cognitive Insights combines machine learning and crowdsourcing to automatically uncover critical issues in log data to help speed up troubleshooting. “The Cognitive Insights engine unveiled that some of our MongoDB documents had exceeded the allocated limit of 16 MB. On another occasion, a Twilio exception was caught, meaning that one of our services had failed to send off an SMS to a user.”

Insights helps the DevOps team act smarter, and faster, in order to respond to operational issues that can impact their customers (and, of course, their customer’s customers). In the field of customer service, every second counts, and time saved translates to revenue preservation.

Assessing Security Risks with Unified Security and Log Analytics

At a certain point, with so many different log files and types pointing toward Logz.io, it became important to enrich this data with security risk intelligence to ensure the team was not missing any potential security vulnerabilities hidden in their environment.

According to Jacada’s CISO, Dedy Hori, “We take security very seriously. We use a combination of enterprise-class security features and comprehensive audits of our applications, systems and networks to ensure that our customer’s data is protected.”

In addition Jacada is certified to industry standards and best practices like ISO 27001, PCI DSS level 1, HIPAA, GDPR, CCPA and these standards were put together to ensure the integrity and security of their  customer data.

During the past few years, deploying a SIEM became the standard in the security world, but for Jacada, previous SIEM tools were difficult to use, as they had little visibility and had to search and build security filters in front of the operational logs. 

However, since security is always on our mind and in our top priority, we had an idea that Logz.io’s SIEM tool could help solve this pain by analyzing existing logs to get us the big-picture of our security events. We could even analyze large volumes of security log data to identify attacks and security threats.

Enriching Logs with Security Risk Intelligence

Despite the availability of these other SIEM solutions, the decision to deploy Cloud SIEM to complement Log Management became easier and easier over time.

“Jacada’s stuff is very busy so we do not have the time and capacity for a long and complex deployment,” said Alon.

According to Alon, “we were already using Logz.io for log analytics, and their SIEM solution did not require any installation or complex deployment, so it made the most sense to try out Logz.io’s Cloud SIEM.”

“We have been very happy with how the tool helps us provide a comprehensive view of security risks and events, and the pre-built rules, reports, dashboards and threat intelligence feeds have been essential to securing our environment.”

Quick Onboarding and Fast Time to Value

One the biggest value adds from the Cloud SIEM solution was the fast time to value. Jacada’s team uses AWS WAF, NGINX, auditd and other products Cloud SIEM already supports with pre-built  rules and dashboards. This makes deployment and execution even easier, as once these logs are enabled in the SIEM, rules are triggered and dashboards are populated.  

As for daily use, Jacada DevOps and security leverages SIEM for reporting and alerting to maintain proactive awareness of their risk profile.

“We are using it to send periodical reports about the security of some of our most critical environments. The report includes information about malicious IPs that we suspect were trying to enter our cloud environments.”

During the onboarding period Logz.io security experts helped Jacada to adjust some of the pre-built rules to their needs and now, when a security incident takes place, Jacada receives an alert in their Slack channel and can investigate it further. 

I am usually logging into the Cloud SIEM daily and use its threat intelligence to investigate issues.  Since the rules contain remediation suggestions, I am able to quickly mitigate the issues I have discovered. This provides us strong business value and helps us reduce our risks.

A “Security Journey” with a Partner

For Jacada, the transition from centralized logging to unified, enriched logs and security intelligence was all about ease of use, and reliance on an already established partnership.

“By including SIEM in our workflow, we will really benefit from the combination of Logz.io Shippers, Kibana & security expertise. For example, let’s say we are using Syslog and Filebeat and want to ship these logs to our SIEM. We just need to get on the chat with Logz.io and within an hour we have a parser in place.  

And when it comes to service and support, Jacada knew it could count on Logz.io to deliver.

Our dedicated Customer Success and dedicated Security Analyst are there to review the logs from a security perspective and create rules and dashboards for us. And, to us, that’s what a real partnership is all about. In addition, we have the option to include  our security analyst in reviewing our triggered alerts and investigating any suspicious logs.