Gurucul, a leader in unified security and risk analytics technology for on-premises and the cloud, announced Gurucul Unified Security and Risk Analytics, the first cloud-native data science driven platform that unifies key Cyber Defense Center functions to enable contextual, risk-prioritized decisions for automating security controls.
Gurucul is exhibiting the new Unified Security Analytics product this week at RSA Conference 2020.
Gurucul Unified Security Analytics is based on 10 years of research and customer success best practices deploying machine learning (ML) and artificial intelligence (AI) techniques with security-specific big data.
It applies security analytics to use cases handled by SIEM, UEBA, network traffic analysis, SOAR, cloud security and threat hunting in one consolidated platform to detect both known and unknown threats in real-time, identify risky user/entity behaviors, and automatically respond to security incidents.
According to Forrester, “SA (Security Analytics) platforms give S&R pros the ability to detect, investigate, and respond to cybersecurity threats more quickly. Speeding detection and hastening the investigation process enables faster response, lessening the impact of cyberattacks”.
Gurucul significantly reduces infrastructure, operations and software licensing cost overheads, and provides a single-pane-of-glass with 360 degree context for threat hunting, investigations and incident response. The solution also simplifies data and network architecture by reducing integration points, data hops and bandwidth requirements.
Its playbook management and risk aggregation capabilities can be used to trigger appropriate remediation actions such as blocking network traffic, isolating devices, enforcing step-up authentication, blocking USB access and disabling user accounts.
Gurucul Unified Security and Risk Analytics helps organizations predict, detect and prevent cyber security breaches by ingesting and analyzing massive amounts of data from virtually any source, including network, IT systems, cloud platforms, applications, IoT, and more.
It provides a comprehensive view of user / entity behaviors and detects risky outliers using a library of advanced ML models and identity-centric data science, machine learning, anomaly detection and predictive risk-scoring algorithms to identify abnormal behaviors and activities indicative of security threats.
By generating contextual, risk-prioritized alerts in real-time, Gurucul Unified Security & Risk Analytics can automatically mitigate threats before damage occurs.
“Rules-based approaches to security, whether they are applied to threat detection, investigation or response can no longer keep pace with advanced cyber threats including account compromise and malicious insiders,” said Nilesh Dherange, CTO of Gurucul.
“By unifying the entire security stack and applying real-time machine learning and artificial intelligence to collected data in a cloud native platform, Gurucul provides unprecedented context and risk prioritized alerts for implementing automated, model-driven security controls.”
User and Entity Behavior Analytics (UEBA)
Gurucul pioneered the UEBA space, going far beyond simple policies used to identify known threats, by applying big data-based analytics, AI and machine learning to user and device behaviors to identify unknown threats in real-time that would otherwise appear as “normal” activity to rules-based engines.
Gurucul has the largest library of machine learning models and Gurucul Studio™, the industry’s only open tool that allows users to build their own behavior models with drag-drop capability.
Network Traffic Analysis
Gurucul Network Traffic Analysis (NTA) applies behavioral analytics to network traffic to detect suspicious activity that evades other security tools. It analyzes high velocity real-time flow and packet (pcap) data enriched by several other security sources using out-of-the-box ML models to detect and alert on new, unknown malware, zero-day exploits and attacks that are slow to develop.
Gurucul combines a FlexConnector framework with out-of-the-box ingestion pipelines and a big data lake to support the collection, processing, indexing and storage of massive datasets for analysis, investigation, security, and compliance.
Gurucul provides cloud-native, beyond next-generation SIEM capabilities by combining log aggregation with an open big data platform, advanced threat hunting, compliance reporting and dashboards, visualizations, the industry’s leading UEBA, intelligent SOAR and network traffic analysis.
Equipped with the industry’s largest library of pre-packed threat detection models, Gurucul provides 83% coverage of MITRE ATT&CK Framework tactics and techniques.
Gurucul’s analytics-driven cloud SIEM can scale to massive amounts of data in real-time and automate intelligent responses using risk-prioritized alerts based on a vast library of machine learning models and risk scoring algorithms.
Gurucul enables automated response workflows with out-of-the-box, customizable playbooks to mitigate identified threats. The Gurucul Unified Security Analytics FlexConnector framework provides integration with downstream security solutions to trigger appropriate risk remediation actions.
For example, if a user’s risk score reaches 90 and they exhibit insider threat behavior, Gurucul SOAR can block their Internet access so data cannot be exfiltrated. Additionally, Gurucul can integrate with third party SOAR, SIEM, incident response and ticketing platforms to automate response actions.
Intelligent AI/ML based threat hunting
With prebuilt threat libraries that include models, queries, data features and playbooks Unified Security and Risk Analytics supports a wide-range of threat hunting uses cases like insider threat detection, data exfiltration, phishing, endpoint forensics, malicious processes, ransomware detection and network threat analytics, as well as cyberthreat, human centric and entity related threat scenarios.
These pre-packaged libraries span more than 1100 of the most common threat queries to prioritize base activities and allow analysts to focus on the proactive investigation of new and unknown threat patterns using contextual data. Meanwhile, new AI capabilities in Gurucul Miner help discover other impacted users, devices and entities.