Gurucul Risk Analytics (GRA)



Organizations spend billions of dollars a year on security products and aren’t stopping the hackers. Traditional defense in depth products, while important, just aren’t enough. With more data moving to cloud the problem is growing exponentially. And so is the data. Security products generate petabytes of data and organizations spend countless hours to identify and prioritize known risk patterns. And still remain vulnerable. Until now. By incorporating “Identity as a threat vector” into the cyber-defense equation, and applying sophisticated, next-generation analytics capabilities, Gurucul offers something new: an effective way to identify bad actors and, ultimately, predict and deter the bad behaviors that lead to data theft.


Gurucul Risk Analytics is built upon our core PIBAE architecture (Predictive Identity Based Behavior Anomaly Engine). PIBAE identifies anomalous behaviors across users, accounts, applications, and devices by leveraging behavior analytics, machine learning, and peer group modeling.

Our big data enabled approach provides organizations’ with risk based compliance, continuous access governance and protection from under-the-radar cyber campaigns and sophisticated insider activity like IP Theft, Data Exfiltration and Privilege Access Abuse. Gurucul provides a Hybrid Behavior Analytics (HBA) architecture with the breadth of Identity Analytics to User & Entity Behavior Analytics, and the depth from cloud apps to on-premises behavior.


  • Rule-based detection technology alone is unable to keep pace with the increasingly complex demands of threat and breach detection
  • Rules are based on what a human knows about the data, and when not tuned properly, rules generate excessive alerts, plus humans cannot predict what future attacks will look like
  • Machine learning and statistical analysis can find anomalies in data that humans would not otherwise recognize or detect
  • Machine learning models can surpass human capability and software engineering for large volumes and variety of data
  • Machine learning has the ability to find high-order interactions and patterns in data for complex problems such as insider threats, compromised accounts and fraudulent activity
  • Machine learning leverages useful and predictive cues that are too noisy and highly dimensional for human experts and traditional software
  • Self-learning and training machine learning updates its knowledge taking into account new factors
  • Identity is a threat plane with hundreds of attributes to model in algorithms resulting in predictive security analytics to drive ‘find-fix’ resources
  • Analyzing user behavior against dynamic peer groups surfaces outliers and anomalies
  • The net result is lower false positives, less data fatigue, faster time to value and less resources


Powered by Predictive Identity Based Behavior Anomaly Engine that provides:

  • Largest Library of Machine Learning Algorithms
  • Flexible Meta Data Framework
  • Fuzzy logic based link analysis
  • Most Granular & Self Tuning Risk Modeling Capabilities
  • Signature-Less Technology
  • Built for Scale Using Big Data Foundation



Create custom machine learning models without coding and needing only a minimal knowledge of data science. Gurucul STUDIOTM provides a step-by-step graphical interface to select attributes, train models, create baselines, set prediction thresholds and define feedback loops. STUDIO as part of Gurucul Risk Analytics (GRA) supports an open choice for big data and a flex data connector to ingest any on-premises or cloud data source for desired attributes. Step outside the black box and create custom models for your own predictive security analytics needs.

360° View of Identity, Access, Activity, and Alerts for On-Premise and Cloud Applications

Correlate data across on-premise and cloud applications to create contextual identity and trigger alerts: Who is the user? What is his access? What activity is he performing?

Context Aware Visibility of An Attack Lifecycle

Intelligent Access Analytics

Real-time analytics on accounts and access to identify anomalies: improved access control and data governance.

Automated Self Audit
360 Degree View of Identity, Access, Activity, and Alerts for On-Premise and Cloud Applications

Context Aware Visibility of An Attack Lifecycle

Out of the box timeline view to highlight the anatomy of an advanced attack whether it be an insider or external.

Intelligent Access Analytics

Automated Self Audit

End user awareness with a customizable online view of behavior profiles: identify anomalous activity and the potential misuse of identities.


  • Modular architecture with Access Analytics Platform (AAP), Threat Analytics Platform (TAP), Cloud Analytics Platform (CAP) and available together as Gurucul Risk Analytics (GRA) suite
  • Core architecture is built on PIBAE (Predictive Identity-based Behavior Anomaly Engine) developed and vetted in enterprise environments for over seven years
  • Behavioral machine learning algorithms are based on 254 attributes to profile identity for on-premises and cloud based apps for hybrid behavior analytics
  • Self-learning and training algorithms are contextually aware for transaction scoring
  • Dynamic peer groups improve clustering and outlier machine learning accuracy, versus static peer groups from poorly maintained sources such as AD
  • Awareness to time-based norms such as accepted workflows and operational changes, improve predictive algorithm accuracy and lower false positives
  • Built for scale with big data foundation based on Hadoop and a flexible meta data framework, plus the ability to work with existing customer big data deployments
  • Big data architecture ingests historical data to speed self-learning and training of machine learning behavior and predictive algorithms
  • Inclusion of identity management and privilege account management data sources for a richer profile of high privilege accounts and entitlements
  • Out of the box algorithms detect anomalous behaviors immediately upon deployment
  • Fuzzy logic and linked data analysis automates mapping of activity and accounts to identities
  • Risk-ranked threat time lines to detect insider threats, cyber fraud, HPA account hijacking and external intruders
  • Self-Audit deputizes users and makes them aware of identity, activity, and access monitoring for insider threat deterrence and detection
  • Hybrid Behavior Analytics (HBA) architecture providing UEBA and IdA machine learning for on-premises and cloud based apps in a single solution architecture




Request Demo

Request Demo