Build vs Buy: How Should You Implement Security Analytics?

We are seeing an interesting trend with large enterprises. Companies are telling us they are trying to build their own Security Analytics solutions for threat detection and risk intelligence. Why? There are many reasons, the most concerning of which is: they have had little to no success with products they purchased. But the right type of security analytics solution can make all the difference between identifying and stopping unknown threats, or ending up in the headlines as another data breach victim.

Build vs Buy: Is There a Right Choice When It Comes to UEBA?

User and Entity Behavior Analytics (UEBA) is hard. It’s got a lot of moving parts. There are always new applications, data sources, use cases and entities to embrace. Companies who try to build their own UEBA are having problems with data quality, data ingestion, and data flow. They can’t capture all the data or make sense of it. And, they don’t have enough of the right data to train their models. Yes, it’s difficult. But Gurucul has managed to perfect it, and now we have the most machine learning models of any security analytics vendor. We have a reputation in the industry for delivering value quickly, at scale, on open choice of big data with transparent analytics.

Build vs Buy: A UEBA Customer Journey

One of our enterprise customers went through a multi-year extensive process to establish a formal Insider Threat Program. The company wanted to find and deploy a successful machine learning based UEBA solution to facilitate the automated process of predicting, detecting and stopping insider threats.

A key consideration was: should they build vs buy? As a large company with many data scientists on staff, the original thought was they could build their own program. The reality turned out to be much different. They embarked on a prolonged journey which started with data clean up and ended with the implementation of Gurucul’s UEBA powered by machine learning. How did they get there?

When they started out on this journey, they realized they had a problem with the quality of their data. It wasn’t accurate, they had log files that were misconfigured, and people didn’t understand the data. They were surprised to learn they weren’t collecting the right data to support an Insider Threat Program. There were a lot of data quality issues.

They quickly realized that this was a much slower process than they could afford. They had a real need to move to faster adoption and implement a broader spectrum of use cases. That is when they made the conscious and highly vetted decision to partner with Gurucul. The build vs buy decision was made in our favor and the company never looked back.

Build vs Buy: Experience Is Everything

If you’re going to build a UEBA product, you better know what you’re doing. You better have experience with analytics, big data, machine learning, threat intelligence, identity and access management, security risk management, and the entire cyber security ecosystem. All the training in the world is no match for experience. Let’s look at the founders of Gurucul.

Saryu Nayyar is the CEO of Gurucul. She has more than 15 years of experience in the information security, identity and access management, IT risk and compliance, and security risk management sectors. She has held leadership roles in security products and services strategy at Oracle, Sun Microsystems, Vaau (acquired by Sun) and Disney. She is passionate about building disruptive technologies and has several patents pending for behavior analytics, anomaly detection and dynamic risk scoring inventions.

Nilesh Dherange is the CTO of Gurucul. He has been a technologist and leader at three startups and at one of the largest software development companies in the world. Prior to founding Gurucul, he was a co-founder of BON Marketing Group where he conceptualized and created BON Ticker — an innovative patented bid management system which used predictive analytics to determine advertising bids for PPC marketing campaigns. Nilesh holds a B.A in Social Science, B.E in Computer Engineering from University of Mumbai and M.S in Computer Science from University of Southern California.

Build vs Buy: You Have a Choice. Choose Wisely!

Do you really want to build your own UEBA when Gurucul can solve your Insider Threat, IP Theft, Data Exfiltration and Privileged Access Misuse issues right now? Gurucul can immediately provide you with technology that can detect compromised account scenarios such as brute-force attacks, privileged account sharing, suspicious password resets, and account access from an unusual device or location. Our clients use Gurucul UEBA to detect unusual data downloads, as well as exfiltration attempts through print, email, cloud storage or USB devices. UEBA can also detect abnormal behavior like network or file crawling where an insider attempts to access multiple systems to gain access to the organization’s most valuable information.

It’s your choice. Our platform can fill gaps in your security portfolio and displace current tools (SIEMs, Network Traffic Analysis Tools, etc.), which will help reduce your operational costs. Gurucul UEBA reduces security alerts DRAMATICALLY so you can focus on true positives only. It also enhances the value of your other security tools like DLP, IDS, PAM, IGA and the like by aggregating those data feeds and turning them into risk prioritized intelligence. We can make your data scientists more productive by giving them a ready platform to leverage for customizing our machine learning models or building their own. We have excellent client references and an amazing POC process where we can show you ROI in just 5 days. Contact us to start a dialog. We are here when you’re ready.