With leadership comes responsibility. Responsibility to our customers, to organizations and enterprises across the globe and the market overall. This sense of responsibility drives our relentless pursuit of building a world class security analytics and SIEM platform.
Recently, analyst firm KuppingerCole released their 2024 Leadership Compass for Intelligent SIEM Platforms, which named Gurucul an Overall Leader, sweeping all product, innovation and market leadership ratings.
They praised Gurucul for its strong and mature UEBA and security analytics capabilities supported by Machine Learning/Deep Learning. Notably, Gurucul received the highest “Strong Positive” rating for Security, Functionality, Deployment, Interoperability and Usability, which is a testament to our dedication to constant innovation and improvement for our customers.
A moment of gratitude/appreciation
We think it’s the highest compliment to the many Gurucul employees who worked hard to make it happen. We also firmly believe the victory is shared by our customer community and the role they play in helping drive our innovative roadmap. It simply couldn’t happen without them. We thank them for trusting us to help secure their business and empower their analysts with radical threat clarity. We appreciate their insights, which help us to continually enhance our platform so that it solves some of the most challenging problems they face. Problems they couldn’t solve with other solutions.
A brief look back
To understand Intelligent SIEM, sometimes called Next-gen SIEM, you must understand a little bit of the history of the SIEM market which started two decades ago with the combination of SIM and SEM into a consolidated solution called SIEM.
Anton Chuvakin, co-author of the book Security Warrior and a long time thought leader in the SIEM market, in an interview last year explained the evolution of SIEM. Paraphrasing, he loosely defined three generations of SIEM solutions:
- First Gen SIEM: All about correlation rules
- 2nd Gen SIEM: All about search
- 3rd Gen SIEM: All about detections from advanced analytics and UEBA
Intelligent SIEMs fall squarely in the 3rd Generation of SIEM. First and second generation SIEM are often referred to as legacy or traditional SIEM, as described by KuppingerCole in the report.
According to KuppingerCole, “This Leadership Compass provides an overview of the market for Intelligent SIEM (I-SIEM) Platforms that go beyond traditional Security Information and Event Management (SIEM) capabilities to proactively identify threats and automatically suggest mitigation measures to meet the requirements of modern IT environments that are typically on premises as well as being mobile and distributed across multiple cloud environments.”
Adding that “It has become increasingly difficult for organizations to sustain traditional SIEM systems or derive full value from them due to high deployment and operating costs, the shortage of cybersecurity skills, and the rapidly expanding attack surface that has resulted in an unprecedented volume of logs and security alerts being generated by most businesses. This has often meant that SIEM solutions were unable to identify and respond to threats effectively.”
Protecting enterprise security in today’s threat landscape
The requirements for Intelligent SIEM are vigorous and demanding. It can be no other way in today’s sophisticated threat landscape and expanding attack surface.
Intelligent SIEM offerings or next-generation security analytics solutions had to offer substantial improvements in functionality and efficiency over traditional SIEMs by:
- Performing real-time or near real-time detection of security threats without relying on predefined rules and policies.
- Correlating real-time and historical data across a wide range of sources using statistical algorithms and ML to identify malicious operations rather than raising separate alerts.
- Dramatically decreasing the number of alarms by filtering out statistical noise, eliminating false positives, and providing clear risk scores for each detected incident.
- Offering a high level of automation for typical analysis and remediation workflows, thus significantly improving the work efficiency for security analysts.
- Providing integrated forensic and incident management capabilities.
Leading the way forward
At Gurucul, we purposefully designed our platform differently from the ground up, to help uncover true threats and quantify cyber risk across the entire IT estate.
Gurucul was the ONLY vendor that achieved the highest rating of “Strong Positive” in each of the five core overview ratings for security, functionality, deployment, interoperability, and usability. Additionally, KuppingerCole rated our innovativeness, financial strength, and ecosystem as “Strong Positive” demonstrating our ability to handle the most sophisticated and unique enterprise challenges.
In addition to the strong positive ratings for core capabilities, KuppingerCole recognized our platform as having the following strengths:
- Strong and mature UEBA and security analytics capabilities supported by ML/DL.
- Rapid and unlimited data collection, including cloud, identity systems, and IoT devices.
- Context-driven threat hunting and attack investigation.
- Good support for hybrid-cloud, multi-cloud, and geographically distributed environments.
- Federated search across distributed architectures and a wide range of storage models.
- Automated data parsing.
Attack chain identification capability across a wide range of security telemetry.
The path ahead
As noted in the KuppingerCole Intelligent SIEM Leadership Compass report there are future considerations of next-gen SIEM that need to be considered.
“Planned innovation in the I-SIEM market will include further improvements to make search functionality faster and easier to use, greater use of assistants/chatbots based on generative AI, new automation and collaboration capabilities (typically supported by AI), support for operational technology (OT) and internet of things (IoT) environments, and new visualization capabilities.”
Some of the listed future innovations needed to keep up with the rapidly evolving threat landscape mentioned were:
- Future innovation will be focused on faster and easier search capabilities, interactive chatbot/assistants, and greater automation and collaboration capabilities.
- Search functionality using natural language processing (NLP) and digital assistants based on generative AI are likely to become standard in the next 12 to 18 months.
- Mapping of alerts to known tactics and techniques (e.g., MITRE ATT&CKÒ)
- Decision support and actionable recommendations enriched with business context information and suggestions for analysts for remediation actions.
- Security orchestration and automation functions.
The beauty is that today’s Intelligent SIEM platforms offer many of these benefits today. For instance, mapping alerts to the MITRE ATT&CK framework are already providing great gains in efficiency to SOC analysts and incident responders, enabling limited teams to do more with less. Gurucul has an extensive built-in MITRE ATT&CK framework mapping that makes it easy to start taking advantage of the insights that can be gleaned from threat actors tactics, techniques and procedures.
The benefits of Artificial intelligence (AI) in cybersecurity are only in their infancy. Many vendors have announced plans to build AI or launched a ChatGPT bolt-on module to enable searching public sources in the same GUI. Gurucul announced Sme AI on August 2023, which out of the gate has a distinct differentiator, that not only was it native to the platform and can search public sources using natural language queries, but that it can also search and provide insights into enterprise data. Improving detection models and dynamically suggesting response playbooks for new threats.
It is important to define requirements up front and understand not only the use cases that you need to solve today, but what future use cases and functionality exists today to help your team do its best work.
Stay tuned for upcoming market disrupting announcements as Gurucul continues to drive innovation forward to help secure enterprises large and small.