Identity-based threat detection can spot threats from within and without
Gurucul is extending its identity-based threat detection to cloud-based applications with a new platform that monitors who has access to what and what they are doing with it.
Cloud Analytics Platform (CAP) lets customers analyze identities – the correlation of individuals and the machines they use – as they consume resources in the cloud to set a baseline for acceptable behavior and to find anomalies that may indicate threats.
One real-world example: CAP discovered a terminated employee downloading data from the corporate Salesforce account from the employee’s new job, says company CEO Saryu Nayyar.
CAP does for the cloud what the company’s Risk Analytics platform does for premises-based activity, Nayyar says. Both are based on Gurucul’s Predictive Identity-based Behavior Anomaly Engine (PIBAE), which learns legitimate behaviors by peer groups and compares it to the behavior of individual identities to ferret out malicious behavior.
PIBAE uses predictive modeling to assign a risk score to anomalous behavior it finds and sends alerts.
CAP taps slightly different metadata resources to make these decisions because of the inherent differences between cloud and on-premises infrastructure, Nayyar says.
It was possible before to pull cloud data within Gurucul Risk Analytics, but customers wanted a standalone platform that gave a clean view of cloud activity, she says.
CAP supports rule-based access control that supports customizing the view that groups and individuals can have of the dashboard.
So far the company has catered to Fortune 500 companies, but expects to expand to the Fortune 2000, Nayyar says.
CAP has a base price of $50,000 per year plus a fee adjusted according to the number of identities being managed, which can include full-time employees but also contractors. CAP is available now.