Gurucul, a leader in unified security and risk analytics technology for on-premises and the cloud, introduced automated intelligent threat hunting that uses artificial intelligence (AI) and machine learning (ML) to detect behaviors associated with cyber attacks and data breaches, while providing the most advanced capabilities for manual investigations.
Gurucul will exhibit these new artificial intelligence enabled capabilities at RSA Conference 2020.
Traditional threat hunting tools and SIEMs use legacy capabilities and focus on a limited number of use cases, since they rely on data and alerts from a narrow set of resources.
With cloud adoption increasing at a record pace, threat hunting must span hybrid, on-premises and cloud environments and ingest data from multi-cloud SaaS/PaaS/IaaS, applications, infrastructure, vulnerability management, IoT, threat intelligence, medical devices, firewall, network devices and more.
Gurucul provides agentless, out-of-the-box integrations that collect, ingest, and enrich data from disparate sources at massive scale, ensuring performance and providing real-time, end-to-end visibility and context.
The new AI/ML behavior analytics for guided proactive hunting of unknown threats, enriched with MITRE ATT&CK Framework tactics and techniques as well as risk scoring, pre-built playbooks and case management capabilities reduce detection and response times by 67%.
Gurucul provides prebuilt threat libraries that include models, queries, data features and playbooks to support a wide-range of threat hunting use cases like insider threat detection, data exfiltration, phishing, endpoint forensics, malicious processes, ransomware detection and network threat analytics, as well as cyberthreat, human centric and entity related threat scenarios.
These prepacked libraries help analysts prioritize base activities and focus on the proactive investigation of new and unknown threat patterns using contextual data. Meanwhile, new AI capabilities in Gurucul Miner help discover impacted users, devices and entities.
“One of the biggest challenges associated with threat hunting is the manual labor involved in piecing together data from various sources to trace the origin, tactics and techniques across different stages of an attack,” said Nilesh Dherange, CTO of Gurucul.
“By combining link analysis and chaining, Gurucul automatically connects all of the events linked to an incident and provides hybrid/borderless context without the need for analysts to run multiple queries or use different applications. Meanwhile, out-of-the-box threat libraries and AI/ML guided threat hunting allows security personnel to detect, analyze, and take immediate remediation actions confidently.”
Gurucul AI enabled threat hunting capabilities apply advanced ML algorithms to assess a wide range of behavioral attributes to identify anomalies, outliers and indicators of compromise.
It uses more than 1600 pre-built cybersecurity and threat hunting models that cover hundreds of the most commonly used cloud, IoT, business, infrastructure, database and network applications in enterprises.
End-to-end analytics enabled threat hunting
Gurucul AI/ML enabled threat hunting capabilities provide the following capabilities:
Gurucul Miner enables natural language fast search, pivoting on any data set, saving searches and empowering analysts to focus on investigations rather than writing complex queries. They can also easily drill down into results by applying additional point and click filters.
Automated Incident Timelines create a smart link of the entire attack lifecycle for pre and post incident analysis. Timelines can span days, and even years of data with easy to understand visualizations.
Automated Risk Prioritized Intelligent Responses via integration with Gurucul SOAR enables analysts to invoke hundreds of actions and playbooks upon detection of a threat to minimize damages.
Predictive Analysis can predict the potential next step of an attack with a summary view of impacted devices and information about users including title, department, location, etc., for pre-emptive remediation.
Pre-Built and Configurable Personas with personalized dashboards and pre-built workflows to support functional roles including Cyber Threat Team Lead, Cyber Threat Intelligence (CTI) lead, Hunting Technician, Forensic Technician, Counter Intelligence Tech, Counter Cyber Security Intel Technician, Network Engineer Tech and Incident Response Liaison.
MITRE ATT&CK Framework API-based integration covers threat hunting for industrial control systems, enterprise and mobile, and ensures new threats are automatically detected and prioritized using Gurucul’s risk scoring mechanism.
Visualization and Dashboarding enables analysts to view threats from different perspectives using several widgets including Tree Map, Bubble Chart, etc., that provide full drill down capabilities into events without leaving the interface.
The unique scorecard widget generates a spider chart representation of cyber threat hunting outcomes such as impact, sustaining mitigation measures, process improvements score, etc.
Metrics Reporting includes prebuilt and easy to customize daily, weekly, monthly and annual reporting of threats and dashboard modules that span current and past trends, resource allocation and more.