It is estimated that a whopping 81% of hacking-related breaches use either stolen and/or weak passwords making identity a core issue of modern threats. Organizations with IT resources that span the data center and cloud are especially prone to struggle to detect and prevent unauthorized data transfer and user privilege abuse across their hybrid IT infrastructures, whether they have hybrid cloud and/or hybrid data center environments.
Today we are reviewing Gurucul Risk Analytics (GRA), a security analytics solution that helps organizations protect themselves against insider threats, account compromise, IP and data theft, external attacks, and data exfiltration. One of GRA’s unique capabilities is that the solution spans on-premise and the cloud, and supports open choice of big data repositories.
GRA’s security intelligence and analytics technology incorporates machine learning, anomaly detection and predictive risk-scoring algorithms to reduce the attack surface for accounts, unnecessary access rights and privileges, and to identify, predict and prevent breaches. GRA monitors user behaviors using machine learning algorithms to detect threats that appear as “normal” activity to traditional security products, such as hackers using login credentials stolen from authorized users, as well as malicious insiders, employees and contractors.
Gurucul Risk Analytics has four products that address security, access, fraud and cloud risks by applying data science to analyze identity, access and behaviors. The four products are:
- User and Entity Behavior Analytics (UEBA) provides behavior-based predictive risk scoring
- Identity Analytics provides risk-based compliance and provisioning
- Cloud Security Analytics provides visibility into cloud access and anomalies
- Fraud Analytics provides fraud detection and prevention analytics
Gurucul STUDIO, which is also part of GRA, enables the creation of custom machine learning models to meet unique privacy and confidentiality requirements typically found in federal government, military and intelligence environments. In addition to government agencies, GRA is used by Fortune 500 companies around the world and across the financial, healthcare, technology, retail and manufacturing sectors.
360 Degree Visibility Enables Early Detection and Predictive Analysis
GRA integrates novel approaches to machine learning (ML) and big data security analytics to provide real-time 360-degree contextual view of identities, access and activities. Gurucul claims that GRA is the only solution to provide this level of transparency across on-premises, cloud infrastructures and hybrid environments. GRA monitors user behaviors from this 360 degree perspective to detect threats that would appear “normal” to traditional security products.
GRA ingests huge volumes of data generated by user activity from disparate, even obscure and unstructured sets of data. Machine Learning is then applied simultaneously to hundreds of thousands of discrete events from multiple data sets to identify relationships that span time, place and actions. GRA’s artificial intelligence (AI) features link and analyze these relationships to derive “meaning” from behaviors and provide early warning detection, prediction and prevention.
Gurucul recently unveiled a security threat hunting tool that doesn’t require security teams to know what they are looking for. GRA MinerTM enables a company’s security analysts to perform identity-based investigations into high risk events detected by Gurucul’s machine learning analytics. Unlike other threat hunting tools, GRA MinerTM enables them to combine both traditional and contextual search across structured and unstructured data for a 360 degree view of all activity associated with an identity, entity or event.
To help teams across an organization understand how to prioritize different security challenges, GRA offers several types of visualizations. These include: dashboards, drilldowns, timelines, an activity heatmap, and an investigation tool that provides access to an entire big data backend with contextual search and query.
Reduce Costs and Operational Processes Of Threat Monitoring and Management
Gurucul GRA reduces costs and manual processes in three areas: security operations center (SOC) management, Identity and Access Management (IAM), and Cloud Access and Visibility.
For SOCs, GRA combines big data with advanced machine learning to provide risk ranked timelines with drill down detail for analysts. GRA quickly identifies risks and threats that existing defenses typically miss, including malicious insider activity and account compromise. The highest activity cost in fighting cybercrime is detection and the biggest cost component is labor. GRA directly reduces both.
For IAM programs, GRA replaces legacy rules-based access and manual processes with identity analytics for risk-based certifications, intelligent roles and dynamic access provisioning. This reduces cost, processes, and the identity surface area often targeted by phishing and social attacks.
For the cloud, GRA provides API integration with SaaS, IaaS, PaaS and IDaaS producing behavior analytics to share.
Many companies deploy privileged access management products to vault user accounts with high risk entitlements. Gurucul claims these tools perform discovery only at the account level, and that this level analysis is just the tip of the iceberg. For example, an organization with 10,000 identities that each have 10 accounts with 10 entitlements has 1 million entitlements. Discovering all possible entitlements is not manually feasible. Recently, Gurucul solved this security challenge by introducing identity analytics and machine learning that scours identity, accounts, access and activity to discover and risk score privileged access down to the entitlement level across on-premises, cloud and hybrid environments.
GRA provides automation that can perform predefined actions and reduce the security personnel workloads by more than 50%. Contextual search can reduce the time to resolution of cases by 67%. Automated responses, which are model driven, eliminate the need for a security analyst to take action, reducing response time by hours, since real time actions can be taken immediately. Multiple seemingly anomalous events are linked to a single security event without rules, policy, thresholds, or other guidance from an analyst/operator/administrator.
Proactive Threat Prevention
GRA goes beyond rules, signatures and patterns with machine learning models based on big data across the whole IT environment, to learn normal base lines and apply advanced security intelligence and analytics that detects abnormal user and entity behavior. GRA extends beyond traditional UEBA and provides the ability to reduce the attack surface area, thereby decreasing security risks.
To reduce the attack surface area of access, GRA employs identity analytics (IdA) which uses a risk-based approach for certifications, access requests and approvals to identify and remove excess access, access outliers, and orphaned/dormant accounts. By combining UEBA with IdA and advanced machine learning, GRA identifies with precision the compromise and misuse of identity, the root of most modern cyber threats.
Gurucul was the first company to offer self-auditing. Like a credit card statement, this proactive, automated functionality, empowers users to monitor anomalous and suspicious access and activity on their accounts they may not have performed.
The solution can ingest any dataset for desired attributes, and includes configurable out-of-the-box analytics. Unlike alternatives, GRA’s AI and ML goes beyond detecting known or common patterns. Using automated and iterative algorithms to learn patterns in data, GRA probes these datasets for structure, performing advanced ML including link analysis and validation error on new data to evaluate relationships or connections between data nodes. Once connections are understood, the software identifies key relationships among various types of data nodes or objects (e.g., organizations, people, transactions, etc.) until it detects a robust pattern indicative of compromise or malice thereby detecting and preventing a security incident.
Fraud Detection and Prevention
GRA also provides fraud analytics, which uses purpose-built machine learning models to correlate cross-channel behaviors and detect suspicious activities associated with fraud in financial, healthcare and retail environments. Gurucul Fraud Analytics links data from PoS devices, endpoint workstations, mobile devices, web, voice, servers, IoT devices, etc. with users and/or entities to build a 360-degree contextual view of transactions. The Gurucul Fraud Analytics risk engine continuously scores user and/or entity activity against historical as well as dynamically created peer group behavior to detect anomalies and generate risk prioritized alerts for further investigation. These risk scores can also be used by applications to enforce security policies and make real-time business decisions to stop fraud before it occurs, such as introducing step-up authentication challenges.
Built to Scale
GRA is built to scale. Many customers have over 100,000 employees, and one health insurance customer uses GRA to analyze 8 million customers. Another health insurer is using GRA on top of hundreds of Hortonworks big data nodes to apply advanced analytics to over 450 thousand identities belonging to employees, contractors and partners.
A large financial institution has deployed Gurucul advanced security analytics with its custom cloud big data lake on AWS to risk score access and activity, reduce access risks and detect unknown threats. Another insurance firm deployed Self Audits from GRA to over 60,000 end users to raise security awareness, provide deterrence and collaborate with users to detect identity theft and abuse.
The company recently has announced that GRA is being used to protect more than 100,000 federal government employees, which represents the largest implementation of UEBA by the Federal Government to date.
Customers Win Awards for Their Use Of GRA
For a second consecutive year, Gurucul customers are honorees of the prestigious 2018 CSO50 Award from IDG’s CSO. This year, Aetna and Infosys are named to the 2018 CSO50 list for their use of Gurucul GRA.
Aetna, one of the nation’s leading managed health care providers, and its CSO Jim Routh were recognized for being the first company in their industry to implement behavior analytics for consumer authentication and access. They are also using Gurucul’s security analytics to detect and revoke unused access, and auto-provision low-risk new access requests to improve user productivity.
Infosys, a global leader in IT consulting and outsourcing, and its CISO Vishal Salviis were honored for using Gurucul to monitor user activity in order to discover privileged access events and detect anomalies in user and entity behavior.
Licensing, Pricing, & Deployment
GRA is priced per managed identity and sold via subscription license with annual fees. Solutions may be bundled, or individual items can be purchased separately. GRA is also available as a managed SaaS offering.
Flexible deployment options include appliances for on-site deployments, VMs for private clouds and support for AWS, Azure, etc. GRA comes with HDFS and can deploy with existing, or any leading, big data infrastructures. GRA’s cloud-to-cloud connectors enable a 100% cloud hosted solution to minimize data transfer costs, protect existing IT investments, eliminate data duplication, and reduces storage fees.
For ease of implementation and use, GRA includes 1000+ ready-to-use machine learning models for on-premises, cloud or hybrid environments. Over 30 data connectors speed ingestion of popular data sources, plus a flex connector enables any data source to be ingested into GRA without the need for professional services. Customers can also customize risk weightings and develop their own machine learning models without any coding.
Gurucul is a pioneer in the cybersecurity category called user and entity behavior analytics (UEBA), and is changing the way enterprises protect themselves against insider threats, account compromise, IP and data theft, external attacks, data exfiltration and fraud. The company’s security analytics technology uses machine learning, anomaly detection and predictive risk-scoring algorithms to identify, predict and prevent breaches. They were the only vendor cited for meeting all five use cases outlined in the Gartner Market Guide for UEBA.
CEO, Saryu Nayyar, is passionate about developing and applying advanced technology to solve organizations’ biggest cyber security challenges. Her vision is that identity has become a security perimeter, with the advent of cloud applications and mobile computing. This year, she collaborated with other industry luminaries to publish a book that explores the challenges posed by this new security landscape and offers practical guidance for security professionals.
Gurucul has received industry recognition and numerous accolades for its innovations in user entity behavior analytics (UEBA) and security analytics.
In 2018, Gurucul won the Fortress Cyber Security Award for Best Analytics, User and Entity Behavior Analytics (UEBA) Product. The company also won the 2018 Infosec Award for Most Innovative User Behavior Analytics.
Previously, Gurucul GRA was awarded Gold in the 2017 GSN Homeland Security Cyber Security Awards for Best User & Entity Behavior Analytics Solution. Also in 2017, GRA received the Best User Behavior Analytics Solution Award for the second consecutive year from Cyber Defense Magazine (CDM) and Best UEBA Solution by Government Security News (GSN).
Gurucul GRA was named Best Behavior Analytics/Enterprise Threat Detection in the 2016 SC Awards in both the US and Europe. The company was named SINET 16 Innovator in both 2014 and 2015, Gartner Cool Vendor in 2014, and won the 2016 CDM award for Best Insider Threat Prevention Solution, and more.