Data breaches occur when identity is compromised or misused, which is why Gurucul focuses on identifying anomalous behavior that can point to identity issues.
The data breach at Anthem, which exposed information of up to 80 million customers, was first discovered by a database administrator who noticed his security credentials were being used to log into the company’s system. According to an Associated Press report, after the admin reported the errant activity on January 27, Anthem found earlier unauthorized data entries that occurred throughout December.
All breaches occur because identity gets compromised or misused, said Saryu Nayyar, CEO of security startup Gurucul, which is why her company created risk analytics software to help organizations quickly zero in on anomalous behavior that indicates these kinds of identity issues.
Nayyar and Gurucul CTO Nilesh Dherange were early believers in the importance of identity as a key component of enterprise security. Both worked for Vaau, a provider of identity management software founded in 2005 by Nayyar and others. It was purchased by Sun Microsystems in 2007. Vaau’s flagship product, called RBACx, was rebranded as Sun Role Manager (and is now part of Oracle’s identity management suite of software, following Oracle’s acquisition of Sun in 2010).
While calling on customers as part of the Sun team, Nayyar said security teams often told her that alerts generated by SIEM (security information and event management) systems contained little actionable intelligence. Access management was becoming a commodity largely handled by operational teams despite the fact that identity could be “powerful” in its capacity to detect threats, she said.
Analytics and Early Detection
Nayyar and Dherange created the PIBAE (Predictive Identity Based Behavior Anomaly Engine) platform, which uses machine learning algorithms and advanced analytics to detect anomalous behaviors such as spikes in activity during off-hours and abnormal transaction patterns, with the goal of stopping breaches before they happen. The engine is the foundation of Gurucul’s risk analytics software.
Early customers helped Gurucul identify multiple use cases for its software, such as fraud prevention, Nayyar said.
“I am passionate about spending a lot of time in the field with customers,” she said. “We want to solve what is relevant and do it in short order. We want to give companies something that is actionable that they do not have to spend multiple implementation cycles on. We are strong believers in solving customer problems. not just building something cool.”
Importance of Innovation
Vaau’s founders sold that company to Sun partly because they admired its commitment to innovation, a practice Nayyar and Dherange have adopted at Gurucul. But Sun failed to accurately read the market, a shortcoming that ultimately led to its sale to Oracle, which is why Nayyar stresses the importance of talking to customers.
“[Sun] always had the best engineering teams, the best technology and the best innovation, although from a business perspective they struggled to monetize it,” she said. “We love what we are building but we want to keep the business in mind, always, which is why we talk to customers as much as we can.”
Founded in 2009 with a core team of just a few employees, Los Angeles-based Gurucul’s team has grown to about 80. Its customers include Fortune 100 companies in the banking, health care, telecommunications and high-tech verticals, many of which are highly concerned with protecting intellectual property assets, Nayyar said.
Its board of advisors is packed with high-profile CISOs from companies like Facebook and Monsanto. Gurucul Chief Strategy Officer Leslie Lambert, the former CISO of Juniper Networks and Sun Microsystems, chairs the board.
Gurucul is gearing up for growth as more organizations express interest in predictive security analytics. “They want to know about it before it happens,” Nayyar said.
The company is testing new products, such as one that, similar to a credit card statement, lets end-users review their activity so they can alert managers of any discrepancies.
“You deputize end users and make them part of your security team by empowering them with their own data,” Nayyar said. “You are converting users, which many security teams see as the weakest link, into the strongest point.”