January Newsletter 2019

“We love paying exorbitant fees for our SIEM!”

– Said no one, ever.

The Backstory

Welcome to 2019! Have you made a New Year’s resolution? We think if there’s one resolution you should make and stick to in 2019, it’s to stop paying so much for your SIEM.

Show SIEM the Money

We talk to a lot of customers, prospects and industry analysts. A clear theme that comes out of our conversations is that SIEM costs are out of control. SIEM implementations are so expensive and difficult to swap out. The costs soar the more events per second (EPS) are fed to the SIEM. With “next-gen” SIEMs, you often pay additional fees for a data lake or proprietary data stores. You know the costs up front, but you’re still paying to store and process SIEM data. Customers are not happy about having to show SIEM the money.

Here’s the deal: the value is not in storing large volumes of data. The value is in insights derived from that data.

It’s painful to sift through SEIM logs and alerts to make sense of the data; you get a lot of false positive alerts. And, you cannot prioritize which alerts to investigate. It’s too much data and too much noise.

Take Security Beyond SIEM

Here’s where Gurucul adds value: we take security beyond SIEM. We start with SIEM data (or, we can ingest the raw logs directly), then we add into the mix all the security logs and application data feeds from across your environment. Our Security Analytics platform consumes as much data as you can throw at it – the more the better. This means you get a 360-degree view of user and entity behavior so you can be proactive in detecting and preventing threats – without having to pay exorbitant fees.

Our Security Analytics platform reduces the number of alerts to a manageable level and provides risk-prioritized intelligence so you can focus on the riskiest threats and only those threats. Gurucul Risk Analytics uses machine learning models (not rules) that learn how to predict malicious behavior. This is how our Security Analytics platform can detect threats missed by traditional SIEMs.

Get Open Choice of Big Data

Security analytics requires a big data platform. You need a data lake to store and perform analytics on all these data feeds in real-time. You don’t, however, have to pay to store this data. This is another critical difference between a SIEM and Gurucul Risk Analytics. We give you a data lake for free. We want you to ingest as much data as possible. That’s how we are able to detect and predict threats in real-time. We need to look at data across all the siloed applications and devices to paint a full picture of what is going on in your environment.

Further, if you already have a data lake, we can put our Security Analytics right on top of your data lake. We don’t require you to have a specific version of a data lake. We offer open choice of big data. Stop paying exorbitant SIEM data fees. Start getting insights on your data with our Behavior Based Security Analytics and Intelligence platform.

Watch Now! Super Bowl LII: Protecting Players’ and VIP Data

William Scandrett, CISO, Allina Health

The Super Bowl is a major event where security and privacy risks are tremendously magnified. Super Bowl LII was held in Minneapolis, MN – the home of Allina Health. Allina needed to monitor Healthcare providers activities to detect unauthorized or rogue access to patient’s data, and to prevent PHI data exfiltration.

Watch this recorded webinar to learn how Allina Health quickly implemented Gurucul UEBA for Super Bowl LII to drive and monitor privacy for players and VIPs.

Whitepaper: Behavior Analytics and Big Data for Cross-Channel Fraud Detection

Fraud has reached the highest levels on record, affecting more organizations than ever. But now, innovative new fraud analytics technologies are helping businesses to quickly identify high risk transactions and behaviors so they can act to mitigate or prevent the losses from fraud and other financial crimes.

Read this whitepaper to understand how Fraud Analytics provides a holistic risk-based approach for cross-channel fraud detection. The solution aggregates and links more data coming from many different systems. It is this cross-channel capability that shines a brighter light on not just transactions but also subtle behavioral activities and peer group analysis that would otherwise go undetected.

Why Fraud Detection Needs A Reboot

Saryu Nayyar, CEO and Founder, Gurucul

Fraud occurs every day across a variety of industries, causing trillions of dollars in losses each year. While financial services and banking are among the hardest-hit industries, other frequent targets include retail, health care, information technology, government/public administration and utilities.

The pervasiveness of the problem was revealed in a recent survey by PwC. Forty-nine percent of the businesses contacted by PwC for its 2018 Global Economic Crime and Fraud Survey reported they had experienced fraud and economic crime over a two-year period.

Fraud Analytics Can Help Prevent Fraud that Uses the Rails of SWIFT

Nilesh Dherange, Chief Technology Officer, Gurucul

The banking world has been rocked in recent years by revelations of several major fraud events, each of which netted perpetrators from $2 million to more than a billion dollars. In every case, the bad actors used the rails of the SWIFT payment transfer system. SWIFT, which stands for Society for Worldwide Interbank Financial Telecommunications, is used by more than 11,000 banks worldwide to facilitate cross-border financial transactions.

The SWIFT system itself wasn’t breached; it was merely the instrument that carried out the bankers’ instructions. In the case of one national bank, malicious insiders orchestrated the fraud scheme that unfolded over the span of seven years.

Embracing Risk Management Elevates Security Pros to Business Leaders. Why Do They Still Find it so Difficult?

Leslie K. Lambert, Chief Security and Strategy Officer, Gurucul

A few weeks ago, I spoke at the 2018 SecTor Conference. The ensuing Q&A on the concept of risk soon evolved into a discussion on whether “risk” has become a four-letter word. The kind we’re taught to avoid using in polite company.

Many information security professionals are now embracing the word and concept of risk to elevate their responsibilities, budget requests for business and even board level consideration. The transition from an “it’s all about security and protecting the crown jewels” to “we need to mitigate risk and embrace risk management” is a crucial step next step for the information security profession. Despite the reality, some of us struggle with the word “risk”.

What’s New On Our Blog

	ABCs of UEBA: A is for Analytics. Welcome to our new blog series: ABCs of UEBA. This is not a blog series for dummies. This is a view into what makes up UEBA from A to Z, from start to finish, thoroughly, and in detail. So, let’s get started! Analytics is the engine that fuels UEBA. Analytics is the scientific process of transforming user and entity behavior data into risk-prioritized intelligence, for the purpose of driving business action. Read More.
	Detect Merchant Fraud With “Outlier Categorical Model”.  The Outlier Categorical Model takes into account previously observed behavior patterns, and will automatically flag anything outside of the norm. It is one of many machine learning models used to detect merchant fraud because it detects changes in transaction behavior patterns. The benefit? It can reliably detect unknown unknowns. Read More.
	Protect Classified Information With “Identity Classification”.  Identity Classification is a supervised learning approach that learns from the data input given to it, and then uses this learning to classify new observations. Applied to identities, it sorts identities with similar attributes into buckets. Once this sorting is done, it’s possible to compare baselines and evaluate similar or different behaviors to discover anomalous activity for relevant identities. Read More.
	Top 10 Blog Posts of 2018. What was your favorite blog post of 2018 and why? As we look back at 2018, let’s see which Gurucul blog posts had the most views. This tells us what resonated with you, our audience. And the winner is… Read More.
	What Is An ‘Insider Threat’ and How Do We Detect Them? Insider threats are the biggest cyber security issue for companies and big organizations because they can cause the most damage. These types of cyber security threats are also very hard to detect and prevent in comparison to outsider attacks. This is because insiders already have the ‘keys to the kingdom’. So, what is an insider threat? And how does Gurucul prevent insiders and criminal impersonators from stealing your sensitive information? Read More.
	Streamline Investigations With “Link Analysis” The Link Analysis machine learning model examines a network of interconnected links and nodes to identify and analyze relationships that are not easily seen in raw data. Gurucul Risk Analytics feeds data into the Link Analysis machine learning model to analyze the links between objects, whether they are physical, digital or relational. Read More.

Join Us

RSA Conference. March 4​-8​, 2019​. San Francisco, CA. It’s better with Gurucul! We take security beyond SIEM to deliver predictive security analytics. Visit our booth, attend a presentation, see a demo of our products.