May Newsletter 2019
Quote of the Month
“Only 400 Reports? Is that all?“
– Research Director, Market Research Firm
We get a lot of briefing requests from market research firms. On this day, we were briefing a research director of a global firm on our Gurucul Fraud Analytics Platform. We were demonstrating our product capabilities and showing our Reports module. Our CTO mentioned we have over 400 reports available out-of-the-box for compliance and regulation reporting across different categories. That’s when the research director said, “Only 400 reports? Is that all?” Then he laughed. And we laughed, too. Yes, that’s a lot of reports!.
Out-of-the-Box Reports are Great
The great thing about out-of-the-box (OOTB) reports is that they are AVAILABLE NOW. You don’t need to configure them. You don’t need to do anything but run these reports, schedule these reports to run on a periodic basis, download them in PDF, text, or .CSV format, or send via email. There are report categories: Cloud Analytics Reports, Executive Reports, Security Operations Reports, User Reports, Compliance Reports, Network Threat Analytics Reports, Compliance Reports, Resource Reports, and more. And of course, there are literally hundreds of reports.
For example, if a user with a low-risk reputation initiates an application session from a usual location with a known device, the run-time risk score would be low risk. As a trusted user, access would be granted without requiring a password. If the same user then begins accessing unusual information or conducting anomalous transactions (i.e., foreign funds transfer to several accounts not seen before), these are abnormal behaviors for the user. The real-time risk score would increase, potentially to high risk, which would require multi-factor authentication or the account might be suspended. If the user is medium risk, the application could actively limit available functionality and data.
Here are just a few examples of OOTB reports offered by Gurucul:
Customized Reports are Even Better
OOTB reports are great, but customized reports offer better insight into user and entity activities, access and entitlements, and transactions that are of specific interest to the end client. With Gurucul, pretty much anything you can do with our products you can save as a customized report.
Our Investigate module enables a user to submit a specific a search query and filter the data based on the query. It’s a natural language contextual search capability we call Gurucul Miner ™. Our contextual search uses big data to mine linked users, accounts, entitlements, structured and unstructured data, along with risk score and peer group analytics. From a single console, you can use any query you like to investigate incidents and correlate data across channels.
We have various options to enable you to write your own query across a large number of criteria. When we say, “write your own query”, we really mean build a search query by right clicking search terms and adding them to the query with your mouse. It’s incredibly simple to use, and vastly more intuitive than writing SQL queries. Unlike traditional threat hunting tools and SIEMs, Gurucul Miner™ uses artificial intelligence capabilities to uncover all behavior patterns and data relationships that map to the search profile. It conducts natural language searches across any combination of structured and unstructured data to provide a 360 degree view of user and entity behaviors based on HR/profile attributes, events, accounts, access permissions, devices, cases/tickets and anomalies.
Here’s the beautiful part: you can save and export results for reporting and compliance purposes. Once you create your query, you can save it as a report. You can choose the report name, description, the fields you want to export and whether you want to run it now or set it to run on a schedule. This is incredibly powerful stuff. In fact, many of our customers have stopped using our traditional reporting mechanism because Gurucul Miner™ gives them more flexibility and control over reporting dataset(s).
Get the Best of Both Worlds!
It’s good to start with pre-packaged reports since these have already been vetted by numerous customers in real-world scenarios. We’ve pretty much done our due diligence on what reports matter. Adding the ability to customize reports gives you the opportunity to create the best experience for your users and executives. The SOC team will care about different data and analytics than the Fraud team and the Identity team. Tweaking our reports or creating your own reports with data of significance to your organization is a definite advantage..
Security: The Never-Ending Battle in a CISO’s Life
|ABCs of UEBA: G is for Gurucul. Gurucul was developing User and Entity Behavior Analytics technology long before Gartner coined the term “UBA” in 2014 and then updated it to “UEBA” in 2015. You could say – and you’d be right – that Gurucul invented UEBA. Let’s look at the history… Read More.|
|ABCs of UEBA: F is for Fraud. Enterprise fraud management platforms have been around for years, but many legacy platforms lack the capabilities to make critical data associations and identify anomalous behaviors of user accounts. However, recent advancements in a range of technologies from Big Data to machine learning have coalesced to help build a new kind of advanced fraud analytics platform born from UEBA technologies. Read More.|
|More Cowbell Baby!. Earlier this month we sponsored Oktane19, Okta’s annual user conference. If you’ve never attended, it’s one of the more compelling conferences because they put on an excellent show. They have celebrated speakers, a well-organized exhibit hall, product training sessions and high end entertainment. We were happy to be there to showcase our security analytics integration with Okta. Read More.|
Infosecurity Europe. June 4-6, 2019. London. Join Gurucul in Stand F212. We will be showcasing our Behavior Based Security Analytics platform.
Gartner Security & Risk Management Summit. June 17-20, 2019. National Harbor, MD. This is the year’s most valuable information update and networking opportunity for CISOs and security, risk and resilience professionals.