November Newsletter 2019

Quote of the Month

You can’t build a reputation on what you are going to do.”

Henry Ford

The Backstory

We are seeing an interesting trend with large enterprises. Companies are telling us they are trying to build their own Security Analytics solutions for threat detection and risk intelligence. Why? There are many reasons, the most concerning of which is: they have had little to no success with products they purchased. But the right type of security analytics solution can make all the difference between identifying and stopping unknown threats, or ending up in the headlines as another data breach victim.

Build vs. Buy: Is There a Right Choice When It Comes to UEBA?

User and Entity Behavior Analytics (UEBA) is hard. It’s got a lot of moving parts. There are always new applications, data sources, use cases and entities to embrace. Companies who try to build their own UEBA are having problems with data quality, data ingestion, and data flow. They can’t capture all the data or make sense of it. And, they don’t have enough of the right data to train their models. Yes, it’s difficult. But Gurucul has managed to perfect it, and now we have the most machine learning models of any security analytics vendor. We have a reputation in the industry for delivering value quickly, at scale, on open choice of big data with transparent analytics.

Build vs. Buy: A UEBA Customer Journey

One of our enterprise customers went through a multi-year extensive process to establish a formal Insider Threat Program. The company wanted to find and deploy a successful machine learning based UEBA solution to facilitate the automated process of predicting, detecting and stopping insider threats.

A key consideration was: should they build vs. buy? As a large company with many data scientists on staff, the original thought was they could build their own program. The reality turned out to be much different. They embarked on a prolonged journey which started with data clean up and ended with the implementation of Gurucul’s UEBA powered by machine learning. How did they get there?

When they started out on this journey, they realized they had a problem with the quality of their data. It wasn’t accurate, they had log files that were misconfigured, and people didn’t understand the data. They were surprised to learn they weren’t collecting the right data to support an Insider Threat Program. There were a lot of data quality issues.

They quickly realized that this was a much slower process than they could afford. They had a real need to move to faster adoption and implement a broader spectrum of use cases. That is when they made the conscious and highly vetted decision to partner with Gurucul. The Build vs. Buy decision was made in our favor and this company never looked back!

Build vs. Buy: Experience Is Everything

If you’re going to build a UEBA product, you better know what you’re doing. You better have experience with analytics, big data, machine learning, threat intelligence, identity and access management, security risk management, and the entire cybersecurity ecosystem. All the training in the world is no match for experience. Let’s look at the founders of Gurucul.

Saryu Nayyar is the CEO of Gurucul. She has more than 15 years of experience in the information security, identity and access management, IT risk and compliance, and security risk management sectors. She has held leadership roles in security products and services strategy at Oracle, Simeio, Sun Microsystems, Vaau (acquired by Sun) and Disney. She is passionate about building disruptive technologies and has several patents pending for behavior analytics, anomaly detection and dynamic risk scoring inventions.

Nilesh Dherange is the CTO of Gurucul. He has been a technologist and leader at three startups and at one of the largest software development companies in the world. Prior to founding Gurucul, he was a co-founder of BON Marketing Group where he conceptualized and created BON Ticker — an innovative patented bid management system which used predictive analytics to determine advertising bids for PPC marketing campaigns. Nilesh holds a B.A in Social Science, B.E in Computer Engineering from University of Mumbai and M.S in Computer Science from University of Southern California..

Build vs. Buy: You Have a Choice. Choose Wisely!

Do you really want to build your own UEBA when Gurucul can solve your Insider Threat, IP Theft, Data Exfiltration and Privileged Access Misuse issues right now? Gurucul can immediately provide you with technology that can detect compromised account scenarios such as brute-force attacks, privileged account sharing, suspicious password resets, and account access from an unusual device or location. Our clients use Gurucul UEBA to detect unusual data downloads, as well as exfiltration attempts through print, email, cloud storage or USB devices. UEBA can also detect abnormal behavior like network or file crawling where an insider attempts to access multiple systems to gain access to the organization’s most valuable information.

It’s your choice. Our platform can fill gaps in your security portfolio and displace current tools (SIEMs, Network Traffic Analysis Tools, etc.), which will help reduce your operational costs. Gurucul UEBA reduces security alerts DRAMATICALLY so you can focus on true positives only. It also enhances the value of your other security tools like DLP, IDS, PAM, IGA and the like by aggregating those data feeds and turning them into risk prioritized intelligence. We can make your data scientists more productive by giving them a ready platform to leverage for customizing our machine learning models or building their own. We have excellent client references and an amazing POC process where we can show you ROI in just 5 days. Contact us to start a dialog. We are here when you’re ready.

Get The 2020 Insider Threat Report

The 2020 Insider Threat Report, produced with the support of Gurucul by Cybersecurity Insiders, found that lack of visibility into anomalous activity, especially in the cloud, and manual SIEM workloads have increased the risk of insider threats. Get all the findings.Identifying the Threat From Within

Model Behavior

Saryu Nayyar

The insider threat does not have a single recognisable threat profile. In this Network Computing feature, Saryu Nayyar, CEO of Gurucul explains that a different approach is required to combat this growing risk.

The continuing rise of insider threat behaviour reminds organisations of the importance of taking control of their IT infrastructure. The 2019 Verizon Data Breach Report found that 34 percent of breaches involve internal actors: this makes it one of the most prevalent issues that organisations are now facing. Cybercriminals are becoming smarter and more agile and it is down to organisations to fulfill their obligations to protect the information that they hold.

Model Behavior

Five Main Differences Between SIEMs and UEBA

Nilesh Dherange

One of the most commonly mentioned security products in recent years has been Security Information and Event Management (SIEM) tools, explains Nilesh Dherange, CTO of Gurucul in this Infosec Island editorial. SIEM products provide value as a log collection and aggregation platform, which can identify and categorize incidents and events. Many also provide rules-based searches on data.

While often compared to user and entity behavior analytics (UEBA) products, SIEMs are a blend of security information management (SIM) and security event management (SEM). This makes SIEMs adept at providing aggregated security event logs analysts can query for known security threats.

In contrast, UEBA products utilize machine learning algorithms to analyze patterns of human and entity behavior in real time to uncover anomalies indicative of known and unknown threats.

Let’s consider five ways in which SIEM and UEBA technology differs.Five Main Differences Between SIEMs and UEBA

In the News

What’s New On Our Blog

Cyber Fraud Protection Tips for Secure Online Shopping Cyber Fraud Protection Tips for Secure Online Shopping. Do you have a reliable fraud protection strategy in place for Cyber Monday? If not, Gurucul has you covered with secure online shopping and cyber fraud prevention tips. Read More.
Simple Fraud Prevention Tips for Black Friday Shopping. Simple Fraud Prevention Tips for Black Friday Shopping. There is no better way to burn off those Thanksgiving Day calories than by strolling around the local mall for Black Friday deals. While you’re scanning the stores for the best holiday sales, scammers and cyber criminals are too. Read More.
The 2020 Insider Threat Report is Here The 2020 Insider Threat Report is Here. The new 2020 Insider Threat Report, from Cybersecurity Insiders and Gurucul, discovered that nearly half the surveyed companies cannot remediate insider threats until after data loss occurs. Read More.
ABCs of UEBA: M is for Machine Learning. ABCs of UEBA: M is for Machine Learning. If log data is the life blood of User and Entity Behavior Analytics (UEBA), then Machine Learning (ML) is the brain. Machine learning algorithms ingest data feeds and turn raw data into risk prioritized intelligence. Read More.
Why Signature-Based Defense is No Longer Adequate for Today’s Cybersecurity Why Signature-Based Defense is No Longer Adequate for Today’s Cybersecurity. Signatures are no longer effective at preventing today’s advanced cyber threats. While IOCs are useful in forensic reviews and mapping attacks, information security leaders must start thinking in a different way when it comes to defending their environments. Read More.

Join Us

Health-ISAC 2019 Fall Summit. December 2-6, 2019. San Diego, CA. Up your game with Gurucul! We offer Behavior Based Security Analytics and Intelligence to predict, detect and stop insider threats, healthcare provider fraud, and consumer fraud.

RSA Conference. February 24-28, 2020. San Francisco, CA. The 2020 RSA Conference theme is “Human Element” which is perfect for Gurucul. Our behavior based security analytics and intelligence detects and prevents risky, anomalous behavior – by malicious insiders or external hackers. Visit our booth for details!

Share this page: