October Newsletter 2018


Quote of the Month

“For us, it doesn’t matter what the underlying big data platform is – we work on any big data platform.”

– Nilesh Dherange Gurucul CTO

The Backstory

Earlier this month, Cloudera, Inc. and Hortonworks, Inc. announced the two companies will merge. The story is still developing, but it’s a familiar story of two competitors getting merged. What is unknown is the outcome: what will happen to customers and partners of both companies?

Who’s on First?

Cloudera and Hortonworks are major players in the big data space. Both are Hadoop distributions – they have built their stack on the base Apache Hadoop. They have their own customers, and there are reasons why customers have chosen one distribution over the other.

As an open source offering, Hadoop has not been easy to implement. Both Cloudera and Hortonworks built all sorts of tools and customized Hadoop, rebranded it and sold their platforms as big data packages.

What’s on Second?

There are a lot of similarities between the two companies. But, how will they deliver the combined platform? From a technology standpoint, are they going to support both frameworks? Will it be a combination of components from both vendors? Are they going to integrate the frameworks, or will one platform take precedence?

I Don’t Know is on Third

What about customers? What happens to them? Take a large customer that is dependent on the Hortonworks stack. The combined Cloudera/Hortonworks company may say, “Don’t worry. We will handle the migration.” This is great news from a data standpoint. But, what about products that are running on top of Hortonworks? All bets are off when it comes to answering the question, “Will this product work on the new Cloudera/Hortonworks combined platform?”The answer is most definitely: NO.

A Home Run for Data Democracy

As a visionary, Gurucul decided not to be reliant on any one big data platform from the very beginning. We made this decision because we knew that your backend underlying data layer could change at any time. And, we wanted to be able to support any data lake – which is how we’ve always positioned our platform, Gurucul Risk Analytics. In the wake of the current news, our decision to offer open choice of big data is a huge win for our customers.

Nilesh Dherange, CTO of Gurucul points out, “For us, it doesn’t matter what the underlying big data platform is – we work on any big data platform.”

Being data agnostic and offering open choice of big data is proving to be a critical differentiator in today’s world. Data democracy has never been more important. No matter what happens with the Cloudera and Hortonworks merger, Gurucul has your back – your backend data lake, that is!

Aetna Customer Testimonial: Model Driven Security

Automate Front Line Security Controls with UEBA & Identity Analytics

As a Fortune 100 Health Insurance Provider, Aetna is using Gurucul Risk Analytics to automate front line security controls. View this customer testimonial to learn more about Aetna’s success implementing Gurucul User and Entity Behavior Analytics (UEBA) and Identity Analtyics.


How Science Can Fight Insider Threats

An article by Saryu Nayyar, Gurucul CEO and Founder

Malicious insiders pose the biggest cybersecurity threat for companies today because they can cause the most damage, and are much harder to detect than outsiders.

From the outside, attackers typically use automated hacking tools to perform reconnaissance until they find a way in. Once inside, they still need to surveil the network to find data that is worth exfiltrating. Insiders are already inside, so their workload is considerably less. They know exactly where sensitive company and customer data lies, and if they don’t possess the ‘keys to the kingdom’ themselves, they know who does and how to get them.

While most malicious insiders are motivated by financial gain, others have different agendas. Some are disgruntled employees who want to inflict damage on an organization or a fellow employee for a real or perceived wrongdoing. Typically, these individuals either target specific executives, by exposing inappropriate emails or peoples’ salaries, for example, or exacting whatever damage they can, such as deleting customer records.

machine learning models

Watch Now: Automating Security Controls Using Models and Security Orchestration

Speaker: Kurt Lieber, CISO, Aetna

Many organizations have adopted machine learning and data analytics to help them identify security anomalies. However, mere identification isn’t good enough in a world where Petya and other modern attacks can take down 15,000 servers in a single organization in under two minutes.

To combat these new types of malware, organizations need to be looking at Model Driven Security Orchestration, where the security responses to emerging threats and attacks are automated and driven at machine speed. In this presentation, Kurt Lieber provides an overview of Aetna’s security orchestration program.

Watch this recorded webinar to learn:

– How Gurucul machine learning models automate front line security controls

– Why behavior analytics provides the necessary context to predict risk

– Lessons learned from real-world deployments


Securing Connected Medical Devices: Will Categorizing Them As ICS Help?

An article by Leslie K. Lambert, Gurucul Chief Security and Strategy Officer

Since April of this year, the Department of Homeland Security (DHS) Industrial Control Systems Emergency Response Team has issued several alerts advising healthcare entities of cyber vulnerabilities in equipment ranging from medical imaging systems to patient monitoring gear. In addition, medical device manufacturers have reported their own security vulnerabilities via ICS-CERT alerts, including Philips, Abbott and BD.

In reviewing the ICS-CERT notices, it’s interesting to note that within the United States, medical devices are categorized as Industrial Control Systems (ICS). For many in IT security, ICS or SCADA (Supervisory Control And Data Acquisition) security only gained notoriety with the advent of the Stuxnet malware that was used to compromise Iran’s nuclear facilities in 2010. Who could imagine that medical devices would be grouped with SCADA technologies in terms of the magnitude and criticality of their security?

When viewed as previously isolated and discrete hardware that has since been connected to a network, medical devices are no different from ICS or SCADA systems. While these devices have been networked and interconnected for some time now, only recently has the industry begun to implement physical and logical security controls to protect them.

read more


What’s New

BLOG: Prevent Fraud With “Rare And Volume Based Analytics”. This machine learning model identifies rare activity based on volume. At Gurucul, we like to call it our “snoop finder”, as it roots out and exposes those uncomfortable situations where users on your network may be using their own account, or someone else’s, to snoop around and look at or gather information present inside your network. Read More.
BLOG: Stop Fileless Malware With “Abnormal PowerShell Command Execution”. This powerful maching learning model will identify unusual spikes in PowerShell processes. It tracks all of the access that potentially grants elevated access to users, plus it identifies abnormally frequent system access or bypass attempts. It uses clustering and frequency analysis to detect anomalous behavior. Read More.
BLOG: Identify Outlier Access With “Clustering And K-Means”. Clustering and K-Means helps to refine, resolve and reduce false positives. By employing Clustering and K-Means machine learning, plus applying dynamic peer grouping technology, Gurucul Risk Analytics can reduce false positives 10x compared to the use of static groups from directories like Active Directory. Read More.
BLOG: Enable Dynamic Provisioning With “Workflow Classification Regression Tree”. With this powerful model, it’s possible to drive workflow decisions and other automation and orchestration. Machine learning-based behavior analytics extracts context from big data, rather than relying on simple rule and policy-based security controls. Read More.

Join Us

FS-ISAC Fall Summit. November 11-14, 2018. Chicago, IL. The Financial Services Information Sharing and Analysis Center (FS-ISAC) is the global financial industry’s go to resource for cyber and physical threat intelligence analysis and sharing.

H-ISAC Fall Summit. November 26-30, 2018. San Antonio, TX. “Never Stand Alone” is the theme for this event. Gurucul will stand with you in our speaking session and at the exhibit hall.

Gartner IAM Summit. December 3-5, 2018. Las Vegas, NV. Join Gurucul at this year’s event to learn how Identity Analytics can radically reduce accounts and entitlements.

Share this page: