Gurucul Automates Threat Detection & Response for MITRE ATT&CK

Unified Security and Risk Analytics Platform Expands  Machine Learning Library to Identify Adversarial Tactics and Techniques for 83% Coverage

LOS ANGELES – Feb. 13, 2020 – Gurucul, a leader in unified security and risk analytics technology for on-premises and the cloud, today announced the Gurucul Risk Analytics (GRA) platform has added and aligned machine learning (ML)models to detect and enable automated responses to adversarial tactics and techniques defined by the MITRE ATT&CK™ Framework.  Gurucul’s ML models span users and entities across hybrid/ borderless environments combined with advanced threat chaining provides 83 percent coverage for MITRE ATT&CK indicators of compromise and unprecedented visibility for organizations to understand and improve their security posture. Gurucul is exhibiting its GRA unified security and risk analytics platform at RSA Conference 2020 booth #2027 in San Francisco.

“Gurucul customers using the MITRE ATT&CK Framework confirmed that these new advanced behavior models have been able to detect unknown threats associated with high risk third parties including customers, partners and contractors, that evaded signature-based approaches,” said Nilesh Dherange, CTO of Gurucul. “GRA is the only platform with ML Feature Analysis capability that provides immediate MITRE ATT&CK Framework data readiness and advanced model chaining to stitch together context across multiple behavioral indicators with a timeline view for intelligent investigations.”

The MITRE ATT&CK Framework is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, government, and the cybersecurity product and service community.

Automated MITRE ATT&CK Framework Threat Detection

Gurucul’s MITRE ATT&CK Framework alignment provides the following benefits for detecting and hunting threats at every step of the cyber kill chain:

  • GRA’s prepackaged machine learning models provide 83% coverage of the more than 350 enterprise MITRE ATT&CK Framework tactics and techniques across on-premises, cloud and hybrid environments for rapid operationalization
  • GRA uses behavior analytics and advanced threat chaining to detect unknown threat patterns by both users and entities beyond the tactics and techniques contained in the MITRE ATT&CK Framework
  • Prepackaged behavior model templates in Gurucul STUDIO™ and threat hunting queries based on MITRE techniques, tactics, and procedures enable efficient threat hunting along with a contextual view for intelligent investigations
  • GRA’s ML Feature Analysis provides MITRE ATT&CK Framework data readiness assessment, enabling organizations to get immediate value from existing data, gain valuable insight into missing data and coverage impacts, and the ability to collect missing data automatically using GRA out of the box connectors
  • GRA provides risk prioritized alerts and automated remediation playbooks based on the MITRE ATT&CK Framework
  • GRA provides unmatched visibility, metrics, dashboards, and reports into an organization’s security posture and maturity against specific MITRE ATT&CK Framework tactics and techniques
  • Automation via API-based STIX integration keeps GRA models current with MITRE updates and risk mitigation playbooks on a continuous basis
  • Gurucul’s data science team performs routine enhancement of MITRE ATT&CK Framework models


GRA with support for the MITRE ATT&CK™ Framework is available immediately from Gurucul and its business partners worldwide.

About Gurucul

Gurucul is a global cyber security and fraud analytics company that is changing the way organizations protect their most valuable assets, data and information from insider and external threats both on-premises and in the cloud. Gurucul’s real-time unified security analytics and fraud analytics technology combines machine learning behavior profiling with predictive risk-scoring algorithms to predict, prevent and detect breaches.  Gurucul technology is used by Global 1000 companies and government agencies to fight cyber fraud, IP theft, insider threat and account compromise as well as for log aggregation, compliance and risk based security orchestration and automation. The company is based in Los Angeles. To learn more, visit and follow us on LinkedIn and Twitter.