Gurucul HBA Protects On-Premises and Cloud Apps from Attacks

Hybrid Behavior Analytics Architecture Uses Data Science to Detect Account Abuse by Insiders and Account Hijacking by Outsiders

LOS ANGELES – Gurucul, the user behavior analytics and identity access intelligence company, today announced the Gurucul Hybrid Behavior Analytics (HBA) architecture which enables organizations to centrally protect both their data center and cloud applications from attacks that compromise trusted user identities. Gurucul HBA combines identity access intelligence with user behavior analytics to detect insider threats and account hijacking by external attackers. Using data science (behavior and predictive machine learning) to manage access entitlements and monitor user activity, HBA can detect threats that otherwise appear to be legitimate behavior.

“Employees continuously shift between applications hosted in the data center to applications hosted in the cloud, creating dangerous blind spots for security teams,” said Eric Ogren, Senior Security Analyst at 451 Research. “User behavior analytics solutions in hybrid on-premise and cloud environments are critical for preventing undetected insider abuse and outside hijacking of account credentials.”

Identity is the New Security Perimeter

Identity has become the primary threat surface for data center and cloud apps. Detecting and preventing these attacks, by insiders or outsiders, requires the convergence of identity access intelligence (IAI) and user behavior analytics (UBA). IAI provides the 360-degree contextual view needed to cleanse, manage, secure and govern identities and associated access to sensitive data and assets. UBA performs user profiling and behavior anomaly detection using dynamic peer groups with machine learning, rather than static peer groups and rule sets — to identify high privilege account abuse, account hijacking and suspicious activity.

Gurucul HBA combines IAI and UBA machine learning to provide security monitoring across on-premises and cloud based apps in a single platform. For cloud apps, Gurucul serves as an API-based Cloud Application Security Broker (CASB) with ready to use cloud-to-cloud and enterprise-to-cloud connectors for popular cloud apps including Salesforce, Office365, Box, Concur and Workday. Gurucul also collects and discovers high privilege users, accounts and entitlements based on identity, access and activity data. It uses out of the box algorithms to detect anomalous behaviors immediately upon deployment and fuzzy logic based linked data analysis to automatically map activity and accounts to identities.

CASB API integration into cloud apps often provides less data variety, however more data consistency for machine learning and behavior analytics than available from on-premises data sources. Gurucul has acquired deep expertise in cloud apps learning from developing multiple cloud-to-cloud connectors and customer implementations. This intelligence on what each cloud app vendor provides in terms of identity, access and activity data has enabled Gurucul to fine tune its machine learning algorithms for unsurpassed accuracy in anomaly detection.

“Despite the massive adoption of cloud applications in the enterprise, identity-based context across these and on-premises applications is still missing in traditional security approaches and tools,” said Saryu Nayyar, CEO of Gurucul. “The Gurucul Hybrid Behavior Analytics (HBA) architecture bridges the visibility, monitoring and threat detection gap between these two infrastructures to protect against insider threats, account compromise, cyber fraud and privilege access misuse that would otherwise go undetected.”

Gurucul is the only vendor to meet all five use cases and the compliance and fraud qualifications in the Market Guide for User and Entity Behavior Analytics (UEBA) recently published by Gartner, Inc.


The Gurucul Hybrid Behavior Analytics (HBA) architecture is available immediately from Gurucul and its business partners worldwide.

About Gurucul

Gurucul is changing the way enterprises protect themselves against cyber fraud, insider threats and external intruders on-premises and in the cloud. The company’s user behavior analytics and identity access intelligence technology uses machine learning and predictive anomaly detection algorithms to reduce the attack surface for accounts, unnecessary access rights and privileges, and to identify, predict and prevent breaches. Gurucul technology is used globally by organizations to detect insider threats, cyber fraud, IP theft, external attacks and more. The company is based in Los Angeles. To learn more, visit and follow us on LinkedIn and Twitter.

Media Contact

Marc Gendron
Marc Gendron PR