Gurucul HBA and DLP Detect Threats Across Cloud & On-Premises Infrastructures

Intelligence from 360 Degree Visibility Can Prevent Data Exfiltration and Privilege Abuse that Evade Cloud and Data-Center Centric Security Solutions

LOS ANGELES, Calif. – Gurucul, a leader in user and entity behavior analytics (UEBA) and identity analytics (IdA) for on-premises and the cloud, today announced it has added hybrid behavior analytics models to its Gurucul Risk Analytics platform which can detect unknown security threats and identity access risks that span both cloud and on-premises environments. The company also introduced hybrid DLP behavior models that use data sources from both infrastructures to identify and prevent data exfiltration. This latest addition to the company’s machine learning model library provides 360-degree visibility and risk-scoring of identities, accounts, access and activity in today’s borderless architectures.

Organizations in sensitive and regulated industries including finance, healthcare and government require the ability to detect identity-based threats across the entire IT landscape (cloud and on-premises). To establish context for risk-scoring, machine learning models must be able to accept intelligence from data sources inside and outside the corporate security perimeter. The new hybrid behavior analytics models build upon the Gurucul Hybrid Behavior Analytics (HBA) architecture and Gurucul’s decoupled support for on-premise and cloud data lakes. HBA leverages context from a harmonized view of identity, activity and access and provides prioritized alerts and risk scores irrespective of where the data resides.

Two common customer use cases illustrate the need to apply behavior analytics models globally across hybrid IT environments. The first is confidential data exfiltration in Microsoft Office 365.  HBA provides context from Office 365 which requires visibility into cloud and on-premises data sources like HR, VPN and DLP information. Combining this hybrid information enables security investigators to know whether the user is terminated, what there their role is, the classification of information they are accessing and that they are trying to send it outside the organization.  Additionally, machine learning can determine if this behavior is normal for the user or his/her peers.

The second use case involves Microsoft Azure Privilege Account Abuse. In this scenario, the administrative logs from Azure can be combined with Privileged Access Management (PAM) intelligence to verify the check out of an ID from the PAM system (or lack thereof), VPN information to ensure the user is using a “normal” location, and CMDB information to validate the device is registered and properly patched.  In both these cases, linking analytics to cloud and enterprise context paints a full picture that can be compared to behavior norms for users and their peers.

 “The addition of hybrid behavior analytics models closes the on-premises/cloud UEBA loop we started with the introduction of our HBA architecture and more recently Gurucul STUDIO for building custom machine learning behavior models,” said Nilesh Dherange, CTO for Gurucul. “Gurucul GRA now provides prioritized alerts and complete coverage for risk scoring and detecting user and entity based threats whether they are on-premises, in the cloud, or as in many cases, a combination of both.”

DLP Challenges in a Hybrid World

Organizations are finding it increasingly difficult to manage intellectual property and regulated information when information assets are moved to the cloud. Business units often use shadow IT, or end users just port data from cloud to cloud, often bypassing traditional enterprise security controls.  BYOD makes it even more difficult because deployment of endpoint DLP solutions is difficult to manage/license on non-corporate assets. Gurucul Hybrid Behavior Analytics provides a different approach to managing this risk by extracting activity data from popular cloud based applications and linking it with enterprise security solutions and other business information. This model provides organizations with a true 360 degree view of user or entity activity, and risk based behavior context for protecting information assets.


Gurucul hybrid behavior analytics and hybrid DLP intelligence models are available immediately at no extra cost as part of Gurucul GRA release v6.0 or higher.

 About Gurucul

Gurucul is changing the way enterprises protect themselves against insider threats, account compromise and data exfiltration on-premises and in the cloud. The company’s user behavior analytics and identity access intelligence technology uses machine learning anomaly detection and predictive risk-scoring algorithms to reduce the attack surface for accounts, unnecessary access rights and privileges, and to identify, predict and prevent breaches. Gurucul technology is used globally by organizations to detect insider threats, cyber fraud, IP theft, external attacks and more. The company is based in Los Angeles.  To learn more, visit and follow us on LinkedIn  and Twitter.

Media Contact
Marc Gendron
Marc Gendron PR