Gurucul Risk-Driven SOAR
Trigger Orchestrated Responses with Dynamic Risk Scores
Gurucul’s Risk-Driven Security Orchestration, Automation, and Response (SOAR) delivers effective automated responses right out-of-the-box to mitigate identified threats. This increases efficiency and significantly reduces incident response times for the Security Operations Team, while fully customizable playbooks let them tailor response actions to their specific environment. Security analysts can automate repetitive tasks, leverage contextual case management, enhance collaboration, and improve reporting.
Orchestrate Responses Based on Risk
Gurucul generates risk scores that are updated in real-time time as data is processed and analytics are run. Behavior patterns are represented mathematically, and as threats are detected and risk levels change the score is updated dynamically. Seamlessly automate remediation actions based on a risk score or a change in risk score.
Customize Incident Response Playbooks
Out-of-the box, Gurucul includes hundreds of playbooks that work seamlessly to fully automate incident response actions without requiring human intervention. Over 40 such playbooks are available that target Active Directory incidents alone. It doesn’t stop there. Customers can create their own customized playbooks that react exactly how they want, using the resource in their environment, to optimize SOAR to address their own specific challenges and concerns. Playbook Task Linking adds micro playbook services to standard processes, which can then be linked together in workflows to allow for different remediation paths. This enables customers to reuse SOAR workflow components once they are built.
Deploy Configurable Workflows
Flexibility runs through the entire platform. Orchestration can start with generating a ticket in the organization’s existing ticketing system, such as Remedy, Salesforce, etc., then responses and remediation can be automated through the organization’s security stack – authentication systems, network, system, and endpoint defenses. Automated reactions are tailored to risk and can range from simply alerting the SOC or On-Call personnel to an event, to completely isolating and quarantining the risky entity, whether they are a user, a host, a system, or other asset in the environment.
Automate Case Management
Gurucul provides a comprehensive case management capability allowing users to track incidents. The platform leverages automated incident timelines that create smart links of the entire attack lifecycle for pre and post-incident analysis, grouping alerts from the same entity/related transactions into a single case. Risk remediation responses can be automated based on risk scores, resource type, anomaly type, categorization, etc. Cases can be reassigned, closed as risk accepted, or sent for model review feedback. Case management has RBAC and privacy capabilities allowing cross-functional teams to collaborate easily. Incident data can be segregated and masked per job function, business unit, location, etc.
Leverage 3rd Party Integrations
Gurucul provides seamless integration with hundreds of downstream security solutions out-of-the-box. This lets the SOAR trigger appropriate risk remediation actions on-premises or in the cloud using your existing security solutions. Gurucul also supports integration with third-party tools to facilitate end-to-end incident management including:
- Ticketing / Incident Management Solutions: Archer, Remedy, ServiceNow, Secops, etc.
- Collaboration Tools: ServiceNow, RSA, JIRA, Zen Desk, HP Service Manager, IBM Service Desk, etc.
- ChatOps Tools: OnsolvMir3, Twilio, PagerDuty, Pushover, Telegram, Prometheus, AlertManager, DingDing, Email, OpsGenie, Sensu, slack, Microsoft Teams, MatterMost, Threema Gateway, VictorOps, Discord, Line, Webhook, Google Hangout Chat, HipChat and WhatsApp.
- SOAR Products: Phantom, Resilient, Siemplify, etc.