Gurucul Security Data Lake
A Big Data Platform with Unmatched Scalability
Collecting large volumes of data from users, machines, your network and the cloud is key to creating context and providing the best security analytics results. The ability to quickly and accurately ingest and process large volumes of data for advanced analytics is a key differentiator for Gurucul.
Security architectures of the past were incapable of scaling to manage and process heavy loads of continuously generated security data. Gurucul natively supports Hadoop-based Big Data Lakes, helping our customers store and access massive data sets in real-time with ease.
At Gurucul, we do not require customers to stand up a proprietary data lake. We support an open choice of big data, enabling you to use your existing data lake to reduce costs. If you don’t have a data lake, Gurucul will provide you with one for free to use with any Gurucul product.
If at any time you need to leverage our data lake for non-Gurucul applications, we now offer the Gurucul Security Data Lake, built on platform agnostic architecture, to efficiently handle the security analytics of even the largest enterprise environments.
Manage a Common Data Repository and Retain Data for Years
Having a successful machine learning-based security analytics program hinges on building a common data repository, rather than collecting and storing multiple copies of the same data in different places. The Gurucul Security Data Lake (GSDL) provides customers with one centralized data store to collect all the data generated by multiple feeds.
As more organizations move toward a data driven decision making model, there is an increased need to retain data for lengthy periods of time. With the GSDL, data is compressed and stored in a Distributed File System so that it can be retained for years.
This is a tremendous benefit when performing post breach analysis by training algorithms to classify bad actors. And as new models to combat threats are developed, a wider range of training data than the traditional 30-day or 60-day training data used in many platforms is required. The GSDL can retain your data without any limitations on volume, and makes it easy to access the data for training or threat hunting purposes.
Retaining the data is not only valuable for analytics, but also for regulatory compliance and auditing purposes.
Ingest and Analyze All Data Types
Another key component of a successful security analytics program is the ability to work with many different types of data to glean valuable insights. There is a large variety of different data types from telemetry to contextual data, and different formats such as delimited, JSON, XML, PCAP, Syslog and more. To ensure accurate analysis, the Gurucul Security Data Lake supports all these varieties of data.
Traditional log management tools do not make it easy to access data through standard interfaces for analysis, and normally do not provide capabilities to expand the analytics scope beyond their pre-built signature-based rules that only detect known threats. This is a significant impediment for security because it does not account for new types of malware, zero-day attacks and even insider threats.
Many organizations are now leveraging Big Data to help build machine learning-based threat detection mechanisms. Gurucul Security Data Lake supports easy access to data and makes the data available using its standard modules to expand real-time analytics for customers.
Enjoy a Platform Agnostic Architecture
As a visionary company, Gurucul decided from the very beginning not to be reliant on any one big data platform. We made this decision because we knew that our customers’ underlying data layer could change at any time. We wanted to support any data lake – Cloudera, Hortonworks, MapR, Amazon EMR, Azure HD Insight and ELK Stack. We offer an open choice of big data and can set our platform right on top of your data lake.
By providing a Platform Agnostic Architecture, Gurucul Security Data Lake stores all your data in one place, rather than duplicating it across multiple applications. This is a significant security differentiator, because when critical data is isolated and cordoned off into silos, security problems can remain hidden.
Gurucul also offers the only data lake solution that supports hybrid architecture. This means that as you move your Data Lake to the cloud, your analytics will continue to run with zero downtime.
Leverage the Power of a Proven Security Data Lake
Unlike generic data lakes, the Gurucul Security Data Lake provides contextual data search, intelligent threat hunting and configurable dashboards through one user interface.
» Investigate Security Incidents Quickly
Gurucul offers industry-unique natural language contextual searches across any combination of structured and unstructured data. This provides a 360-degree view of user and entity behaviors based on HR/profile attributes, events, accounts, access permissions, devices, cases/tickets and anomalies.
From a single console, you can select any query you like to investigate incidents and correlate data across all channels. You can save and export results for reporting and compliance purposes. With our contextual search, customers have reported a 67% reduction in case resolution time.
» Intelligent Threat Hunting
Conduct advanced threat detection using AI-enabled automated response modules that run on Gurucul’s Security Data Lake. Traditional threat hunting tools are only efficient when known indicators of compromise are available. But what about the unknowns?
Gurucul’s threat hunting module automatically correlates events across multiple data sources and is the only solution that creates a smart timeline providing details for every phase of an attack from initiation to breach. SOC Analysts can go straight into investigations and remediation without having to access multiple sources to tie the story together. In the Gurucul Security Data Lake, threat hunting is delivered to you pre-packaged for continuous monitoring.
» Visualization and Dashboards
Key features missing from most Big Data Lake platforms are visualizations and dashboards. When you perform AI-enabled analytics of large data sets, it’s important to visually present the outcomes so you can make decisions faster. The Gurucul Security Data Lake includes more than 50 standard dashboards targeting various audiences from Level 1 Triage Analysts all the way up to the CISO level.
You can also create custom dashboards from more than 100 pre-built widgets. Widgets are available for different personas and functions, and for any reportable data element. For users there are widgets that report on high risk users, account entitlements, activities, rogue accounts, dormant accounts, and more. For entities there are widgets for high risk assets, high risk entities, active service accounts, active privileged accounts, and dormant privileged accounts, among others. And for cloud analytics, there are widgets for cloud metering data, bytes in and bytes out, etc.
All dashboards are RBAC enabled so you can share your personalized dashboards with others in your organization. This helps facilitate collaboration without granting additional privileges and exposing information to extended teams. Instead, the huge volume of information collected in the Gurucul Security Data Lake is secured, simplified and shared across teams.
Gurucul Security Data Lake Benefits
No Data Limits
Gurucul products are built to scale by design. By retaining historical data in a distributed file system, the Gurucul Security Data Lake is an economical way to perform analytics without worrying about data volume licensing costs.
Ease of Management
The Gurucul Security Data Lake is easy to deploy and manage without involving a team of big data engineers or system administrators. As your data grows, the Security Data Lake automatically scales and reallocates resources.
Comprehensive Data Enrichment
The Gurucul Security Data Lake has an extensive data ingestion pipeline that comes pre-packaged to perform enrichment across multiple sources. More than 150 applications, including cloud apps, are enriched, creating the industry’s most extensive contextually aware event analysis model.
Gurucul Security Data Lake includes a comprehensive reporting module. Customers can leverage 400+ pre-packaged reports, or build their own customized reports.
Health Monitoring Console
Data quality is a crucial aspect of security analytics. To detect data integrity issues or missing data, proactive monitoring is a must. The Gurucul Security Data Lake natively supports detailed auditing and health monitoring features that watch key big data lake components and issue alerts about any downtime or data integrity issues.
Gurucul Security Data Lake is priced by identity, not by data ingested. You maintain a cost-efficient solution even as your data requirements grow.