Unified Security Analytics
Predictive Security Analytics to Detect Unknown Threats in Real-time
Gurucul Unified Security Analytics is a comprehensive, end-to-end cybersecurity product that predicts, detects and prevents breaches. This seamlessly integrated solution combines SIEM, UEBA, SOAR, Intelligent Threat Hunting, Log Aggregation and Network Traffic Analysis capabilities into one holistic product to address today’s most critical security use cases. With Gurucul Unified Security Analytics organizations can perform logs enrichment, link and retain data from disparate sources, detect both known and unknown cyber threats, identify risky user behavior, conduct incident investigations and proactive threat hunting, achieve automated incident response workflows for risk remediation and get real time security alerts.
Unified Security Analytics ingests massive amounts of data from virtually any source, including the network, IT systems, cloud platforms, applications, IoT, and more to give you a comprehensive, 360 degree view of your users’ and entities’ behaviors. It applies identity-centric, model-driven data science, machine learning, anomaly detection and predictive risk-scoring algorithms to identify abnormal behaviors and activities indicative of security threats. Based on that analysis, Unified Security Analytics generates a single, dynamic risk score for every user and entity across all applications and devices.
With risk-prioritized, contextual alerts, Gurucul Unified Security Analytics can automatically mitigate the most serious security threats in real-time before cyberattacks or insider threats can inflict damage. The product also boosts productivity by performing the work of human analysts at machine speed, freeing up cybersecurity staff for other tasks.
Gurucul Unified Security Analytics offers the largest library of pre-packaged machine learning models (1500+) including unsupervised, supervised and deep learning algorithms. The models are pre-tuned to predict and detect threats aligned with specific use cases and vertical industries.
“Enterprises looking for a robust security analytics tool with strong Security User Behavior Analytics (SUBA) and data protection should consider Gurucul.”
The Forrester Wave™: Security Analytics Platforms, Q3 2018
Gurucul Unified Security Analytics Core Capabilities
Gurucul Unified Security Analytics is a centralized, end-to-end cybersecurity product compromised of the following six core capabilities:
Security Operations Center (SOC) analysts need a simple and proactive way to rapidly identify security threats, especially threats that are not flagged by conventional cybersecurity tools. Gurucul Unified Security Analytics links all the data provided by an organization’s security and business applications so that SOC analysts can easily build intelligent queries on the contextual data set using natural language searches.
Gurucul provides a 360-degree view of any identity, looking at activity as well as the access tied to the identity. Pick and choose the attributes you need to analyze with a click of the mouse. Search for a particular user to discover which accounts he accesses, what entitlements he has, the devices he uses, and the anomalies that are flagged for him. Once that user’s anomalies are identified you can find other users with similar anomalies.
To ensure successful threat hunting you need to link data from all your applications. How can you get that data? Gurucul’s Log Aggregator ingests data from each of your systems and passes it through a series of processing so that it can be used for intelligent threat hunting. All of your disparate data logs are linked together with the corresponding identities. Log Aggregator lets you efficiently collect large volumes of data, link it together, store it and manage the logs.
Many cybersecurity tools are proficient at detecting known threats that can infiltrate a network. But what about unknown threats that can suddenly be launched against your network? Gurucul Network Traffic Analysis (NTA) applies behavioral analytics to network traffic to detect suspicious activities that other security tools miss. It continuously analyzes raw traffic using machine learning on NetFlow and packet inspection data. Gurucul NTA can spot new, unknown malware, zero-day exploits, and attacks that are slow to develop. When these abnormal traffic patterns are detected an alert is raised and the threat can be mitigated.
There are many existing, known cyber threats like those detailed in the MITRE ATT&CK framework. But even though these threats are already well known, organizations still need to defend against them. Gurucul SIEM (Security Information and Event Management) is a rules engine which runs on data you ingest and alerts you when it sees a known threat pattern. Gurucul provides you with the rules you need to detect the signatures of existing cyber threats and allows you to write your own rules. Gurucul SIEM can also ingest feeds from your existing threat intelligence platforms.
You’ve done your log aggregation, run the analytics, and detected new cyber threats. Now, what do you do with those threats? This is where you need a risk response workflow. Gurucul SOAR (Security Orchestration, Automation and Response) helps you execute the proper response to a particular security alert. With both out-of-the-box and customized playbooks, Gurucul SOAR offers automated workflows that mitigate identified threats. For example, if a user’s risk score is 90 and the user exhibits known insider threat behavior, Gurucul SOAR can block the user’s Internet access so that he cannot exfiltrate data. Gurucul SOAR can also integrate with your external SOAR engines.
Conventional security tools, including firewalls, SIEM, IDS, IPS, DLP and vulnerability management are tuned primarily to detect known security problems originating from outside the network. But what about those unknown threats without identified signatures? And what about insider threats that don’t display established patterns? Gurucul UEBA goes far beyond simple policies designed to catch already known threats. It applies big data-based analytics, AI and machine learning to user and device behaviors to detect threats in real-time that would otherwise appear as “normal” activity. With Gurucul UEBA you can detect behaviors that are outside the range of normal activities to identify rogue insiders or external intruders who have compromised a legitimate user’s account.
Pricing and Licensing
Gurucul Unified Security Analytics is priced by risk score, not by data ingestion.
Powered by Gurucul Risk Analytics
Gurucul Unified Security Analytics is powered by the Gurucul Risk Analytics (GRA) Platform. GRA delivers a single pane of glass where analysts can quickly identify and combat threats that existing defenses typically miss, including malicious insider activity and account compromise. From a single console, analysts can immediately view and investigate the highest risks in their organization, monitor security threats, open and close cases, and automate incident response. Key components of GRA’s shared capabilities leveraged by Unified Security Analytics include:
- Dashboards & Reporting: Configurable dashboards and reporting for security operations, audit and compliance.
- Machine Learning Based Behavior Analytics: Largest library of prepackaged machine learning models and the ability to build your own.
- Enterprise Risk Engine: Provides intelligent prioritized risk scores based on user and entity behavior.
- Alerting & Case Management: Comprehensive case management capabilities and real-time alerting techniques.
- Incident Investigation: Natural language contextual search for investigations.
- Risk-Response Workflow: Response workflows for automated risk remediation.