CISOs are constantly confronted by ever-increasing and sophisticated cyber-attacks, while trying to ensure usability and user experience ease, to support ongoing digital transformation initiatives. To meet these needs, it is imperative to use a cutting-edge technology which offers advanced security capabilities. Using Gurucul’s machine learning behavior analytics, and big data context, instead of a simple rule-, pattern- or signature-based controls, enables your organization to simplify secure user access to digital content.
Why Choose the Gurucul Risk Based Authentication Solution?
Gurucul Risk Analytics (GRA) uses patent pending machine learning algorithms and pattern matching expressions to link identity, access, activity and device-specific data to build contextual visibility. Gurucul supports application scale, providing an open choice of big data to store structured and unstructured data. In addition, Gurucul STUDIOTM provides flexibility to use out-of-the-box anomaly models, or to build and customize business specific-models, based on underlying supervised or unsupervised machine learning algorithms and analytical techniques.
As a part of application architecture and navigation flow, end users access applications from any endpoint device, such as a laptop, smartphone, tablet, etc. A user’s endpoint data, including device ID, configuration, location, application context, etc., is captured and passed to Gurucul Risk Analytics for user and entity behavior analytics (UEBA) to identify anomalous activities and generate a user risk score. Applications use this risk score to influence the user experience including authentication and authorization determinations.
Gurucul Risk Based Authentication Highlights
GRA uses several analytics components to build user behavior context
GRA uses several application context points including application navigation, events, event description, categories, as well as the data values, to detect or prevent malicious and fraudulent user activity.
In addition to the user’s registered device information, additional contextual data such as device ID, configuration, location, application, browser details, access history, and device holding patterns are used to detect abnormal usage indicators.
Security Infrastructure Analytics
Security infrastructure uses events and alerts generated by security solutions including firewalls, authentication systems, IDS/IPS, antivirus (AV), etc., to detect anomalous activity. Threat feeds includes known blacklists, devices, threat actors, and malware information.
GRA can analyze and leverage network monitoring logs to look for malicious traffic based on unusual ports and protocols, bytes transferred, IP patterns, etc.
“Gurucul provided a mature security analytics solution that delivered results quickly and helped us maximize the value of our SIEM investment. Without it, our expanding threat plane would remain unchecked.”
– CISO, Information Technology Services Company