Gurucul Takes Security Beyond SIEM With Behavior Analytics
SIEM Functionality Delivered
The industry deﬁnes security and information event management (SIEM) as a tool that can analyze large volumes of security log data to identify cyberattacks, security threats and compromises. The software identifies and categorizes incidents and events, as well as analyzes them, for incident response, forensics and regulatory compliance. Below are the core features of a SIEM. Gurucul Unified Security Analytics and Gurucul UEBA provide these capabilities:
Gurucul captures data from diverse data sources and stores it in your choice of big data environments. Gurucul products aggregate event data produced by network infrastructure, security devices, systems, and applications (typical SIEM data feeds). Gurucul ingests this log data, as well as other data sources, such as SIEM logs, NetFlow, HR data, identity attributes – data from any application on virtually any platform. All this event data is combined with contextual information about assets, users, threats and vulnerabilities.
Gurucul monitors and alerts on user and entity behavior as well as access and activity across systems, devices and applications in real-time. The platforms utilize business context and threat intelligence to enhance threat detection.
Gurucul delivers real-time monitoring of security controls collected from logs. Gurucul products normalize data from disparate sources and analyze it for speciﬁc purposes, such as user/entity activity monitoring, compliance reporting, and network security event monitoring.
Investigation and Incident Response
Gurucul delivers dashboards, visualization, natural language contextual search, case management, workflow and automation to facilitate incident investigation and response. Only Gurucul offers contextual search using big data to mine linked users, accounts, entitlements, structured and unstructured data, along with risk score and peer group analytics. From a single console, you can use any query you like to investigate incidents and correlate data across channels. You can save and export results for reporting and compliance purposes. Gurucul uses artificial intelligence capabilities to uncover all behavior patterns and data relationships that map to the search profile. It conducts natural language searches across any combination of structured and unstructured data to provide a 360 degree view of user and entity behaviors based on HR/profile attributes, events, accounts, access permissions, devices, cases/tickets and anomalies. This enables Gurucul to reduce case resolution time by 67%.
Machine Learning Algorithms vs. Rules
Gurucul’s analytics is powered by 1500 robust machine learning models built by data scientists. Our models go beyond detecting known or common patterns, so you can detect unknown insider and external threats. With a SIEM, you write rules and queries to find specific data. You have to know what you’re looking for. What about the unknowns? Rules don’t find deviations in behavior patterns.
Open Analytics vs. Black Box Analytics
Gurucul offers open analytics. With Gurucul STUDIOTM, you can build and develop your own machine learning models easily with a canvas interface. Further, if you have data scientists in your organization, they can leverage our Software Development Kit (SDK) to build their own machine learning models and import them into Gurucul Unified Security Analytics or Gurucul UEBA. If SIEMs have analytics, they are lightweight “black box” analytics. They are proprietary and completely hidden from the customer’s view. You’ll never be able to understand what’s going on and this can lead to real problems.
Linked Context vs. Siloed Context
Gurucul ingests huge volumes of data generated by user activity from disparate, even obscure and unstructured sets of data. Machine Learning is then applied simultaneously to hundreds of thousands of discrete events from multiple data sets to identify relationships that span time, place and actions. Gurucul’s artificial intelligence features link and analyze these relationships to derive “meaning” from behaviors and provide early warning detection, prediction and prevention. SIEM context is siloed. There’s no linkage between user identities, their accounts, access and activities. And, there’s no linkage across applications behavior patterns over time.
Actionable Intelligence vs. Manual Threat Hunting
Gurucul delivers machine-based response time to critical threats. There are not enough people in this world that can respond fast enough to mitigate today’s sophisticated cyber-attacks. You need to be able to move at machine speed and that is why Gurucul offers model driven security. Gurucul provides both user intelligence and entity intelligence, looking at both access as well as activity. This enables you to automatically orchestrate downstream actions and apply automated risk-based controls. SIEMs facilitate manual threat hunting.
Prioritized Risk Ranking vs. Transactional Alerting
Gurucul provides intelligent prioritized risk ranking on every user and entity in your organization. It gives you the ability then, based on those risk scores, to apply different controls to different users and entities within your organization. SEIMs generate alerts on everything that happens which is why you get noise and false positives.
Historical Real-Time Analysis vs. Short Term Analysis
Gurucul provides access to all of your data in real-time. Gurucul uses historical data to build base line behavior and deliver context to behavior analytics. SIEMs are based on short term analysis. They can’t store long term data and don’t provide insights based on previous events.
Open Choice of Big Data vs. Proprietary Data Lake
With Gurucul, you get open choice of big data. Gurucul can set its analytics right on top of your data lake – Hadoop, Cloudera, Hortonworks, etc. Or, Gurucul provides a Hadoop data lake for free. Traditional SIEMs use a closed database.
Users/Entities Monitored License vs. Data Driven EPS License
Gurucul doesn’t charge based on data consumed. Gurucul only charges for the users and devices that you monitor. This approach is predictable (you determine the scope are you monitoring) and you can adjust this scope as you go. SIEMs charge for data stored and data processed – Events Per Second (EPS). This gets expensive quickly.
Gurucul Unified Security and Risk Analytics delivers actionable intelligence with low false positives. Evolve your cyber security program with Gurucul.