Intelligent Threat Hunting
Automate Threat Hunting with Analytics by Identifying Behaviors Associated with Attacks
Key pillars of Gurucul’s Intelligent Threat Hunting platform.
Data Aggregation
Ability to collect, ingest and enrich data from disparate sources at massive scale and ensure performance (Gurucul platform capabilities: Flex connector framework, Data pipelines, Link analysis and Big data lake)
Intelligence
Provide AI/ML analytics and guidance to proactively hunt for unknown threats (Gurucul platform capabilities: STUDIO – 2000+ OOTB models and Dashboards)
Exploration
Ability to search, pivot of various datasets, save queries, visualizations and collaboration (Gurucul platform capabilities: Investigate)
Automation
Automate newly discovered threat patterns, risk assessment and remediation (Gurucul platform capabilities: Risk engine, STUDIO – build custom models, Playbooks, Case management)
Advanced Threat Hunting User Journey
Threat Hunt quickly with Gurucul MinerTM and Real-time contextual linking helps in enriching data for AI Enabled Intelligent Threat Hunting
Pre-packaged Threat Hunting Library
Over 2000+ most used threat queries are available out-of-the-box to perform active and passive threat hunting exercise before automation or for fine tuning AI/ML models.
Text and Natural Language Based Search
Natural language search enables analysts to focus on investigations rather than writing complex queries. They can also easily drill down into results by applying additional point and click filters. Single interface for faster searching using any threat vector attributes such as security alerts, IP addresses, case Ids, Machine ID, Malware Signatures etc.
Threat Categorization
Prebuilt threat categorizations for different outcomes and interest of threat actors such as Financial Loss, Data Exfiltration, Destruction, Privileged Escalation, Process failures etc. This helps analysts prioritize the base hunt exercise using the pre-packaged categories. New categories are continuously updated by Gurucul Threat Research and Data Science Lab.
Threat Hunting Personas/Collaboration
Pre-Built Personas with customized dashboards and pre-built workflows to support functional roles including Cyber Threat Team Lead, Cyber Threat Intelligence (CTI) lead, Hunting Technician, Forensic, Technician, Counter Intelligence Tech, Counter Cyber Security Intel Technician, Network Engineer Tech and Incident Response Liaison.
AI Based Predictive Threat Hunting
AI Based Threat Hunting
Gurucul threat hunting includes automated responses for adversarial tactics and techniques defined by the MITRE ATT&CK™ Framework. Gurucul supports OOTB integrations with the majority of 3rd party risk and threat intelligence feed providers. It supports various formats such as STIX, TAXII and IOC formats as well as flat file and databases. This allows customers to use their threat intel subscriptions to automate TI feeds within Gurucul platform. As threat indicators are ingested into the platform, threat hunting algorithms are adjusted and automatically search for impacted users and entities.
Predictive Analytics
Gurucul’s Risk Engine uses various contributing factors to calculate risk scores, including historical behavior, user context across multiple resources, type of anomaly, access level, resource and model risk ratings, etc. to aggregate the scores and provide early indication of risk providing predictive capability.
Impact Analysis
Gurucul STUDIOTM comes with Impact Analysis that helps teams to identify the outcomes of any new models before tying them with a workflow and making them operational for incident response. Using Impact Analysis, customers can quickly analyze the other metrics such as total users/entities impacted, departments impacted the most, etc. These metrics provide additional recommendations for administrators to modify or fine tune the model if needed.
AI/ML Suggestive Investigation and Automated Intelligent Responses
Traditional threat hunting tools and SIEMs focus on a limited number of use cases, since they rely on data and alerts from a narrow set of resources. With cloud adoption increasing at a record pace, threat hunting must span hybrid on-premises and cloud environments and ingest data from vulnerability management, IoT, medical, firewall, network devices and more. Gurucul provides agentless, out-of-the- box integrations that support a comprehensive set of threat hunting applications including insider threat detection, data exfiltration, phishing, endpoint forensics, malicious processes and network threat analytics, as well as cyberthreat, human centric and entity related use cases.
Incident Timeline, Visualizations, and Reporting
Automated Incident Timelines create a smart link of the entire attack lifecycle for pre and post incident analysis. Timelines can span days and even years of data in easy to understand visualizations.
Visualization and Dashboarding enables analysts to view threats from different perspectives using several widgets including Tree Map, Bubble Chart, etc., that provide full drill down capabilities into events without leaving the interface. The unique scorecard widget generates a spider chart representation of cyber threat hunting outcomes such as impact, sustaining mitigation measures, process improvements score, etc
Risk Prioritized Automated Response
Risk Prioritized Automated Smart Responses via integration with Gurucul SOAR enables analysts to invoke more than 50 actions and 100 playbooks upon detection of a threat to minimize damages.
Entity Based Threat Hunting
Perform contextual threat hunting or forensics on entities. Automate and contain any malicious or potential threat from a single interface.
Red Team Data Tagging
Leverage Red Team exercise data and include supervised learning techniques as part of the continuous AI based Threat Hunting process.