Gurucul behavior-based security analytics and intelligence products provide requisite monitoring, reporting and case management capabilities required to satisfy the compliance mandates including: PCI DSS, HIPAA, and GDPR.
With Gurucul Risk Analytics (GRA), you don’t need to sift through and aggregate audit logs from all your systems – HR, governance, provisioning, DLP, electronic medical records, credit card transactions, etc. GRA takes all that data and provides you with a single analytics engine that tracks security events as defined by compliance mandates including:
- Access activities to customer, patient and PII data
- Actions taken by any privileged access: root/administrative accounts, service accounts, individual user accounts with admin privileges
- Access to audit trails and log files, and detection of potential tampering: initialize, stop, start, pause activities
- Access attempts to customer, patient and PII data (valid and invalid)
- Monitoring and review of identity and access controls for systems
- Monitoring of changes to systems identity and access controls including privilege escalation (& self-escalation), access CRUD activities to individual and privileged access accounts
- System Object monitoring (accounts, transactions, tables, databases)
Gurucul empowers your organization to be proactive in driving compliance by enabling your team to:
- Review logs from all other system components periodically based on the organization’s policies and risk management strategy, as determined by the organization’s annual risk assessment
- Follow up exceptions and anomalies identified during the review process
- Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis
- Monitor and analyze security alerts and information, and distribute to appropriate personnel
- And so much more!
Gurucul Risk Analytics (GRA) provides log storage in a format that supports compliance with PCI DSS. GRA supports storage and archiving of raw log data and allows online searching of raw logs which are stored on Apache Hadoop HDFS or your choice big data platform. With Gurucul Data Mine™, customers can retain raw logs for many years.
GRA reviews all events of monitored systems, identifies anomalous and risky activities, and has a built-in case management system. Cases are assigned to appropriate staff within GRA itself and the product integrates with 3rd party case management systems to ensure exceptions are documented and followed up. This monitoring is done in near real-time and may be performed in conjunction with our Fraud Analytics to detect nefarious transactions and support countermeasures before a data breach can occur. For instance, we have customers that drive real-time DLP policies at the identity level to prevent data leakage if they detect a potential issue associated with an account anomalously accessing or processing customer account data
Gurucul can be used to comply with PCI DSS for monitoring access to network resources and cardholder data. According to PCI DSS, logs and security events must be reviewed for all system components to identify anomalies or suspicious activity.
Gurucul can monitor and report on
- All security events
- Logs of all system components that store, process, or transmit CHD and/or SAD
- Logs of all critical system components
- Logs of all servers and system components that perform security functions (for example, firewalls, intrusion-detection systems/intrusion-prevention systems (IDS/IPS), authentication servers, e-commerce redirection servers, etc.)
Just like other compliance mandates, Gurucul offers the necessary risk, access, audit and integrity controls to enforce the HIPAA Privacy and Security Rules. Our healthcare customers are pushing the boundaries of what can be accomplished with behavior based security analytics. They have been able to:
- Prevent health care fraud and abuse
- Guarantee security of health information
- Demonstrate privacy surrounding the use of individually identifiable health information
- Record and examine access and activity in information systems that contain or use e-PHI
Allina Health, for example, leverages the power of Gurucul to identify what people should be looking at from a care perspective. If a physician or nurses provide care to an individual, they may not have a need to go look up a VIP that is not in their space, that they’re not providing care for at that time. Gurucul helps Allina manage patient privacy issues.
To learn more, watch our Allina Health customer testimonial video:
EU GDPR Article
Gurucul Risk Analytics (GRA) Compliance
GRA platforms, all driven by mature machine learning algorithms, provides customers with 360° visibility and monitoring of user activities on IT and business applications and platforms deployed in enterprise or cloud environments. It uses advanced linking algorithms and expressions to enrich raw data received from various sources including HR and identity stores, IAM systems, application logs, threat intelligence feeds, security alerts from other point solutions like DLP and EPP, risk management platforms and asset inventories. GRA machine learning-based behavior models are run on the enriched contextual data to monitor any abnormal user behavior and provide risk-based actionable intelligence to drive appropriate remediation actions.
Principles relating to processing of personal data
GRA provides holistic visibility and monitoring of any anomalous behavior due to unauthorized or abnormal access, accidental data loss or unlawful attempts of data exfiltration, account or identity compromise, or privilege access misuse.
Data protection by design and by default
To support multiple global implementations and address diverse privacy regulations, Gurucul has built in-depth data protection capabilities by design and by default. Gurucul determines and masks PII or sensitive information using field level classification and controls. Masking is enabled on a per field basis, including identities and controlled by Gurucul’s role-based access controls. Masking can also be manipulated using workflow rules and approvals to change what is or is not masked, providing access to sensitive information on a need to know basis. Additionally, Gurucul also supports data encryption. Gurucul’s flexible metadata model also allows organizations to block sensitive data from importing into Gurucul and the option of providing reference link to the original record so information is not duplicated.
Records of processing activities
GRA supports a robust big data architecture to support storage of application or platform raw logs for further analytics. It also supports open choice of big data technologies to integrate the core analytics engine with a customer’s existing big data lake.
Security of processing
The Gurucul Risk Analytics solution platform delivers a state-of-the–art (SOTA) solution through advanced machine learning-based security analytics. The solution enables linking of contextual data including identity, access, activity, risks, threats and assets to build the 360° view of an identity or entity. GRA monitors user and entity (including persons, the controller and the processor) behavior to identify any threat indicators and assigns risk scores appropriately. This provides organizations with a continuous security analytics solution to predict, detect, deter and mitigate risks to confidentiality, integrity and availability due to insider threats, business fraud and unknown unknowns.
Data protection impact assessment
Gurucul provides a continuous security assessment through its behavior and identity analytics providing a risk-based approach to detect and manage risks. Gurucul’s Identity Analytics (IdA) solution provides a comprehensive assessment of users or entities and associated entitlements and access permissions. IdA provides a simple way to detect high-risk identities with excess or outlier access compared to the peer groups. It discovers accounts having privileged access which are not managed in enterprise password vault or PAM systems. Additionally, to enable periodic risk assessment, IdA also provides an intuitive interface for access reviews and certifications.
Tasks of the data protection officer
GRA’s SOTA security solution provides easy-to-use interface for data protection officers to monitor high-risk users and entities, as well as overall context based on identity, access, activities and assets, in-depth investigation, response action playbook and incident or case tracking. It also provides detailed dashboards and compliance reports specifically designed for the compliance team.
GRA provides a comprehensive search and reporting platform with underlying big data architecture enabling authorities to leverage out of the box compliance reports, build their own custom reports or draw the required data (related to activities, anomalies, risks, etc.), using simple natural language-based contextual search and export reports. Contributions would include evidence of infringements, supporting data for investigations, and validation of compliance.