While Gurucul detects and performs threat-hunting use cases with its machine learning and data science techniques, the platform also introduces much more relevant context and incorporates risk scoring as it integrates with VMware and Carbon Black. Gurucul assigns a risk score for every user and entity for which anomalies are triggered. Gurucul uses a risk-based approach to help analysts prioritize incidents for investigation, which enables customers to achieve a 90%-95% efficiency rate for true positive and impactful incidents to improve the variety and quality of investigations.
Integration Details
The Gurucul Security Analytics and Operations Platform drives high-efficacy threat detection and automated response with machine learning-based behavior analytics. The following integrations with VMware and Carbon Black are focused on detecting risky anomalous behavior before a malicious actor can do harm:
- ML-based models for detecting anomalous user and device behavior (severity, volume-based, repeated risk devices, out-of-context user behavior, unusual sites in context to use and peer behavior, etc.)
- Provide enriched context, along with other event sources, to detect compromised hosts, in-memory malicious processes, and unusual or unknown software, etc.
- Attain a 360-degree view of users, permissions, devices, software, etc.
- Alert-prioritization using risk-scoring
- Threat intelligence enrichment
- Monitor container security and cloud workloads
