While Gurucul detects and performs threat-hunting use cases with its machine learning and data science techniques, the platform also introduces much more relevant context and incorporates risk scoring as it integrates with Tanium. Gurucul assigns a risk score for every user and entity for which anomalies are discovered. Gurucul uses a risk-based approach to help analysts prioritize incidents for investigation, which enables customers to achieve a 90%-95% efficiency rate for true positive and impactful incidents to improve the variety and quality of investigations.
The Gurucul Security Analytics and Operations Platform drives high-efficacy threat detection and automated response with machine learning-based behavior analytics. The following integrations with Tanium are focused on detecting risky anomalous behavior before a malicious actor can do harm:
- ML-based models for detecting anomalous user and device behavior (severity, volume-based, repeated risk devices, out-of-context user behavior, unusual sites in context to use and peer behavior, etc.)
- Provide enriched context, along with other event sources, to detect compromised hosts, in-memory malicious processes, and unusual or unknown software, etc.
- Attain a 360-degree view of users, permissions, devices, software, etc.
- Alert-prioritization using risk-scoring