Security
Headlines
HeadlinesLatestCVEs

Headline

Gurucul Launches Cloud-Native SOC Platform Pushing the Boundaries of Next-Gen SIEM and XDR with Identity Threat Detection and Response

Gurucul automating threat detection, investigation and response (TDIR) with advanced analytics, comprehensive threat content, and a flexible enterprise risk engine for hybrid and multi-cloud environments.

DARKReading
#mac#cisco#intel#auth

RSAC 2022, Gartner SRM 2022, and Los Angeles, Calif. – Jun 2, 2022 – Gurucul, the leader in Next-Gen SIEM, XDR, UEBA and Identity Access Analytics, today announced availability of the Gurucul Security Analytics and Operations Platform. A cloud-native, unified and modular platform for consolidating core security operations center (SOC) solutions with the vital addition of Identity Threat Detection and Response (ITDR) provides a unified next-gen SOC platform. The Gurucul platform converges the company’s award winning Next-Gen SIEM, XDR, User and Entity Behavior Analytics (UEBA), Network Traffic Analysis (NTA), Security Operations and Automation Response (SOAR), and Identity Access Analytics (IAA) into a single pane of glass that is aligned with the evolving needs of the modern enterprise threat landscape – where identity has become the new perimeter.

Gurucul’s innovative platform is purpose-built to automate and accelerate data collection, event and alert correlation, detection triage, investigation, and response to targeted attacks. It combines threat intelligence with an enterprise-class risk engine, delivering precise contextual detections, prioritized investigation, and risk-driven response actions that drastically reduce mean-time-to-detection (MTTD) and mean-time-to-response (MTTR). Gurucul’s platform can also support the most complex deployments including on-premise, hybrid, and cloud (SaaS, private, GovCloud, and multi-cloud including multi-tenancy), addressing the needs of today’s modern enterprise and managed detection and response (MDR) providers.

With increased sophistication around phishing, social engineering, credential theft, and supply chain attacks, it is more important than ever to go beyond current solutions that are overly concerned with endpoint security and focus on securing identities attached to multiple entities and devices. Based on remote work risks, accelerated cloud migration, and state-sponsored threat actor groups, there has been an increase not only in targeted and organized attack campaigns, but also insider risks and threats.

“The combination of an expanding attack surface with limited resources and constantly changing tools and techniques drives security operations teams’ need for a comprehensive and consolidated platform approach. While the endpoint is critical, we must understand and work to secure the one constant, identity, which requires a new and innovative approach to threat detection, investigation and response programs,” said Saryu Nayar, CEO of Gurucul. “Early and rapid detection occurs with a full set of endpoint, network, application, identity, cloud, and IoT telemetry context along with advanced analytics, including behavioral-based, and an extensive set of trained machine learning models. Gurucul has spent over 10 years developing specialized analytics and threat content that comprehensively covers all these datasets to eliminate manual tasks and enables automation across every stage of the security operations lifecycle.”

As organizations are transforming their SOC to support multi-cloud deployments and zero trust programs, they are looking for an end-to-end solution to help them improve security analyst effectiveness in rapidly identifying and confirming, not just threats and alerts, but the entire attack campaign. While other SIEM or XDR solutions are just starting to scratch the surface of identity, Gurucul has been a provider of Identity Analytics solutions for over a decade with robust access analytics, broad integrations with various identity systems such as IAM, PAM, HRMS, CMDB, IDaaS etc., and risk-based access remediation and authentication. In conjunction with its UEBA capabilities, Gurucul helps customers get an understanding of current-state identity access and authorization policies, and access usage anomalies and risk exposures, to plan out a robust and secure zero trust strategy. The Gurucul platform is a critical part of any ongoing zero trust program as it will continuously monitor for anomalous user behaviors, access proliferation, and access misuse/violations, ensuring zero trust policies are not being evaded by either insider or external threat actors.

“Gurucul has detection and response capability for the entire cyber kill chain, covering a range of data telemetry across complex and distributed multi-cloud deployments as well as the enterprise,” said Nilesh Dherange, CTO of Gurucul. “We’ve invested over a decade in building the most powerful suite of solutions in a single platform enabling real-time threat detection, investigation, and response for our customers with a quick ROI. The addition of identity and access based threat detection to its robust TDIR capabilities powered by advanced ML models, positions Gurucul to provide innovative solutions that address the ever-changing SOC needs.”

The Gurucul platform uniquely provides a set of core capabilities that goes beyond current Next-Gen SIEM and XDR solutions that are critical in improving security operations effectiveness, including:

  • Deployment Options – On-premise, hybrid, cloud (including SaaS, private, GovCloud, and multi-cloud).
  • Multi-Cloud Threat Detection, Investigation, and Response – Real-time data ingestion, correlation, analytics, detection, and risk driven response across multiple clouds.
  • Automated Data Pipeline – An Automated Data Interpretation Engine to ingest structured and unstructured data from any source.
  • Gurucul STUDIOTM – Advanced and fully customizable analytics that include transparent machine learning models to accommodate custom use cases.
  • Enterprise-Class Risk Engine – All-encompassing analytics-driven risk scoring to accelerate investigation with high-fidelity alerts and automated responses.
  • Threat Intel & Content – The largest library of threat models, MITRE ATT&CK coverage, and curated threat intelligence powered by Gurucul Threat Labs™.
  • Gurucul MinerTM – Contextual raw and normalized search across all data silos.
  • Risk Driven Security Control Automation – Out of the box case management, playbooks, workflows, and downstream integrations with the ability to customize.
  • Identity Threat Detection and Response – Identity-centric context across enterprise and multi-cloud environments, reduced identity and access threat plane, and automated threat detection early in the kill chain.

Availability and Pricing

The Gurucul platform is modular, delivering customized capabilities to match individual customer requirements. This includes full multi-tenancy, data segregation, flexible policy control and rapid scaling, especially suited for MDR providers. Customers can start with a single module and expand as needed with a simple license change, building towards a unified platform with no data replication or need to start over. Gurucul offers the following packaged software solutions including Next-Gen SIEM, Open XDR, UEBA, Identity Access Analytics that include or can be delivered with Network Traffic Analysis (NTA), Security Orchestration, Automation and Response (SOAR), and Fraud Analytics as stand-alone or add-on options. Gurucul’s Security Analytics and Operations Platform is available immediately from Gurucul and its business partners worldwide.

To learn more visit www.gurucul.com, or see a demo at the RSA Conference 2022 in San Francisco, Calif., June 6-9 at Booth #1443 or at Gartner SRM 2022 in National Harbor, MD, June 7-10 at Booth #1113.

About Gurucul

Gurucul is a global cyber security company that is changing the way organizations protect their most valuable assets, data and information from insider and external threats both on-premises and in the cloud. Gurucul’s real-time Cloud-native Next-gen Security Operations Platform provides customers with Open XDR, Next Generation SIEM, UEBA, and Identity Analytics. It combines machine learning behavior profiling with predictive risk-scoring algorithms to predict, prevent, and detect breaches. Gurucul technology is used by Global 1000 companies and government agencies to fight cybercrimes, IP theft, insider threat and account compromise as well as for log aggregation, compliance and risk-based security orchestration and automation for real-time extended detection and response. The company is based in Los Angeles. To learn more, visit https://gurucul.com/ and follow us on LinkedIn and Twitter.

DARKReading: Latest News

Microsoft Pulls Exchange Patches Amid Mail Flow Issues