Gurucul, a leader in unified security and risk analytics technology for on-premises and the cloud, today introduced automated intelligent threat hunting that
uses artificial intelligence (AI) and machine learning (ML) to detect
behaviors associated with cyber attacks and data breaches, while
providing the most advanced capabilities for manual investigations.
Gurucul will exhibit these new artificial intelligence enabled
capabilities next week at RSA Conference 2020 booth #2027 in San
Francisco.
Traditional
threat hunting tools and SIEMs use legacy capabilities and focus on a
limited number of use cases, since they rely on data and alerts from a
narrow set of resources. With cloud adoption increasing at a record
pace, threat hunting must span hybrid, on-premises and cloud
environments and ingest data from multi-cloud SaaS/PaaS/IaaS,
applications, infrastructure, vulnerability management, IoT, threat
intelligence, medical devices, firewall, network devices and more.
Gurucul
provides agentless, out-of-the-box integrations that collect, ingest,
and enrich data from disparate sources at massive scale, ensuring
performance and providing real-time, end-to-end visibility and context.
The new AI/ML behavior analytics for guided proactive hunting of unknown
threats, enriched with MITRE ATT&CK Framework tactics and
techniques as well as risk scoring, pre-built playbooks and case
management capabilities reduce detection and response times by 67%.
Gurucul
provides prebuilt threat libraries that include models, queries, data
features and playbooks to support a wide-range of threat hunting uses
cases like insider threat detection, data exfiltration, phishing,
endpoint forensics, malicious processes, ransomware detection and
network threat analytics, as well as cyberthreat, human centric and
entity related threat scenarios. These prepacked libraries help analysts
prioritize base activities and focus on the proactive investigation of
new and unknown threat patterns using contextual data. Meanwhile, new AI
capabilities in Gurucul MinerTM help discover impacted users, devices
and entities.
"One
of the biggest challenges associated with threat hunting is the manual
labor involved in piecing together data from various sources to trace
the origin, tactics and techniques across different stages of an
attack," said Nilesh Dherange, CTO of Gurucul. "By combining link
analysis and chaining, Gurucul automatically connects all of the events
linked to an incident and provides hybrid/borderless context without the
need for analysts to run multiple queries or use different
applications. Meanwhile, out-of-the-box threat libraries and AI/ML
guided threat hunting allows security personnel to detect, analyze, and
take immediate remediation actions confidently."
Gurucul
AI enabled threat hunting capabilities apply advanced ML algorithms to
assess a wide range of behavioral attributes to identify anomalies,
outliers and indicators of compromise. It uses more than 1600 pre-built
cybersecurity and threat hunting models that cover hundreds of the most
commonly used cloud, IoT, business, infrastructure, database and network
applications in enterprises.
End-to-End Analytics Enabled Threat Hunting
Gurucul AI/ML enabled threat hunting capabilities provide the following capabilities:
Gurucul Miner enables
natural language fast search, pivoting on any data set, saving searches
and empowering analysts to focus on investigations rather than writing
complex queries. They can also easily drill down into results by
applying additional point and click filters.
Automated Incident Timelines create
a smart link of the entire attack lifecycle for pre and post incident
analysis. Timelines can span days, and even years of data with easy to
understand visualizations.
Automated Risk Prioritized Intelligent Responses via
integration with Gurucul SOAR enables analysts to invoke hundreds of
actions and playbooks upon detection of a threat to minimize damages.
Predictive Analysis can
predict the potential next step of an attack with a summary view of
impacted devices and information about users including title,
department, location, etc., for pre-emptive remediation.
Pre-Built and Configurable Personas with
personalized dashboards and pre-built workflows to support functional
roles including Cyber Threat Team Lead, Cyber Threat Intelligence (CTI)
lead, Hunting Technician, Forensic Technician, Counter Intelligence
Tech, Counter Cyber Security Intel Technician, Network Engineer Tech and
Incident Response Liaison.
MITRE ATT&CK Framework API-based
integration covers threat hunting for industrial control systems,
enterprise and mobile, and ensures new threats are automatically
detected and prioritized using Gurucul's risk scoring mechanism.
Visualization and Dashboarding enables
analysts to view threats from different perspectives using several
widgets including Tree Map, Bubble Chart, etc., that provide full drill
down capabilities into events without leaving the interface. The unique
scorecard widget generates a spider chart representation of cyber threat
hunting outcomes such as impact, sustaining mitigation measures,
process improvements score, etc.
Metrics Reporting includes
prebuilt and easy to customize daily, weekly, monthly and annual
reporting of threats and dashboard modules that span current and past
trends, resource allocation and more.
Availability and Pricing
Gurucul
AI enabled threat hunting capabilities are available immediately from
Gurucul and its business partners worldwide. Pricing is based on users,
there are no fixed or variable costs for data. For more information
visit https://gurucul.com/solutions/intelligent-threat-hunting.