Gurucul announced the launch of its new generative AI capability called
Sme
(Subject Matter Expert) to accelerate threat detection, supercharge
security investigations and automate responses. Sme AI empowers Security
Operations Center (SOC) analysts with powerful insights into a rich,
correlated dataset across identity, security, network, enterprise and
cloud platforms. It will improve SOC team efficiency and help counter
the ongoing challenges of limited resources and skill sets, overwhelming
alert fatigue, false positives and mis- or unprioritized alerts.
Gurucul pioneered the use of AI and ML in cybersecurity with STUDIO,
an open analytics framework which allows users to easily build advanced
machine learning behavior models in-house and incorporate third-party
AI frameworks and models into the platform. Gurucul also led the way
with automated threat hunting capabilities, first announced in February 2020,
which applied advanced ML algorithms to assess a wide range of
behavioral attributes to identify anomalies, outliers and indicators of
compromise.
"Gurucul was founded more than a decade ago on the idea that the
application of ML and AI on large data was an enabler for cybersecurity.
The recent widespread acceptance and use of Generative AI validates our
continued investment and innovation in ML and AI," said Saryu Nayyar,
CEO at Gurucul. "Sme AI is purpose-built to support analysts in their
day-to-day activities and help them detect, investigate and respond to
threats so they can stay ahead of adversaries. While attackers are using
AI and manipulating common frameworks to build malware, the security
community needs to invest and leverage purpose-built AI to fight this
battle more effectively."
Gurucul Sme AI dramatically improves threat detection and response capabilities:
Detect
-
Provides proactive suggestions for detections and threat hunting
queries. This increases threat hunting efficacy, reduces mean time to
detection (MTTD), uncovers unknown threats and indicators, and quickly
adapts to changing/dynamic/new datasets at a speed impossible for humans
to manage alone.
-
Creates new threat content based on recent trends, learnings across
customers and industry verticals to dynamically build detection rules,
models, queries, reports and more.
-
Trained not only for cyber threat detection but also insider threat and
ITDR, identity and access-based incidents including account compromise,
AD/LDAP attacks, etc.
Investigate
-
Auto-triages alerts based on historical triage patterns, investigation
notes, types of detection, relevance, attack trends, etc. This helps
analysts prioritize the investigation of the riskiest alerts, empowers
users and speeds up investigations by moving away from multiple screens,
clicks, queries and streamlining other interactions with the platform.
-
Leverages contextually aware and enriched data for efficient investigations.
Respond
-
Automates key incident response activities with ease including creating
custom reports, taking bulk actions, and multi-step workflows.
-
Supports natural language-based, free-form search to simplify and accelerate typical tasks and reporting.
-
Provides auto-response based on historical response actions to significantly reduce manual steps for critical alerts.
-
Recommends new SOAR playbooks based on the alerts and response action trends.
"This feature is the most recent example of how Gurucul is upholding our
guiding principles of improving the user experience and fostering
better collaboration," says Nilesh Dherange, CTO at Gurucul. "We are
constantly working to improve the reliability of our Sme AI by
augmenting it with traditional ML techniques, scoping down attributes,
workflows, and more."