Download Gurucul

Gurucul Palo Alto Networks Technology AllianceWhile Gurucul predicts, detects, and performs threat hunting use cases with its machine learning and data science techniques, the platform also exposes its data to Cortex XSOAR. Gurucul assigns a risk score for every user and entity for which anomalies are triggered. The risk scores along with anomaly metadata such as threat indicators, behavior baselines, event details etc. are passed to Cortex XSOAR to trigger appropriate remediation actions per their response playbooks. Gurucul supports API based integration with Cortex XSOAR that allows the system to perform an on-demand retrieval of Gurucul’s data and create incidents.Gurucul uses a risk-based approach to help analysts prioritize the right incident that will make the most impact for investigation. This has enabled customers to achieve a 99.5% efficiency rate for true positive and impactful incidents and improve the variety and quality of the investigations. Analysts can gather more data from out-of- the-box Gurucul commands to complete and close investigations in Cortex XSOAR. Analysts can also configure the complex playbooks and workflows in Cortex XSOAR to be triggered automatically without Analyst involvement to reduce response times.The Gurucul Cortex XSOAR integration workflow is as follows:High risk users and entities identified in the Gurucul platform are passed to Cortex XSOAR. The data sent includes user/entity attributes, risk score, accounts, context, anomalies triggered, etc.An Incident is created for each high risk user and entity within Gurucul case management.The incidents and corresponding data are passed to Cortex XSOAR.The appropriate workflow configured in Cortex XSOAR is triggered for remediation action – either automaticallyor via an admin.Incidents created in Cortex XSOAR will have mandatory attributes/fields populated.All the calls and actions to be recorded at War-Room for audits. Download Datasheet ⟶

One constant, identity, which requires a new and innovative approach to threat detection, investigation and response programs,” said Saryu Nayar, CEO of Gurucul. “Early and rapid detection occurs with a full set of endpoint, network, application, identity, cloud, and IoT telemetry context along with advanced analytics, including behavioral-based, and an extensive set of trained machine learning models. Gurucul has spent over 10 years developing specialized analytics and threat content that comprehensively covers all these datasets to eliminate manual tasks and enables automation across every stage of the security operations lifecycle.”As organizations are transforming their SOC to support multi-cloud deployments and zero trust programs, they are looking for an end-to-end solution to help them improve security analyst effectiveness in rapidly identifying and confirming, not just threats and alerts, but the entire attack campaign. While other SIEM or XDR solutions are just starting to scratch the surface of identity, Gurucul has been a provider of Identity Analytics solutions for over a decade with robust access analytics, broad integrations with various identity systems such as IAM, PAM, HRMS, CMDB, IDaaS etc., and risk-based access remediation and authentication. In conjunction with its UEBA capabilities, Gurucul helps customers get an understanding of current-state identity access and authorization policies, and access usage anomalies and risk exposures, to plan out a robust and secure zero trust strategy. The Gurucul platform is a critical part of any ongoing zero trust program as it will continuously monitor for anomalous user behaviors, access proliferation, and access misuse/violations, ensuring zero trust policies are not being evaded by either insider or external threat actors.“Gurucul has detection and response capability for the entire cyber kill chain, covering a range of data telemetry across complex and distributed multi-cloud deployments as well as the enterprise,” said Nilesh Dherange, CTO of Gurucul. “We’ve invested over a decade in building the most powerful suite of solutions in a single platform enabling real-time threat detection, investigation, and response for our customers with a quick ROI. The addition of identity and access based threat detection to its robust TDIR capabilities powered by advanced ML models, positions Gurucul to provide

Content, provide demonstrations, and guide participants through hands-on exercises and practical scenarios.Remote training provides the convenience of attending training sessions from the comfort and convenience of our customers own location while still receiving live instruction and interaction with the instructor. Participants can ask questions, engage in discussions, and receive real-time guidance during the training sessions.Self-Service TrainingGurucul provides self-service training options to empower users to learn at their own pace. These self-service training resources are designed to offer flexibility and convenience, allowing users to access training materials and resources whenever and wherever they prefer. Some of the self-service training options provided by Gurucul include:Online Documentation: Gurucul offers comprehensive online documentation that covers various aspects of their product’s features, functionalities, and configurations. Users can access this documentation to learn about specific topics or dive deeper into specific areas of interest.Knowledge Base: Gurucul maintains a knowledge base that contains articles, guides, FAQs, and troubleshooting information. Users can search the knowledge base to find answers to common questions or to explore specific topics of interest.Community Forums: Gurucul has online community forums where users can interact with each other, share knowledge, ask questions, and learn from the experiences of others. These forums can be a valuable resource for self-learning and collaboration.Webinars and Recorded Sessions: Gurucul may provide webinars or recorded sessions on specific topics or product updates. These sessions can be accessed on-demand, allowing users to learn at their own convenienceBy providing self-service training options, Gurucul enables users to access resources and learn at their own pace, empowering them to explore and utilize the product’s capabilities effectively.

Innovative solutions that address the ever-changing SOC needs.”The Gurucul platform uniquely provides a set of core capabilities that goes beyond current Next-Gen SIEM and XDR solutions that are critical in improving security operations effectiveness, including:Deployment Options – On-premise, hybrid, cloud (including SaaS, private, GovCloud, and multi-cloud).Multi-Cloud Threat Detection, Investigation, and Response – Real-time data ingestion, correlation, analytics, detection, and risk driven response across multiple clouds.Automated Data Pipeline – An Automated Data Interpretation Engine to ingest structured and unstructured data from any source.Gurucul STUDIOTM – Advanced and fully customizable analytics that include transparent machine learning models to accommodate custom use cases.Enterprise-Class Risk Engine – All-encompassing analytics-driven risk scoring to accelerate investigation with high-fidelity alerts and automated responses.Threat Intel & Content – The largest library of threat models, MITRE ATT&CK coverage, and curated threat intelligence powered by Gurucul Threat Labs™.Gurucul MinerTM – Contextual raw and normalized search across all data silos.Risk Driven Security Control Automation – Out of the box case management, playbooks, workflows, and downstream integrations with the ability to customize.Identity Threat Detection and Response – Identity-centric context across enterprise and multi-cloud environments, reduced identity and access threat plane, and automated threat detection early in the kill chain.Availability and PricingThe Gurucul platform is modular, delivering customized capabilities to match individual customer requirements. This includes full multi-tenancy, data segregation, flexible policy control and rapid scaling, especially suited for MDR providers. Customers can start with a single module and expand as needed with a simple license change, building towards a unified platform with no data replication or need to start over. Gurucul offers the following packaged software solutions including Next-Gen SIEM, Open XDR, UEBA, Identity Access Analytics that include or can be delivered with Network Traffic Analysis (NTA), Security Orchestration, Automation and Response (SOAR), and Fraud Analytics as stand-alone or add-on options. Gurucul’s Security Analytics and Operations Platform is available immediately from Gurucul and its business partners worldwide.To learn more visit www.gurucul.com, or see a demo at the RSA Conference 2022 in San Francisco, Calif., June 6-9 at Booth #1443 or at Gartner SRM 2022 in National Harbor, MD, June 7-10 at Booth