To improve speed and intelligence of threat detection and response, Guruculs cloud-native XDR platform is adding machine learning, integration risk scoring and more.
by Anne Lessman
Tags: cloud-native, Gurucul, integration, machine learning, real-time, threat detection,
The latest upgrade to the Gurucul XDR platform adds extended detection and response alongside improved risk scoring to strengthen security operations effectiveness and productivity.
Improvements to Guruculs cloud-native solution also sport features to enable intelligent investigations and risk-based response automation. New features include extended data linking, additions to its out-of-the-box integrations, contextual machine learning (ML) analytics and risk-prioritized alerting.
The driving force behind these updates is to provide users a single pane of risk, according to Gurucul CEO Saryu Nayyar.
Most XDR products are based on legacy platforms limited to siloed telemetry and threat detection, which makes it difficult to provide unified security operations capabilities, Nayyar said.
Gurucul Cloud-native XDR is vendor-agnostic and natively built on a Big Data architecture designed to process, contextually link, analyze, detect, and risk score using data at massive scale. It also uses contextual Machine Learning models alongside a risk scoring engine to provide real-time threat detection, prioritize risk-based alerts and support automated response, Nayyar.added.
Gurucul XDR provides the following capabilities that are proven to improve incident response times:
AI/ML Suggestive Investigation and Automated Intelligent Responses: Traditional threat hunting tools and SIEMs focus on a limited number of use cases since they rely on data and alerts from a narrow set of resources. With cloud adoption increasing at a record pace, threat hunting must span hybrid on-premises and cloud environments and ingest data from vulnerability management, IoT, medical, firewall, network devices and more.
Guruculs approach provides agentless, out-of-the-box integrations that support a comprehensive set of threat hunting applications. These include: Insider threat detection, Data exfiltration, Phishing, Endpoint forensics, Malicious processes and Network threat analytics.
Incident Timeline, Visualizations, and Reporting: Automated Incident Timelines create a smart link of the entire attack lifecycle for pre-and post-incident analysis. Timelines can span days and even years of data in easy-to-understand visualizations.
Guruculs visualization and dashboarding enables analysts to view threats from different perspectives using several widgets, including TreeMap, Bubble Chart, etc., that provide full drill-down capabilities into events without leaving the interface. The unique scorecard widget generates a spider chart representation of cyber threat hunting outcomes such as impact, sustaining mitigation measures, process improvements scores, etc.
Risk Prioritized Automated Response: Integration with Gurucul SOAR enables analysts to invoke more than 50 actions and 100 playbooks upon detection of a threat to minimize damages.
Entity Based Threat Hunting: Perform contextual threat hunting or forensics on entities. Automate and contain any malicious or potential threat from a single interface.
Red Team Data Tagging: Teams can leverage red team exercise data and include supervised learning techniques as part of a continuous AI-based threat hunting process.
According to Gartner, XDR products aim to solve the primary challenges with SIEM products, such as effective detection of and response to targeted attacks, including native support for behavior analysis, threat intelligence, behavior profiling and analytics.
Further, the primary value propositions of an XDR product are to improve security operations productivity and enhance detection and response capabilities by including more security components into a unified whole that offers multiple streams of telemetry, Gartner added.
The result, the firm said, is to present options for multiple forms of detection and . . multiple methods of response.
Gurucul XDR provides the following capabilities that are proven to improve incident response times by nearly 70%:
Intelligent Centralized Investigation
Rapid Incident Correlation and Causation
Gurucul XDR is available immediately from Gurucul and its business partners worldwide.
Recommendation and review posted by Ashlie Lopez