TMCnet News

Gurucul STUDIO™ Enables IT Security Teams to Build Custom Machine Learning Models that Detect User & Entity based Threats and Risks
[October 25, 2016]

Gurucul STUDIO™ Enables IT Security Teams to Build Custom Machine Learning Models that Detect User & Entity based Threats and Risks


Gurucul, a leader in user and entity behavior analytics (UEBA) and identity analytics (IdA) for on-premises and the cloud, today announced Gurucul STUDIO™ which enables customers to easily build advanced machine learning behavior models in-house to detect anomalies for predictive risk scoring.

Gurucul STUDIO's graphical interface enables security professionals with no coding and a minimal knowledge of data science to create custom models via a guided step-by-step process for attributes from any on-premises or cloud data source. Machine learning models go beyond rules, patterns and signatures to identify access risks and unknown threats by detecting when users deviate from their and their peers normal base lines of activity.

Gurucul STUDIO extends the Gurucul GRA platform's existing library of more than 200 pre-built machine learning models. Now, customers with unique requirements or certain legacy data can build their own custom models within the new Advanced Analytics FrameworkTM. Gurucul STUDIO, like Gurucul GRA, supports an open choice of big data sources, both on premises or in the cloud, including Hadoop, Cloudera, Hortonworks, MapR or Elastic (ELK stack). Meanwhile, Gurucul's new Flex Data Connector capability enables customers using STUDIO to create custom data connectors without waiting on vendor product roadmaps or hiring professional services.

"Customers in certain industries, including government and the intelligence community, are unable to share with us the confidential data sources or use cases for custom machine learning behavior models," said Nilesh Dherange, CTO for Gurucul. "That's why we created Gurucul STUDIO. Now any organization with a mature IT security team can create their own unique models and enhance existing behavior models since they don't need data science expertise or to perform any coding."

Gurucul STUDIO Overview

An integrated component within Gurucul GRA, Gurucul STUDIO offers the following new capabilities:

Advanced Analytics Framework ™ - delivers a complete behavior-based machine learning model framework where no coding and only minimal knowledge of data science is required. Guidance is provided at each step for attribute selection, training and baselining parameters, predction thresholds and scoring, plus providing feedback on detected anomalies in production. Models are self-learning and self-training to optimize over time with the ability to update base lines as desired.



Decoupled Big Data Support - enables models to compute and use data from an open choice of big data infrastructures including: Hadoop, Cloudera, Hortonworks, MapR or Elastic (ELK stack). Hybrid environments are increasingly being used to deploy data lakes on-premise and in the cloud to store data for value and reduce data transfer and indexing fees. Shared analytics from on-premises and cloud hybrid models provides 360-degree visibility of identity, accounts, access and activity for anomaly detection and predictive risk scoring.

Flex Data Connector - enables any custom or unique data with desired attributes to be ingested into GRA for access within STUDIO for behavior analytics. No waiting on roadmaps or professional services, the Flex Data Connector provides the ability to access data with known methods to map fields to attributes. A flexible meta model within GRA allows the customization or addition of new attributes. Mainframe data, new SaaS (News - Alert) applications, or cloud access security brokers (CASB) are a few example data sources where the Flex Data Connector provides leverage for data ingestion.


Analytics Response Code (ARC) ™ - provides a numerical value alongside a predictive security risk score for bi-directional API integration with other security solutions such as authentication, DLP, SIEM or IAM. The ARC numerical value also links to a business friendly risk and threat description for security analysts to view. More and more customers desire a closed-loop API deployment for automated response when possible. Common uses include step-up authentication, risk-ranked DLP and SIEM alerts, and access outlier certifications.

Model Optimization Per Environment - enables the development of custom models for UEBA, IdA and cloud security that span hybrid on-premises and cloud infrastructures. Customers can develop multiple model variations in a lab environment to determine which model detected the anomaly and how it risk scored, adjust risk weightings, provide model feedback and review behavior profile comparisons. The most effective models can be moved to a test environment for staging into production. This process also validates data source continuity, as well as cleanliness and quality between environments. Since lab projects often require privacy when deployed in production, GRA provides roles based access and data masking through workflow, plus tokenization and encryption of data.

"Gurucul STUDIO builds upon our innovation and leadership for predictive security analytics in hybrid environments by extending data science with step-by-step do it yourself capabilities," said Saryu Nayyar, CEO of Gurucul. "Like Self Audit, which enlists user context to detect access risks and unknown threats, and intelligent roles / dynamic provisioning that reduce the attack surface for identity, Gurucul STUDIO is an industry first."

Availability
Gurucul STUDIO™ is available immediately at no extra cost as part of Gurucul GRA release v6.0 or higher.

About Gurucul
Gurucul is changing the way enterprises protect themselves against insider threats, account compromise and data exfiltration on-premises and in the cloud. The company's user and entity behavior analytics (UEBA) and identity analytics (IdA) technology uses machine learning anomaly detection and predictive risk-scoring algorithms to reduce the attack surface for accounts, unnecessary access rights and privileges, and to identify, predict and prevent breaches. Gurucul technology is used globally by organizations to detect insider threats, cyber fraud, IP theft, external attacks and more. The company is based in Los Angeles. To learn more, visit http://www.gurucul.com/ and follow us on LinkedIn and Twitter.


[ Back To TMCnet.com's Homepage ]