In the era of increasingly sophisticated cyber crimes and attacks, security awareness among businesses is growing. From small to large, businesses are focused to adopt comprehensive security to fight and protect against various breaches. But as they are growing, the attackers are moving towards the next step. Companies are planning to not only safeguard themselves from new types of threats and attacks.
We spoke to Nilesh Dherange, Chief Technology Officer, Gurucul, to understand the current landscape and future.
What are the current evolving threat landscapes?
The threat landscape is constantly changing. The advent of IoT, Mobile apps and cloud adoption has led to exponential data growth which is difficult to manage and beyond the capabilities of human analysis. Attackers are becoming more sophisticated, are increasingly using automation and Insider threats continues to rise.
Historic static controls are not enough, and organizations need to change the way they assess risk. Automation of front-end security controls is the key and future of security is in big data and data analytics. This is exactly the area where Gurucul is focused on and we help organizations protect data using AI Driven security analytics and fraud analytics solution focusing on behaviour-based security intelligence.
How is Gurucul enhancing comprehensive capabilities?
Gurucul is helping customers build behaviour-based security analytics platform and our 1000 plus machine learning models help detect unknowns. We do this by building behaviour profiles and baselines and build context around the user, identity and entity. Our solution starts looking at normal behaviour comparing it to new activities and raise alerts on risky anomalous behaviour. Our big data agnostic comprehensive behaviour analytics solutions help customers holistically quantify risk as quickly as possible.
How User & Entity Behavior Analytics is transforming security and fraud management?
Behaviour analytics is one of the most powerful new security controls and is especially relevant in detecting and preventing fraud. Legacy fraud prevention solutions are looking at siloed data feeds just the credit card transactions data, or the payments data, etc. Gurucul Fraud Analytics can link data from a multitude of sources to provide a contextual view and highlight anomalous transactions, based on historic user and community profiles. It analyzes online and offline activity: public records, contact center interactions, point of sale transactions and ATM transactions. Gurucul Fraud Analytics mines and normalizes data, and then creates a risk score for fraud and abuse. It’s used for real-time decision making or batch scoring of an event. It can also provide scores and risk factors for other systems to use in a decision.
How are you leveraging user behaviour technologies?
Customers in the same industry often have the same security issues. We are able to leverage our customer’s successes in specific industries to expand our overall reach within that industry. In this way, we have increased our customer base in the following industries by better understanding how UEBA can uniquely solve cybersecurity issues for organizations in - Healthcare, Finance, Hi-Tech, Government and manufacturing.
How Big data analytics and automation is minimizing noise on security alerts?
The future of security is all about big data analytics and automation of front-end security controls. The real deal is in finding how risky is the anomalous behaviour. Organizations are flooded with alerts and the only way to reduce noise is real-time risk prioritized contextual alerts. This Risk scoring helps in cutting through the false positives.
A few use cases, where Gurucul has helped its customers
Gurucul has been helping customers across industries. We have helped one of largest health insurance providers create efficiencies with model-driven security. The customer is using the risk score generated from Gurucul to do things like automatically provision or automatically de-provision access to systems and that's a time-saver. They feed it into their Data Loss Prevention (DLP) solution, so it will make decisions on what people can and can't email based on their risk score. This is a great example of model-driven security where our customer is relying on the models to set risk scores. Then, they are taking action on those risk scores with no human intervention. If that user’s risk score goes up, that user can no longer send certain emails outside of the organization. The customer is also leveraging Gurucul to help reduce Health Savings Account (HAS) fraud for their consumers. They've developed models that look at things like odd transactions with HSA accounts, and they can alert their fraud team to investigate that further. That's a service they provide to 8,000,000 HSA members.
Similarly, one of our customers – a global leader in consulting and technology Services – is leveraging advanced security analytics beyond traditional SIEM policies. They are using Gurucul UEBA to predict and detect unknown threats in their environment as well as to reduce false positives and operational overhead with risk-prioritized alerts. Gurucul finds real positive cases and reduces a lot of false positives generated by the SIEM. Gurucul has also been able to reduce the false positives on the identity and access analytics area. There are two use cases: (1) privilege user monitoring or privilege identity misuse, and (2) identity and access analytics. The customer has over 200,000 employees – it’s a very difficult task to detect the identity and access related issues or get the details of different project teams and how they are handling identities and access. They are using Gurucul to detect all the anomalies around identity and access entitlements.