Gurucul Launches Sme AI for Advanced Threat Detection, Investigations and Rapid Mitigation

Gurucul Launches Sme AI for Advanced Threat Detection, Investigations and Rapid Mitigation

By Greg Tavarez

Gurucul stands out as a trailblazer in the cybersecurity space by pioneering the integration of AI and machine learning (ML) technologies.

Central to their innovation is the STUDIO platform, an open analytics framework designed to empower cybersecurity professionals. This framework facilitates the development of advanced ML behavior models in-house, enabling organizations to finely tailor their security strategies to tackle evolving threats effectively. Additionally, Gurucul's STUDIO platform goes beyond internal capabilities by allowing seamless integration of third-party AI frameworks and models.

An exemplary milestone in Gurucul's journey is their pioneering work in automated threat hunting, a concept unveiled in February 2020. By leveraging sophisticated ML algorithms, Gurucul's technology assesses an array of behavioral attributes within networks and systems. This proactive approach assists in identifying anomalies, outliers and indicators of compromise. Such an early warning mechanism proves invaluable in thwarting potential threats before they escalate into substantial security breaches.

Gurucul's visionary strides in the intersection of AI, ML and cybersecurity have left a mark on the industry. Now, Gurucul looks to make another mark with the launch of its new generative AI capability called "Sme" (Subject Matter Expert) to accelerate threat detection, supercharge security investigations and automate responses.

In the detection phase, Sme AI offers proactive suggestions for threat hunting queries, resulting in improved efficacy and reduced mean time to detection. This AI-driven approach uncovers unknown threats, adapts rapidly to evolving datasets and generates new threat content based on emerging trends and insights across various customer contexts and industry verticals. The AI model is not only tailored for cyber threat detection but also covers insider threats, ITDR, identity and access-related incidents, such as account compromises and AD/LDAP attacks.

Moving to the investigation stage, Sme AI automates the triage of alerts by considering historical patterns, investigation notes, detection types and attack trends. This automated process empowers analysts to prioritize high-risk alerts, streamlining investigations by reducing the need for multiple screens, clicks and queries. Leveraging contextually enriched data further bolsters the efficiency of investigations, ensuring comprehensive analysis of incidents.

In the response phase, Sme AI automates crucial incident response activities. This includes generating customized reports, executing bulk actions and managing multi-step workflows. The platform supports natural language-based search, simplifying and expediting routine tasks and reporting. Sme AI also offers auto-response capabilities based on historical response actions, significantly minimizing manual intervention required for critical alerts. The system even suggests new Security Orchestration, Automation, and Response, or SOAR, playbooks based on alert and response action trends, streamlining the incident response process.

The long story short is that Sme AI empowers SOC analysts with powerful insights into a rich, correlated dataset across identity, security, network, enterprise and cloud platforms. It improves SOC team efficiency and helps counter the ongoing challenges of limited resources and skill sets, overwhelming alert fatigue, false positives and mis- or unprioritized alerts.

“Sme AI is purpose-built to support analysts in their day-to-day activities and help them detect, investigate and respond to threats so they can stay ahead of adversaries,” said Saryu Nayyar, CEO at Gurucul. “While attackers are using AI and manipulating common frameworks to build malware, the security community needs to invest and leverage purpose-built AI to fight this battle more effectively.”

The launch of Sme AI comes quickly after the launch of the Gurucul Security Analytics and Operations platform, Powered by Snowflake, that will enable customers to seamlessly run Gurucul’s Next-Gen SIEM, Open XDR, UEBA and Identity Analytics solutions on the Snowflake Data Cloud.

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

Related Articles

LogMeIn Rescue, to the Rescue: Forrester Studies GoTo's Support Capabilities

By: Alex Passett    9/22/2023

Over a period of three years, a Forrester Total Economic Impact (TEI) study examined the business and financial benefits of LogMeIn Rescue, a flagship…

Read More

Canadian Managed IT Services Gear Up for Cybersecurity Awareness Month

By: Contributing Writer    9/22/2023

October, prominently known as Cybersecurity Awareness Month, is an annual observance and an intensified rally for Canada's premier IT service provider…

Read More

ITEXPO Exhibitor RingLogix Looks to TeamMate to Open New Possibilities for MSPs

By: Greg Tavarez    9/21/2023

The RingLogix and TeamMate collaboration enables MSPs to get the most out of Microsoft Teams as a collaboration solution.

Read More

Acronis Introduces Advanced Automation for MSPs

By: Stefania Viscusi    9/21/2023

Acronis Advanced Automation addresses a common challenge faced by MSPs, the increasing complexities businesses face with so many different initiatives…

Read More

Comprehensive Cybersecurity Solutions: Rackspace Taps Palo Alto Networks

By: Alex Passett    9/20/2023

Strengthening organizations' abilities to stay ahead of progressively evolving cyber threats and attackers is key. That's why Rackspace Technology has…

Read More