Gurucul stands out as a trailblazer in the cybersecurity space by pioneering the integration of AI and machine learning (ML) technologies.
Central to their innovation is the STUDIO platform, an open analytics framework designed to empower cybersecurity professionals. This framework facilitates the development of advanced ML behavior models in-house, enabling organizations to finely tailor their security strategies to tackle evolving threats effectively. Additionally, Gurucul's STUDIO platform goes beyond internal capabilities by allowing seamless integration of third-party AI frameworks and models.
An exemplary milestone in Gurucul's journey is their pioneering work in automated threat hunting, a concept unveiled in February 2020. By leveraging sophisticated ML algorithms, Gurucul's technology assesses an array of behavioral attributes within networks and systems. This proactive approach assists in identifying anomalies, outliers and indicators of compromise. Such an early warning mechanism proves invaluable in thwarting potential threats before they escalate into substantial security breaches.
Gurucul's visionary strides in the intersection of AI, ML and cybersecurity have left a mark on the industry. Now, Gurucul looks to make another mark with the launch of its new generative AI capability called "Sme" (Subject Matter Expert) to accelerate threat detection, supercharge security investigations and automate responses.
In the detection phase, Sme AI offers proactive suggestions for threat hunting queries, resulting in improved efficacy and reduced mean time to detection. This AI-driven approach uncovers unknown threats, adapts rapidly to evolving datasets and generates new threat content based on emerging trends and insights across various customer contexts and industry verticals. The AI model is not only tailored for cyber threat detection but also covers insider threats, ITDR, identity and access-related incidents, such as account compromises and AD/LDAP attacks.
Moving to the investigation stage, Sme AI automates the triage of alerts by considering historical patterns, investigation notes, detection types and attack trends. This automated process empowers analysts to prioritize high-risk alerts, streamlining investigations by reducing the need for multiple screens, clicks and queries. Leveraging contextually enriched data further bolsters the efficiency of investigations, ensuring comprehensive analysis of incidents.
In the response phase, Sme AI automates crucial incident response activities. This includes generating customized reports, executing bulk actions and managing multi-step workflows. The platform supports natural language-based search, simplifying and expediting routine tasks and reporting. Sme AI also offers auto-response capabilities based on historical response actions, significantly minimizing manual intervention required for critical alerts. The system even suggests new Security Orchestration, Automation, and Response, or SOAR, playbooks based on alert and response action trends, streamlining the incident response process.
The long story short is that Sme AI empowers SOC analysts with powerful insights into a rich, correlated dataset across identity, security, network, enterprise and cloud platforms. It improves SOC team efficiency and helps counter the ongoing challenges of limited resources and skill sets, overwhelming alert fatigue, false positives and mis- or unprioritized alerts.
“Sme AI is purpose-built to support analysts in their day-to-day activities and help them detect, investigate and respond to threats so they can stay ahead of adversaries,” said Saryu Nayyar, CEO at Gurucul. “While attackers are using AI and manipulating common frameworks to build malware, the security community needs to invest and leverage purpose-built AI to fight this battle more effectively.”
The launch of Sme AI comes quickly after the launch of the Gurucul Security Analytics and Operations platform, Powered by Snowflake, that will enable customers to seamlessly run Gurucul’s Next-Gen SIEM, Open XDR, UEBA and Identity Analytics solutions on the Snowflake Data Cloud.
Edited by
Alex Passett
