Gurucul Network Behavior Analytics solution provides identification of advanced and unknown cyber threats

By | 9:11 PM Leave a Comment

Gurucul, a leader in behavior based security and fraud analytics technology for on-premises and the cloud, announced the Gurucul Network Behavior Analytics (NBA) solution, the industry’s most advanced Network Traffic Analysis product.

It leverages Gurucul’s advanced machine learning analytics to provide identification of advanced and unknown cyber threats.

The Gurucul Network Behavior Analytics solution delivers flexible entity modeling to monitor and identify unusual, risky behavior from any entity.

This includes traditional devices like workstations, servers and firewalls, as well as extended network devices such as Robotic Process Automation (RPA) processes, IoT devices (CCTV, vending machines), OT infrastructure (automation sensors used in manufacturing and utility industries) and point of sale (POS) devices.

Most organizations tend to rely on network monitoring tools for checking the health of the network. These tools detect and report failures of devices or connections. However, they cannot repair problems, nor can they find unknown threats.

By applying behavioral analysis to network traffic, a network traffic analysis solution can help organizations identify suspicious activities that conventional cybersecurity tools would overlook.

“The adoption of cloud, mobile and IoT technologies is creating a much larger attack surface, while exposing organizations to entirely new categories of security threats including malicious bots and scripts,” said Nilesh Dherange, Chief Technology Officer for Gurucul.

“As a result, addressing entity-based security threats in the network has become imperative. With very few inherent means to monitor devices and their behaviors, Gurucul’s network traffic analysis technology provides valuable detection, risk-scoring and alerting capabilities to preempt malicious activity.”

Gurucul Network Behavior Analytics

Gurucul Network Behavior Analytics identifies unknown threats using advanced machine learning algorithms on network flows and packet data.

The solution uses entity models to create behavior baselines for every device and machine on the network based on network flow data such as source and destination IPs/machines, protocol and bytes in/out. It also leverages DHCP logs to correlate IP specific data to machines and users.

Gurucul Network Behavior Analytics comes with pre-packaged machine learning models pre-configured and tuned to run on high frequency network data streams to detect real-time anomalies and to risk rank threats.

Tied into the Gurucul User and Entity Behavior Analytics (UEBA) platform, the solution provides 360-degree visibility across network, identity, access and activity on enterprise applications or systems.

This contextual linked data and extensive library of out-of-the-box behavior and threat models help identify advanced and unknown threats like zero-day exploits, fileless malware, and ransomware.

It does so by detecting unusual behavior on a given entity (e.g. server, IP, device), related lateral movement within the network, command and control (C2) communication, suspicious account activity from a compromised account and access misuse.

The product’s data processing and analytics framework quickly detects threats in real-time, as well as uncovers APT / Stealth attacks which lay dormant between various stages of a cyberattack.


from Help Net Security https://ift.tt/2GFahxH

0 comments:

Post a Comment