Gurucul behaviour-based network
traffic analysis detects unknown threats
urucul, a leader in behaviour-
based security and fraud
analytics technology for on-
premises and the cloud, has announced
the Gurucul Network Behaviour Analytics
(NBA) solution. It leverages Gurucul’s
advanced Machine Learning analytics to
provide identification of advanced and
unknown cyberthreats.
G
The Gurucul Network Behaviour Analytics
solution delivers flexible entity modelling
to monitor and identify unusual, risky
behaviour from any entity. This includes
traditional devices like workstations,
servers and firewalls, as well as extended
network devices such as Robotic
Process Automation (RPA) processes, IoT
devices (CCTV, vending machines), OT
infrastructure (automation sensors used
in manufacturing and utility industries)
and point of sale (POS) devices.
By applying behavioural analysis to
network traffic, a network traffic analysis
solution can help organisations identify
suspicious activities that conventional
cybersecurity tools would overlook.
www.intelligentciso.com
|
Issue 17
Gurucul Network Behaviour Analytics
identifies unknown threats using
advanced Machine Learning algorithms
on network flows and packet data.
The solution uses entity models to create
behaviour baselines for every device
and machine on the network based on
network flow data such as source and
destination IPs/machines, protocol and
bytes in/out. It also leverages DHCP logs
to correlate IP specific data to machines
and users.
Gurucul Network Behaviour Analytics
comes with pre-packaged Machine
Learning models pre-configured and
tuned to run on high frequency network
data streams to detect real-time anomalies
and to risk rank threats. Tied into the
Gurucul User and Entity Behaviour
Analytics (UEBA) platform, the solution
provides 360-degree visibility across
network, identity, access and activity on
enterprise applications or systems.
This contextual linked data and extensive
library of out-of-the-box behaviour and
Nilesh Dherange, Chief Technology
Officer for Gurucul
threat models help identify advanced and
unknown threats like zero-day exploits,
fileless malware, and ransomware. It
does so by detecting unusual behaviour
on a given entity (e.g. server, IP, device),
related lateral movement within the
network, command and control (C2)
communication, suspicious account
activity from a compromise account
and access misuse. The product’s data
processing and analytics framework
quickly detects threats in real-time, as
well as uncovers APT/Stealth attacks
which lay dormant between various
stages of a cyberattack. u
59
“The adoption of cloud, mobile and
IoT technologies is creating a much
larger attack surface, while exposing
organisations to entirely new categories
of security threats including malicious
bots and scripts,” said Nilesh Dherange,
Chief Technology Officer for Gurucul.
“As a result, addressing entity-based
security threats in the network has
become imperative. With very few
inherent means to monitor devices and
their behaviours, Gurucul’s network
traffic analysis technology provides
valuable detection, risk-scoring and
alerting capabilities to pre-empt
malicious activity.”
Gurucul Network
Behaviour Analytics