Gurucul Risk Analytics in AST Homeland Security Awards (Video)

Can You Spot an Insider?

Gurucul is changing the way government entities and enterprises protect themselves against insider threats, account compromise, data exfiltration and external intruders, both on premise and in the cloud.

Gurucul’s user behavior analytics (UBA) and identity access intelligence (IAI) technology uses machine learning and predictive anomaly detection algorithms to reduce the attack surface for accounts, unnecessary access rights and privileges and to identify, predict and prevent breaches.

Gurucul’s identity-based user behavior analytics technology is in use by government agencies and enterprises worldwide to detect insider threats, account hijacking, targeted attacks, IP and data theft, external attacks, online cyber fraud, and more.

(Gurucul is transforming the enterprise security with user behavior based machine learning and predictive analytics. Courtesy of Gurucul and YouTube)

Gurucul Risk Analytics (GRA) is an identity-centric, big-data based behavioral analytics and identity access intelligence platform that models user behavior using advanced techniques and security analytics including clustering, dynamic peer groups, and outlier machine learning to detect and predict malicious activity by both insiders and outsiders before damage is done.

360° View of Identity, Access, Activity, and Alerts for On-Premise and Cloud Applications Correlate data across on-premise and cloud applications to create contextual identity and trigger alerts: Who is the user? What is his access? What activity is he performing?
360° View of Identity, Access, Activity, and Alerts for On-Premise and Cloud Applications
Correlate data across on-premise and cloud applications to create contextual identity and trigger alerts: Who is the user? What is his access? What activity is he performing?

Gartner Market Guide for User Behavior Analytics:

Gurucul GRA is unique in its ability to monitor identity access intelligence and behaviors across users, accounts, applications and devices both on-premise and in the cloud.

The U.S. Government has been affected by an increasing number of attacks, such as those targeting the IRS and OPM, that have exposed vast amounts of sensitive information.

To detect threats early in the “kill chain,” Gurucul GRA ingests huge volumes of data generated by user access and activity across on-premise and cloud applications and resources to identify anomalous behavior that spans time, place and actions.

Gurucul CSSO Leslie K. Lambert
Leslie K. Lambert, Gurucul CSSO

“By applying machine learning simultaneously across hundreds of thousands of discrete events from multiple data sets, Gurucul GRA far exceeds traditional security “correlation” to derive actual “meaning” from behaviors with 360-degree context for identity, accounts, access and activity,” said Gurucul’s CSSO Leslie K. Lambert in CSO.

(See, “The Snowden Fallout: Two Years Later” by Leslie K. Lambert, Gurucul’s CSSO in Homeland Security Today magazine.) 

This machine learning acts as a “force multiplier” that uniquely enables Gurucul GRA to identify and alert to outlier anomalies in behavior to provide an early warning detection system for complex threats that currently proceed under the radar.

Traditional rules-based detection is unable to keep pace with today’s sophisticated, well funded, highly organized and targeted attacks. Rules are based on a historical understanding of attacks and a limited understanding of the data. They cannot predict future attack scenarios, and they generate excessive alerts.

“The Blind Spot Between The Cloud & The Data Center” by Saryu Nayyar, CEO of Gurucul in Dark Reading:—threats/the-blind-spot-between-the-cloud-and-the-data-center/a/d-id/1326063

Saryu Nayyar, CEO of Gurucul
Saryu Nayyar, CEO of Gurucul

In contrast, Gurucul GRA monitors information on how identities are being used by both humans and machines, modeling hundreds of attributes and applying machine learning algorithms to create a rich source of “context”.

Gurucul GRA derives and then leverages useful and predictive cues that are too noisy and highly dimensional for humans and traditional software to “correlate”.

Not only does this AI allow Gurucul GRA to identify security threats, even low-and-slow attacks, but also to predict a threat in its early stages, allowing for efficient remediation with extremely low false positives.

Gurucul GRA is built on the company’s proprietary PIBAE™ architecture (Predictive Identity-based Behavior Anomaly Engine) which combines big data, machine learning algorithms, dynamic peer group modeling and predictive analytics to identify anomalous behaviors across users, accounts, applications, and devices.

“Behavioral analytics vs. the rogue insider” in NetworkWorld:

Intelligent Access Analytics Real-time analytics on accounts and access to identify anomalies: improved access control and data governance.
Intelligent Access Analytics
Real-time analytics on accounts and access to identify anomalies: improved access control and data governance.

Gurucul GRA continuously monitors and contextualizes 250+ attributes to detect and rank the risk associated with anomalous activity. This provides organizations with early detection of insider threats, account hijacking, targeted attacks, IP data theft, and online cyber fraud plus providing continuous access governance for compliance.

In contrast with solutions that rely on static peer groups, Gurucul GRA automatically builds baseline behavior around identity, compares it against ‘dynamic’ peer groups and provides a real-time risk-ranked, 360 degree view of who is accessing what applications, on what devices, at what time, in what locations.

Gurucul’s dynamic peer group machine learning greatly reduces false positives, versus alternatives using static groups from Active Directory. Gurucul combines IAI with UBA data science to leverage privilege and entitlement analytics to detect and deter insider threats that stand-alone UBA misses.

“Insider threats can’t mask their behavior from Gurucul’s risk analytics” overview by Linda Musthaler, Principal Analyst with Essential Solutions, in Network World:


Alternative approaches only link UBA to on-premise infrastructures like Active Directory, so they lack visibility into cloud applications. Gurucul GRA delivers a unique hybrid-UBA approach that extends across both the data center and cloud.

Through integration with Active Directory and other data center repositories as well as cloud identity providers like Okta and Ping Identity, Gurucul aggregates, data links and analyzes activity from both cloud and on-premise identities, access, and activities to detect insider and external account hijacking threats that are currently going undetected.

An industry-first, Gurucul GRA features a self-audit capability that empowers users to monitor their accounts for risk-ranked anomalous and suspicious activity, similar to the feedback loop that credit cards and credit monitoring agencies provide for their customers.

Kuppinger Cole report on Gurucul Risk Analytics:

This helps organizations quickly detect account takeover and unauthorized and inappropriate use of privileged account credentials to access confidential files, download and misuse sensitive data. The self-audit capabilities also help detect and deter “low and slow” data exfiltration, as users will know if a login attempt was not theirs, and can immediately change their credentials and notify IT administration.

Gurucul’s time-based normalization and machine learning adapts to workflows and operational changes, reducing the complexities and challenges associated with alternative UBA solutions.

Gurucul GRA includes these integrated products that can be deployed individually or together:

  • Access Analytics Platform (AAP): can predict and prevent risk associated with excessive access permissions, access outliers and highly privileged accounts, plus define intelligent roles for dynamic access provisioning.
  • Threat Analytics Platform (TAP): identifies and predicts malicious insiders and comprised accounts using behavior and predictive machine learning algorithms, dynamic peer group modeling and contextual risk scoring.
  • Cloud Analytics Platform (CAP): provides user behavior analytics of identities, their access permissions and associated activity for Cloud applications to detect insider threats, compromised accounts, compliance violations, data leakage and support security investigations and forensic research.

GRA is a proven ‘big-data analytics’ solution that has been successfully deployed by government agencies and global Fortune 500 companies across the financial, healthcare, technology, retail and manufacturing sectors to detect and deter insider threats, cyber fraud and advanced external attacks. Customers include one of the world’s largest Internet payment companies, a top 5 US health insurer, large financial services firms, and government agencies.


Gurucul has been recognized in several high profile awards and reports, including:

  • 2016 SC Magazine US for Best Behavior Analytics/Enterprise Threat Detection platform
  • 2016 SC Magazine Europe for Best Behavior Analytics/Enterprise Threat Detection platform
  • 2015 and 2014 SINET Innovator awards
  • 2016 Cyber Defense Magazine winner in three categories: Best of Breed User Behavior Analytics Solutions for 2016, Best Insider Threat Prevention Solution for 2016, and Hot Company for Insider Threat Detection Solutions for 2016
  • 2014 Gartner Cool Vendor in Identity and Access Management

“This is, hands-down, the most sophisticated example of behavioral analytics we have seen to date. While they are not the only player in this space, their product is well thought-out and it really works well,” explained in product review of Gurucul GRA by SC Magazine

Gurucul logo

Gurucul is backed by an advisory board comprised of Fortune 500 CISOs, and world renowned-experts in government intelligence and cyber security, and was founded by seasoned entrepreneurs with a proven track record of introducing industry changing enterprise security solutions.

Gurucul technology is used globally by organizations to detect insider fraud, IP theft, external attacks and more, with a mission to help organizations protect their intellectual property, regulated information, and brand reputation from insider threats and sophisticated external intrusions.

Good luck to Gurucul GRA on becoming a Winner of the American Security Today’s Homeland Security Awards Program!

AST Homeland Security Award Astor