DATA SHEET

Gurucul SOAR
Trusted Automation and Orchestration of Response Through Risk-Driven
Prioritization

Business Challenge context and analytics. Gurucul SOAR then creates

a precise set of workflows and case management
The average length of time an attacker remains
actions, or playbooks dynamically structured based
within an organization has extended to well over 6
on what we’ve learned about the specific customer
months. This is often described as Attacker “Dwell
environment. The response capabilities are then
Time”. However, as an attack is discovered by
prioritized through our enterprise-class risk engine,
either security teams or through a third party, the
that leverages multiple threat intelligence sources,
gap between the attack being discovered and the
and scored to guide analysts in achieving maximum
eradication of the attack on average is over two
efficiency and minimal disruption when doing
months. During this time attackers often accelerate
remediation.
their activity, such as data theft or extortion,
but also detonation of ransomware. Security Automate and Orchestrate Responses Based
Orchestration, Automation and Response (SOAR) on Risk
solutions have been built to accelerate response to
Gurucul enterprise-risk engine as part of our overall
shrink the time between detection and remediation.
platform and powered by GRA, works with Gurucul
However, these solutions are only as good as
SOAR to generate risk scores that are updated in
the detection and investigation that leads to the
real-time time as data is processed and analytics
playbooks and response actions. False positives
are run.
and poor accuracy have forced SOAR vendors to
Behavior patterns are represented mathematically,
build response playbooks that are too broad to
and as threats are detected and risk levels
be effective and require more investigation and
change the score is updated dynamically. These
customization. This renders them nothing more than
are applied to both individual response actions
guidebooks versus enabling automated response
as well as with the overall playbook generated.
thereby lengthening the time to remediate.
However, Gurucul SOAR generated playbooks are
Critical Capabilities adapted to the customer’s environment based on
our analytics and trained machine learning. Along
Gurucul’s Risk-Driven SOAR provides security
with our unique approach that provides open and
teams with security workflows for responding
transparent visibility into our machine learning
rapidly to active attack campaigns. Gurucul SOAR,
models, we provide context and associated risk to
powered by Gurucul Risk Analytics (GRA) and
give customers the ability to seamlessly automate
trained machine learning, is able to provide a full
remediation actions based on a risk score or a
understanding of the entire attack campaign with
change in risk score.

gurucul.com
No other vendor offers a risk-driven approach to Leverage Extensive 3rd Party Integrations
SOAR. Gurucul leverages its enterprise risk scoring
Gurucul provides seamless integration with hundreds
engine to codify and risk-rank threats from 1 to 100.
of downstream security solutions out-of- the-
Gurucul generates this unified risk score for every
box. This lets the SOAR trigger appropriate risk
user and entity for which anomalies are triggered.
remediation actions on-premises or in the cloud
The risk scores along with anomaly metadata
using your existing security solutions. Gurucul
like resource and event are then used to trigger
also supports integration with a huge number of
appropriate remediation action per the response
third- party tools to facilitate end-to-end incident
playbook. In addition, Gurucul supports API based
management.
integration with preventative security solutions to
block, disable or isolate risky users and entities to Key Benefits
minimize the risk.
Increase efficiency and significantly reduce incident
Customize Incident Response Playbooks response times for the Security Operations Team:

Out-of-the box, Gurucul includes hundreds of Prioritize response actions automatically

playbooks with workflows for automating incident tailored to your specific environment or through
response actions. It doesn’t stop there. Customers fully customizable playbooks.
can create their own customized machine learning Create high-fidelity targeted response that
models and associated workflows that lead to minimizes disruption to IT operations.
targeted playbooks or create their own custom
Automate gathering relevant context and
playbooks to address their specific challenges and
analysis for validation.
concerns. Playbook Task Linking adds micro playbook
services to standard processes, which can then be Leverage included contextual case
linked together in workflows to allow for different management or integrate seamlessly with
remediation paths. This enables customers to reuse existing case management.
SOAR workflow components once they are built. Enhance collaboration across your organization
to remediate threats through shared context and
Automate Even Faster with Included Case
concise recommended responses.
Management
Gurucul provides built-in comprehensive case Why Gurucul?
management capabilities that go beyond just
Adaptability, transparency, and flexibility runs
playbooks allowing users to track incidents. The
through the entire platform. Orchestration can start
platform leverages automated incident timelines
with generating a ticket in the organization’s existing
that create smart links of the entire attack lifecycle
ticketing system. Then responses and remediation
for pre- and post-incident analysis, grouping
can be automated through the organization’s security
alerts from related transactions into a single case.
stack authentication systems, network, system, and
Risk remediation responses can be automated
endpoint defenses. Automated reactions are tailored
based on risk scores, resource type, anomaly type,
to risk and can range from simply alerting the SOC
categorization, etc. Cases can be reassigned, closed
to an event, to completely isolating and quarantining
as risk accepted, or sent for model review feedback.
the risky entity, whether they are a user, a host, a
Case management has RBAC and privacy capabilities
system, or other asset in the environment.
allowing cross-functional teams to collaborate easily.
Incident data can be segregated and masked per job
function, business unit, location, etc.

gurucul.com
 Top Use Cases
Contextual Threat Hunting
Unlike existing solutions like SIEM and XDR, which
require manual threat hunting, Gurucul is able to
automate the collection and correlation of analyzed
events and link together seemingly disparate events
and even individual threats to fully formulate the
scope of the attack campaign.
Precise Containment of Malware Infections
With Gurucul’s included threat models and content,
we can take the vast array of telemetry such as
endpoint, network, IoT, identity, cloud analytics along
with user and entity behavioral analytics, to detect
a threat much more rapidly versus solutions that
simply correlate different and siloed analytics. By
understanding assets, users, identity, and even
application usage we can provide more precise
response actions tor quarantining users, hosts, or
applications at a granular level instead of negatively
impacting resource availability through broad and
less customized actions.
Vulnerability Patching
As Gurucul identifies risks through our enterprise risk
engine, we can also pull in vulnerability and threat
intelligence data. This allows us to align patching and
remediation efforts with active threats. Once these
actions are done, the organization is then protected
from potential follow- on attacks and certain variants
that continue to exploit unpatched vulnerabilities.
The contextual information provided and prioritization
is critical for security operations teams to work with
individuals responsible for vulnerability management
and/or patch management.

Contact Us: We welcome your questions or feedback at info@gurucul.com.

About Gurucul
Gurucul is a global cyber security company that is changing the way organizations protect their most valuable
assets, data and information from insider and external threats both on-premises and in the cloud. Gurucul’s
real-time Cloud-Native Security Analytics and Operations Platform provides customers with Next Generation
SIEM, XDR, UEBA, and Identity Analytics in a single unified platform. It combines machine learning behavior
profiling with predictive risk-scoring algorithms to predict, prevent, and detect breaches. Gurucul technology is
used by Global 1000 companies and government agencies to fight cybercrimes, IP theft, insider threat and
account compromise as well as for log aggregation, compliance and risk-based security orchestration and
automation for real-time extended detection and response. The company is based in Los Angeles. To learn more,
visit gurucul.com and follow us on LinkedIn and Twitter.

Gurucul | 222 North Pacific Coast Highway, Suite 1322 | El Segundo, CA 90245 | 213-259-8472 | sales@gurucul.com | www.gurucul.com

@ 2022 Gurucul. All rights reserved.