Gurucul has brought to market Sme (Subject Matter Expert) AI, a generative AI capability designed to help security operations center (SOC) analysts speed up threat detection, investigation and response, according to the company.
The company is showcasing Sme AI at the Black Hat USA conference, which is taking place in Las Vegas, Nevada and runs through August 10.
What Gurucul Sme AI Offers
SOC analysts can use Sme AI to correlate insights across their organizations' identity, security, network and cloud platforms, Gurucul said. This can help these analysts reduce their mean time to detect threats and uncover unknown threats and indicators of compromise (IOCs).
With Sme AI, SOC analysts can receive suggestions for detections and threat hunting queries and threat content based on trends, insights from Gurucul customers and industry verticals, the company said. SME AI also allows these analysts to create threat detection rules, models, queries and reports.
Meanwhile, Sme AI auto-triages alerts based on historical triage patterns, investigation notes, types of detection, relevance, attack trends and other criteria, Gurucul noted. This helps SOC analysts prioritize investigations of the riskiest alerts.
In addition, SOC analysts can use Sme AI to automatically respond to threats based on historical response actions, Gurucul indicated. Sme AI recommends security orchestration, automation and response (SOAR) playbooks for SOC analysts to utilize based on alerts and response action trends as well.
Gurucul Upgrades Security Analytics and Operations Platform
The Sme AI announcement comes after Gurucul in April 2023 extended the capabilities of its Security Analytics and Operations Platform to help organizations secure their cloud architecture, the company said.
Some of the enhancements to Gurucul's platform included:
- 500 days of searchable data across supported data lakes
- Automated threat hunting with retrospective analysis based on searchable historical data
- Chained models that organizations can use to detect attack patterns across multiple systems or platforms and/or executed over an extended period of time
- Extended coverage and linking for the MITRE ATT&CK framework to provide insights into cybercriminal tactics, techniques and procedures (TTPs)
- Machine learning behavior models, threat content and other analytics to help organizations assess threats
Gurucul's Security Analytics and Operations Platform combines next-generation security information and event management (SIEM) and eXtended detection and response (XDR) capabilities, user entity and behavior analytics (UEBA) and identity and access analytics, the company stated.
MSSPs and VARs can join Gurucul's partner program to incorporate this platform into their offerings.