Gurucul
Advanced analytics have strengthened our threat detection and improved incident response
What is our primary use case?
My main use case for Gurucul Security Analytics and Operations Platform is SIEM and user entity behavior analytics.
I manage Gurucul for a client, and one case is when any user compromises their devices or has any unauthorized access. We detect alerts from this tool and monitor the Gurucul Security Analytics and Operations Platform portal.
We have a display in our company, and through that, we have a couple of dashboards that alert us to any kind of abnormality detection, which pops up on our TV screens, allowing us to contact our client accordingly.
We create many dashboards for our client, and through our SOC, it is very easy to monitor; anyone who is sat on the SOC can do a great job.
What is most valuable?
The best feature Gurucul Security Analytics and Operations Platform offers is its analytics. When I heard about this feature, it was quite new to us for a SIEM as a feature. Gurucul Security Analytics and Operations Platform gave the first kind of impression from this platform, and I was impressed with this feature; it is doing a great job.
Overall, this feature has covered most scenarios for now, including any kind of data exfiltration, lateral movement, or insider threat detection, so it covers almost all areas. I can say they are doing a great job regarding most of the security posture issues for any kind of organization.
Gurucul Security Analytics and Operations Platform has positively impacted our organization and client by allowing us to notice compromised accounts most of the time. Some users, not from a technical background, often make mistakes that lead to their end devices being compromised, and they are usually unaware. We can detect these compromised accounts from our SIEM tool, which is a great opportunity for our company and client to improve their security posture.
Of course, we have seen measurable results, such as a reduction in incidents and faster response times. If any incident happens, such as a user compromising their account while being unaware, we take that as an example and educate all staff of the client to avoid such activities, such as clicking a malicious URL or visiting a malicious site. Through that, we could improve their security posture and knowledge about security.
What needs improvement?
I feel the dashboard of Gurucul Security Analytics and Operations Platform is not always user-friendly. I still feel the dashboard could be understandable even by a non-technical person. It could be complex since it is a SIEM tool, but if we can improve the dashboard so that non-technical people can identify any kind of thing, this would be a very great tool.
For how long have I used the solution?
I have been using Gurucul Security Analytics and Operations Platform for more than two years.
What do I think about the stability of the solution?
For now, I have not noticed any issues with the accuracy and reliability of output from Gurucul Security Analytics and Operations Platform, although we got a couple of false positive alerts. I think maybe we configured our dashboard incorrectly, but since then we have improved that. Currently, we are good.
We have not experienced any glitches or missed opportunities regarding attacks or security incidents, which means clients can trust this product 100% based on my experience.
Which solution did I use previously and why did I switch?
Since I do not have any experience with other kinds of SIEM tools, I cannot provide any kind of comparison or improvement here. For now, I am satisfied.
What other advice do I have?
I am not quite familiar with the governance part of Gurucul Security Analytics and Operations Platform, as I have not used their features related to that, so I cannot comment. I give this review a rating of 9.