New Gurucul network traffic analysis tool debuts
Gurucul's new Network Behavior Analytics tool uses machine learning analytics to provide a full view of network activity to identify and monitor unusual activity from any entity.
Gurucul has launched Network Behavior Analytics, a new network traffic analysis product that uses machine learning analytics to identify cyberthreats.
This tool identifies and monitors unusual behavior from any entity, including workstations; servers; firewalls; robotic process automation tasks; IoT devices, such as CCTV or vending machines; operational technology infrastructure; and point-of-sale devices.
Using machine learning algorithms on network flows and packet data, Network Behavior Analytics identifies unknown threats by creating behavior baselines for each device on a network. The product uses network flow data such as source and destination IPs, protocol, bytes in and out, and Dynamic Host Configuration Protocol logs to correlate IP-specific data to machines and users.
Network Behavior Analytics is integrated with the Gurucul User and Entity Behavior Analytics platform to give users a full view across the network, including identity, access and activity on enterprise apps and systems. The tool comes with prepackaged machine learning models designed to run on high-frequency network data streams.
According to Gurucul, Network Behavior Analytics can identify threats such as zero-day exploits, fileless malware and ransomware. It does this by detecting behaviors that are unusual to the baseline it created, related lateral movement within the network, command and control communication, suspicious account activity from a compromised account, and access misuse. The framework can detect threats in real time, in addition to advanced persistent threats or stealth attacks that are dormant between various stages of cyberattack.
Monitoring network traffic to identify threats has become more common in recent years, with new tools emerging to help enterprises understand their network activity. In July, Datadog added a product called Network Performance Monitoring to its cloud monitoring program to give admins visibility into network connections and data flows.
The Awake Security Platform is another product that continuously monitors a network environment and can detect and respond to threats. It provides a complete view of each user, device and application, and it is able to detect malicious intent.