Gurucul Risk Analytics platform automates threat detection and response for MITRE ATT&CK Framework
Gurucul, a leader in unified security and risk analytics technology for on-premises and the cloud, announced the Gurucul Risk Analytics (GRA) platform has added and aligned machine learning (ML) models to detect and enable automated responses to adversarial tactics and techniques defined by the MITRE ATT&CK Framework.
Gurucul’s ML models span users and entities across hybrid/ borderless environments combined with advanced threat chaining provides 83 percent coverage for MITRE ATT&CK indicators of compromise and unprecedented visibility for organizations to understand and improve their security posture.
“Gurucul customers using the MITRE ATT&CK Framework confirmed that these new advanced behavior models have been able to detect unknown threats associated with high risk third parties including customers, partners and contractors, that evaded signature-based approaches,” said Nilesh Dherange, CTO of Gurucul.
“GRA is the only platform with ML Feature Analysis capability that provides immediate MITRE ATT&CK Framework data readiness and advanced model chaining to stitch together context across multiple behavioral indicators with a timeline view for intelligent investigations.”
The MITRE ATT&CK Framework is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, government, and the cybersecurity product and service community.
Automated MITRE ATT&CK Framework threat detection
Gurucul’s MITRE ATT&CK Framework alignment provides the following benefits for detecting and hunting threats at every step of the cyber kill chain:
- GRA’s prepackaged machine learning models provide 83% coverage of the more than 350 enterprise MITRE ATT&CK Framework tactics and techniques across on-premises, cloud and hybrid environments for rapid operationalization
- GRA uses behavior analytics and advanced threat chaining to detect unknown threat patterns by both users and entities beyond the tactics and techniques contained in the MITRE ATT&CK Framework
- Prepackaged behavior model templates in Gurucul STUDIO and threat hunting queries based on MITRE techniques, tactics, and procedures enable efficient threat hunting along with a contextual view for intelligent investigations
- GRA’s ML Feature Analysis provides MITRE ATT&CK Framework data readiness assessment, enabling organizations to get immediate value from existing data, gain valuable insight into missing data and coverage impacts, and the ability to collect missing data automatically using GRA out of the box connectors
- GRA provides risk prioritized alerts and automated remediation playbooks based on the MITRE ATT&CK Framework
- GRA provides unmatched visibility, metrics, dashboards, and reports into an organization’s security posture and maturity against specific MITRE ATT&CK Framework tactics and techniques
- Automation via API-based STIX integration keeps GRA models current with MITRE updates and risk mitigation playbooks on a continuous basis
- Gurucul’s data science team performs routine enhancement of MITRE ATT&CK Framework models