Launch of the new network traffic analysis tool Gurucul

Gurucul has launched Network Behavior Analytics, a new network traffic analysis product that uses machine learning analysis to identify cyber threats.

This tool identifies and monitors unusual behavior of any entity, including workstations; waiters; firewall; robotic process automation Tasks; IoT devices, such as CCTV or vending machines; operational technological infrastructure; and point-of-sale devices.

Using machine learning algorithms on network streams and packet data, Network Behavior Analytics identifies unknown threats by creating behavior baselines for every device on a network. The product uses network flow data such as source and destination IP addresses, protocol, inbound and outbound bytes, and Dynamic Host Configuration Protocol logs to correlate IP-specific data with machines and users.

Network Behavior Analytics is integrated with the Gurucul User and Entity Behavior Analytics platform to give users a complete view of the network, including identity, access and activity on enterprise applications and systems. The tool comes with pre-packaged machine learning models designed to run on high-frequency network data streams.

According to Gurucul, Network Behavior Analytics can identify threats such as zero-day exploits, fileless malware, and ransomware. It does this by detecting unusual behavior relative to the baseline it has created, associated lateral movement within the network, command and control communication, suspicious account activity from a compromised account and misuse of access. The framework can detect threats in real time, in addition to advanced persistent threats or stealth attacks that are dormant between different stages of the cyberattack.

Monitoring network traffic to identify threats has become more common in recent years, with the emergence of new tools to help businesses understand their network activity. In July, Datadog added a product called Network performance monitoring to its cloud monitoring program to give administrators visibility into network connections and data flows.

the Awake Security Platform is another product that continuously monitors a network environment and can detect and respond to threats. It provides a complete view of every user, device and application, and it is able to detect malicious intent.

Charles J. Kaplan