Saryu Nayyar is an internationally recognized cybersecurity expert, writer, spokesperson and member of the Forbes Technical Committee. She has over 15 years of experience in information security, identity and access management, IT risk and compliance, and security risk management departments.
She was appointed as an EY entrepreneur in 2017 to win women. Saryu also spent several years in senior positions in Ernst & Young’s technical security and risk management practices.
Gurucul is a cybersecurity company specializing in behavior-based security and risk analysis. Its platform leverages machine learning, AI and big data to detect internal threats, account compromises and advanced attacks in hybrid environments. Gurucul is known for its unified security and risk analysis platform that integrates SIEM, UEBA (User and Entity Behavior Analysis), XDR and Identity Analytics to provide real-time threat detection and response. The company serves businesses, governments and MSSPs, aiming to reduce false positives and accelerate threat remediation through intelligent automation.
What prompted you to start Gurucul in 2010, what are your goals to solve in the cybersecurity landscape?
Gurucul was founded to help security operations, and insider risk management teams can have a clear understanding of the most critical cyber risks that affect their business. Since 2010, we have adopted a behavioral and predictive analytics approach rather than a rule-based approach that generates over 4,000 machine learning models that place user and entity anomalies in a variety of different attack and risk scenarios. We build on this from helping large Fortune 50 companies solve internal risk challenges to helping companies with fundamental clarity about all cyber risks. This is our commitment to unify and AI-driven data and security analytics platforms. Now we are building on AI tasks to provide a platform for autonomous driving safety analytics based on machine learning, but now we are layering generation and proxy AI capabilities throughout the threat lifecycle. The goal is to allow analysts and engineers to spend less time on complexity and more time focusing on meaningful work. Allows the machine to amplify the definition of its daily activities.
What key courses have you brought from these experiences after taking leadership roles at Oracle, Sun Microsystems and Ernst & Young?
My leadership experience at Oracle, Sun Microsystems, and Ernst & Young has enhanced my ability to solve complex security challenges and has learned about the challenges facing Fortune 100 CEO and CISOS. Overall, it allowed me to get a row of seats, and the technical and business challenges faced by most safety leaders and inspired me to build solutions to bridge these gaps.
How does Gurucul’s reveal platform distinguish from traditional SIEM (Security Information and Event Management) solutions?
Traditional SIEM solutions depend on static, rule-based approaches that lead to excessive false positives, increased costs, and delayed detection and response. Our reveal platform is fully cloud-based and AI-powered, leveraging advanced machine learning, behavioral analytics and dynamic risk scores to detect and respond to threats in real time. Unlike traditional platforms, reveal constant adaptation to evolving threats and integrate in on-premises, cloud and hybrid environments for comprehensive security coverage. Recognized as the “most visionary” SIEM solution for three consecutive years in Gartner’s magic quadrant, revealing the unparalleled precision, speed and visibility of redefining the Ai-drion Siem. Furthermore, SIEMS struggles with data overloading. They are too expensive to ingest everything needed for full visibility, even if they do so only add to false positives. Gurucul understands this, which is why we have native and AI-powered data pipeline management solution that filters non-critical data to low-cost storage, saving money while retaining the ability to run federated searches on all data. The analysis system is “garbage, garbage”. If the input data is bloated, unnecessary or incomplete, the output will be inaccurate, feasible or ultimately trusted.
Can you explain how to use machine learning and behavioral analytics to detect threats in real time?
Our platform leverages over 4,000 machine learning models to continuously analyze all relevant datasets and identify anomalies and suspicious behavior in real time. Unlike traditional security systems that rely on static rules, threats are found when they appear. The platform also uses User and Entity Behavior Analysis (UEBA) to establish a benchmark for normal user and entity behavior, detecting biases that may indicate internal threats, trade-off accounts, or malicious activity. Intelligently associate security, rich and linked security, network, IT, IT, IOT, IOT, cloud, identity, business applications, and threats from internal and external sources through the big data engine. This provides an assigned dynamic risk score for the dynamic risk score engine, which assigns real-time risk scores that help prioritize responses to critical threats. Together, these features provide a comprehensive, AI-driven approach to real-time threat detection and response, unlike traditional security solutions.
How does Gurucul’s AI-driven approach help reduce false positives compared to traditional cybersecurity systems?
Revealing the platform reduces false positives by leveraging AI-driven contextual analysis, behavioral insights, and machine learning to distinguish legitimate user activity from actual threats. Unlike traditional solutions, it reveals optimization of its detection capabilities over time, improving accuracy while reducing noise. Its UEBA detects deviations from baseline activity with high accuracy, allowing security teams to focus on legitimate security risks rather than being overwhelmed by false alarms. Although machine learning is a fundamental aspect, generative and proxy AI plays an important role in further attached environments of natural language to help analysts understand exactly what is happening around the alerts, and even automate their response to the alerts mentioned above.
What role will confrontational artificial intelligence play in modern cybersecurity threats, and how can Gurukur fight these evolving risks?
First, we have seen adversarial AI be applied to the lowest hanging fruit, human vectors and identity-based threats. This is why behavior and identity analysis is critical to being able to identify abnormal behavior, put it in context, and predict malicious behavior before it is possible. In addition, adversarial AI is the nails in the coffin for signature-based detection methods. Adversaries are using AI to evade these TTP-defined detection rules, but they cannot evade behavior-based detection in the same way. The SOC team does not have enough resources to continue writing rules to keep pace and requires a modern threat detection, investigation and response. Behavior and context are key components. Finally, platforms like Apocalypse depend on continuous feedback loops, and we continuously apply AI to help us refine our detection models, recommend new models and inform new threat intelligence Our entire customer ecosystem can benefit from it.
How does Gurucul risk-based scoring system improve security teams’ ability to prioritize threats?
Our platform’s dynamic risk scoring system will assign real-time risk scores based on observed behavioral and contextual insights to users, entities, and actions. This enables security teams to prioritize critical threats, reduce response time and optimize resources. By quantifying the risk in the 0-100 range, revealing ensures that organizations focus on the most pressing events rather than being overwhelmed by low-priority alerts. As a unified risk score spans all enterprise data sources, security teams gain greater visibility and control, resulting in faster and more wise decision-making.
How can AI-driven security solutions help organizations prevent insider threats in an era of increasing data breaches?
The insider threat is due to its subtle nature and access rights that employees have, which is a particularly challenging security risk. Reles’ Ueba detected deviations from established behavioral baselines, identifying risky activities such as unauthorized data access, abnormal login time, and abuse of privileges. Dynamic risk scores can also continuously evaluate real-time assessment behaviors, allocating risk levels to prioritize the most pressing internal risks. These AI-powered features enable security teams to proactively detect and mitigate insider threats before escalating to violations. Given the predictive nature of behavioral analysis, internal risk management is a game against clocks. Insider risk management teams need to be able to respond and collaborate quickly with a privacy mindset. The context is once again crucial, and the additional behavioral biases are attached to the context of identity systems, HR applications and all other relevant data sources, giving these teams ammunition to quickly build and defend evidence cases so that businesses can respond and fix before data falls off.
How does Gurucul’s identity analysis solution enhance security compared to traditional IAM (Identity and Access Management) tools?
Traditional IAM solutions focus on access control and authentication, but lack the intelligence and visibility to detect compromised accounts or abuses of privilege in real time. These limitations are exceeded by leveraging AI-driven behavioral analysis to continuously assess user risks, dynamically adjust risk scores, and perform adaptive access rights, thereby minimizing abuse and illegal privileges. By integrating with existing IAM frameworks and performing minimal privileged access, our solution enhances identity security and reduces the surface of attacks. The problem with IAM governance is the spread of identity systems and the lack of interconnection between different identity systems. Gurucul gives teams a 360° view of identity risks across all identity infrastructures. Now they can stop the rubber map trampling passage and instead adopt a risk-oriented approach to access policies. Additionally, they can speed up the compliance aspects of IAM and demonstrate a continuous monitoring and a completely comprehensive approach to access controls throughout the organization.
What are the critical cybersecurity you foresee in the next five years? How does AI help mitigate them?
Identity-based threats will continue to spread because they already work. Adversaries log in by damaging internal personnel or attacking identity infrastructure to gain access. Naturally, insider threats will continue to be the key risk vector for many businesses, especially as the shadow continues. Whether it is malicious or negligent, companies will increasingly need visibility into internal risks. Additionally, AI will accelerate changes in conventional TTP because opponents know that this is how they can evade detection by doing so, and for them, it will be low-cost for creative adaptive strategies, technologies and protocols. Therefore, why it is crucial to focus on behavior in the context and have a detection system that can adapt to the same rapidity will be critical for the foreseeable future.
Thanks for your excellent interview, readers who hope to learn more should visit Gurucul.
