Gurucul UEBA Reviews

Regarding the use cases, I have created many use cases in Gurucul UEBA.

It's easy to create use cases based on behaviors.

I personally like the search engine in Gurucul. It searches everything and is very smooth and fast. I have had a good experience with this tool. I don't have to rely solely on use cases; I can search anything for any timeframe.

Customers can search for three months of data from the console itself.

Additionally, there are advanced dashboard features. Changes can be made to thr user dashboards, which I enjoy.

For improvement, I have requested three enhancement tickets, which are already lodged with the Gurucul support team. The first request is to add a visualization option in reports for charts or graphs. I have also requested new dashboard features. 

In the query box, there's a bug where taking an attribute at the end does not return data, but placing it elsewhere does. The support system could be more equipped.

I have been using it since July 2020.

There are no downtime issues here. It is stable, so I can rate it nine out of ten.

Scalability is very simple, so I can rate it nine. It's easy to transition from on-premises to SaaS without much downtime. Server scaling from one to seven nodes is possible, hence the rating of nine.

Technical support is good but can improve. I would rate it six to seven out of ten. The main issue is response time, which can take three to four hours even for simple queries. Sometimes, support staff wait for other team members to resolve issues, which needs improvement.

Neutral

I have used Securonix UEBA, but it is not a capable UEBA solution. It mostly has theme use cases and architecture. We are considering other vendors like Exabeam, which offers a good UEBA solution, but I lack experience with it.

For deployment, we plan a 12-week schedule. From server allocation to integration and tool implementation, then device integration and use case creation, followed by client handover, deployment takes one to two weeks. For multi-tenant clients with 12 or 13 servers, it may vary. A single-node installation can be done in a day.

A maximum of two people is required for a single-node installation. I can handle it single-handedly, as it's not difficult for one person to install. A single person can deploy anything anywhere.

I have compared it with Securonix and Splunk products. Although the license was for UEBA, there was nothing related to UEBA, just similar solutions. For a UEBA solution, it should not be all about theme-related aspects. Having worked on two different UEBA solutions, Gurucul is the best in UEBA comparison.

If you are genuinely looking for a UEBA solution, you should choose Gurucul confidently if your need is strictly UEBA. If you're looking for both theme and UEBA, you might consider other vendors. For a pure UEBA solution, Gurucul is the best in the industry. Overall, I rate it nine out of ten.

We use Gurucul UEBA to monitor user behavior. If there are any deviations from expected user behavior, such as unusual activities, unauthorized login attempts, or actions that violate established policies, we want to identify and flag these events promptly as they occur.

We were initially using a SIM tool that could not construct user behavior analytics, or more precisely, user personas. Consequently, we opted for Gurucul UEBA to develop user personas, enabling us to continuously monitor for any deviations in user activity. This includes identifying any activities that violate compliance policies or fall outside a user's baseline behavior. Gurucul UEBA automatically raises flags for such instances. We have implemented various customized use cases and models to meet our specific requirements, and these use cases are now in production and being monitored.

Gurucul UEBA is offered in two deployment options: SaaS which is cloud-based and on-premises. While the on-premises deployment offers flexibility, we have recently encountered an issue that causes errors when users attempt to log in. We have raised this issue with the support team, who are working on a resolution. An updated version is scheduled for release soon, and we will upgrade our current version once it is available.

Gurucul UEBA has aided our organization in achieving scalability concerning SOC. We have experienced a significant increase from two to nearly four points on a five-point scale, with a further improvement to three and a half to four points. We are currently in the process of assembling a team to address these use cases and anticipate deploying additional models in the future. We expect to further scale as we mature towards a five-point rating.

It is not a tool for responding to incidents, but the detection and modeling use cases we have implemented are functioning flawlessly. Out of the forty alerts generated, eighty to ninety percent are true positives, and we are taking appropriate action on these incidents, whereas other tools produce a high percentage of false positives, around fifty percent. This large volume of false-positive data wastes the time of analysts and the SOC team assigned to investigate these alerts and information.

Gurucul UEBA has helped save our operational costs 10 to 20 percent.

Our MTTD has been reduced by almost 30 minutes.

It has reduced our false positives by 20 percent.

Gurucul UEBA does not aid in any type of response. Detection is swift, typically taking 20 to 30 minutes, which is a significant reduction compared to previous methods. Investigation and analysis of a user's past activity can be expedited by an average of 40 minutes.

A reduction in false positives and response time grants analysts ample opportunity to hone their skills in other technologies and broaden their overall knowledge base. Gurucul UEBA has assisted our analysts in minimizing the overall effort expended on alerts and expediting response times. Two to three hours per week have been saved using Gurucul UEBA.

Our overall efficiency has increased by five to eight percent due to the implementation of multiple tools that handle a variety of tasks. We have also seen an eight to ten percent improvement in our ability to detect identity-based anomalies.

I appreciate the comprehensive categorization of devices based on their intended use, such as those for DNS. This extensive categorization allows us to effectively manage Active Directory and utilize a variety of models to address diverse use cases. Additionally, the dashboards provide a valuable tool for tracking and identifying any deviations from the norm. We can examine a user's activity for up to six months, providing a complete timeline of their actions. This comprehensive overview facilitates investigations and analyses to determine whether a user's behavior is anomalous or intentional. The ability to quickly access and analyze historical data is a remarkable feature that significantly enhances our understanding of user behavior.

Regarding the prioritization of threats, Gurucul UEBA needs to enhance its alert severity assignment process within the system. This is one area where Gurucul UEBA could improve. Additionally, it would be beneficial if the tool itself could provide or assign user-based or asset-based CI ratings to allow for a more accurate assessment of alert severity. In our environment, we forward these logs, events, and alerts to SIM, where the CI rating is already present. Therefore, if we need to closely investigate a UEBA case directly, it becomes problematic. Gurucul UEBA should proactively incorporate asset-based or user-based CI severity into its design.

Gurucul UEBA needs to be more user-friendly.

I would like Gurucul UEBA to be able to integrate with legacy-based identity systems and systems that are performing network-based access control. This would require additional integration and playbook models.

I have been using Gurucul UEBA for over one year.

I would rate the stability of Gurucul UEBA a six out of ten.

Recently, we have encountered intermittent login issues affecting some users. While some users can successfully access their accounts, others are unable to log in.

I would rate the scalability of Gurucul UEBA a nine out of ten. We can scale based on the number of licenses we have.

Technical support should improve their documentation of resolved issues. Not all details need to be logged for customers, but they should focus on creating white papers. When accessing the support site, users should be able to find articles and white papers related to previously encountered issues. These resources should include the corresponding answers, blog posts, and assessments along with the implemented solutions.

Neutral

We previously used an app that was not a dedicated platform and required a full-fledged solution to handle up to 40,000 users. That is why we switched to Gurucul UEBA.

The initial deployment was straightforward and took a few days to complete. There were multiple hardening requirements from our policy that needed to be implemented. Three people were required to deploy the solution.

I would rate Gurucul UEBA seven out of ten.

It took us eight months to fully realize the benefits of Gurucul UEBA because we first needed to adapt the tool to our specific environment. This involved identifying and addressing various generic issues, developing relevant models, and establishing use cases aligned with our comprehensive policy framework. Only after completing these steps could we effectively utilize Gurucul UEBA to minimize false positives.

Gurucul UEBA is deployed across multiple locations. We have around 40,000 users and a team of 70 that work on the tool.

Gurucul UEBA requires ongoing maintenance, including software upgrades. If false positives arise, we may need to modify, simplify, or subtly refine the models. Additionally, periodic maintenance of use cases is essential. Therefore, Gurucul UEBA necessitates maintenance after a few years of operation.

Organizations must have a clear understanding of their needs before purchasing Gurucul UEBA. This includes determining the number of user IDs they intend to use the tool for and the specific functionalities they require. These three factors are essential prerequisites for making an informed decision about tool acquisition. Purchasing a tool without thorough consideration of these factors can lead to challenges in effectively utilizing the tool and realizing its full potential. Therefore, it is crucial to clearly define the requirements, identify the specific needs, and determine the number of users to be supported to maximize the value derived from Gurucul UEBA.

We carried out proof of concepts with certain projects for our customers. We deployed it, improved it, and so on.

The reporting feature was the key differentiator. I also liked the ability to create dynamic rules in the environment. This is like an icebreaker for any customer to look forward to because once you do this kind of proof of concept or a demo in their environment, you can show what it looks like and enrich the visibility.

It could be more stable. 

It could be more stable. Sometimes when working in multiple customer environments, there were some issues with features. There were some stability concerns that used to pop up.

Scalability is good. You can say for on-prem analytics, building the data lake, and a number of resources that have been used in an on-prem kind of deployment, it is tremendous. If you are moving away from an on-prem, you will get the scale on-demand on a cloud. 

But investment with the customer and support in terms of the hardware is comparatively a bit higher. But you always need to come back to the ROI, how it would be beneficial, what scale you're looking forward to, and so on. It's probably better to look at a hybrid environment if you're considering the higher side.

Technical support was fair. I will not say that it was too great or too bad. But they know their work, and they were able to get all the things done.

The initial setup is complex. In fact, to get it deployed, you need their people to get it installed because there are a lot of scripts, there are a lot of customizations that need to be done manually on the device. In terms of user-friendliness, it's cool to manage the solution. But typically, if there are some integrations and things like that, you need the vendor's help.

We used the vendor's help.

The price is fair. In fact, I believe it was on the cheaper side when compared to the competition. But the customer needs to look at the pricing in terms of the entire solution. The hardware used to supersede the subscription services. Bundling the solutions typically for on-prem guys, along with the hardware, used to cost a lot. But for customers who are large and already had the hardware in place, this wasn't a problem. 

From my experience Gurucul, I would say that it is fairly good. 

On a scale from one to ten, I would give Gurucul a seven.

I am using Gurucul for FIEM and UEBA.

We are providing solutions to our customers using this tool.

The most valuable feature of Gurucul is the ability to customize and it is on the Hadoop platform that has a lot of flexibility.

Gurucul can improve on the online documentation. They should educate the end users more to allow them to do everything themselves.

I have been using Gurucul for a long time.

The stability of Gurucul is good.

Gurucul is scalable.

The support could improve.

I would rate the support from Gurucul a two out of five.

Neutral

The initial setup of Gurucul is not complicated, but it's not straightforward. It would be best to have some experience before you implemented it.

I rate the initial setup of Gurucul a three out of five.

The price of Gurucul is competitive.

I rate the price of Gurucul a three out of five.

I rate Gurucul a six out of ten.