Threats are a moving target. Determined and persistent threat actors purposely stretch out their activity across weeks or even months, especially when most SIEM and XDR solutions are incapable of piecing together events across time. Even worse, is that these solutions primarily use rule-based Machine Learning, which is essentially pattern matching. This makes them especially ineffective in detecting new attacks and/or variants, which are highly successful in breaching organizations....
I appreciate the comprehensive categorization of devices based on their intended use, such as those for DNS.
The most valuable feature of Gurucul is the ability to customize and it is on the Hadoop platform that has a lot of flexibility.
The reporting feature was the key differentiator. I also liked the ability to create dynamic rules in the environment.