Saryu Nayyar: Setting Benchmarks in the Cyber-world for Others to Follow

Women in Security


Gurucul—a Los Angeles, CA-based cybersecurity provider has earned a successful stature in the ever-evolving security industry. It has disrupted the paradigm long-held in the cyber world by bestowing reliable and adaptive threat detection and SIEM technologies. Artificial Intelligence and Machine Learning have been continuously developing with each passing second and are proving to be a substantial asset in cybersecurity to detect and prevent threats. Comprehending the potential of this technology and harnessing it to resolve many cyber-related issues demonstrates the virtues of a true leader. Here, Saryu Nayyar, CEO of Gurucul, is one such leader and cybersecurity expert, also called “the Female CEO behind Gurucul’s Success.”

Saryu is an internationally recognized cybersecurity expert, author, speaker, and member of the Forbes Technology Council. She has more than 15 years of experience in the information security, identity and access management, IT risk and compliance, and security risk management sectors. She has been recognized for her industry achievements with several awards, including EY Entrepreneurial Winning Women, Cyber Defense Magazine’s Top 10 Women in Cyber Security, TSR’s Top Women Leaders in Cybersecurity, the SC Magazine Reboot Leadership Award, The Software Report’s Top Woman Leader in Cybersecurity for 2020, and more. She has held security product leadership roles at Oracle, Simeio, Sun Microsystems, Vaau (acquired by Sun), and Disney. In addition to this, she has spent several years in senior positions in the technology security and risk management practice of Ernst & Young. She is passionate about building disruptive technologies and has several patents pending for behavior analytics, anomaly detection, and dynamic risk scoring inventions.

Saryu led Gurucul’s efforts to pioneer in the cybersecurity category that analyst firm Gartner calls User and Entity Behavior Analytics (UEBA). In fact, Gurucul was the only vendor cited for meeting all five use cases in Gartner’s UEBA Market Guide report: security management, insider threats, data exfiltration/DLP, identity access management, and SaaS security.

"We need to lead the change and fight for increased female representation at all levels, as security analysts, data scientists, product managers, forensic investigators, SOC engineers, CISOs, and more. The first step is acknowledging there is work to be done,"

Driving innovations in security

Gurucul is a global cybersecurity company that is changing the way organizations protect their most valuable assets, data, and information from inside threats and external cyberattacks, both on-premises and in the cloud. Its mission is to assist organizations to protect their intellectual property, regulated information, and brand reputation from insider threats and sophisticated external intrusions. The company is backed by an advisory board comprised of Fortune 500 CISOs, and world-renowned experts in government intelligence and cybersecurity. The company consistently delivers industry-leading innovation and proven customer success with unparalleled time to value a disruptive approach, and proven scalable, low-cost technology. Gurucul technology is used globally by organizations to predict, detect and stop insider fraud, IP theft, external attacks, and more. It serves enterprises in healthcare, finance, government, manufacturing, energy, retail, and more including Aetna, Allina Health, Edward Jones, and Infosys.

Gurucul’s real-time Unified Security and Risk Analytics technology delivers one platform for all cyber risks: security, identity, and fraud. It also reduces the attack surface for accounts and eliminates unnecessary access rights and privileges to increase data protection. It offers an open, flexible and extensible platform that unifies Next-Generation SIEM, User & Entity Behavior Analytics (UEBA), Extended Detection and Response (XDR), Security Orchestration and Response (SOAR), Network Traffic Analysis (NTA), and Identity Analytics with a single seamless and consolidated view. 

Saryu emphasizes that recent research shows 45% of security alerts are false positives and 75% of companies spend a lot of time addressing them. Gurucul’s flagship product—Next-Generation SIEM (NGSIEM), solves this problem by delivering ultra-high-fidelity detection and automated response. It’s powered by the latest set of security and risk analytics built on open choice of big data. It leverages industry-leading 2,500+ Machine Learning (ML) Models powered by data science and self-learning artificial intelligence (AI) to correlate seemingly disparate security events and identify abnormal/malicious behaviors for threat detection and response. It narrows the volume of information into highly accurate positive alerts while drastically reducing false positives and prioritizes results to help security teams automatically detect threats. “With true adaptable ML/AI capabilities versus rule-based ML/AI, Gurucul’s NGSIEM allows organizations to identify zero-day threats in real-time and provides contextual and situational awareness to detect and stop malicious activity before the damage,” says Saryu.

Saryu Nayyar
Saryu Nayyar

Cybersecurity has a diversity problem

As Ruth Bader Ginsberg once famously said, “Women belong in all places where decisions are being made.” Saryu says that this analogy applies to all industries, not just cybersecurity, but it is an unfortunate reality that women are significantly underrepresented in the security industry due to outdated and inaccurate perceptions of job fit and cultural bias. She believes that executive teams should proactively address this issue with constructive measures to attract and retain women. “We need to lead the change and fight for increased female representation at all levels, as security analysts, data scientists, product managers, forensic investigators, SOC engineers, CISOs, and more. The first step is acknowledging there is work to be done,” she adds.

Saryu is known for giving back to the industry through shared knowledge and expertise. Recently, she released the second edition of her book, ‘Borderless Behavior AnalyticsWho’s Inside? What’re They Doing?’ which is available on Amazon and brings together the insights, lessons learned, and best practises from well-known and respected Chief Security Officers at major organizations. Moreover, she contributes to the security industry through her work with open-source threat detection models and sharing threat research. She leads Gurucul’s strategic collaboration with the US-CERT Insider Threat lab to develop and train ML models for Insider Threat use cases. She is actively involved in the testing and validation of these models. Also, she collaborates regularly with Gurucul partners, customers, open-source communities, universities, and threat research.

Changing the paradigm

Saryu states that, unfortunately, most SIEM products still deluge the security operations team with a flood of information, which makes it hard to prioritize events and alerts by their actual risk. In contrast, Gurucul offers extremely accurate threat detection and contextual information, which improves analyst productivity and allows them to focus on analyzing high-priority threats without wasting time manually piecing evidence together into incident timelines. Where most competitors offer black-box ML analytics that users cannot verify, Gurucul offers the ability to customize models via its open analytics, as well as the largest library of machine learning models out-of-the-box. Moreover, the company has spent the last decade helping organizations worldwide deter, predict, detect, and remediate insider threats. With the pandemic making remote work much more relevant, the need for a high-level insider threat detection system is becoming even more severe. The most effective way to detect insider threats without generating high volumes of false-positive alerts is to create time-based behavioral baselines that continuously learn what is acceptable behavior. This requires monitoring and analyzing massive amounts of data from a myriad of sources using advanced machine learning models and data science to pinpoint privilege abuse. She says, “This is what Gurucul does, in real-time, with exceptional accuracy.” She claims that Gurucul was the first company to extend behavior analytics from on-premises to the cloud and provides the only unified security and risk analytics product with AI/ML capabilities and automation that extends across threat detection, investigation, and response workflows. “This brings us to Gurucul’s User & Entity Behavior Analytics (UEBA),” adds Saryu. 

Being a leader in threat detection, Gurucul’s Risk Analytics platform leverages over 2500 machine learning models powered by data science to produce actionable risk intelligence. It doesn’t rely on signatures, rules, or patterns. It allows organizations to identify zero-day threats in real-time and is designed to provide both contextual and situational awareness to detect and stop malicious behavior before cybercriminals or rogue insiders can harm.  In conclusion, Saryu ensures, “Over the next several years, we will continue to innovate to make our threat detection solution more accurate to keep pace with modern malware and enable automated responses and remediation.”