Gurucul launches self-driving SIEM to automate security ops

Techday NZ

21-04-2025

Gurucul has announced the introduction of a Self-Driving SIEM powered by advanced AI capabilities, aiming to streamline and enhance security operations through automation and improved workflows.
The latest upgrade to Gurucul's Unified Data and Security Analytics Platform, REVEAL, incorporates multiple AI agents across the entire threat management lifecycle. These autonomous features are designed to reduce engineering, maintenance, and operational tasks, providing what Gurucul describes as a "self-driving" SIEM that enables engineers, analysts, and investigators to focus on higher-value activities while AI manages repetitive work.
Gurucul's Data Optimiser now includes new pipeline AI agents that autonomously discover, classify, normalise and filter data. According to the company, these features help customers control and optimise their security data fabric, with smart filtering reducing storage and processing costs. The reliance on manual data management is minimised, encompassing onboarding and tuning, which is intended to reduce costs by at least 40%.
AI agents within the platform have been developed to detect evolving attack chains independently. This allows them to inform new machine learning detection models, signatures and rules, proactively optimising existing models and recommending additional data sources for expanded detection use cases. These AI-driven processes support real-time content creation of models and rules.
The platform also introduces an AI virtual analyst to provide security teams with expert guidance and contextual insights. By automatically triaging alerts and appending relevant information, such as attack blast radius, MITRE ATT&CK framework alignment, and external threat intelligence, Gurucul's system aims to reduce analysts' workload. The AI component benefits from adaptive learning, refining its outputs based on historical data, prior detections and analyst feedback. Natural Language Processing (NLP) capabilities have been integrated to enable more efficient searching and content creation, including incident reports.
AI-powered orchestration and response have also been upgraded, allowing the platform to dynamically modify and execute response playbooks based on real-time threat data. This is intended to ensure that automated incident response remains tailored to the specific policy and threat characteristics of each incident.
Gurucul's Sme AI copilot, originally launched in August 2023, has received several updates, including advanced prompts, new prompt books, enhanced natural language search functions, and improved incident analysis and reporting. These upgrades are meant to provide deeper insights with reduced investigation times.
Neda Pitt, Chief Information Security Officer at BELK, stated, "This is yet another reason why I chose to replace my legacy SIEM with the Gurucul platform. Even before these AI enhancements, the platform outperformed any other SIEM I've encountered. Now, with these Agentic AI capabilities, I'm glad I made the bet on the future of the industry. Gurucul is paving the path toward the autonomous SOC. My analysts have upleveled their productivity, and I can't wait for them to get to the next level with AI removing the busy work."
Stewart Alpert, Chief Information Security Officer and Chief Technology Officer at Hornblower, added, "Gurucul has redefined what I expect from an AI-powered Next-Gen SIEM. It operates as a true force multiplier for my SOC — prioritised alerts, high-efficacy detections deeply aligned with our threat posture, and proactive responses. Another capability that truly stands apart is in its risk-based approach to identity: the precision with which they score and surface risky users has become a cornerstone of our insider threat programme."
Jason Elmore, Chief Executive Officer at Tuearis Cyber, commented, "As an MSSP, we are always looking for ways to maximise value for our customers while optimising the workflows for our analysts and reducing costs. We picked Gurucul because they provide a truly differentiated platform that not only helped reduce our data management costs leveraging Snowflake but also helped us stay ahead of the threat landscape with advanced detection capabilities. It's innovations like these new Agentic AI capabilities that validate our decision to switch to Gurucul. They continue to offer modernisation that increases value delivery for our customers while maximising the output of our SOC."
Saryu Nayyar, Chief Executive Officer at Gurucul, said, "Alert overload, the sophistication of threats and operational bottlenecks are some of the most pressing challenges in security operations today. We have built a small army of Agentic AI agents that go to work for you across the entire data and threat lifecycle, boosting analyst workflows to address these critical pain points."
"We are flipping the idea of the resource-intensive traditional SIEM on its head to optimise SecOps resources and reduce time spent on data management, detection engineering, false positives, triage, investigation and response. We're continuing to disrupt the status quo, set the bar high, and solve real customer problems. These ground-breaking advancements with purpose-built AI use cases are helping SOC teams do their critical work efficiently with swift responses against modern threats."
Gurucul's platform upgrade, including the enhanced Sme AI copilot and Agentic AI multi-agent workflows, has been made available since December 2024 as part of release v12.4.