Gurucul, which makes a unified data and security platform that features a next-gen SIEM, has partnered with IT security services provider Blue Mantis on the recently announced Blue Mantis Protect MDR managed services offering. to give mid-sized organizations enterprise-grade SOC capabilities. Gurucul’s Next-Gen SIEM is the foundational underpinning for that Blue Mantis Protect MDR offering, unifying award winning behavioral ML analytics, cost-optimized data pipeline management, and agentic AI workflows for comprehensive and efficient threat detection and response. Blue Mantis Protect, launched in September, is a fully managed cybersecurity service built for mid-sized organizations that need enterprise-grade defenses but don’t want or can’t afford the expense of running their own SOC. Gurucul’s Next-Gen SIEM is the foundational underpinning for the MDR service within the developing Blue Mantis Protect services portfolio. Together, they unify behavioral ML analytics, cost-optimized data pipeline management, and agentic AI workflows for comprehensive and efficient threat detection and response.
This is the first partnership between Gurucul and Blue Mantis.
“They contacted us via our website as they were looking to build a new MDR Managed Service and their current partner, ArcSight, did not provide the features and AI capabilities their customers were asking for,” said David Wagner. Global Vice President, MSSPs and Systems Integrators, at Gurucul. “They are attractive to Gurucul due to their recent acquisitions and growth, adding locations in Canada and more. We were selected from a list of 10 Top Next-Gen SIEM vendors after a rigorous nine month POC.”
The Gurucul platform is a data sovereign platform that enables seamless integration with any data lake and cloud, giving organizations full ownership and control over their data. More than 4,000 behavioural analytics machine learning models and detection content continuously analyze activity and establish baselines, surfacing true threats across every vector and risk, prioritizing what matters most for risk reduction.
The data sovereignty capability is significant in Canada for Gurucul, and now it will help Blue Mantis as well.
“Regardless of our ability to use any AWS Region for storage, it is extremely helpful to have a local, mature presence and we now have that as they acquired a local Canadian MSSP in Toronto [Coreio],” Wagner noted. “We are a data sovereign platform, which means our customers have full control over where they store their data. Another way to say this is data democracy. Customers can use any data lake of their choice, preventing lock-in and allowing freedom to build their ideal data architecture. For companies with strict data residency and compliance challenges, this can be very appealing. But, it isn’t all about compliance, it’s about cost optimization and control. Essentially we’ve decoupled the compute layer of SIEM and security analytics from the storage layer. The traditional models and providers don’t do this, hence forcing your data into their storage of choice and then charging a penalty for needing to move or migrate that data.”
The Gurucul platform natively converges multiple key offerings. The next-gen SIEM detects and responds to known and unknown threats. Data Pipeline Management reduces and controls data costs. An AI-SOC Analyst uplevels analysts to focus on risk mitigation, not mundane work. AI-powered Insider Risk Management combats human, non-human and state-sponsored risk, and ITDR protects IAM infrastructure and reduces the identity attack surface.
“This is very unique to Gurucul as we have acquired no technology within our platform,” Wagner said. “It is all homegrown from our engineering team, which means true unification of context and interoperability across SIEM, SOAR, UEBA, Data Pipeline Management and now our native AI-SOC analyst. It’s a significant cost and complexity reducer for customers. You don’t have to bolt-on a third party UEBA or DPM to your SIEM, or rely on your vendor to figure out how they’ll work seamlessly.
“We’ve seen recent acquisitions from CrowdStrike and SentinelOne acquiring DPM providers since the rise of Cribl,” Wagner continued. “The challenge there is they now have to integrate them into their platforms. Our native approach means that all of our data pipelines are mapped to our analytics models. We know exactly what data is required to activate certain use cases, what data can be filtered out to avoid ingestion and cost bloat. They just work the moment data is connected. We had one CISO customer tell us they paid $50K for Cribl and then $500K in services to get it working. This underscores the inherent limitation of bolt-on technology compared to solutions engineered to operate natively and seamlessly out of the box.”
Wagner acknowledged the importance of price in today’s SIEM market.
“Price is always part of the selection process and we’re very competitive here,” he said. “This is especially true given our native DPM solution that filters out 40-87% of non-critical data, allowing our customers to bring in more data for greater visibility and unlock new detection use cases without raising costs. We do see big security ecosystem players being very aggressive on pricing, because they can absorb the cost due to expensive EDR licenses. However, the hidden costs come through when dealing with data outside of their ecosystem in complex environments and the complexity to get that data onboarded. There is a trade-off and we’re best suited for sophisticated security organizations who are looking for the best value rather than the convenient “single throat to choke” where you’ll get incentive pricing but less value delivered to the SOC or Insider Risk Management team.
“Another important cost component here is being able to do more with less,” he added. “Our Agentic AI and AI-SOC analyst capabilities double the productivity of existing analyst teams, streamline engineering and SIEM maintenance, and have delivered up to an 83% reduction in mean time to respond.”
Gurucul’s customer base is complementary to Blue Mantis, Wagner said.
“We service a global mid-to-large enterprise market, which is why Blue Mantis is such a great partner for us,” he stated. “On the direct side of the house we see a lot of financial, healthcare, energy and critical infrastructure companies, as well as government entities. We specialize in highly regulated, highly targeted by adversaries, complex IT setups and sophisticated security operations requiring the best solutions to protect their customers, data, operations and IP. Partnering with MSSPs like Blue Mantis allows us to come downstream and offer our advanced SOC and Insider Risk Management capabilities to the mid-market who may not have the luxury to afford in-house expertise, but still require the same level of rigor as it pertains to threat detection, investigation and response.”
Wagner said that their core Go to Market strategy around Blue Mantis Protect is recruiting and onboarding a stable of trusted MSSPs and Global Systems Integrators leveraging the Gurucul platform.
“Gurucul as the backbone for the Blue Mantis MDR services is exactly what more and more organizations are looking for to augment security operations with trusted service providers,” he stated. “Furthermore, the modular nature of our platform allows for many entry-points for customers by focusing on solving their immediate needs and offering a roadmap to scale into the greater platform at their desired pace. Many organizations are understandably cautious about migrating from their existing SIEM. We start by augmenting what they already have – enhancing detection efficacy, reducing ingestion costs, and layering in AI-SOC analyst capabilities to strengthen operations. Over time, we guide them through a structured change management process that gradually reduces SIEM dependency and transitions them to a modern platform—one that becomes the foundation for advanced threat detection, investigation, and response. We like to say ‘start smart, think big and scale fast.’”
Gurucul currently has over 20 MSSPs and VARs with many more in the evaluation stages.
‘We don’t target MSPs as we recommend they work first with a Master MSSP to provide them with “white-labeled MSSP Services” until they have their own SOC and in-house expertise,” Wagner commented.
Blue Mantis will carry the main ball for the channel with this offering, with Blue Mantis and their partners selling it.
“The Gurucul Sales team will sell the Blue Mantis Services directly or refer them to a Blue Mantis rep,” Wagner stated. “While Gurucul partners may, at times, compete with Blue Mantis offerings, every marketing success and new customer win from Blue Mantis – or any of our partners – ultimately strengthens the entire Gurucul ecosystem. Together, these successes reinforce the Gurucul NG-SIEM REVEAL platform as the preferred choice for MSSPs.”