Sqrrl Blog

Nov 24, 2015 8:30:00 AM

Cyber Incident Matrix: Service Systems Associates (SSA)

Complexity Score: 2
Severity Score: 3
How did we get these numbers?

Incident Summary


On October 13th, 2015, Service Systems Associates announced that it had discovered a breach of its point-of-sale systems that resulted in the loss of about 60,000 individuals’ credit card information. The data breach occurred in 10 client locations across the United States. SSA only recognized the breach months after its initialization, and did not release a report until almost four months after the breach.

Read More

Topics: Cybersecurity, Data Breach, Cyber Incident Matrix

Nov 19, 2015 2:23:39 PM

The Threat Hunting Reference Model Part 3: The Hunt Matrix

In the first two parts of this blog series, we covered two important parts of a reference model for hunting: the hunting maturity model and the hunting loop. In this final part of our series, we’ll look at how these fit together. In this final part of the series, we develop a matrix for combining the capabilities of each level of the maturity model mapped to different steps of the hunting loop.

We already know that hunting is comprised of four steps and that hunting is most effective when these four steps are carried out iteratively, constantly building on each other. Organizations at different levels of the hunting maturity model will execute steps of the hunting loop in various ways. The matrix combines the four steps of the Hunting Loop and the five steps of the maturity model.

Read More

Topics: Cyber Hunting, Threat Hunting, Indicators of Compromise, Cyber Threat Hunting

Nov 17, 2015 10:39:00 AM

Cyber Incident Matrix: Penn State

Complexity Score: 4
Severity Score: 2
How did we get these numbers?

Incident Summary

  • What was breachedPennsylvania State University's School of Engineering

  • Delivery: September 2012

  • The Attackers: Offshore entities, at least one located in China


In November of 2014, the FBI alerted Penn State administrators that they had suffered a breach by a foreign entity. After several weeks of forensic analysis, it was determined that key machines inside the Penn State School of Engineering had been breached, containing the usernames and passwords of 18,000 university faculty, staff, and students. Several of the breached machines also contained PII, but there is no evidence to suggest that this information has been used maliciously.

Read More

Topics: Malware, Data Breach, Cyber Incident Matrix

Oct 28, 2015 12:39:00 PM

The Threat Hunting Reference Model Part 2: The Hunting Loop

In our previous post, part 1 of this blog series, we profiled the various stages of an organization’s hunting maturity scale. Cyber threat hunting is a relatively new security approach for many organizations. Until recently, most security teams relied on traditional, reactive responses to alerts and notifications, typically only analyzing data sets after a breach had been discovered as a part of forensic investigations and mitigation efforts.

Hunting is a proactive and iterative approach to security. To avoid one-off, potentially ineffective “hunting trips,” it's important for your team to implement a formal cyber hunting process. The following four stages make up a model process for successful hunting.

Read More

Topics: Cybersecurity, Cyber Hunting, Linked data analysis, Threat Hunting, Cyber Threat Hunting

Oct 16, 2015 8:30:00 AM

The Threat Hunting Reference Model Part 1: Measuring Hunting Maturity

Many organizations are quickly discovering that cyber threat hunting is the next step in the evolution of the modern SOC, but remain unsure of how to start hunting or how far along they are in developing their own hunt capabilities. This blog series will seek to formalize a reference model for how to effectively conduct threat hunting within an organization. We begin with a simple question: How can you quantify where your organization stands on the road to effective hunting? With a general model that can map maturity across any organization.

What is Hunting?

Before we can talk about hunting maturity, though, we need to discuss what exactly we mean when we say "hunting". We define hunting as the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions. There are many different techniques hunters might use to find the bad guys, and no single one of them is always "right"; the best one often depends on the type of activity you are trying to find.

Read More

Topics: Cyber Hunting, Incident Response, Threat Hunting, Cyber Threat Hunting

Oct 7, 2015 9:00:00 AM

Sqrrl Releases Enterprise 2.3

The newest Sqrrl release, Sqrrl Enterprise 2.3, unveils a number of features which enhance the user experience and platform capabilities. So whether you’re an experienced hunter using Sqrrl today, or just discovering us for the first time, take a look at some of these new and noteworthy enhancements to the platform that lets you target, hunt, and disrupt your adversaries.

Read More

Topics: Sqrrl Enterprise, Data Analysis, Big data security analytics

Sep 28, 2015 4:20:00 PM

Taking the Backroad to a Secure Enterprise

Guest Blog by Richard Stiennon, Chief Research Analyst at IT-Harvest

This post originally appeared on the IT-Harvest blog.

It is often the case that rapidly changing technology allows laggards to leapfrog leaders. Rather than follow the same path as the trailblazers, those who come behind can take a shortcut. A country in South America bent on joining the modern world does not have to string phone lines across its mountains and jungles to achieve universal access to communications. It can build an LTE infrastructure, allowing its people to skip the fixed line stage and jump right to the latest smartphones and apps for Facebook and Instagram.

So too can an enterprise that is poorly defended get ahead of the race to security. The very best security infrastructures can be found at large financial institutions and defense contractors. Both have been battling targeted attacks for over a decade. They have purchased, deployed, and staffed every new technology brought out to combat every new threat: banks to counter cybercrime, the defense industrial base (DIB) to combat cyber espionage.

Read More

Topics: Cybersecurity, Cyber Hunting, Incident Response

Sep 24, 2015 9:00:00 AM

A Framework for Cyber Threat Hunting Part 3: The Value of Hunting TTPs

In the first two parts of our “Framework for Cyber Threat Hunting” series, we discussed the heirarchy of Indicators of Compromise, the most valuable of which are an attacker’s Tactics, Techniques, and Procedures (TTPs), and the benefits of using those indicators in a security feedback loop to build an Advanced Persistent Defense. This third and final part aims to provide a concrete example of how the discovery and mapping of TTPs contributes to the strength of an advanced persistent defense.

Read More

Topics: Breach Detection, Cyber Hunting, Incident Response, Threat Hunting

Sep 4, 2015 1:32:00 PM

Cyber Incident Matrix: Ashley Madison

Complexity Score: 4
Severity Score: 6
How did we get these numbers?

Incident Summary

  • What was breached: User Data from Avid Life Media websites, specifically targeting the Ashley Madison infidelity website

  • Delivery: Announced July 2015,

  • The Attackers: A hacking group known as "The Impact Team"

Read More

Topics: Data Breach, Cyber Incident Matrix

Sep 2, 2015 11:46:00 AM

A Look Inside Sqrrl's Company Culture

Sqrrl is located at 125 Cambridge Park Drive, a 470,000 square foot complex that hosts a number of innovative companies including Boston Scientific and Whole Foods. This month, an interview with Sqrrl CEO, Mark Terenzoni, and VP of Business Development, Ely Kahn, was featured in the monthly building newsletter. We would like to thank the author, Erin Tremblay, for her great article. Read it below!

Written by Erin Tremblay:

New to the Cambridge Park Dr. community, Sqrrl has called CPD home since this March. With an intriguing company name, CEO Mark Terenzoni gave me a glimpse inside Sqrrl’s corporate world.

Read More

Topics: Sqrrl