Sqrrl Blog

May 14, 2015 12:33:00 PM

Risk Math for Security Investments

Recently, Anup Ghosh wrote an excellent post around optimizing security investments against the kill chain. However, there was one line that stood out for me that I think requires a deeper look

Anup writes "the incident response dollar... is equivalent to one million times an equivalent prevention dollar."

I would argue that this statement is a stretch based on risk math. The equation for risk (from a Bayesian perspective) is often times referred to as:

Read More

Topics: Cybersecurity, Return on Security Investment

Apr 7, 2015 4:48:00 PM

Sqrrl Wins AFCEA Cyber Summit Shark Tank

Last week Sqrrl was one of 10 cybersecurity technology companies that competed in the Shark Tank at the AFCEA Cybersecurity Technology Summit. During this Shark Tank competition, the 10 companies provided a 3 minute pitch on their product and answered questions posed by three esteemed judges and the audience.

We are proud to announce that Sqrrl was selected as the unanimous winner of this competition. The judges selected Sqrrl as having the best pitch and best market potential.

Below is the script of the winning pitch.

Read More

Topics: Cybersecurity, Sqrrl, AFCEA

Mar 31, 2015 8:30:00 AM

Linked Data > Log Data: The Power of Context

By George Aquila

Many enterprise security tools, including SIEMs, Incident Response, and Network Analysis tools are log-based. However, making sense of log files can be tricky, since logs typically exist without context (i.e., it is hard to understand how they relate to the larger cybersecurity environment around them). Luckily, there is a more effective way of organizing your data: using a Linked Data approach.

Read More

Topics: Accumulo, NoSQL, Big Data, Data Analysis, Linked Data

Mar 26, 2015 2:19:00 PM

Cyber Hunting: 5 Tips To Bag Your Prey

This blog was originally posted on Dark Reading. 

By David Bianco, Sqrrl's Security Architect

Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm.

The days when Security Operations Center analysts could sit back and wait for alerts to come to them have long passed. A year of breaches and attacks at Fortune 100 banks, retailers, and government agencies have shown that traditional measures like firewalls, IDS, and SIEMs are not enough. While these measures are still important, today’s threats demand a more active role in detecting and isolating sophisticated attacks. It’s hunting season, so here are five tips to make your efforts more productive.

Read the rest here.

Read More

Mar 10, 2015 2:21:00 PM

On Explainability in Machine Learning

This blog was originally posted on MLSec.

By David Bianco, Sqrrl's Security Architect

A few days ago, Gartner’s Anton Chuvakin posted an article to his blog called Killed by AI Much? A Rise of Non-deterministic Security!. In this post, he (rightly) points out that Machine Learning has gotten to the point where we can produce judgements that cannot be easily explained. As he points out, there are some cases where this is fine (let’s see what Netflix thinks I would like to watch tonight). Other situations, though, such as deciding which connections might contain attack traffic, may incur significantly more penalty for wrong decisions. His big question is My dear security industry peers, are we OK with that?

Read More

Mar 5, 2015 8:30:00 AM

Cyber Pattern-of-Life Analysis

By Ely Kahn

Pattern-of-life analysis is a well-known (and sometime controversial term) in the US Intelligence Community. One definition of pattern-of-life analysis is:

"A method of surveillance specifically used for documenting or understanding a subject's (or many subjects') habits. This information can then be potentially used to predict future actions by the subject(s) being observed. This form of observation can, and is, generally done without the consent of the subject, with motives including but not limited to security, profit, scientific research, regular censuses, and traffic analysis. Unlike these specific areas of surveillance, pattern-of-life analysis is not limited to one medium and can encompass tracking anything in an individual's (or system of individuals') life from their internet browsing habits to their geophysical movements."

Read More

Topics: Big Data Security, Breach Detection, Data Analysis

Feb 25, 2015 8:30:00 AM

Top of Food Chain: Cyber Hunting with Sqrrls

An Interview with Sqrrl’s David Bianco

By George Aquila

Executive Summary

Big Data Security Analytics techniques are critical to hunt for advanced cyber threats. Starting with just some hypotheses, a seasoned hunter can use a Big Data tool, such as Sqrrl Enterprise, to iterate through large amounts of data and detect anomalies that would otherwise go unnoticed by traditional defenses. While more and more companies are attempting to build cyber hunting capabilities, few tools exist to assist analysts in the challenges of the hunt. The expansion of data science capabilities into the cybersecurity realm holds great promise for the advancement of cyber hunting. Sqrrl’s David Bianco sheds some light on these crucial developments surrounding the rise of threat hunting, and how Sqrrl’s solution can provide these much needed solutions.

Sqrrl_Hunter
Read More

Topics: Big Data Security, Breach Detection, Cyber Hunting

Jan 27, 2015 7:30:00 AM

Linked Data Analysis of Trading Activity with Corvil and Sqrrl

Sqrrl is featured in a blog post by Corvil’s Fergal Toomey, covering Linked Data Analysis of Trading Activity. The full blog is featured in the link below, and it covers how Corvil and Sqrrl partnered to use Linked Data Analysis to visualize relationships in large trading datasets.

Toomey discusses how Sqrrl’s approach can be used in a typical brokerage environment to visualize performance and identify bottlenecks and suboptimal/fraudulent behaviors. He also covers how Corvil’s Streaming Analtics Platform can be used to extract data which then can be easily forwarded to analysis systems like Sqrrl via open Analytics Streams.

Read More

Topics: Hadoop, Cybersecurity, Corvil, Fintech, Fraud

Dec 1, 2014 8:30:00 AM

BlackEnergy: Mitigation with Big Data Analytics

By George Aquila

The botnet builder interface of an earlier variant of BlackEnergyThe botnet builder interface of an earlier variant of BlackEnergy 

The Lurking Threat

In late October, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued a formal alert warning that it had “identified a sophisticated malware campaign that has compromised numerous industrial control systems,” including GE Cimplicity and Siemens WinCC platforms, from as far back as 2011. These are widely used to control and monitor critical infrastructure from gas pipelines to electrical grids, so the threat has prompted a rising concern in the energy community that systems across the country have been compromised and could be imminently threatened by malicious actors.

Read More

Topics: Accumulo, Hadoop, Big Data Security, Cybersecurity, APT Campaign, Malware

Nov 6, 2014 8:00:00 AM

Coordinated Information Sharing on Cyber Threats and Secure Data Management

By George Aquila

The Evolving Threat Landscape

Mitigating cyber threats is a difficult task. As has been shown time and again in various recent data breaches, maintaining up to date security measures and abiding by industry prescribed best practices can leave even the most prominent and incident-ready organizations open to breaches. With a diverse range of constantly evolving Advanced Persistent Threats (APTs), traditional defenses like firewalls and signature-based malware detectors are at an inherent disadvantage against motivated attackers looking to infiltrate data systems of all kinds.

Read More

Topics: Accumulo, Big Data Security, Sqrrl Enterprise, Partnership, Info Sharing

        

Subscribe to Email Updates