Sqrrl Blog

Jun 24, 2015 8:00:00 AM

Cyber Forensics: Sqrrls on the Crime Scene

By George Aquila, Associate Product Marketing Manager

Recently we featured an excellent guest post by Richard Stiennon, who illuminated the need for accelerating response times against attackers who will increasingly be moving down the kill chain with greater speed. This week we drill down on the practice of incident response, into the realm of cyber forensics, to address how analytics tools help put the pieces back together when an adversary successfully executes an attack.

Read More

Topics: Sqrrl Enterprise, Breach Detection, Outlier Detection, Cyber Forensics

Jun 19, 2015 8:00:00 AM

The OPM Breach and Big Data Security Analytics

In the past two weeks, the need for big data security analytics on the federal level has been acutely felt. At the end of last year, the Office of Personnel Management (OPM) was breached by hackers. The threat lay undetected for almost six months, until it was discovered, reportedly by accident, as the OPM worked actively to improve its security infrastructure. While the OPM does maintain its own security infrastructure, it also relies on the Department of Homeland Security’s National Cyber Protection system (NCPS), established in 2008 at the behest of Congress and the Executive branch. The NCPS was created to “protect the federal civilian Executive Branch government network and prevent known or suspected cyber threats,” according to the DHS.

Read More

Topics: Big Data Security, Linked data analysis, OPM, Department of Homeland Security, Big data security analytics

Jun 9, 2015 5:18:00 PM

Shorten Your Incident Response Time Now, Because Soon You Will Not Have The Luxury of Time

Guest Blog by Richard Stiennon, Chief Research Analyst at IT-Harvest

Reaction times are everything. Anyone who has had a near miss while driving on the highway knows that quick reflexes can mean the difference between a good story and a very, very bad day. Reaction time is beginning to be a key metric in cyber incident response too. We know what poor reaction time looks like from recent surveys and extreme cases like Nortel Networks, which never reacted to a serious incursion that lasted over ten years.


Read More

Jun 3, 2015 2:58:00 PM

The Power of Knowing: Detecting Anomalies in Cyber Security Data

By Joe Travaglini, Director of Products

When it comes to analyzing root cause of an incident, it’s not only a matter of finding the trigger event, but also the the sequence of events that set the stage, and sometimes even the intent.  Drawing a comparison to the real world, in the case of a fire, was it some electrical malfunction, a rogue cigarette that wasn’t properly extinguished, or was it arson?  In cybersecurity, making this type of assessment is the role of forensic investigations.  What did the attack look like and where did it come from?  Given the well documented numbers about how long a threat exists in a latent form within a network, we can certainly be doing a better job reducing Mean Time to Know.  

Read More

Topics: Cybersecurity, Data Analysis, Linked Data, Outlier Detection

May 14, 2015 12:33:00 PM

Risk Math for Security Investments

Recently, Anup Ghosh wrote an excellent post around optimizing security investments against the kill chain. However, there was one line that stood out for me that I think requires a deeper look

Anup writes "the incident response dollar... is equivalent to one million times an equivalent prevention dollar."

I would argue that this statement is a stretch based on risk math. The equation for risk (from a Bayesian perspective) is often times referred to as:

Read More

Topics: Cybersecurity, Return on Security Investment

Apr 7, 2015 4:48:00 PM

Sqrrl Wins AFCEA Cyber Summit Shark Tank

Last week Sqrrl was one of 10 cybersecurity technology companies that competed in the Shark Tank at the AFCEA Cybersecurity Technology Summit. During this Shark Tank competition, the 10 companies provided a 3 minute pitch on their product and answered questions posed by three esteemed judges and the audience.

We are proud to announce that Sqrrl was selected as the unanimous winner of this competition. The judges selected Sqrrl as having the best pitch and best market potential.

Below is the script of the winning pitch.

Read More

Topics: Cybersecurity, Sqrrl, AFCEA

Mar 31, 2015 8:30:00 AM

Linked Data > Log Data: The Power of Context

By George Aquila

Many enterprise security tools, including SIEMs, Incident Response, and Network Analysis tools are log-based. However, making sense of log files can be tricky, since logs typically exist without context (i.e., it is hard to understand how they relate to the larger cybersecurity environment around them). Luckily, there is a more effective way of organizing your data: using a Linked Data approach.

Read More

Topics: Accumulo, NoSQL, Big Data, Data Analysis, Linked Data

Mar 26, 2015 2:19:00 PM

Cyber Hunting: 5 Tips To Bag Your Prey

This blog was originally posted on Dark Reading. 

By David Bianco, Sqrrl's Security Architect

Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm.

The days when Security Operations Center analysts could sit back and wait for alerts to come to them have long passed. A year of breaches and attacks at Fortune 100 banks, retailers, and government agencies have shown that traditional measures like firewalls, IDS, and SIEMs are not enough. While these measures are still important, today’s threats demand a more active role in detecting and isolating sophisticated attacks. It’s hunting season, so here are five tips to make your efforts more productive.

Read the rest here.

Read More

Mar 10, 2015 2:21:00 PM

On Explainability in Machine Learning

This blog was originally posted on MLSec.

By David Bianco, Sqrrl's Security Architect

A few days ago, Gartner’s Anton Chuvakin posted an article to his blog called Killed by AI Much? A Rise of Non-deterministic Security!. In this post, he (rightly) points out that Machine Learning has gotten to the point where we can produce judgements that cannot be easily explained. As he points out, there are some cases where this is fine (let’s see what Netflix thinks I would like to watch tonight). Other situations, though, such as deciding which connections might contain attack traffic, may incur significantly more penalty for wrong decisions. His big question is My dear security industry peers, are we OK with that?

Read More

Mar 5, 2015 8:30:00 AM

Cyber Pattern-of-Life Analysis

By Ely Kahn

Pattern-of-life analysis is a well-known (and sometime controversial term) in the US Intelligence Community. One definition of pattern-of-life analysis is:

"A method of surveillance specifically used for documenting or understanding a subject's (or many subjects') habits. This information can then be potentially used to predict future actions by the subject(s) being observed. This form of observation can, and is, generally done without the consent of the subject, with motives including but not limited to security, profit, scientific research, regular censuses, and traffic analysis. Unlike these specific areas of surveillance, pattern-of-life analysis is not limited to one medium and can encompass tracking anything in an individual's (or system of individuals') life from their internet browsing habits to their geophysical movements."

Read More

Topics: Big Data Security, Breach Detection, Data Analysis