Sqrrl Blog

Oct 18, 2016 7:00:00 AM

Former AT&T CISO Ed Amoroso Interviews Sqrrl CTO Adam Fuchs

This was originally posted in conjunction with the 2017 TAG Cyber Annual report. The full report can be be downloaded here.

Hunting Down Cyber Attacks in Enterprises with Big Data

A promising shift in enterprise cybersecurity is the trend toward proactive hunting of cyber security issues in advance of their causing consequential damage. Previously, cyber security analysis consisted of collecting data from gateway systems that would passively watch as an attack occurred. This collected data would be passed to analysts who hopefully would recognize what was happening in order to initiate response. By shifting this approach to a more proactive approach offers hope that attacks can be stopped before they are completed.

Read More

Topics: Threat Hunting, Cyber Threat Hunting

Oct 17, 2016 12:40:58 PM

Threats Driving You Nuts? Try Threat Hunting With Sqrrl

By Pamela Cobb
This article originally appeared on the IBM Security Intelligence blog.

Squirrels have many predators and enemies (hawks, snakes and, of course, cars), but Sqrrl shows how the hunted can become the hunter. Sqrrl is a leading threat hunting platform that is deeply integrated with IBM QRadar SIEM.

Read More

Topics: Threat Hunting, Sqrrl Integrations

Oct 13, 2016 8:00:00 AM

Threat Hunter Profile - Danny Akacki


Name: Danny Akacki

Organization: Hunt Team for a Fortune 100 Company

Years hunting: 4

Favorite datasets: Proxy, Firewall, IDS, AV, endpoint logs

Favorite hunting techniques: Behavioral detection, breadth scoping, miconfiguration searching

Favorite tools: FireEye TAP, Splunk, Wireshark, Bro, Moloch, Security Onion


Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Oct 11, 2016 7:00:00 AM

Welcome to The Hunter’s Den: Tools, Tips, and Techniques for Threat Hunting

This is the first post in a new blog series we are calling The Hunter’s Den. Over the last nine months it has been exciting to see the concept of “threat hunting” take off. At the most recent Black Hat conference this past August, it was surprising to see how many companies had begun to adopt threat hunting messaging. This mirrors the increasing interest we have seen around threat hunting, as illustrated by the Google Trends chart below.

Read More

Topics: Threat Hunting, Hunting Platform, Hunting How-To's

Oct 6, 2016 2:10:06 PM

Sqrrl releases Enterprise 2.6

Sqrrl’s latest release, version 2.6, delivers a host of fresh new features to the industry-leading Threat Hunting Platform. With a focus on enhancing user experience and hunting workflows, this new release makes it easier than ever to dive into your data and start proactively detecting threats.

By combining big data, analytics, investigation, and now newly enhanced hunting workflow capabilities into a single tool, Sqrrl Enterprise continues to revolutionize the industry standards for a Threat Hunting Platform. Sqrrl’s hunting approach focuses on identifying, gathering and acting upon an adversary’s Tactics, Techniques and Procedures (TTPs) in order to rapidly detect and mitigate threats in your network.

Sqrrl 2.6 introduces a number of new features that improves how analysts conduct investigations, further lowering the barrier of entry to threat hunting. Here are some of the new features added to Sqrrl to make hunting for advanced threats more streamlined than ever:

Read More

Topics: Sqrrl Enterprise, Threat Hunting

Oct 4, 2016 11:42:58 AM

Sqrrl Selected as Distinguished Vendor in Security Analytics by TAG Cyber

Sqrrl Selected as Distinguished Vendor in Security Analytics by TAG Cyber

Edward Amoroso (formed CISO at AT&T) published his first annual report on critical security controls, and Sqrrl was selected as the only distinguished vendor in the Security Analytics space. You can download the full report here.

An excerpt of the report is below.

Read More

Sep 28, 2016 8:00:00 AM

Threat Hunter Profile - Jason Smith


Name: Jason Smith

Organization: FireEye

Years hunting: 6

Favorite datasets: Flow data, Bro logs (http, dns, etc.), Windows event logs

Favorite hunting techniques: Pivoting from statistical anomalies, behavioral deviations for local assets

Favorite tools: SiLK, FlowBAT, Bro, Security Onion, Wireshark, Bash


Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Sep 14, 2016 8:30:00 AM

Threat Hunter Profile - Samuel Alonso


Name: Samuel Alonso

Organization: KPMG

Years hunting: 2

Favorite datasets: AV, firewall, proxy, IDS and passive DNS

Favorite hunting techniques: Stack counting, anomaly detection and visualization

Favorite tools: Volatility, Passive Total, Santoku and Kali Linux


Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Sep 12, 2016 3:41:22 PM

The Applicability of Graphs for Information Security Combatants

This post by Henrik Johansen originally appeared on Medium. Henrik is an IT Security professional at a Danish public sector entity called Region Syddanmark.

I have been tweeting a lot lately about Graphs and how they can be utilised in the context of Information Security. Since this is a topic that seems interesting to a few people I thought a more thorough explanation would make sense. Think of this as the “why” and “what” more than the “how”. 

Read More

Topics: Graphs, Incident Response, Threat Hunting, Cyber Threat Hunting

Aug 30, 2016 8:00:00 AM

Threat Hunter Profile - Chris Sanders


Name: Chris Sanders

Organization: FireEye

Years hunting: 10

Favorite datasets: Flow, Bro, Windows endpoint logs

Favorite hunting techniques: Aggregations, pivots, relationship graph visualizations

Favorite tools: SiLK, FlowBAT, Python, Wireshark, FireEye TAP, Splunk


Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile