Sqrrl Blog

May 4, 2016 1:27:00 PM

Incident Response is Dead... Long Live Incident Response

Originally posted by Scott Roberts, a threat hunter at GitHub, at http://sroberts.github.io/2015/04/14/ir-is-dead-long-live-ir/ 

Talk to anyone in the DFIR Illuminati and one of the topics that always comes up is Hunting. Much like threat intelligence & string theory, people talk a lot about this, but nearly no one knows what it actually means.

Proactive vs. Reactive

At its core, Hunting is about taking a proactive vs a reactive approach to identifying incidents.

Read More

Topics: Cyber Hunting, Incident Response, Threat Hunting, Cyber Threat Hunting

Apr 27, 2016 4:27:00 PM

Threat Hunting Quick Fix

Originally posted by Samuel Alonso, KPMG Global Security Operations Center threat hunter at http://cyber-ir.com/2016/03/08/threat-hunting-quick-fix/ 

Are you currently threat hunting and not finding much? I do not support this threat hunting modality however it is true that I use it when I do not have the time to go on a hunting trip and keep focused.

This is not a silver bullet but it is true that it can help in your hunting trips, looking for already known IOC’s sometimes can bring up interesting results.

Read More

Topics: Incident Response, Threat Hunting, Cyber Threat Hunting, Security Analytics

Apr 20, 2016 10:47:00 AM

Cyber Threat Hunting (3): Hunting in the Perimeter

Originally posted by Samuel Alonso, KPMG Global Security Operations Center threat hunter at http://cyber-ir.com/2016/03/01/cyber-threat-hunting-3-hunting-in-the-perimeter/ 

In this third post we are going to see what we need to look at when hunting and detecting adversaries in the perimeter. We are also going to look at some of the firewall technologies and their log formats in order to detect anomalies in the inbound and outbound traffic in your network.

Read More

Topics: Cyber Hunting, Incident Response, Threat Hunting, Cyber Threat Hunting

Apr 14, 2016 11:16:00 AM

Cyber Threat Hunting (2): Getting Ready

Originally posted by Samuel Alonso, KPMG Global Security Operations Center threat hunter at http://cyber-ir.com/2016/02/05/cyber-threat-hunting-2-getting-ready/ 

In my previous post I went through the basics of hunting and its benefits for the organization and for analysts. To continue the journey, today I am going to cover the preparations you need to do before you go out there and hunt. We are covering preparations and locations to hunt.

As you need some degree of preparation for many of the activities we carry on a daily basis, you can improvise but I suggest you don´t do it as hunting is an activity that requires a high level of concentration and you only want to focus on what it is important for the hunt.

Read More

Topics: Cyber Hunting, Threat Hunting, Cyber Threat Hunting

Apr 8, 2016 10:49:00 AM

Cyber Threat Hunting (1): Intro

Originally posted by Samuel Alonso, KPMG Global Security Operations Center threat hunter at http://cyber-ir.com/2016/01/21/cyber-threat-hunting-1-intro/ 

After some long months debating weather to write a white paper, and what potential topics I could write about – I just decided that I do not have enough time to go through the process of writing a research paper for the next 6 to 12 months. Instead, I am taking some of my research and current experience  and I am sharing it with you. I will be brief and to the point – it is not my intention to spend much time in the bushes. I want to provide you with a solid foundation to start hunting an understanding the “creativity” behind the process.

Read More

Topics: Cyber Hunting, Incident Response, Threat Hunting, Cyber Threat Hunting

Mar 15, 2016 6:22:00 PM

What Is a Threat Hunting Platform: Part 2 - Benefits and Sqrrl

In Part 1 of this blog series we discussed the concept of a threat hunting platform and the capabilities that a THP provides to security analysts that are looking to proactively find threats hidden in their data. In part 2 of this series we will take a look at the benefits that a THP can deliver and present Sqrrl as an example of a best-in-class THP.

Read More

Topics: Cyber Threat Hunting, Hunting Platform

Mar 7, 2016 3:11:00 PM

What Is a Threat Hunting Platform: Part 1 - An Introduction

Hunting and its Obstacles

One of the major security  problems facing organizations today is that they are simply not finding hidden threats on their network in time. On average, it will take an organization 205 days before finding a malicious actor burrowed in their systems. 70% of breach notifications companies receive come from third party organizations. To find advanced threats, you need more than traditional automated security solutions; you need to be hunting.

Threat hunting is the process of proactively and iteratively searching through networks to detect and investigate advanced threats that evade existing detection tools. Hunting can radically enhance the process of finding those hidden threats and can cut the time it takes to find them from multiple hundred days to hours. But even if you want to start hunting, there are still 2 major issues that you will likely face.

Read More

Topics: Cyber Hunting, Threat Hunting, Enterprise Security, Hunting Platform

Feb 17, 2016 12:51:00 PM

Gravitational Waves Collide with Cybersecurity: Using Machine Learning Inspired by Astrophysics

By Ruslan Vaulin, senior data scientist at Sqrrl, member of the LIGO Scientific Collaboration

What do searching for signals from merging black holes some billion light years away and searching for cyber adversaries operating on your network have in common? More than you might have guessed...

But let’s start from the beginning. Last week (February 11, 2016) National Science Foundation and LIGO Scientific Collaboration announced the first confirmed detection of gravitational-wave signal from collision of two black holes. The collision happened more than a billion light years, away producing an outburst of gravitational-wave energy equivalent to the light of all stars in our galaxy. While very powerful, such radiation is extremely difficult to detect due to a very weak interaction between gravity and ordinary matter. It truly requires a Jedi's power to sense such disturbances in the force!

Read More

Topics: Big data security analytics, LIGO, Data Science, Machine Learning

Feb 3, 2016 4:01:46 PM

Sqrrl Hosts Mr. Robot Dinner for NYC CISOs

This week Sqrrl hosted over 30 Chief Information Security Officers (CISOs) and senior security executives (plus a few friends from the Cyber Division at the New York City FBI Field Office) for an evening of networking at a restaurant in downtown New York City.

Read More

Jan 14, 2016 4:22:06 PM

Living On an Exponential Curve of Breaches

Guest Blog by Richard Stiennon, Chief Research Analyst at IT-Harvest

Most of us live in the moment and most of us have trouble getting the big picture from the flood of breach announcements throughout the year. Anthem, Ashley Madison, OPM, all shocked us. After all these years how could large organizations be so ill protected against what are invariably unsophisticated attacks?

Read More

Topics: Malware, Data Breach, Cyber Threat Hunting, Security Analytics