Sqrrl Blog

Oct 7, 2015 9:00:00 AM

Sqrrl Releases Enterprise 2.3

The newest Sqrrl release, Sqrrl Enterprise 2.3, unveils a number of features which enhance the user experience and platform capabilities. So whether you’re an experienced hunter using Sqrrl today, or just discovering us for the first time, take a look at some of these new and noteworthy enhancements to the platform that lets you target, hunt, and disrupt your adversaries.

Read More

Topics: Sqrrl Enterprise, Data Analysis, Big data security analytics

Sep 28, 2015 4:20:00 PM

Taking the Backroad to a Secure Enterprise

Guest Blog by Richard Stiennon, Chief Research Analyst at IT-Harvest

This post originally appeared on the IT-Harvest blog.

It is often the case that rapidly changing technology allows laggards to leapfrog leaders. Rather than follow the same path as the trailblazers, those who come behind can take a shortcut. A country in South America bent on joining the modern world does not have to string phone lines across its mountains and jungles to achieve universal access to communications. It can build an LTE infrastructure, allowing its people to skip the fixed line stage and jump right to the latest smartphones and apps for Facebook and Instagram.

So too can an enterprise that is poorly defended get ahead of the race to security. The very best security infrastructures can be found at large financial institutions and defense contractors. Both have been battling targeted attacks for over a decade. They have purchased, deployed, and staffed every new technology brought out to combat every new threat: banks to counter cybercrime, the defense industrial base (DIB) to combat cyber espionage.

Read More

Topics: Cybersecurity, Cyber Hunting, Incident Response

Sep 24, 2015 9:00:00 AM

A Framework for Cyber Threat Hunting Part 3: The Value of Hunting TTPs

In the first two parts of our “Framework for Cyber Threat Hunting” series, we discussed the heirarchy of Indicators of Compromise, the most valuable of which are an attacker’s Tactics, Techniques, and Procedures (TTPs), and the benefits of using those indicators in a security feedback loop to build an Advanced Persistent Defense. This third and final part aims to provide a concrete example of how the discovery and mapping of TTPs contributes to the strength of an advanced persistent defense.

Read More

Topics: Breach Detection, Cyber Hunting, Incident Response, Threat Hunting

Sep 4, 2015 1:32:00 PM

Cyber Incident Matrix: Ashley Madison

Complexity Score: 4
Severity Score: 6
How did we get these numbers?

Incident Summary

  • What was breached: User Data from Avid Life Media websites, specifically targeting the Ashley Madison infidelity website

  • Delivery: Announced July 2015,

  • The Attackers: A hacking group known as "The Impact Team"

Read More

Topics: Data Breach, Cyber Incident Matrix

Sep 2, 2015 11:46:00 AM

A Look Inside Sqrrl's Company Culture

Sqrrl is located at 125 Cambridge Park Drive, a 470,000 square foot complex that hosts a number of innovative companies including Boston Scientific and Whole Foods. This month, an interview with Sqrrl CEO, Mark Terenzoni, and VP of Business Development, Ely Kahn, was featured in the monthly building newsletter. We would like to thank the author, Erin Tremblay, for her great article. Read it below!

Written by Erin Tremblay:

New to the Cambridge Park Dr. community, Sqrrl has called CPD home since this March. With an intriguing company name, CEO Mark Terenzoni gave me a glimpse inside Sqrrl’s corporate world.

Read More

Topics: Sqrrl

Sep 1, 2015 1:44:00 PM

Accumulo Summit Videos Now Available!


The 2nd annual Accumulo Summit provided an opportunity for attendees to get introduced to Apache Accumulo, sharpen their skillsets, and connect with the leading Apache Accumulo users and developers -- and now the videos are available! For anyone who was unable to attend or would like to watch a presentation they missed, videos of each talk have been posted to YouTube. As a refresher, talks included:

To all those who attended, we thank you. To those who didn’t, we look forward to seeing you next year!

Read More

Topics: Accumulo

Aug 25, 2015 5:42:00 PM

Team “Blue Squirrel” Comes Out On Top At Defcon Forensics Contest

By Chris McCubbin, Director of Data Science

This month we flew out to scenic Las Vegas, Nevada to take on some of the world’s most notorious hackers (that's us!) in the annual DEFCON 23 Network Forensics Puzzle contest, organized by LMG Security. For those of you who aren’t familiar with the contest, you and your team get several encrypted files, one per round, at the start of the contest. The organizers give you the key to the first file, which typically contains pcaps or other network traces, and a simple question to answer. Your job is to use the files to answer the question. Once you are confident the team has answered the question, you text the answer to the organizers and they will text back the key to the next round if you are correct. Wild guessing is discouraged and may lead to the organizers disqualifying the team. To finish, successfully answer the question in each round.

Read More

Topics: Cyber Forensics, DefCon

Aug 13, 2015 9:18:00 AM

Cyber Incident Matrix: Insider Trading

Complexity Score: 3
Severity Score: 3
How did we get these numbers?

Incident Summary

  • What was breached: Business Wire, Marketwired and PR Newswire

  • Delivery: February 2010 - August 2015

  • The Attackers:  Attackers from US, France, Cyprus, Russia, and the Ukraine


Beginning in early 2010, a ring of hackers breached financial wire companies Business Wire, Marketwired, and PR Newswire, patiently exfiltrating press releases related to a number of Fortune 500 companies (including HP, Home Depot, and Caterpillar) before the releases were made public. After the press releases were exfiltrated, they were analyzed by traders who would buy or short stock depending on the information contained in the press releases. According to the SEC filing, the hacker-trader ring made over $100 million in insider trades over the five year period.

Read More

Topics: Data Breach, Phishing, Hacking, Insider Trading, Market Manipulation

Aug 11, 2015 8:00:00 AM

Cyber Incident Matrix: Kaspersky

Severity Score: 2
Complexity Score: 10
How did we get these numbers?

Incident Summary:

  • What was breached: Several internal R&D related Systems of Kaspersky Lab

  • Delivery: Unknown - Spring 2015

  • The Attackers:  Unnamed Nation State


On June 10th, 2015, Russia-based security firm Kaspersky Lab announced that their systems had been infiltrated by a hyper-advanced previously undiscovered form of malware known as Duqu 2.0, the next generation of the Duqu trojan, or the “cousin” of Stuxnet. According to Kaspersky Lab, they were not the only target of the attack, as Duqu 2.0 was also deployed to spy on the 2014-2015 P5+1 talks, the new Iran Nuclear talks, and a conference commemorating the 70th Anniversary of the liberation of Auschwitz-Birkenau.

Read More

Topics: Malware, Data Breach, Duqu 2.0, Indicators of Compromise

Aug 5, 2015 8:30:00 AM

A Framework for Cyber Threat Hunting Part 2: Advanced Persistent Defense

In part 1 of this series, we discussed the six categories of Indicators of Compromise (IoC) that can be used as trailheads for structured threat hunting trips. In this post, we will focus specifically on how security organizations can build intelligence-driven hunting loops to detect the Tactics, Techniques, and Procedures (TTPs) of advanced threats.

In order to hunt threats, it is important to understand the method of the attacker. The cyber kill chain is the well known framework created by Lockheed Martin to track the steps an attacker goes through to exploit, compromise, and carry out an attack against a targeted system or organization. Disrupting this process at any point in the chain prevents (or at least seriously degrades) an attacker’s ability to accomplish their mission.

Read More

Topics: Breach Detection, Cyber Hunting, Incident Response, Threat Hunting