Sqrrl Blog

Feb 3, 2016 4:01:46 PM

Sqrrl Hosts Mr. Robot Dinner for NYC CISOs

This week Sqrrl hosted over 30 Chief Information Security Officers (CISOs) and senior security executives (plus a few friends from the Cyber Division at the New York City FBI Field Office) for an evening of networking at a restaurant in downtown New York City.

Read More

Jan 14, 2016 4:22:06 PM

Living On an Exponential Curve of Breaches

Guest Blog by Richard Stiennon, Chief Research Analyst at IT-Harvest

Most of us live in the moment and most of us have trouble getting the big picture from the flood of breach announcements throughout the year. Anthem, Ashley Madison, OPM, all shocked us. After all these years how could large organizations be so ill protected against what are invariably unsophisticated attacks?

Read More

Topics: Malware, Data Breach, Cyber Threat Hunting, Security Analytics

Jan 4, 2016 9:48:00 AM

Sqrrl Releases Enterprise 2.4

Sqrrl’s latest release, Sqrrl Enterprise 2.4, delivers a host of new features and capabilities that further enhance the process of hunting threats and investigating incidents on your network. Sqrrl continues to quickly identify the important assets, actors, and events relevant to your organization and can now visualize your network with greater clarity. The updates provided by Sqrrl Enterprise 2.4 give you even more control and effectiveness in analyzing your data. Here’s a look at some of the new features that Sqrrl Enterprise has to offer.

Read More

Topics: Sqrrl Enterprise

Dec 22, 2015 11:39:59 AM

Cyber Incident Matrix: VTech

Complexity Score: 0
Severity Score: 0
How did we get these numbers?

Incident Summary


On November 14th, Hong Kong based toymaker VTech announced that its servers had been infiltrated after inquiries from the media, based on an anonymous tip to VICE Magazine. The anonymous tipper claims to be the hacker himself, describing in an interview with VICE that his only intention in the breach was to bring awareness to the blatant lack of cybersecurity at VTech.

  OPM Breach IRS Breach Anthem Breach ATM hacks Kaspersky hack Insider Trading hacks Ashley Madison Breach Penn State SSA Breach VTech Breach

Read More

Topics: Cybersecurity, Data Breach, Cyber Incident Matrix, VTech Breach

Nov 24, 2015 8:30:00 AM

Cyber Incident Matrix: Service Systems Associates (SSA)

Complexity Score: 2
Severity Score: 3
How did we get these numbers?

Incident Summary


On October 13th, 2015, Service Systems Associates announced that it had discovered a breach of its point-of-sale systems that resulted in the loss of about 60,000 individuals’ credit card information. The data breach occurred in 10 client locations across the United States. SSA only recognized the breach months after its initialization, and did not release a report until almost four months after the breach.

Read More

Topics: Cybersecurity, Data Breach, Cyber Incident Matrix

Nov 19, 2015 2:23:00 PM

The Threat Hunting Reference Model Part 3: The Hunt Matrix

In the first two parts of this blog series, we covered two important parts of a reference model for hunting: the hunting maturity model and the hunting loop. In this final part of our series, we’ll look at how these fit together. In this final part of the series, we develop a matrix for combining the capabilities of each level of the maturity model mapped to different steps of the hunting loop.

We already know that hunting is comprised of four steps and that hunting is most effective when these four steps are carried out iteratively, constantly building on each other. Organizations at different levels of the hunting maturity model will execute steps of the hunting loop in various ways. The matrix combines the four steps of the Hunting Loop and the five steps of the maturity model.

Read More

Topics: Cyber Hunting, Threat Hunting, Indicators of Compromise, Cyber Threat Hunting

Nov 17, 2015 10:39:00 AM

Cyber Incident Matrix: Penn State

Complexity Score: 4
Severity Score: 2
How did we get these numbers?

Incident Summary

  • What was breachedPennsylvania State University's School of Engineering

  • Delivery: September 2012

  • The Attackers: Offshore entities, at least one located in China


In November of 2014, the FBI alerted Penn State administrators that they had suffered a breach by a foreign entity. After several weeks of forensic analysis, it was determined that key machines inside the Penn State School of Engineering had been breached, containing the usernames and passwords of 18,000 university faculty, staff, and students. Several of the breached machines also contained PII, but there is no evidence to suggest that this information has been used maliciously.

Read More

Topics: Malware, Data Breach, Cyber Incident Matrix

Oct 28, 2015 12:39:00 PM

The Threat Hunting Reference Model Part 2: The Hunting Loop

In our previous post, part 1 of this blog series, we profiled the various stages of an organization’s hunting maturity scale. Cyber threat hunting is a relatively new security approach for many organizations. Until recently, most security teams relied on traditional, reactive responses to alerts and notifications, typically only analyzing data sets after a breach had been discovered as a part of forensic investigations and mitigation efforts.

Hunting is a proactive and iterative approach to security. To avoid one-off, potentially ineffective “hunting trips,” it's important for your team to implement a formal cyber hunting process. The following four stages make up a model process for successful hunting.

Read More

Topics: Cybersecurity, Cyber Hunting, Linked data analysis, Threat Hunting, Cyber Threat Hunting

Oct 16, 2015 8:30:00 AM

The Threat Hunting Reference Model Part 1: Measuring Hunting Maturity

Many organizations are quickly discovering that cyber threat hunting is the next step in the evolution of the modern SOC, but remain unsure of how to start hunting or how far along they are in developing their own hunt capabilities. This blog series will seek to formalize a reference model for how to effectively conduct threat hunting within an organization. We begin with a simple question: How can you quantify where your organization stands on the road to effective hunting? With a general model that can map maturity across any organization.

What is Hunting?

Before we can talk about hunting maturity, though, we need to discuss what exactly we mean when we say "hunting". We define hunting as the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions. There are many different techniques hunters might use to find the bad guys, and no single one of them is always "right"; the best one often depends on the type of activity you are trying to find.

Read More

Topics: Cyber Hunting, Incident Response, Threat Hunting, Cyber Threat Hunting

Oct 7, 2015 9:00:00 AM

Sqrrl Releases Enterprise 2.3

The newest Sqrrl release, Sqrrl Enterprise 2.3, unveils a number of features which enhance the user experience and platform capabilities. So whether you’re an experienced hunter using Sqrrl today, or just discovering us for the first time, take a look at some of these new and noteworthy enhancements to the platform that lets you target, hunt, and disrupt your adversaries.

Read More

Topics: Sqrrl Enterprise, Data Analysis, Big data security analytics