Sqrrl Blog

Mar 26, 2015 2:19:00 PM

Cyber Hunting: 5 Tips To Bag Your Prey

This blog was originally posted on Dark Reading. 

By David Bianco, Sqrrl's Security Architect

Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm.

The days when Security Operations Center analysts could sit back and wait for alerts to come to them have long passed. A year of breaches and attacks at Fortune 100 banks, retailers, and government agencies have shown that traditional measures like firewalls, IDS, and SIEMs are not enough. While these measures are still important, today’s threats demand a more active role in detecting and isolating sophisticated attacks. It’s hunting season, so here are five tips to make your efforts more productive.

Read the rest here.

Read More

Mar 10, 2015 2:21:00 PM

On Explainability in Machine Learning

This blog was originally posted on MLSec.

By David Bianco, Sqrrl's Security Architect

A few days ago, Gartner’s Anton Chuvakin posted an article to his blog called Killed by AI Much? A Rise of Non-deterministic Security!. In this post, he (rightly) points out that Machine Learning has gotten to the point where we can produce judgements that cannot be easily explained. As he points out, there are some cases where this is fine (let’s see what Netflix thinks I would like to watch tonight). Other situations, though, such as deciding which connections might contain attack traffic, may incur significantly more penalty for wrong decisions. His big question is My dear security industry peers, are we OK with that?

Read More

Mar 5, 2015 8:30:00 AM

Cyber Pattern-of-Life Analysis

By Ely Kahn

Pattern-of-life analysis is a well-known (and sometime controversial term) in the US Intelligence Community. One definition of pattern-of-life analysis is:

"A method of surveillance specifically used for documenting or understanding a subject's (or many subjects') habits. This information can then be potentially used to predict future actions by the subject(s) being observed. This form of observation can, and is, generally done without the consent of the subject, with motives including but not limited to security, profit, scientific research, regular censuses, and traffic analysis. Unlike these specific areas of surveillance, pattern-of-life analysis is not limited to one medium and can encompass tracking anything in an individual's (or system of individuals') life from their internet browsing habits to their geophysical movements."

Read More

Topics: Big Data Security, Breach Detection, Data Analysis

Feb 25, 2015 8:30:00 AM

Top of Food Chain: Cyber Hunting with Sqrrls

An Interview with Sqrrl’s David Bianco

By George Aquila

Executive Summary

Big Data Security Analytics techniques are critical to hunt for advanced cyber threats. Starting with just some hypotheses, a seasoned hunter can use a Big Data tool, such as Sqrrl Enterprise, to iterate through large amounts of data and detect anomalies that would otherwise go unnoticed by traditional defenses. While more and more companies are attempting to build cyber hunting capabilities, few tools exist to assist analysts in the challenges of the hunt. The expansion of data science capabilities into the cybersecurity realm holds great promise for the advancement of cyber hunting. Sqrrl’s David Bianco sheds some light on these crucial developments surrounding the rise of threat hunting, and how Sqrrl’s solution can provide these much needed solutions.

Read More

Topics: Big Data Security, Breach Detection, Cyber Hunting

Jan 27, 2015 7:30:00 AM

Linked Data Analysis of Trading Activity with Corvil and Sqrrl

Sqrrl is featured in a blog post by Corvil’s Fergal Toomey, covering Linked Data Analysis of Trading Activity. The full blog is featured in the link below, and it covers how Corvil and Sqrrl partnered to use Linked Data Analysis to visualize relationships in large trading datasets.

Toomey discusses how Sqrrl’s approach can be used in a typical brokerage environment to visualize performance and identify bottlenecks and suboptimal/fraudulent behaviors. He also covers how Corvil’s Streaming Analtics Platform can be used to extract data which then can be easily forwarded to analysis systems like Sqrrl via open Analytics Streams.

Read More

Topics: Hadoop, Cybersecurity, Corvil, Fintech, Fraud

Dec 1, 2014 8:30:00 AM

BlackEnergy: Mitigation with Big Data Analytics

By George Aquila

The Lurking Threat

In late October, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued a formal alert warning that it had “identified a sophisticated malware campaign that has compromised numerous industrial control systems,” including GE Cimplicity and Siemens WinCC platforms, from as far back as 2011. These are widely used to control and monitor critical infrastructure from gas pipelines to electrical grids, so the threat has prompted a rising concern in the energy community that systems across the country have been compromised and could be imminently threatened by malicious actors.

Read More

Topics: Accumulo, Hadoop, Big Data Security, Cybersecurity, APT Campaign, Malware

Nov 6, 2014 8:00:00 AM

Coordinated Information Sharing on Cyber Threats and Secure Data Management

By George Aquila

The Evolving Threat Landscape

Mitigating cyber threats is a difficult task. As has been shown time and again in various recent data breaches, maintaining up to date security measures and abiding by industry prescribed best practices can leave even the most prominent and incident-ready organizations open to breaches. With a diverse range of constantly evolving Advanced Persistent Threats (APTs), traditional defenses like firewalls and signature-based malware detectors are at an inherent disadvantage against motivated attackers looking to infiltrate data systems of all kinds.

Read More

Topics: Accumulo, Big Data Security, Sqrrl Enterprise, Partnership, Info Sharing

Oct 29, 2014 8:00:00 AM

The "Pawn Storm" Campaign and Dynamic Threat Detection

By George Aquila

An advanced and widespread malware campaign dubbed “Pawn Storm” was recently profiled in a white paper by security researcher Trend Micro. The campaign has reportedly been targeting and compromising a number of high value government and private sector defense systems across the world for the past several years.

Target and Scope

Read More

Topics: Cybersecurity, Breach Detection, APT Campaign, Malware

Oct 16, 2014 8:00:00 AM

JPMorgan and Big Data Security Analytics

By George Aquila

Editor’s Note: This will be the first in a series of regular blog posts where we track the current state-of-the-art around cyber attacks and assess how Sqrrl’s Big Data Analytic Platform can assist in these situations.

The Attack

On October 2nd, JPMorgan Chase revealed through an SEC filing that it had been the target of a massive cyber intrusion resulting in a significant data breach over the course of the summer months, roughly between June and August.

Read More

Topics: Big Data Security, Cybersecurity, Breach Detection

Aug 20, 2014 2:24:00 PM

The NoSQL Animal Kingdom

With NoSQL Now! is currently underway in the Valley (and with a few Sqrrls in attendance), I got to thinking about how this phenomenon came to be, how it gained momentum, and the types of possibility we have before us in terms of solving actual problems.

Read More

Topics: NoSQL, Sqrrl Enterprise, Graphs

        

Subscribe to Email Updates