Sqrrl Blog

Mar 31, 2015 8:30:00 AM

Linked Data > Log Data: The Power of Context

By George Aquila

Many enterprise security tools, including SIEMs, Incident Response, and Network Analysis tools are log-based. However, making sense of log files can be tricky, since logs typically exist without context (i.e., it is hard to understand how they relate to the larger cybersecurity environment around them). Luckily, there is a more effective way of organizing your data: using a Linked Data approach.

Read More

Topics: Accumulo, NoSQL, Big Data, Data Analysis, Linked Data

Mar 26, 2015 2:19:00 PM

Cyber Hunting: 5 Tips To Bag Your Prey

This blog was originally posted on Dark Reading. 

By David Bianco, Sqrrl's Security Architect

Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm.

The days when Security Operations Center analysts could sit back and wait for alerts to come to them have long passed. A year of breaches and attacks at Fortune 100 banks, retailers, and government agencies have shown that traditional measures like firewalls, IDS, and SIEMs are not enough. While these measures are still important, today’s threats demand a more active role in detecting and isolating sophisticated attacks. It’s hunting season, so here are five tips to make your efforts more productive.

Read the rest here.

Read More

Mar 10, 2015 2:21:00 PM

On Explainability in Machine Learning

This blog was originally posted on MLSec.

By David Bianco, Sqrrl's Security Architect

A few days ago, Gartner’s Anton Chuvakin posted an article to his blog called Killed by AI Much? A Rise of Non-deterministic Security!. In this post, he (rightly) points out that Machine Learning has gotten to the point where we can produce judgements that cannot be easily explained. As he points out, there are some cases where this is fine (let’s see what Netflix thinks I would like to watch tonight). Other situations, though, such as deciding which connections might contain attack traffic, may incur significantly more penalty for wrong decisions. His big question is My dear security industry peers, are we OK with that?

Read More

Mar 5, 2015 8:30:00 AM

Cyber Pattern-of-Life Analysis

By Ely Kahn

Pattern-of-life analysis is a well-known (and sometime controversial term) in the US Intelligence Community. One definition of pattern-of-life analysis is:

"A method of surveillance specifically used for documenting or understanding a subject's (or many subjects') habits. This information can then be potentially used to predict future actions by the subject(s) being observed. This form of observation can, and is, generally done without the consent of the subject, with motives including but not limited to security, profit, scientific research, regular censuses, and traffic analysis. Unlike these specific areas of surveillance, pattern-of-life analysis is not limited to one medium and can encompass tracking anything in an individual's (or system of individuals') life from their internet browsing habits to their geophysical movements."

Read More

Topics: Big Data Security, Breach Detection, Data Analysis