Sqrrl Blog

Jun 24, 2015 8:00:00 AM

Cyber Forensics: Sqrrls on the Crime Scene

By George Aquila, Associate Product Marketing Manager

Recently we featured an excellent guest post by Richard Stiennon, who illuminated the need for accelerating response times against attackers who will increasingly be moving down the kill chain with greater speed. This week we drill down on the practice of incident response, into the realm of cyber forensics, to address how analytics tools help put the pieces back together when an adversary successfully executes an attack.

Read More

Topics: Sqrrl Enterprise, Breach Detection, Outlier Detection, Cyber Forensics

Jun 19, 2015 8:00:00 AM

The OPM Breach and Big Data Security Analytics

In the past two weeks, the need for big data security analytics on the federal level has been acutely felt. At the end of last year, the Office of Personnel Management (OPM) was breached by hackers. The threat lay undetected for almost six months, until it was discovered, reportedly by accident, as the OPM worked actively to improve its security infrastructure. While the OPM does maintain its own security infrastructure, it also relies on the Department of Homeland Security’s National Cyber Protection system (NCPS), established in 2008 at the behest of Congress and the Executive branch. The NCPS was created to “protect the federal civilian Executive Branch government network and prevent known or suspected cyber threats,” according to the DHS.

Read More

Topics: Big Data Security, Linked data analysis, OPM, Department of Homeland Security, Big data security analytics

Jun 9, 2015 5:18:00 PM

Shorten Your Incident Response Time Now, Because Soon You Will Not Have The Luxury of Time

Guest Blog by Richard Stiennon, Chief Research Analyst at IT-Harvest

Reaction times are everything. Anyone who has had a near miss while driving on the highway knows that quick reflexes can mean the difference between a good story and a very, very bad day. Reaction time is beginning to be a key metric in cyber incident response too. We know what poor reaction time looks like from recent surveys and extreme cases like Nortel Networks, which never reacted to a serious incursion that lasted over ten years.

IT_Harvest_logo

Read More

Jun 3, 2015 2:58:00 PM

The Power of Knowing: Detecting Anomalies in Cyber Security Data

By Joe Travaglini, Director of Products

When it comes to analyzing root cause of an incident, it’s not only a matter of finding the trigger event, but also the the sequence of events that set the stage, and sometimes even the intent.  Drawing a comparison to the real world, in the case of a fire, was it some electrical malfunction, a rogue cigarette that wasn’t properly extinguished, or was it arson?  In cybersecurity, making this type of assessment is the role of forensic investigations.  What did the attack look like and where did it come from?  Given the well documented numbers about how long a threat exists in a latent form within a network, we can certainly be doing a better job reducing Mean Time to Know.  

Read More

Topics: Cybersecurity, Data Analysis, Linked Data, Outlier Detection