Sqrrl Blog

Oct 28, 2015 12:39:00 PM

The Threat Hunting Reference Model Part 2: The Hunting Loop

In our previous post, part 1 of this blog series, we profiled the various stages of an organization’s hunting maturity scale. Cyber threat hunting is a proactive security approach for organizations to detect advanced threats in their networks. Until recently, most security teams have relied on traditional rule- and signature-based solutions that produce floods of alerts and notifications, and typically only analyze data sets after an indicator of a breach had been discovered as a part of forensic investigations.

The Threat Hunting process is meant to be iterative. You will never be able to fully secure your network after just a single hunt. To avoid one-off, potentially ineffective hunting trips, it's important for your team to implement a formal cyber hunting process. The following four stages make up a model process for successful hunting.

Read More

Topics: Cybersecurity, Cyber Hunting, Linked data analysis, Threat Hunting, Cyber Threat Hunting

Oct 16, 2015 8:30:00 AM

The Threat Hunting Reference Model Part 1: Measuring Hunting Maturity

Many organizations are quickly discovering that cyber threat hunting is the next step in the evolution of the modern SOC, but remain unsure of how to start hunting or how far along they are in developing their own hunt capabilities. This blog series will seek to formalize a reference model for how to effectively conduct threat hunting within an organization. We begin with a simple question: How can you quantify where your organization stands on the road to effective hunting? With a general model that can map maturity across any organization.

What is Hunting?

Before we can talk about hunting maturity, though, we need to discuss what exactly we mean when we say "hunting". We define hunting as the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade automated, rule- and signature-based security systems. There are many different techniques hunters might use to find the bad guys, and no single one of them is always "right"; the best one often depends on the type of activity you are trying to find.

Read More

Topics: Cyber Hunting, Incident Response, Threat Hunting, Cyber Threat Hunting

Oct 7, 2015 9:00:00 AM

Sqrrl Releases Enterprise 2.3

The newest Sqrrl release, Sqrrl Enterprise 2.3, unveils a number of features which enhance the user experience and platform capabilities. So whether you’re an experienced hunter using Sqrrl today, or just discovering us for the first time, take a look at some of these new and noteworthy enhancements to the platform that lets you target, hunt, and disrupt your adversaries.

Read More

Topics: Sqrrl Enterprise, Data Analysis, Big data security analytics