Sqrrl Blog

Oct 26, 2016 8:00:00 AM

Threat Hunter Profile - Stephen Hinck

stephen_pic.jpg 

Name: Stephen Hinck

Organization: Oracle

Years hunting: 5

Favorite datasets: network logs (proxy, Bro, DNS, etc), process execution, and AV logs

Favorite hunting techniques: Stacking, kill chain analysis

Favorite tools: Command line utilities (grep, sed, awk), ELK stack, ELSA, FireEye TAP

@StephenHinck

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Oct 18, 2016 7:00:00 AM

Former AT&T CISO Ed Amoroso Interviews Sqrrl CTO Adam Fuchs

This was originally posted in conjunction with the 2017 TAG Cyber Annual report. The full report can be be downloaded here.

Hunting Down Cyber Attacks in Enterprises with Big Data

A promising shift in enterprise cybersecurity is the trend toward proactive hunting of cyber security issues in advance of their causing consequential damage. Previously, cyber security analysis consisted of collecting data from gateway systems that would passively watch as an attack occurred. This collected data would be passed to analysts who hopefully would recognize what was happening in order to initiate response. By shifting this approach to a more proactive approach offers hope that attacks can be stopped before they are completed.

Read More

Topics: Threat Hunting, Cyber Threat Hunting

Oct 17, 2016 12:40:58 PM

Threats Driving You Nuts? Try Threat Hunting With Sqrrl

By Pamela Cobb
This article originally appeared on the IBM Security Intelligence blog.


Squirrels have many predators and enemies (hawks, snakes and, of course, cars), but Sqrrl shows how the hunted can become the hunter. Sqrrl is a leading threat hunting platform that is deeply integrated with IBM QRadar SIEM.

Read More

Topics: Threat Hunting, Sqrrl Integrations

Oct 13, 2016 8:00:00 AM

Threat Hunter Profile - Danny Akacki

dannyak.png 

Name: Danny Akacki

Organization: Hunt Team for a Fortune 100 Company

Years hunting: 4

Favorite datasets: Proxy, Firewall, IDS, AV, endpoint logs

Favorite hunting techniques: Behavioral detection, breadth scoping, miconfiguration searching

Favorite tools: FireEye TAP, Splunk, Wireshark, Bro, Moloch, Security Onion

@DAkacki

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Oct 11, 2016 7:00:00 AM

Welcome to The Hunter’s Den: Tools, Tips, and Techniques for Threat Hunting

This is the first post in a new blog series we are calling The Hunter’s Den. Over the last nine months it has been exciting to see the concept of “threat hunting” take off. At the most recent Black Hat conference this past August, it was surprising to see how many companies had begun to adopt threat hunting messaging. This mirrors the increasing interest we have seen around threat hunting, as illustrated by the Google Trends chart below.

Read More

Topics: Threat Hunting, Hunting Platform, Hunting How-To's

Oct 6, 2016 2:10:06 PM

Sqrrl releases Enterprise 2.6

Sqrrl’s latest release, version 2.6, delivers a host of fresh new features to the industry-leading Threat Hunting Platform. With a focus on enhancing user experience and hunting workflows, this new release makes it easier than ever to dive into your data and start proactively detecting threats.

By combining big data, analytics, investigation, and now newly enhanced hunting workflow capabilities into a single tool, Sqrrl Enterprise continues to revolutionize the industry standards for a Threat Hunting Platform. Sqrrl’s hunting approach focuses on identifying, gathering and acting upon an adversary’s Tactics, Techniques and Procedures (TTPs) in order to rapidly detect and mitigate threats in your network.

Sqrrl 2.6 introduces a number of new features that improves how analysts conduct investigations, further lowering the barrier of entry to threat hunting. Here are some of the new features added to Sqrrl to make hunting for advanced threats more streamlined than ever:

Read More

Topics: Sqrrl Enterprise, Threat Hunting

Oct 4, 2016 11:42:58 AM

Sqrrl Selected as Distinguished Vendor in Security Analytics by TAG Cyber

Sqrrl Selected as Distinguished Vendor in Security Analytics by TAG Cyber

Edward Amoroso (formed CISO at AT&T) published his first annual report on critical security controls, and Sqrrl was selected as the only distinguished vendor in the Security Analytics space. You can download the full report here.

An excerpt of the report is below.

Read More