Sqrrl Blog

Feb 22, 2017 8:00:00 AM

What is Threat Hunting in Cybersecurity Defense

By Håkon Olsen
This article originally appeared on Håkon's blog, Safe Controls.

What is hunting and why do it?

A term that is often used in the cybersecurity community is threat hunting. This is the activity of hunting for intruders in your computer systems, and then locking them out. In the more extreme cases it can also involve attacking them back – but this is illegal in most countries. Threat hunting involves several activities that you can do to find hackers on your network. The reason we need this is that the threats are to some extent intelligent operators who adapt to the defenses you set up in your network – they find workarounds for each new hurdle you throw at them. Therefore, the defense needs to get smart and use a wide arsenal of analysis techniques to find the threats; meaning analysis of data that can indicate that an intrusion has occurred. Data on user behavior, logins, changes to files, errors, and so on can be found in the systems logs. In addition to things that can be automated (looking for peaks in network traffic, etc.), threat hunting will always include some manual inquisitive labor by the analyst – both for understanding the context more deeply, and perhaps utilizing statistical and data science tools for special cases. Based on successful hunts, automated signals can be added to improve future resilience. The interplay between automated red flags, context intelligence and data science is shown below.

Read More

Topics: Threat Hunting, Cyber Threat Hunting

Feb 20, 2017 12:00:00 PM

Top 4 Takeaways from RSA 2017

By Mark Terenzoni, Sqrrl CEO

This year’s RSA Conference has come and gone and my team and I had a blast heading to San Francisco to discuss the newest developments in cybersecurity, big data, and of course, threat hunting. Here are a few of the biggest takeaways that I got from talking to folks at this year’s Conference:

Read More

Topics: Threat Hunting, Cyber Threat Hunting, RSA, Threat Intelligence

Feb 8, 2017 8:00:00 AM

Threat Hunter Profile - Deirdre Morrison

Deirdre_GoSecure.jpg 

Name: Deirdre Morrison

Organization: GoSecure

Years hunting: 2

Favorite datasets: Firewall/Server/Proxy logs, Syslog, ((N|L)IDS)

Favorite hunting techniques: Endpoint behavior analysis, anomaly detection

Favorite tools: Wireshark, Nmap, Kali, Custom/Github Tools

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile