Sqrrl Blog

Apr 26, 2017 8:00:00 AM

Threat Hunter Profile - Pietro Bempos

pietro.jpg 

Name: Pietro Bempos

Organization: Zurich Insurance

Years hunting: 1

Preferred datasets: Endpoint logs/process data, windows event logs, DNS logs, server application logs

Preferred hunting techniques: Threat mapping, IP stacking (outlier detection), asset prioritization and investigation

Preferred tools: Linux command line, custom scripting (Python and Bash), custom tools

@mingRICE

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Apr 19, 2017 8:00:00 AM

3 Reasons the Next NIST Update Should Include Threat Hunting

Are we giving our automated security tools too much credit for threat detection? Nearly half of all threats go undetected by automated security tools (44%), according to a recent LinkedIn poll to the 360,000+ member InfoSec Community. Here’s why Sqrrl is arguing to add human-driven analysis to the list of “appropriate activities to identify the occurrence of a cybersecurity event”.

Read More

Topics: Threat Hunting

Apr 12, 2017 12:30:00 PM

Threat Hunter Profile - James Bower

JamesBower.jpg 

Name: James Bower

Organization: Quantum Security

Years hunting: 10

Favorite datasets: Bro logs, DNS, HTTP proxy logs, Sysmon and OSSEC

Favorite hunting techniques: Outbound traffic analysis, Stacking (outlier detection), process and registry change analysis, temporal baselining

Favorite tools:  Bro, Unix commands (grep, sed, awk), TShark, Splunk

@jamesbower

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile