Sqrrl Blog

Jun 3, 2015 2:58:00 PM

The Power of Knowing: Detecting Anomalies in Cyber Security Data

By Joe Travaglini, Director of Products

When it comes to analyzing root cause of an incident, it’s not only a matter of finding the trigger event, but also the the sequence of events that set the stage, and sometimes even the intent.  Drawing a comparison to the real world, in the case of a fire, was it some electrical malfunction, a rogue cigarette that wasn’t properly extinguished, or was it arson?  In cybersecurity, making this type of assessment is the role of forensic investigations.  What did the attack look like and where did it come from?  Given the well documented numbers about how long a threat exists in a latent form within a network, we can certainly be doing a better job reducing Mean Time to Know.  

Read More

Topics: Cybersecurity, Data Analysis, Linked Data, Outlier Detection

Mar 31, 2015 8:30:00 AM

Linked Data > Log Data: The Power of Context

By George Aquila

Many enterprise security tools, including SIEMs, Incident Response, and Network Analysis tools are log-based. However, making sense of log files can be tricky, since logs typically exist without context (i.e., it is hard to understand how they relate to the larger cybersecurity environment around them). Luckily, there is a more effective way of organizing your data: using a Linked Data approach.

Read More

Topics: Accumulo, NoSQL, Big Data, Data Analysis, Linked Data