Sqrrl Blog

Oct 28, 2015 12:39:00 PM

The Threat Hunting Reference Model Part 2: The Hunting Loop

In our previous post, part 1 of this blog series, we profiled the various stages of an organization’s hunting maturity scale. Cyber threat hunting is a proactive security approach for organizations to detect advanced threats in their networks. Until recently, most security teams have relied on traditional rule- and signature-based solutions that produce floods of alerts and notifications, and typically only analyze data sets after an indicator of a breach had been discovered as a part of forensic investigations.

The Threat Hunting process is meant to be iterative. You will never be able to fully secure your network after just a single hunt. To avoid one-off, potentially ineffective hunting trips, it's important for your team to implement a formal cyber hunting process. The following four stages make up a model process for successful hunting.

Read More

Topics: Cybersecurity, Cyber Hunting, Linked data analysis, Threat Hunting, Cyber Threat Hunting

Jul 23, 2015 4:37:00 PM

A Framework for Cyber Threat Hunting Part 1: The Pyramid of Pain

While rule-based detection engines are a strong foundation for any security organization, cyber threat hunting is a vital capability for security organizations to have in order to detect unknown advanced threats. Hunting goes beyond rule-based detection approaches and focuses on proactively detecting and investigating threats.

Read More

Topics: Cybersecurity, Breach Detection, Cyber Hunting, Linked data analysis, Threat Detection

Jun 19, 2015 8:00:00 AM

The OPM Breach and Big Data Security Analytics

In the past two weeks, the need for big data security analytics on the federal level has been acutely felt. At the end of last year, the Office of Personnel Management (OPM) was breached by hackers. The threat lay undetected for almost six months, until it was discovered, reportedly by accident, as the OPM worked actively to improve its security infrastructure. While the OPM does maintain its own security infrastructure, it also relies on the Department of Homeland Security’s National Cyber Protection system (NCPS), established in 2008 at the behest of Congress and the Executive branch. The NCPS was created to “protect the federal civilian Executive Branch government network and prevent known or suspected cyber threats,” according to the DHS.

Read More

Topics: Big Data Security, Linked data analysis, OPM, Department of Homeland Security, Big data security analytics