Sqrrl Blog

Dec 14, 2016 8:00:00 AM

Sqrrl releases version 2.7

We’re pleased to announce Sqrrl’s latest release, version 2.7, which delivers a host of new features to the industry-leading Threat Hunting Platform. With a special focus on DNS data and the investigative power that it affords you, Sqrrl 2.7 introduces two new TTP detectors and a set of new capabilities to add to the hunting tool set. DNS logs provide information on a network’s domain resolution activity that can be used to correlate domain resolutions to internal hosts. As such, it is one of the most widely useful data types to hunt for a wide range of activities, including malware command and control and exfiltration activity.

Read More

Topics: Sqrrl Enterprise, Threat Hunting Platform

Oct 6, 2016 2:10:06 PM

Sqrrl releases Enterprise 2.6

Sqrrl’s latest release, version 2.6, delivers a host of fresh new features to the industry-leading Threat Hunting Platform. With a focus on enhancing user experience and hunting workflows, this new release makes it easier than ever to dive into your data and start proactively detecting threats.

By combining big data, analytics, investigation, and now newly enhanced hunting workflow capabilities into a single tool, Sqrrl Enterprise continues to revolutionize the industry standards for a Threat Hunting Platform. Sqrrl’s hunting approach focuses on identifying, gathering and acting upon an adversary’s Tactics, Techniques and Procedures (TTPs) in order to rapidly detect and mitigate threats in your network.

Sqrrl 2.6 introduces a number of new features that improves how analysts conduct investigations, further lowering the barrier of entry to threat hunting. Here are some of the new features added to Sqrrl to make hunting for advanced threats more streamlined than ever:

Read More

Topics: Sqrrl Enterprise, Threat Hunting

May 25, 2016 11:31:30 AM

Surveying the Threat Hunting Landscape, Part 2: Threat Hunting Practices and Next Steps

In part 1 of this series, we outlined the current state of cyber threat hunting as it was profiled in SANS’s recent survey of 464 companies on the handling of proactive cyber threat detection. In this section, we’ll discuss specifically what types of hunting practices these companies use to track and remove threats in their systems, and we will take a look ahead to see how threat hunting will continue to grow in the future.

In addition to the process of data collection, automation is used to speed up certain parts of the hunting process so that analysts can focus on what’s really valuable, as opposed to having to spend time gathering and parsing through large, disparate data sets. When SANS asked the survey participants what percentage of their threat hunting capacity is automated, the responses were fairly split, with each option (1 - 10%, 11 - 25%, 26 - 50%, 51 - 75%, 76-99%) each receiving about 20%. Each stage in the Threat Hunting Loop provides opportunities for automation that can make the hunting process much more efficient. When forming a hypothesis, automated risk scoring and heat mapping can highlight where to start looking; when investigating, automated visualizations with predetermined pathways and prescribed hunting techniques help you reach your target sooner; automated TTP detection analytics allow you to easily uncover and identify threats; and feeding data back into automated tools to enrich your analytics will only make the process quicker and more powerful for the next hunt.

Read More

Topics: Sqrrl Enterprise, Threat Hunting, Cyber Threat Hunting

May 16, 2016 12:54:05 PM

Sqrrl releases Enterprise 2.5

Sqrrl’s latest release, Sqrrl Enterprise 2.5, revolutionizes the hunt by delivering a wide range of new capabilities aimed at streamlining and automating threat hunting activities for security analysts. By combining big data, analytics, investigation, and collaboration capabilities all in a single tool, Sqrrl Enterprise fulfills all of the requirements of a Threat Hunting Platform. Sqrrl’s hunting approach focuses on identifying, gathering, and acting upon an adversary’s Tactics, Techniques, and Procedures (TTPs), in order to rapidly detect and mitigate threats in your network. This release marks the most comprehensive update to Sqrrl since the release of Enterprise 2.0, which launched the Sqrrl visual investigation interface. These are some of the new features added to Sqrrl to make hunting for advanced threats more streamlined than ever. The new release is generally available to all current Sqrrl users as of  May 16, 2016.

Read More

Topics: Sqrrl Enterprise, Sqrrl, Cyber Threat Hunting

Jan 4, 2016 9:48:00 AM

Sqrrl Releases Enterprise 2.4

Sqrrl’s latest release, Sqrrl Enterprise 2.4, delivers a host of new features and capabilities that further enhance the process of hunting threats and investigating incidents on your network. Sqrrl continues to quickly identify the important assets, actors, and events relevant to your organization and can now visualize your network with greater clarity. The updates provided by Sqrrl Enterprise 2.4 give you even more control and effectiveness in analyzing your data. Here’s a look at some of the new features that Sqrrl Enterprise has to offer.

Read More

Topics: Sqrrl Enterprise

Oct 7, 2015 9:00:00 AM

Sqrrl Releases Enterprise 2.3

The newest Sqrrl release, Sqrrl Enterprise 2.3, unveils a number of features which enhance the user experience and platform capabilities. So whether you’re an experienced hunter using Sqrrl today, or just discovering us for the first time, take a look at some of these new and noteworthy enhancements to the platform that lets you target, hunt, and disrupt your adversaries.

Read More

Topics: Sqrrl Enterprise, Data Analysis, Big data security analytics

Jun 24, 2015 8:00:00 AM

Cyber Forensics: Sqrrls on the Crime Scene

By George Aquila, Associate Product Marketing Manager

Recently we featured an excellent guest post by Richard Stiennon, who illuminated the need for accelerating response times against attackers who will increasingly be moving down the kill chain with greater speed. This week we drill down on the practice of incident response, into the realm of cyber forensics, to address how analytics tools help put the pieces back together when an adversary successfully executes an attack.

Read More

Topics: Sqrrl Enterprise, Breach Detection, Outlier Detection, Cyber Forensics

Nov 6, 2014 8:00:00 AM

Coordinated Information Sharing on Cyber Threats and Secure Data Management

By George Aquila

The Evolving Threat Landscape

Mitigating cyber threats is a difficult task. As has been shown time and again in various recent data breaches, maintaining up to date security measures and abiding by industry prescribed best practices can leave even the most prominent and incident-ready organizations open to breaches. With a diverse range of constantly evolving Advanced Persistent Threats (APTs), traditional defenses like firewalls and signature-based malware detectors are at an inherent disadvantage against motivated attackers looking to infiltrate data systems of all kinds.

Read More

Topics: Accumulo, Big Data Security, Sqrrl Enterprise, Partnership, Info Sharing

Aug 20, 2014 2:24:00 PM

The NoSQL Animal Kingdom

With NoSQL Now! is currently underway in the Valley (and with a few Sqrrls in attendance), I got to thinking about how this phenomenon came to be, how it gained momentum, and the types of possibility we have before us in terms of solving actual problems.

Read More

Topics: NoSQL, Sqrrl Enterprise, Graphs

Jun 30, 2014 12:00:00 PM

Bulk Loading in Sqrrl Pt.1: The Basics

This post is by Sqrrl's Director of Data Science and Co-Founder, Chris McCubbin. It covers the basic design and functionality behind the Bulk Loading API on Sqrrl's ingest pipeline. In a future post, Chris will cover using the advanced Transformer interface of the API to construct graph objects.
Read More

Topics: Accumulo, Big Data, Blog Post, Sqrrl Enterprise