Sqrrl Blog

Mar 9, 2017 8:00:00 AM

The Nuts and Bolts of Detecting DNS Tunneling

DNS-based attacks have been commonly used since the early 2000’s, but over 40% of firms still fall prey to DNS tunneling attacks. Tunneling attacks originate from uncommon vectors, so traditional automated tools like SIEMs have difficulty detecting them, but they also must be found in massive sets of DNS data, so hunting for tunneling manually can be challenging as well. So, how can we use more advanced analytic techniques to isolate these adversary behaviors? In a different publication we covered Domain Generation Algorithms and what the best sources are for detecting them. In this piece, we’ll be covering how best to sniff out malicious DNS tunneling on your network.

Read More

Topics: Machine Learning, UEBA, DNS

Jul 26, 2016 7:06:00 AM

Increasing Hunt Confidence by Combining Network and Endpoint Data

This post originally appeared on Carbon Black's blog as an introduction to a threat hunting webinar with Carbon Black. A recording of that webinar is now available.

Threat Hunting is quickly becoming common practice in Security Operation Centers (SOCs). While many security analysts undertake hunting either formally or informally (86% according to a recent SANS Institute survey) hunts are often limited by the data that is available to them. This post explores how the unification of network and endpoint data can increase the effectiveness of threat hunts.

Read More

Topics: Big Data, Threat Hunting, Threat Detection, Cyber Threat Hunting, UEBA

Jun 16, 2016 4:47:34 PM

An Introduction to Machine Learning for Cybersecurity and Threat Hunting

At BSides Boston 2016, Sqrrl’s Lead Security Technologist, David Bianco, and Director of Data Science, Chris McCubbin, gave a presentation about the importance of machine learning in the field of Cyber Threat Hunting. In this interview, we talk with them about how it relates to tools like UEBA, and where they see it taking the world of cybersecurity in the future. When used effectively, machine learning provides more accurate, effective insight into threats of all kinds. They predict that machine learning will soon take hold as a major influencing factor on organizations’ Security Operations Center workflows. In addition to their presentation, David and Chris also provide code for anyone interested in taking a hands-on approach to machine learning.

What is machine learning?

Chris: Very basically, machine learning is the capability of a deployed algorithm to adapt to the data that’s being input into it. A normal algorithm, for example, will run on a particular set of data and give you a result, and if you run it on the same set of data again, it will give you the same result. Machine learning has an adaptive component where if you run it on a piece of data it will do something and then change its behavior based on that data. So, even if you ran it on the same data twice, it might give you a different result because it’s adapting. That’s a very broad definition.

Read More

Topics: Threat Hunting, Threat Detection, Cyber Threat Hunting, Machine Learning, UEBA

Jun 13, 2016 11:19:03 AM

June Webinar Recap: How Threat Hunting and UEBA Fit Into the Cybersecurity Landscape

On June 2nd Sqrrl hosted a webinar in collaboration with Momentum Partners that examined the current state of the cybersecurity landscape. The webinar covered ways in which various solutions, like threat hunting platforms and User and Entity Behavior Analytics (UEBA) tools, can complement an existing security ecosystem, ensuring security efforts are efficient, effective, and comprehensive.

Read More

Topics: Cyber Hunting, Cyber Threat Hunting, User and Entity Behavior Analytics, UEBA