Sqrrl Blog

Jun 13, 2016 11:19:03 AM

June Webinar Recap: How Threat Hunting and UEBA Fit Into the Cybersecurity Landscape

On June 2nd Sqrrl hosted a webinar in collaboration with Momentum Partners that examined the current state of the cybersecurity landscape. The webinar covered ways in which various solutions, like threat hunting platforms and User and Entity Behavior Analytics (UEBA) tools, can complement an existing security ecosystem, ensuring security efforts are efficient, effective, and comprehensive.

View the on demand version of the webinar or download the accompanying slides here.

The Cybersecurity Market Today

Eric McAlpine, Founder & Managing Partner at Momentum Partners, kicked off the webinar. Momentum is a boutique cybersecurity focused advisory firm, which meant a wealth of up-to-date information as he discussed the predominant trends in the cybersecurity industry today. The market is expanding as the definition of the traditional security model broadens, with innovative companies challenging the “old guard” through the utilization of cloud, mobile, and social technologies, as well as improved capabilities to access, manage, and analyze large amounts of data. These developments have paralleled the quickly changing threat landscape, with attack surfaces expanding and the severity of attacks increasing simultaneously.

Much of the recent IT security development has been in response to such attacks. McAlpine cited results from The Global State of Information Security® Survey 2016, stating that theft of “hard” intellectual property increased 56% in 2015. Respondents evidently took note of this, reporting that they boosted their information security budgets by 24% that year.

Next-Generation Developments in Cybersecurity

Reactive procedures, such as incident investigations, are clearly critical in a security ecosystem. Yet its full maturation and modernization requires using proactive measures as well, such as advanced threat detection. As discussed by Luis Maldonado, VP of Products at Sqrrl, this can take a variety of forms. He explained, “When you think about the capabilities and technologies you need for that platform, there’s at least four big pillars that you should be thinking about, and these are certainly how we organized our platform.” They include threat intel analytics, malware analytics, advanced access controls, and user and entity behavior analysis (UEBA). UEBA, as previously defined by Gartner, detects insider threats, targeted attacks, and financial fraud by looking at patterns of human and entity behavior and applying analysis to detect anomalies from patterns. Entities can include devices, applications, servers, data, or anything with an IP address.

Threat hunting, the process in which security analysts create hypotheses to proactively seek out and disrupt adversaries before they can complete their attack, should be an integral part of an organization’s SOC; however, it currently requires a significant amount of skill and time, which is why automation is critical. This is where UEBA can make a difference, complementing signature- and rule-based detection with heavier-duty, machine-learning analytics that can look for deviations from normal patterns of behavior over a long period of historical baselines.

Sqrrl-Platform_UEBA.png

Maldonado then discussed how Sqrrl’s threat detection and response platform unites threat hunting, UEBA, and incident investigation capabilities in an integrated solution that can complement an existing security ecosystem. This unique approach allows security analysts to discover threats faster and reduce the resources and time required for the investigation process.

Download our ebook for more information on UEBA, the heart of next-generation threat hunting.

Download the UEBA eBook

Topics: Cyber Hunting, Cyber Threat Hunting, User and Entity Behavior Analytics, UEBA