SlideShare ist ein Scribd-Unternehmen logo

Sqrrl Datasheet: Cyber Hunting

Sqrrl
Sqrrl

One of Sqrrl's use cases is Threat Hunting, which involves proactively looking for cybersecurity threats before they trigger alerts.

Daten & Analysen
1 von 2
Downloaden Sie, um offline zu lesen
DATASHEET   SQRRL ENTERPRISE USE CASE: CYBER HUNTING Proactively uncover hidden threats through cyber hunting The days when Security Operations Center analysts could sit back and wait for alerts to come to them have long passed. Breaches and attacks at large companies and government agencies have shown that traditional measures like firewalls, IDS, and SIEMs are not enough. While these measures are still important, today’s threats demand a more active role in detecting and isolating sophisticated attacks. Hunting is the practice of searching iteratively through your data to detect and isolate advanced threats that evade more traditional security solutions. In other words hunting trips are designed to proactively uncover threats hidden in a network or system. The Sqrrl Enterprise Edge Sqrrl Enterprise is a real-time, unified platform for securely integrating, exploring, and analyzing massive amounts of data from any source. By creating visual models using linked data, Sqrrl is able to generate a clearer contextual picture for analysts Sqrrl Enterprise powers cyber hunting via the following features: • Enables a hunter to filter and prioritize Big Data, employing advanced data science techniques • Allows pivoting in real time between disparate datasets and distinct parts of a network • Facilitates iterative question chaining, which streamlines the process of response and investigation • Generates advanced visualizations consisting of weighted, directional nodes and edges that can provide compact representations of complex, dense datasets Example Advanced Persistent Threat Hunting Use Case
ABOUT SQRRL Powering the Hunt | Page 2 Sqrrl was founded in 2012 by creators of Apache Accumulo™. With their roots in the U.S. Intelligence Community, Sqrrl’s founders have deep experience integrating and analyzing complex petabyte-scale datasets. Sqrrl is headquartered in Cambridge, MA and is a venture-backed company with investors from Matrix Partners, Atlas Venture, and Rally Ventures. 125 Cambridge Park Dr Cambridge, MA 02140 www.sqrrl.com @SqrrlData p: (617) 902-0784 e: info@sqrrl.com                         Leveraging Data Science Making sense of Big Data is no easy task, and your enterprise is will want to keep as much data as it will be able to store. To actually capitalize on terabytes or even petabytes of information, you will need a smart and effective way of making sense of it all. Modern machine learning and statistical tools have the potential to multiply the effectiveness of a hunter's powers by automating common tasks such as producing activity summaries or finding the “weird” entities in a dataset. Hunters need tools, like Sqrrl Enterprise, that provide data science without requiring the users to be data scientists. Question Driven Investigations Hunting trips should start with questions and hypotheses, not necessarily specific indicators. A question, or a hypothesis you start with might be something like “Is data exfiltration happening?” or “If there is data exfiltration happening, it’s most likely going on through this part of the network.” A hunter would then check to see whether any exfiltration going through that subnet, and try to figure out what protocols might be used. There are often multiple ways you can look for the answers to these questions, but having some hypotheses helps figure out what data you need to examine and what analytic techniques might be most fruitful. Sqrrl Enterprise’s query language makes asking these questions easy. Keep on Pivoting Hunting consists of spending a lot of time searching for something that is elusive by nature. To locate entrenched threats, your hunt needs to be dynamic and adaptable. Plus, you need to be able to easily pivot from one dataset to the next to evaluate the full context of the attacker’s digital footprints. This might include moving from operating system events to Netflow data and then to application logs. Sqrrl Enterprise is able to support this kind of nimble data exploration. Mapping Your Terrain Knowing the lay of the land and where attackers may hide is a key element to hunting. Kill chain mapping provides a useful framework to plan your hunting trips for maximum impact. Typically, you will want to focus on the last two phases of the kill chain (Command and Control and Act on Objectives) first, since the farther along the kill chain the adversary is, the worse the incident is for you. Sqrrl Enterprise provides the capability to annotate investigations with kill chain mappings. . Advice from a Hunter "Organizations are realizing that their existing traditional security solutions, such as firewalls and SIEMs, are not finding everything that they need to find. On the detection side they’re doing well for what they do, but the problem is that signature-based or even intelligence-based network monitoring systems are limited. Attackers are virtually unlimited in what they can do. Adversaries are very flexible and agile, so that's what we have to be." -David Bianco, Sqrrl's Security Architect; former Manager of Mandiant’s Hunt Team

Empfohlen

Sqrrl Enterprise: Integrate, Explore, Analyze
Sqrrl Enterprise: Integrate, Explore, AnalyzeSqrrl Enterprise: Integrate, Explore, Analyze
Sqrrl Enterprise: Integrate, Explore, AnalyzeSqrrl
 
The Linked Data Advantage
The Linked Data AdvantageThe Linked Data Advantage
The Linked Data AdvantageSqrrl
 
Sqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use CaseSqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use CaseSqrrl
 
Xanadu Based Big Data CBIR System:Automated Diseases Classification & Diagnosis
Xanadu Based Big Data CBIR System:Automated Diseases Classification & DiagnosisXanadu Based Big Data CBIR System:Automated Diseases Classification & Diagnosis
Xanadu Based Big Data CBIR System:Automated Diseases Classification & DiagnosisAlex G. Lee, Ph.D. Esq. CLP
 
A chart of the big data ecosystem
A chart of the big data ecosystemA chart of the big data ecosystem
A chart of the big data ecosystemMatt Turck
 
Urika-GD Product Brief Online 5-page
Urika-GD Product Brief Online 5-pageUrika-GD Product Brief Online 5-page
Urika-GD Product Brief Online 5-pageAdnan Khaleel
 
Big data
Big dataBig data
Big dataheena verma
 
ZettaVox: Content Mining and Analysis Across Heterogeneous Compute Clouds__Ha...
ZettaVox: Content Mining and Analysis Across Heterogeneous Compute Clouds__Ha...ZettaVox: Content Mining and Analysis Across Heterogeneous Compute Clouds__Ha...
ZettaVox: Content Mining and Analysis Across Heterogeneous Compute Clouds__Ha...Yahoo Developer Network
 

Empfohlen

Sqrrl Enterprise: Integrate, Explore, Analyze
Sqrrl Enterprise: Integrate, Explore, AnalyzeSqrrl Enterprise: Integrate, Explore, Analyze
Sqrrl Enterprise: Integrate, Explore, AnalyzeSqrrl
 
The Linked Data Advantage
The Linked Data AdvantageThe Linked Data Advantage
The Linked Data AdvantageSqrrl
 
Sqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use CaseSqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use CaseSqrrl
 
Xanadu Based Big Data CBIR System:Automated Diseases Classification & Diagnosis
Xanadu Based Big Data CBIR System:Automated Diseases Classification & DiagnosisXanadu Based Big Data CBIR System:Automated Diseases Classification & Diagnosis
Xanadu Based Big Data CBIR System:Automated Diseases Classification & DiagnosisAlex G. Lee, Ph.D. Esq. CLP
 
A chart of the big data ecosystem
A chart of the big data ecosystemA chart of the big data ecosystem
A chart of the big data ecosystemMatt Turck
 
Urika-GD Product Brief Online 5-page
Urika-GD Product Brief Online 5-pageUrika-GD Product Brief Online 5-page
Urika-GD Product Brief Online 5-pageAdnan Khaleel
 
Big data
Big dataBig data
Big dataheena verma
 
ZettaVox: Content Mining and Analysis Across Heterogeneous Compute Clouds__Ha...
ZettaVox: Content Mining and Analysis Across Heterogeneous Compute Clouds__Ha...ZettaVox: Content Mining and Analysis Across Heterogeneous Compute Clouds__Ha...
ZettaVox: Content Mining and Analysis Across Heterogeneous Compute Clouds__Ha...Yahoo Developer Network
 
Sqrrl
SqrrlSqrrl
SqrrlSalman SH
 
IoT Big Data Analytics Insights from Patents
IoT Big Data Analytics Insights from PatentsIoT Big Data Analytics Insights from Patents
IoT Big Data Analytics Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
Automating Splunk at Large Scale with Cloudify
Automating Splunk at Large Scale with CloudifyAutomating Splunk at Large Scale with Cloudify
Automating Splunk at Large Scale with CloudifyCloudify Community
 
Hadoop BIG Data - Fraud Detection with Real-Time Analytics
Hadoop BIG Data - Fraud Detection with Real-Time AnalyticsHadoop BIG Data - Fraud Detection with Real-Time Analytics
Hadoop BIG Data - Fraud Detection with Real-Time Analyticshkbhadraa
 
Big data landscape map collection by aibdp
Big data landscape map collection by aibdpBig data landscape map collection by aibdp
Big data landscape map collection by aibdpAIBDP
 
Enterprise Data World Webinar: Make BIG DATA Work for You
Enterprise Data World Webinar: Make BIG DATA Work for YouEnterprise Data World Webinar: Make BIG DATA Work for You
Enterprise Data World Webinar: Make BIG DATA Work for YouDATAVERSITY
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesTechBiz Forense Digital
 
NextGen Infrastructure for Big Data
NextGen Infrastructure for Big DataNextGen Infrastructure for Big Data
NextGen Infrastructure for Big DataEd Dodds
 
Doc
DocDoc
DocBhupendra Singh
 
Cloudera 助力台灣大數據產業的發展
Cloudera 助力台灣大數據產業的發展Cloudera 助力台灣大數據產業的發展
Cloudera 助力台灣大數據產業的發展Etu Solution
 
Big data summary_v2.1
Big data summary_v2.1Big data summary_v2.1
Big data summary_v2.1Nitin Chandnani
 
Forecast 2012 Panel: Big Data in the Cloud Das Kamhout
Forecast 2012 Panel: Big Data in the Cloud Das KamhoutForecast 2012 Panel: Big Data in the Cloud Das Kamhout
Forecast 2012 Panel: Big Data in the Cloud Das KamhoutOpen Data Center Alliance
 
DMTI Spatial Location Hub Analytics: big data, analytics, visualization
DMTI Spatial Location Hub Analytics: big data, analytics, visualizationDMTI Spatial Location Hub Analytics: big data, analytics, visualization
DMTI Spatial Location Hub Analytics: big data, analytics, visualizationDMTI Spatial
 
Mobile Data Analytics
Mobile Data AnalyticsMobile Data Analytics
Mobile Data AnalyticsRICHARD AMUOK
 
Big data competitive landscape overview
Big data competitive landscape overviewBig data competitive landscape overview
Big data competitive landscape overviewBisakha Praharaj
 
Hitachi Cloud Vision
Hitachi Cloud VisionHitachi Cloud Vision
Hitachi Cloud VisionHitachi Vantara
 
Big data forum 19 march 2014
Big data forum 19 march 2014Big data forum 19 march 2014
Big data forum 19 march 2014Matt Carroll
 
Leveraging a big data model in the IT domain
Leveraging a big data model in the IT domainLeveraging a big data model in the IT domain
Leveraging a big data model in the IT domainVSS Monitoring
 
Smart Investigator Datasheet
Smart Investigator DatasheetSmart Investigator Datasheet
Smart Investigator DatasheetNextgen Software
 
Real callenges in big data security
Real callenges in big data securityReal callenges in big data security
Real callenges in big data securitybalasahebcomp
 
Why Cyglass?
Why Cyglass? Why Cyglass?
Why Cyglass? Cyglass
 
Big security for big data
Big security for big dataBig security for big data
Big security for big dataGiuliano Tavaroli
 

Weitere ähnliche Inhalte

Was ist angesagt?

Automating Splunk at Large Scale with Cloudify
Automating Splunk at Large Scale with CloudifyAutomating Splunk at Large Scale with Cloudify
Automating Splunk at Large Scale with CloudifyCloudify Community
 
Hadoop BIG Data - Fraud Detection with Real-Time Analytics
Hadoop BIG Data - Fraud Detection with Real-Time AnalyticsHadoop BIG Data - Fraud Detection with Real-Time Analytics
Hadoop BIG Data - Fraud Detection with Real-Time Analyticshkbhadraa
 
Big data landscape map collection by aibdp
Big data landscape map collection by aibdpBig data landscape map collection by aibdp
Big data landscape map collection by aibdpAIBDP
 
Enterprise Data World Webinar: Make BIG DATA Work for You
Enterprise Data World Webinar: Make BIG DATA Work for YouEnterprise Data World Webinar: Make BIG DATA Work for You
Enterprise Data World Webinar: Make BIG DATA Work for YouDATAVERSITY
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesTechBiz Forense Digital
 
NextGen Infrastructure for Big Data
NextGen Infrastructure for Big DataNextGen Infrastructure for Big Data
NextGen Infrastructure for Big DataEd Dodds
 
Cloudera 助力台灣大數據產業的發展
Cloudera 助力台灣大數據產業的發展Cloudera 助力台灣大數據產業的發展
Cloudera 助力台灣大數據產業的發展Etu Solution
 
Forecast 2012 Panel: Big Data in the Cloud Das Kamhout
Forecast 2012 Panel: Big Data in the Cloud Das KamhoutForecast 2012 Panel: Big Data in the Cloud Das Kamhout
Forecast 2012 Panel: Big Data in the Cloud Das KamhoutOpen Data Center Alliance
 
DMTI Spatial Location Hub Analytics: big data, analytics, visualization
DMTI Spatial Location Hub Analytics: big data, analytics, visualizationDMTI Spatial Location Hub Analytics: big data, analytics, visualization
DMTI Spatial Location Hub Analytics: big data, analytics, visualizationDMTI Spatial
 
Mobile Data Analytics
Mobile Data AnalyticsMobile Data Analytics
Mobile Data AnalyticsRICHARD AMUOK
 
Big data competitive landscape overview
Big data competitive landscape overviewBig data competitive landscape overview
Big data competitive landscape overviewBisakha Praharaj
 
Big data forum 19 march 2014
Big data forum 19 march 2014Big data forum 19 march 2014
Big data forum 19 march 2014Matt Carroll
 
Leveraging a big data model in the IT domain
Leveraging a big data model in the IT domainLeveraging a big data model in the IT domain
Leveraging a big data model in the IT domainVSS Monitoring
 
Smart Investigator Datasheet
Smart Investigator DatasheetSmart Investigator Datasheet
Smart Investigator DatasheetNextgen Software
 
Real callenges in big data security
Real callenges in big data securityReal callenges in big data security
Real callenges in big data securitybalasahebcomp
 

Was ist angesagt? (20)

Sqrrl
SqrrlSqrrl
Sqrrl
 
IoT Big Data Analytics Insights from Patents
IoT Big Data Analytics Insights from PatentsIoT Big Data Analytics Insights from Patents
IoT Big Data Analytics Insights from Patents
 
Automating Splunk at Large Scale with Cloudify
Automating Splunk at Large Scale with CloudifyAutomating Splunk at Large Scale with Cloudify
Automating Splunk at Large Scale with Cloudify
 
Hadoop BIG Data - Fraud Detection with Real-Time Analytics
Hadoop BIG Data - Fraud Detection with Real-Time AnalyticsHadoop BIG Data - Fraud Detection with Real-Time Analytics
Hadoop BIG Data - Fraud Detection with Real-Time Analytics
 
Big data landscape map collection by aibdp
Big data landscape map collection by aibdpBig data landscape map collection by aibdp
Big data landscape map collection by aibdp
 
Enterprise Data World Webinar: Make BIG DATA Work for You
Enterprise Data World Webinar: Make BIG DATA Work for YouEnterprise Data World Webinar: Make BIG DATA Work for You
Enterprise Data World Webinar: Make BIG DATA Work for You
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence Services
 
NextGen Infrastructure for Big Data
NextGen Infrastructure for Big DataNextGen Infrastructure for Big Data
NextGen Infrastructure for Big Data
 
Doc
DocDoc
Doc
 
Cloudera 助力台灣大數據產業的發展
Cloudera 助力台灣大數據產業的發展Cloudera 助力台灣大數據產業的發展
Cloudera 助力台灣大數據產業的發展
 
Big data summary_v2.1
Big data summary_v2.1Big data summary_v2.1
Big data summary_v2.1
 
Forecast 2012 Panel: Big Data in the Cloud Das Kamhout
Forecast 2012 Panel: Big Data in the Cloud Das KamhoutForecast 2012 Panel: Big Data in the Cloud Das Kamhout
Forecast 2012 Panel: Big Data in the Cloud Das Kamhout
 
DMTI Spatial Location Hub Analytics: big data, analytics, visualization
DMTI Spatial Location Hub Analytics: big data, analytics, visualizationDMTI Spatial Location Hub Analytics: big data, analytics, visualization
DMTI Spatial Location Hub Analytics: big data, analytics, visualization
 
Mobile Data Analytics
Mobile Data AnalyticsMobile Data Analytics
Mobile Data Analytics
 
Big data competitive landscape overview
Big data competitive landscape overviewBig data competitive landscape overview
Big data competitive landscape overview
 
Hitachi Cloud Vision
Hitachi Cloud VisionHitachi Cloud Vision
Hitachi Cloud Vision
 
Big data forum 19 march 2014
Big data forum 19 march 2014Big data forum 19 march 2014
Big data forum 19 march 2014
 
Leveraging a big data model in the IT domain
Leveraging a big data model in the IT domainLeveraging a big data model in the IT domain
Leveraging a big data model in the IT domain
 
Smart Investigator Datasheet
Smart Investigator DatasheetSmart Investigator Datasheet
Smart Investigator Datasheet
 
Real callenges in big data security
Real callenges in big data securityReal callenges in big data security
Real callenges in big data security
 

Ähnlich wie Sqrrl Datasheet: Cyber Hunting

Why Cyglass?
Why Cyglass? Why Cyglass?
Why Cyglass? Cyglass
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
The New Era of Cyber-Threats: The Shift to Self Learning, Self Defending Netw...
The New Era of Cyber-Threats: The Shift to Self Learning, Self Defending Netw...The New Era of Cyber-Threats: The Shift to Self Learning, Self Defending Netw...
The New Era of Cyber-Threats: The Shift to Self Learning, Self Defending Netw...Digital Transformation EXPO Event Series
 
Technical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertTechnical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertISSA LA
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attackAndreanne Clarke
 
7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure SentinelMighty Guides, Inc.
 
Red lambda Brochure Meta Grid Executive Overview
Red lambda Brochure Meta Grid Executive OverviewRed lambda Brochure Meta Grid Executive Overview
Red lambda Brochure Meta Grid Executive OverviewIla Group
 
eBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceeBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceKim Cook
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
Fast Data Mining: Real Time Knowledge Discovery for Predictive Decision Making
Fast Data Mining: Real Time Knowledge Discovery for Predictive Decision MakingFast Data Mining: Real Time Knowledge Discovery for Predictive Decision Making
Fast Data Mining: Real Time Knowledge Discovery for Predictive Decision MakingCodemotion
 
IRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdf
IRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdfIRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdf
IRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdfIRJET Journal
 
Artificial Intelligence Techniques for Cyber Security
Artificial Intelligence Techniques for Cyber SecurityArtificial Intelligence Techniques for Cyber Security
Artificial Intelligence Techniques for Cyber SecurityIRJET Journal
 
Get The Information Here For Mobile Phone Investigation Tools
Get The Information Here For Mobile Phone Investigation ToolsGet The Information Here For Mobile Phone Investigation Tools
Get The Information Here For Mobile Phone Investigation ToolsParaben Corporation
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
SAIP-Intelligence-Brochure
SAIP-Intelligence-BrochureSAIP-Intelligence-Brochure
SAIP-Intelligence-BrochureYehuda Korotkin
 

Ähnlich wie Sqrrl Datasheet: Cyber Hunting (20)

Why Cyglass?
Why Cyglass? Why Cyglass?
Why Cyglass?
 
Big security for big data
Big security for big dataBig security for big data
Big security for big data
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
The New Era of Cyber-Threats: The Shift to Self Learning, Self Defending Netw...
The New Era of Cyber-Threats: The Shift to Self Learning, Self Defending Netw...The New Era of Cyber-Threats: The Shift to Self Learning, Self Defending Netw...
The New Era of Cyber-Threats: The Shift to Self Learning, Self Defending Netw...
 
Technical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertTechnical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvert
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attack
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel
 
Red lambda Brochure Meta Grid Executive Overview
Red lambda Brochure Meta Grid Executive OverviewRed lambda Brochure Meta Grid Executive Overview
Red lambda Brochure Meta Grid Executive Overview
 
eBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceeBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data Governance
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
Fast Data Mining: Real Time Knowledge Discovery for Predictive Decision Making
Fast Data Mining: Real Time Knowledge Discovery for Predictive Decision MakingFast Data Mining: Real Time Knowledge Discovery for Predictive Decision Making
Fast Data Mining: Real Time Knowledge Discovery for Predictive Decision Making
 
IRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdf
IRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdfIRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdf
IRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdf
 
Artificial Intelligence Techniques for Cyber Security
Artificial Intelligence Techniques for Cyber SecurityArtificial Intelligence Techniques for Cyber Security
Artificial Intelligence Techniques for Cyber Security
 
Get The Information Here For Mobile Phone Investigation Tools
Get The Information Here For Mobile Phone Investigation ToolsGet The Information Here For Mobile Phone Investigation Tools
Get The Information Here For Mobile Phone Investigation Tools
 
Cloud & Sécurité
Cloud & SécuritéCloud & Sécurité
Cloud & Sécurité
 
Lookingglass whitepaper
Lookingglass whitepaperLookingglass whitepaper
Lookingglass whitepaper
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
 
SAIP-Intelligence-Brochure
SAIP-Intelligence-BrochureSAIP-Intelligence-Brochure
SAIP-Intelligence-Brochure
 

Mehr von Sqrrl

Transitioning Government Technology
Transitioning Government TechnologyTransitioning Government Technology
Transitioning Government TechnologySqrrl
 
Leveraging Threat Intelligence to Guide Your Hunts
Leveraging Threat Intelligence to Guide Your HuntsLeveraging Threat Intelligence to Guide Your Hunts
Leveraging Threat Intelligence to Guide Your HuntsSqrrl
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkSqrrl
 
Machine Learning for Incident Detection: Getting Started
Machine Learning for Incident Detection: Getting StartedMachine Learning for Incident Detection: Getting Started
Machine Learning for Incident Detection: Getting StartedSqrrl
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
User and Entity Behavior Analytics using the Sqrrl Behavior Graph
User and Entity Behavior Analytics using the Sqrrl Behavior GraphUser and Entity Behavior Analytics using the Sqrrl Behavior Graph
User and Entity Behavior Analytics using the Sqrrl Behavior GraphSqrrl
 
Threat Hunting Platforms (Collaboration with SANS Institute)
Threat Hunting Platforms (Collaboration with SANS Institute)Threat Hunting Platforms (Collaboration with SANS Institute)
Threat Hunting Platforms (Collaboration with SANS Institute)Sqrrl
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
 
Threat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivityThreat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivitySqrrl
 
Modernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingModernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingSqrrl
 
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Sqrrl
 
Leveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker ActivityLeveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker ActivitySqrrl
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert TriageSqrrl
 
Reducing Mean Time to Know
Reducing Mean Time to KnowReducing Mean Time to Know
Reducing Mean Time to KnowSqrrl
 
Benchmarking The Apache Accumulo Distributed Key–Value Store
Benchmarking The Apache Accumulo Distributed Key–Value StoreBenchmarking The Apache Accumulo Distributed Key–Value Store
Benchmarking The Apache Accumulo Distributed Key–Value StoreSqrrl
 
Scalable Graph Clustering with Pregel
Scalable Graph Clustering with PregelScalable Graph Clustering with Pregel
Scalable Graph Clustering with PregelSqrrl
 
What's Next for Google's BigTable
What's Next for Google's BigTableWhat's Next for Google's BigTable
What's Next for Google's BigTableSqrrl
 
April 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlApril 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlSqrrl
 
Sqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch WebinarSqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch WebinarSqrrl
 
October 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat DetectionOctober 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat DetectionSqrrl
 

Mehr von Sqrrl (20)

Transitioning Government Technology
Transitioning Government TechnologyTransitioning Government Technology
Transitioning Government Technology
 
Leveraging Threat Intelligence to Guide Your Hunts
Leveraging Threat Intelligence to Guide Your HuntsLeveraging Threat Intelligence to Guide Your Hunts
Leveraging Threat Intelligence to Guide Your Hunts
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your Network
 
Machine Learning for Incident Detection: Getting Started
Machine Learning for Incident Detection: Getting StartedMachine Learning for Incident Detection: Getting Started
Machine Learning for Incident Detection: Getting Started
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
User and Entity Behavior Analytics using the Sqrrl Behavior Graph
User and Entity Behavior Analytics using the Sqrrl Behavior GraphUser and Entity Behavior Analytics using the Sqrrl Behavior Graph
User and Entity Behavior Analytics using the Sqrrl Behavior Graph
 
Threat Hunting Platforms (Collaboration with SANS Institute)
Threat Hunting Platforms (Collaboration with SANS Institute)Threat Hunting Platforms (Collaboration with SANS Institute)
Threat Hunting Platforms (Collaboration with SANS Institute)
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar Users
 
Threat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivityThreat Hunting for Command and Control Activity
Threat Hunting for Command and Control Activity
 
Modernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingModernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led Training
 
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
 
Leveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker ActivityLeveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker Activity
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert Triage
 
Reducing Mean Time to Know
Reducing Mean Time to KnowReducing Mean Time to Know
Reducing Mean Time to Know
 
Benchmarking The Apache Accumulo Distributed Key–Value Store
Benchmarking The Apache Accumulo Distributed Key–Value StoreBenchmarking The Apache Accumulo Distributed Key–Value Store
Benchmarking The Apache Accumulo Distributed Key–Value Store
 
Scalable Graph Clustering with Pregel
Scalable Graph Clustering with PregelScalable Graph Clustering with Pregel
Scalable Graph Clustering with Pregel
 
What's Next for Google's BigTable
What's Next for Google's BigTableWhat's Next for Google's BigTable
What's Next for Google's BigTable
 
April 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlApril 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with Sqrrl
 
Sqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch WebinarSqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch Webinar
 
October 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat DetectionOctober 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat Detection
 

Kürzlich hochgeladen

INTERNSHIP ON PURBASHA COMPOSITE TEX LTD
INTERNSHIP ON PURBASHA COMPOSITE TEX LTDINTERNSHIP ON PURBASHA COMPOSITE TEX LTD
INTERNSHIP ON PURBASHA COMPOSITE TEX LTDRafezzaman
 
modul pembelajaran robotic Workshop _ by Slidesgo.pptx
modul pembelajaran robotic Workshop _ by Slidesgo.pptxmodul pembelajaran robotic Workshop _ by Slidesgo.pptx
modul pembelajaran robotic Workshop _ by Slidesgo.pptxaleedritatuxx
 
20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdf20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdfHuman37
 
detection and classification of knee osteoarthritis.pptx
detection and classification of knee osteoarthritis.pptxdetection and classification of knee osteoarthritis.pptx
detection and classification of knee osteoarthritis.pptxAleenaJamil4
 
Thiophen Mechanism khhjjjjjjjhhhhhhhhhhh
Thiophen Mechanism khhjjjjjjjhhhhhhhhhhhThiophen Mechanism khhjjjjjjjhhhhhhhhhhh
Thiophen Mechanism khhjjjjjjjhhhhhhhhhhhYasamin16
 
Heart Disease Classification Report: A Data Analysis Project
Heart Disease Classification Report: A Data Analysis ProjectHeart Disease Classification Report: A Data Analysis Project
Heart Disease Classification Report: A Data Analysis ProjectBoston Institute of Analytics
 
Multiple time frame trading analysis -brianshannon.pdf
Multiple time frame trading analysis -brianshannon.pdfMultiple time frame trading analysis -brianshannon.pdf
Multiple time frame trading analysis -brianshannon.pdfchwongval
 
Generative AI for Social Good at Open Data Science East 2024
Generative AI for Social Good at Open Data Science East 2024Generative AI for Social Good at Open Data Science East 2024
Generative AI for Social Good at Open Data Science East 2024Colleen Farrelly
 
Advanced Machine Learning for Business Professionals
Advanced Machine Learning for Business ProfessionalsAdvanced Machine Learning for Business Professionals
Advanced Machine Learning for Business ProfessionalsVICTOR MAESTRE RAMIREZ
 
April 2024 - NLIT Cloudera Real-Time LLM Streaming 2024
April 2024 - NLIT Cloudera Real-Time LLM Streaming 2024April 2024 - NLIT Cloudera Real-Time LLM Streaming 2024
April 2024 - NLIT Cloudera Real-Time LLM Streaming 2024Timothy Spann
 
Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...
Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...
Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...Boston Institute of Analytics
 
LLMs, LMMs, their Improvement Suggestions and the Path towards AGI
LLMs, LMMs, their Improvement Suggestions and the Path towards AGILLMs, LMMs, their Improvement Suggestions and the Path towards AGI
LLMs, LMMs, their Improvement Suggestions and the Path towards AGIThomas Poetter
 
How we prevented account sharing with MFA
How we prevented account sharing with MFAHow we prevented account sharing with MFA
How we prevented account sharing with MFAAndrei Kaleshka
 
Top 5 Best Data Analytics Courses In Queens
Top 5 Best Data Analytics Courses In QueensTop 5 Best Data Analytics Courses In Queens
Top 5 Best Data Analytics Courses In Queensdataanalyticsqueen03
 
Data Factory in Microsoft Fabric (MsBIP #82)
Data Factory in Microsoft Fabric (MsBIP #82)Data Factory in Microsoft Fabric (MsBIP #82)
Data Factory in Microsoft Fabric (MsBIP #82)Cathrine Wilhelmsen
 
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degreeyuu sss
 
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一F sss
 
ASML's Taxonomy Adventure by Daniel Canter
ASML's Taxonomy Adventure by Daniel CanterASML's Taxonomy Adventure by Daniel Canter
ASML's Taxonomy Adventure by Daniel Cantervoginip
 
办美国阿肯色大学小石城分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree
办美国阿肯色大学小石城分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree办美国阿肯色大学小石城分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree
办美国阿肯色大学小石城分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degreeyuu sss
 

Kürzlich hochgeladen (20)

INTERNSHIP ON PURBASHA COMPOSITE TEX LTD
INTERNSHIP ON PURBASHA COMPOSITE TEX LTDINTERNSHIP ON PURBASHA COMPOSITE TEX LTD
INTERNSHIP ON PURBASHA COMPOSITE TEX LTD
 
modul pembelajaran robotic Workshop _ by Slidesgo.pptx
modul pembelajaran robotic Workshop _ by Slidesgo.pptxmodul pembelajaran robotic Workshop _ by Slidesgo.pptx
modul pembelajaran robotic Workshop _ by Slidesgo.pptx
 
20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdf20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdf
 
detection and classification of knee osteoarthritis.pptx
detection and classification of knee osteoarthritis.pptxdetection and classification of knee osteoarthritis.pptx
detection and classification of knee osteoarthritis.pptx
 
Thiophen Mechanism khhjjjjjjjhhhhhhhhhhh
Thiophen Mechanism khhjjjjjjjhhhhhhhhhhhThiophen Mechanism khhjjjjjjjhhhhhhhhhhh
Thiophen Mechanism khhjjjjjjjhhhhhhhhhhh
 
Heart Disease Classification Report: A Data Analysis Project
Heart Disease Classification Report: A Data Analysis ProjectHeart Disease Classification Report: A Data Analysis Project
Heart Disease Classification Report: A Data Analysis Project
 
Multiple time frame trading analysis -brianshannon.pdf
Multiple time frame trading analysis -brianshannon.pdfMultiple time frame trading analysis -brianshannon.pdf
Multiple time frame trading analysis -brianshannon.pdf
 
Generative AI for Social Good at Open Data Science East 2024
Generative AI for Social Good at Open Data Science East 2024Generative AI for Social Good at Open Data Science East 2024
Generative AI for Social Good at Open Data Science East 2024
 
Advanced Machine Learning for Business Professionals
Advanced Machine Learning for Business ProfessionalsAdvanced Machine Learning for Business Professionals
Advanced Machine Learning for Business Professionals
 
April 2024 - NLIT Cloudera Real-Time LLM Streaming 2024
April 2024 - NLIT Cloudera Real-Time LLM Streaming 2024April 2024 - NLIT Cloudera Real-Time LLM Streaming 2024
April 2024 - NLIT Cloudera Real-Time LLM Streaming 2024
 
Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...
Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...
Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...
 
LLMs, LMMs, their Improvement Suggestions and the Path towards AGI
LLMs, LMMs, their Improvement Suggestions and the Path towards AGILLMs, LMMs, their Improvement Suggestions and the Path towards AGI
LLMs, LMMs, their Improvement Suggestions and the Path towards AGI
 
How we prevented account sharing with MFA
How we prevented account sharing with MFAHow we prevented account sharing with MFA
How we prevented account sharing with MFA
 
Top 5 Best Data Analytics Courses In Queens
Top 5 Best Data Analytics Courses In QueensTop 5 Best Data Analytics Courses In Queens
Top 5 Best Data Analytics Courses In Queens
 
Data Factory in Microsoft Fabric (MsBIP #82)
Data Factory in Microsoft Fabric (MsBIP #82)Data Factory in Microsoft Fabric (MsBIP #82)
Data Factory in Microsoft Fabric (MsBIP #82)
 
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
 
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
 
ASML's Taxonomy Adventure by Daniel Canter
ASML's Taxonomy Adventure by Daniel CanterASML's Taxonomy Adventure by Daniel Canter
ASML's Taxonomy Adventure by Daniel Canter
 
Deep Generative Learning for All - The Gen AI Hype (Spring 2024)
Deep Generative Learning for All - The Gen AI Hype (Spring 2024)Deep Generative Learning for All - The Gen AI Hype (Spring 2024)
Deep Generative Learning for All - The Gen AI Hype (Spring 2024)
 
办美国阿肯色大学小石城分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree
办美国阿肯色大学小石城分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree办美国阿肯色大学小石城分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree
办美国阿肯色大学小石城分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree
 

Sqrrl Datasheet: Cyber Hunting

  • 1. DATASHEET   SQRRL ENTERPRISE USE CASE: CYBER HUNTING Proactively uncover hidden threats through cyber hunting The days when Security Operations Center analysts could sit back and wait for alerts to come to them have long passed. Breaches and attacks at large companies and government agencies have shown that traditional measures like firewalls, IDS, and SIEMs are not enough. While these measures are still important, today’s threats demand a more active role in detecting and isolating sophisticated attacks. Hunting is the practice of searching iteratively through your data to detect and isolate advanced threats that evade more traditional security solutions. In other words hunting trips are designed to proactively uncover threats hidden in a network or system. The Sqrrl Enterprise Edge Sqrrl Enterprise is a real-time, unified platform for securely integrating, exploring, and analyzing massive amounts of data from any source. By creating visual models using linked data, Sqrrl is able to generate a clearer contextual picture for analysts Sqrrl Enterprise powers cyber hunting via the following features: • Enables a hunter to filter and prioritize Big Data, employing advanced data science techniques • Allows pivoting in real time between disparate datasets and distinct parts of a network • Facilitates iterative question chaining, which streamlines the process of response and investigation • Generates advanced visualizations consisting of weighted, directional nodes and edges that can provide compact representations of complex, dense datasets Example Advanced Persistent Threat Hunting Use Case
  • 2. ABOUT SQRRL Powering the Hunt | Page 2 Sqrrl was founded in 2012 by creators of Apache Accumulo™. With their roots in the U.S. Intelligence Community, Sqrrl’s founders have deep experience integrating and analyzing complex petabyte-scale datasets. Sqrrl is headquartered in Cambridge, MA and is a venture-backed company with investors from Matrix Partners, Atlas Venture, and Rally Ventures. 125 Cambridge Park Dr Cambridge, MA 02140 www.sqrrl.com @SqrrlData p: (617) 902-0784 e: info@sqrrl.com                         Leveraging Data Science Making sense of Big Data is no easy task, and your enterprise is will want to keep as much data as it will be able to store. To actually capitalize on terabytes or even petabytes of information, you will need a smart and effective way of making sense of it all. Modern machine learning and statistical tools have the potential to multiply the effectiveness of a hunter's powers by automating common tasks such as producing activity summaries or finding the “weird” entities in a dataset. Hunters need tools, like Sqrrl Enterprise, that provide data science without requiring the users to be data scientists. Question Driven Investigations Hunting trips should start with questions and hypotheses, not necessarily specific indicators. A question, or a hypothesis you start with might be something like “Is data exfiltration happening?” or “If there is data exfiltration happening, it’s most likely going on through this part of the network.” A hunter would then check to see whether any exfiltration going through that subnet, and try to figure out what protocols might be used. There are often multiple ways you can look for the answers to these questions, but having some hypotheses helps figure out what data you need to examine and what analytic techniques might be most fruitful. Sqrrl Enterprise’s query language makes asking these questions easy. Keep on Pivoting Hunting consists of spending a lot of time searching for something that is elusive by nature. To locate entrenched threats, your hunt needs to be dynamic and adaptable. Plus, you need to be able to easily pivot from one dataset to the next to evaluate the full context of the attacker’s digital footprints. This might include moving from operating system events to Netflow data and then to application logs. Sqrrl Enterprise is able to support this kind of nimble data exploration. Mapping Your Terrain Knowing the lay of the land and where attackers may hide is a key element to hunting. Kill chain mapping provides a useful framework to plan your hunting trips for maximum impact. Typically, you will want to focus on the last two phases of the kill chain (Command and Control and Act on Objectives) first, since the farther along the kill chain the adversary is, the worse the incident is for you. Sqrrl Enterprise provides the capability to annotate investigations with kill chain mappings. . Advice from a Hunter "Organizations are realizing that their existing traditional security solutions, such as firewalls and SIEMs, are not finding everything that they need to find. On the detection side they’re doing well for what they do, but the problem is that signature-based or even intelligence-based network monitoring systems are limited. Attackers are virtually unlimited in what they can do. Adversaries are very flexible and agile, so that's what we have to be." -David Bianco, Sqrrl's Security Architect; former Manager of Mandiant’s Hunt Team