Weitere ähnliche Inhalte Ähnlich wie Threat Hunting Platforms (Collaboration with SANS Institute) (20) Kürzlich hochgeladen (20) Threat Hunting Platforms (Collaboration with SANS Institute)3. A new technology approach is needed!
Attack chain modeling
Intrusion reconstruction
Breach / response timelines
Campaign analysis
TOOLS ARE FRAGMENTING THE HUNTING
PROCESS
© 2016 Sqrrl | All Rights Reserved
Asset configuration
Business context
Alerts
Threat Intel
Behavioral Algorithms
Courses of Action Matrix
Signatures
Statistics
Logs
SIEM
Email Machine Learning
VisualizationHR data
Link Analysis
Search
4. HUNTING TECHNOLOGY REQUIREMENTS
The Solution:
Threat Hunting Platform (THP)
© 2016 Sqrrl | All Rights Reserved
• Common
threat ontology
• Shared insight
• Behavioral
• Statistical
• Extensible
• Search
• Visualization
• Exploration
• Variety
• Long term
retention
• Velocity
Data Tools
CollaborationAnalytics
5. WHAT IS A THREAT HUNTING PLATFORM?
A unified environment for:
• Collecting and managing big security data
• Detecting and analyzing advanced threats
• Visually investigating attack TTPs and patterns
• Automating hunt techniques
• Collaborating amongst security analyst teams
© 2016 Sqrrl | All Rights Reserved
6. KEY BENEFITS OF A THP
© 2016 Sqrrl | All Rights Reserved
Faster Detection
• Even the best analysts need the right tools
• Streamline the hunting workflow
Stronger Data Value
• Improve assessments with more context
• Retain more data for deeper analyses
Greater Clarity
• Identify anomalies through analytics
• Understand behaviors and how they relate
Stronger Ecosystem
• Complement your SIEM/IDS/EDR solutions
• Integrate workflows across products
Greater Efficiency
• Preserve context and replay investigations
• Train hunters collaboratively
7. SQRRL ENTERPRISE
© 2016 Sqrrl | All Rights Reserved
Sqrrl’s unique approach to the THP
Proactive
Threat
Hunting
Detection &
Investigation
User and Entity
Behavior
Analytics
8. SQRRL BEHAVIOR GRAPH
© 2016 Sqrrl | All Rights Reserved
Unique approach to managing security data
EXFIL
LATERAL MOVEMENT
KEY CAPABILITIES:
• Asset / activity modeling
• Visualization, exploration, search
• Behavioral analytics
• Big data scale & security
9. SQRRL BEHAVIORAL ANALYTICS
• Algorithmic detectors focus on TTPs and entity behavior
• Kill chain alignment surfaces sequencing and penetration
TTP behavior:
o Beaconing
o Lateral movement
o Data staging
o Exfiltration
© 2016 Sqrrl | All Rights Reserved
User / entity behavior:
o Account Misuse
o Risky entity / user behavior
12. © 2016 Sqrrl | All Rights Reserved
THANK YOU!
How To Learn More?
To learn more about Sqrrl:
• Download Sqrrl’s Threat Hunting eBook from our website
• Download the Sqrrl Product Paper from our website
• Request a Test Drive VM from our website
• Reach out to us at info@sqrrl.com