Sqrrl
SECURITY GRAPHS GO MAINSTREAM
This post was originally published here by Sqrrl Team. In the late 2000’s Facebook launched its Social Graph. In the early 2010’s Linkedin popularized the concept of an Economic Graph. In both cases, these companies saw the power of connecting data into a “linked-entity” model. Sqrrl has been doing the same type of work in cybersecurity since […]
Cyber Threat Hunting for Uncategorized Proxy Events
This post was originally published here by Chris Sanders. Attackers rely on the abstraction provided between domains and IP addresses to make their infrastructure more resilient. A domain name can be registered in a matter of minutes, and multiple domains can be configured to point to the same host. This allows attackers to quickly switch […]
Current and Future Trends in Threat Hunting
This post was originally published here by Sqrrl Team. What does the future of threat hunting look like? We brought together some of the world’s premier threat hunters to find out. Sqrrl partnered with Richard Bejtlich from TaoSecurity to bring together a panel discussion comprised of the original General Electric CIRT incident handler team. These […]
Top 3 Takeaways From DerbyCon
This post was originally published here by Ryan Nolette. This past week I had the pleasure of going down to DerbyCon 7.0. Along the way, I got to see some fantastic presentations, an excellent Capture the Flag competition, and the tragic death of at least one insect. Here are a few of my takeaways from the […]
Exploring the Origins of Threat Hunting
This post was originally published here by Sqrrl Team. Threat hunting is one of the fastest-growing information security practices today. But what really defines threat hunting and how did the practice start? Recently, Sqrrl partnered with Richard Bejtlich from TaoSecurity to bring together a panel discussion comprised of the original General Electric CIRT incident handler […]
CDM Phases and Sqrrl
This post was originally published here by Ely Kahn. Sqrrl’s Threat Hunting Platform is at the forefront of supporting the Department of Homeland Security’s mission of defending the United States against threats in cyberspace. The Threat Hunting Platform features: Machine learning and graph algorithms to detect kill chain behaviors Sqrrl’s Security Behavior Graph, which leverages […]
Endpoint and Network Hunting: A Q&A with Ryan Nolette
This post was originally published here by Sqrrl Team. Ryan Nolette is a security technologist at Sqrrl. Throughout his career he has attained experience in IT/Security planning at a large scale and is proficient in multiple platforms and security techniques. He has experience with troubleshooting, auditing and installations, network intrusion detection, security, incident response, threat intelligence, […]
Hunting for Needles in Haystacks
This post was originally published here by Sqrrl Team. Cyber threat hunting involves proactively and iteratively searching through networks and datasets to detect threats that evade existing automated tools. Yet, determining the Tactics, Techniques and Procedures (TTPs) used by adversaries is challenging for the very reason that there is often no roadmap that can be used […]
Endpoint and Network Hunting: A Q&A with Ryan Nolette
This post was originally published here by Sqrrl Team. Ryan Nolette is a security technologist at Sqrrl. Throughout his career he has attained experience in IT/Security planning at a large scale and is proficient in multiple platforms and security techniques. He has experience with troubleshooting, auditing and installations, network intrusion detection, security, incident response, threat intelligence, […]
Threat Hunting for HTTP User Agents
This post was originally published here by Chris Sanders. An attacker will use the minimal amount of effort required to compromise your network. That means when it’s possible to reuse applications, tools, and protocols…. they’ll do it! This is one reason why attackers often use HTTP to facilitate communication to and from infected hosts. In […]
