Sqrrl
3 Reasons the Next NIST Update Should Include Threat Hunting
This post was originally published here by SQRRL. Are we giving our automated security tools too much credit for threat detection? Nearly half of all threats go undetected by automated security tools (44%), according to a recent LinkedIn poll to the 360,000+ member InfoSec Community. Here’s why Sqrrl is arguing to add human-driven analysis to the list of “appropriate activities […]
The Nuts and Bolts of Detecting DNS Tunneling
This post was originally published here. DNS-based attacks have been commonly used since the early 2000’s, but over 40% of firms still fall prey to DNS tunneling attacks. Tunneling attacks originate from uncommon vectors, so traditional automated tools like SIEMs have difficulty detecting them, but they also must be found in massive sets of DNS data, so […]
What is Threat Hunting in Cybersecurity Defense
This post was originally published here by Håkon Olsen. WHAT IS HUNTING AND WHY DO IT? A term that is often used in the cybersecurity community is threat hunting. This is the activity of hunting for intruders in your computer systems, and then locking them out. In the more extreme cases it can also involve […]
The Hunter’s Den: Command and Control
The Hunter’s Den blog series aims to go beyond framework and theory and dig into practical tips and techniques for threat hunting. In our previous post, we examined the practical ways that one can hunt for Internal Reconnaissance. In this post, we will take a look at how to hunt for Command and Control (C2) activity. Command and control […]
Threats Driving You Nuts? Try Threat Hunting With Sqrrl
This article originally appeared on the IBM Security Intelligence blog. Squirrels have many predators and enemies (hawks, snakes and, of course, cars), but Sqrrl shows how the hunted can become the hunter. Sqrrl is a leading threat hunting platform that is deeply integrated with IBM QRadar SIEM. Visualizing ThreatsWhen the IBM Security App Exchangelaunched in 2015, its primary goal was to […]
The Hunter’s Den: Internal Reconnaissance (Part 1)
The Hunter’s Den: Internal Reconnaissance (Part 1) By Josh Liburdi, Security Technologist at Sqrrl, and George Aquila As we laid out in our introduction, The Hunter’s Den blog series aims to go beyond framework and theory and dig into practical tips and techniques for threat hunting. This first post will focus on hunting for Internal […]