Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Securely explore your data
SQRRL 2.0 LAUNCH
WEBINAR
The Revolution in Cybersecurity and Linked Data Analysis
with Richard ...
© 2015 Sqrrl | All Rights Reserved 2
AGENDA
• Richard Stiennon: Chief Research
Analyst, IT-Harvest
– “The Revolution in Cy...
3
LINKING
Richard Stiennon
Chief Research Analyst, IT-Harvest
Executive Editor, securitycurrent
Blog: forbes.com/richardst...
4
Start May, 2010
Stopped August, 2013
The Book That Did Not Happen (Yet)
© 2015 IT-Harvest | All Rights Reserved
5
•  Adversary knows what they want
•  Where it is
•  Who has it
•  Will stop at nothing
Targeting
© 2015 IT-Harvest | All...
Starting in 2000 and persisting for at least ten
years: “over the years [Chinese hackers]
downloaded technical papers, res...
Compromised Designs include:
The advanced Patriot missile system (PAC-3)
The Terminal High Altitude Area Defense (THAAD)
N...
Hold Security discovers massive repository of IDs.
Leads to discovery of stolen cert at JPM website.
Leads to discovery of...
A persistent,
relentless drive to
capture SecurID
seeds.
The RSAAttack, March 2011
9© 2015 IT-Harvest | All Rights Reserved
”…at this time we are confident that the
information extracted does not enable a
successful direct attack on any of our
RS...
Tracking the same campaign for over a year
Saw the escalation
Cut off all access via RSA SecurID tokens
Lockheed Martin, M...
Tracking attacks by campaign
Extracting key indicators
Continuous monitoring
Threat actor research and alerting
Objective ...
Campaign Tracking
The single most valuable tool for communicating
with executive management
13© 2015 IT-Harvest | All Righ...
14
Source: Lockheed Martin Cyber Kill Chain White Paper 2011
© 2015 IT-Harvest | All Rights Reserved
The Cyber Kill Chain
Situational
Awareness
Alerting
Let machines and
big data augment
your expertise
Work on the critical
incidents.
Security A...
X-47B the first autonomous
drone
Autonomous code
will shorten
possible response
time from days to
hours to seconds.
Impera...
Securely explore your data
SQRRL ENTERPRISE V2
Linked Data Analysis
© 2015 Sqrrl | All Rights Reserved 18
From securing the country to securing your enterprise
SQRRL HISTORY
Google’s
BigTabl...
INCIDENT RESPONSE LIFECYCLE
© 2015 Sqrrl | All Rights Reserved
© 2015 Sqrrl | All Rights Reserved 20
YOUR MOST EFFECTIVE TOOLS:
LOGS
VS.
LINKED DATA
© 2015 Sqrrl | All Rights Reserved 21
LINKED DATA
•  Organizes data into entities
and relationships (links)
•  Provides pe...
© 2015 Sqrrl | All Rights Reserved 22
SQRRL LINKED DATA ANALYSIS
© 2015 Sqrrl | All Rights Reserved 23
DEMONSTRATION
© 2015 Sqrrl | All Rights Reserved 24
Cyber, Compliance & Risk Investigations
Large Telecommunications Company
Results
Cha...
© 2015 Sqrrl | All Rights Reserved 25
HOW TO LEARN MORE
• sqrrl.com
– Download the Linked Data Analysis White Paper
– Requ...
Securely explore your data
Q & A
Thank you
26
© 2015 Sqrrl | All Rights Reserved 27
DEMONSTRATION
Upcoming SlideShare
Loading in …5
×

Sqrrl 2.0 Launch Webinar

388 views

Published on

Evolution in cybersecurity is the norm. As computer threats evolve, so have defenses. The debilitating effect of viruses borne by email gave rise to the what is now a vast anti-virus infrastructure. The rise of network-based attacks created the incrementalism of constant updates to IDS and IPS. The inability to make sense of millions of IDS alerts gave rise to SIEM solutions.

Published in: Data & Analytics
  • Be the first to comment

  • Be the first to like this

Sqrrl 2.0 Launch Webinar

  1. 1. Securely explore your data SQRRL 2.0 LAUNCH WEBINAR The Revolution in Cybersecurity and Linked Data Analysis with Richard Stiennon (IT-Harvest) and Luis Maldonado (Sqrrl)
  2. 2. © 2015 Sqrrl | All Rights Reserved 2 AGENDA • Richard Stiennon: Chief Research Analyst, IT-Harvest – “The Revolution in Cybersecurity” • Luis Maldonado: VP Products, Sqrrl – “Linked Data Analysis” – Sqrrl Enterprise 2.0 Demonstration
  3. 3. 3 LINKING Richard Stiennon Chief Research Analyst, IT-Harvest Executive Editor, securitycurrent Blog: forbes.com/richardstiennon twitter.com/cyberwar © 2015 IT-Harvest | All Rights Reserved
  4. 4. 4 Start May, 2010 Stopped August, 2013 The Book That Did Not Happen (Yet) © 2015 IT-Harvest | All Rights Reserved
  5. 5. 5 •  Adversary knows what they want •  Where it is •  Who has it •  Will stop at nothing Targeting © 2015 IT-Harvest | All Rights Reserved
  6. 6. Starting in 2000 and persisting for at least ten years: “over the years [Chinese hackers] downloaded technical papers, research-and- development reports, business plans, employee emails and other documents” 6© 2015 IT-Harvest | All Rights Reserved
  7. 7. Compromised Designs include: The advanced Patriot missile system (PAC-3) The Terminal High Altitude Area Defense (THAAD) Navy’s Aegis ballistic-missile defense system. F/A-18 fighter jet V-22 Osprey Black Hawk helicopter Littoral Combat Ship F-35 Joint Strike Fighter 7© 2015 IT-Harvest | All Rights Reserved
  8. 8. Hold Security discovers massive repository of IDs. Leads to discovery of stolen cert at JPM website. Leads to discovery of internal breach through a privileged user. 8© 2015 IT-Harvest | All Rights Reserved
  9. 9. A persistent, relentless drive to capture SecurID seeds. The RSAAttack, March 2011 9© 2015 IT-Harvest | All Rights Reserved
  10. 10. ”…at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers” source: OPEN LETTER http://www.sec.gov/Archives/edgar/data/790070/000119312511070159/dex991.htm But Don’t Worry 10© 2015 IT-Harvest | All Rights Reserved
  11. 11. Tracking the same campaign for over a year Saw the escalation Cut off all access via RSA SecurID tokens Lockheed Martin, May 2011 11© 2015 IT-Harvest | All Rights Reserved
  12. 12. Tracking attacks by campaign Extracting key indicators Continuous monitoring Threat actor research and alerting Objective Pen Testing Organization Cyber Defense 12© 2015 IT-Harvest | All Rights Reserved
  13. 13. Campaign Tracking The single most valuable tool for communicating with executive management 13© 2015 IT-Harvest | All Rights Reserved
  14. 14. 14 Source: Lockheed Martin Cyber Kill Chain White Paper 2011 © 2015 IT-Harvest | All Rights Reserved The Cyber Kill Chain
  15. 15. Situational Awareness Alerting Let machines and big data augment your expertise Work on the critical incidents. Security Analytics 15© 2015 IT-Harvest | All Rights Reserved
  16. 16. X-47B the first autonomous drone Autonomous code will shorten possible response time from days to hours to seconds. Imperative to get your breach response abilities in place today so you can keep up. Demands on reaction time 16© 2015 IT-Harvest | All Rights Reserved
  17. 17. Securely explore your data SQRRL ENTERPRISE V2 Linked Data Analysis
  18. 18. © 2015 Sqrrl | All Rights Reserved 18 From securing the country to securing your enterprise SQRRL HISTORY Google’s BigTable Paper 2006 NSA Builds Accumulo 2008 Sqrrl Founded 2012 Sqrrl Enterprise 1.0 2013 Sqrrl Enterprise 2.0 2015 Investors: Patented Technology:
  19. 19. INCIDENT RESPONSE LIFECYCLE © 2015 Sqrrl | All Rights Reserved
  20. 20. © 2015 Sqrrl | All Rights Reserved 20 YOUR MOST EFFECTIVE TOOLS: LOGS VS. LINKED DATA
  21. 21. © 2015 Sqrrl | All Rights Reserved 21 LINKED DATA •  Organizes data into entities and relationships (links) •  Provides perspective •  Surfaces meaning & context •  Enables faster analysis
  22. 22. © 2015 Sqrrl | All Rights Reserved 22 SQRRL LINKED DATA ANALYSIS
  23. 23. © 2015 Sqrrl | All Rights Reserved 23 DEMONSTRATION
  24. 24. © 2015 Sqrrl | All Rights Reserved 24 Cyber, Compliance & Risk Investigations Large Telecommunications Company Results Challenge Sqrrl Solution Ensured compliance with data security regulations Reduce investigation time from days/weeks to minutes Visibility across more data than previously possible Analyzing more than 1 year of multi-structured security data including for Advanced Persistent (APT), fraud, and insider threats •  Aggregate and store all data •  Gather and profile employee and device behaviors •  Search, query and analyze behaviors, details and anomalies
  25. 25. © 2015 Sqrrl | All Rights Reserved 25 HOW TO LEARN MORE • sqrrl.com – Download the Linked Data Analysis White Paper – Request the Test Drive VM • Come visit us at upcoming conferences – HIMSS (Chicago, April 12-16) – RSA (San Francisco, April 20-24) – Accumulo Summit (College Park, April 28-29)
  26. 26. Securely explore your data Q & A Thank you 26
  27. 27. © 2015 Sqrrl | All Rights Reserved 27 DEMONSTRATION

×