Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Threat Hunting Platforms (Collaboration with SANS Institute)


Published on

Traditional security measures like firewalls, IDS, endpoint protection, and SIEMs are only part of the network security puzzle. Threat hunting is a proactive approach to uncovering threats that lie hidden in your network or system, that can evade more traditional security tools. Go in-depth with Sqrrl and SANS Institute to learn how hunting platforms work.

Watch the recording with audio here:

Published in: Software
  • Be the first to comment

  • Be the first to like this

Threat Hunting Platforms (Collaboration with SANS Institute)

  2. 2. INCIDENT DETECTION/RESPONSE WEAKNESSES (and where hunting can help) © 2016 Sqrrl | All Rights Reserved
  3. 3. A new technology approach is needed! Attack chain modeling Intrusion reconstruction Breach / response timelines Campaign analysis TOOLS ARE FRAGMENTING THE HUNTING PROCESS © 2016 Sqrrl | All Rights Reserved Asset configuration Business context Alerts Threat Intel Behavioral Algorithms Courses of Action Matrix Signatures Statistics Logs SIEM Email Machine Learning VisualizationHR data Link Analysis Search
  4. 4. HUNTING TECHNOLOGY REQUIREMENTS The Solution: Threat Hunting Platform (THP) © 2016 Sqrrl | All Rights Reserved • Common threat ontology • Shared insight • Behavioral • Statistical • Extensible • Search • Visualization • Exploration • Variety • Long term retention • Velocity Data Tools CollaborationAnalytics
  5. 5. WHAT IS A THREAT HUNTING PLATFORM? A unified environment for: • Collecting and managing big security data • Detecting and analyzing advanced threats • Visually investigating attack TTPs and patterns • Automating hunt techniques • Collaborating amongst security analyst teams © 2016 Sqrrl | All Rights Reserved
  6. 6. KEY BENEFITS OF A THP © 2016 Sqrrl | All Rights Reserved Faster Detection • Even the best analysts need the right tools • Streamline the hunting workflow Stronger Data Value • Improve assessments with more context • Retain more data for deeper analyses Greater Clarity • Identify anomalies through analytics • Understand behaviors and how they relate Stronger Ecosystem • Complement your SIEM/IDS/EDR solutions • Integrate workflows across products Greater Efficiency • Preserve context and replay investigations • Train hunters collaboratively
  7. 7. SQRRL ENTERPRISE © 2016 Sqrrl | All Rights Reserved Sqrrl’s unique approach to the THP Proactive Threat Hunting Detection & Investigation User and Entity Behavior Analytics
  8. 8. SQRRL BEHAVIOR GRAPH © 2016 Sqrrl | All Rights Reserved Unique approach to managing security data EXFIL LATERAL MOVEMENT KEY CAPABILITIES: • Asset / activity modeling • Visualization, exploration, search • Behavioral analytics • Big data scale & security
  9. 9. SQRRL BEHAVIORAL ANALYTICS • Algorithmic detectors focus on TTPs and entity behavior • Kill chain alignment surfaces sequencing and penetration TTP behavior: o Beaconing o Lateral movement o Data staging o Exfiltration © 2016 Sqrrl | All Rights Reserved User / entity behavior: o Account Misuse o Risky entity / user behavior
  10. 10. SQRRL PLATFORM © 2016 Sqrrl | All Rights Reserved
  11. 11. © 2016 Sqrrl | All Rights Reserved DEMONSTRATION
  12. 12. © 2016 Sqrrl | All Rights Reserved THANK YOU! How To Learn More? To learn more about Sqrrl: • Download Sqrrl’s Threat Hunting eBook from our website • Download the Sqrrl Product Paper from our website • Request a Test Drive VM from our website • Reach out to us at
  13. 13. Target. Hunt. Disrupt. Q & A