Sqrrl
Follow
197 Followers
Follow Sqrrl on their other social channels!
About Us
Founded:
2012
Company Size:
51-200 employees
Company Type:
Private
Location:
Cambridge, MA
Website:
Sqrrl is the Threat Hunting Company that enables organizations to target, hunt, and disrupt advanced cyber threats. Sqrrl’s industry-leading Threat Hunting Platform unites link analysis, User and Entity Behavior Analytics (UEBA), and multi-petabyte scalability capabilities into an integrated solut ...
Read more
Promoted Content
Sqrrl has licensed access to the SANS Whitepaper "The Who, What, Where, When, Why and How of Effective Threat Hunting" for you.
Follow
19
Building a Top-Tier Hunt Team: an Interview with Alan Orlikoski
Alan Orlikoski has over 15 years of experience in both the private and public sectors of the IT industry. He has designed and implemented defense solutions for government and Fortune 100 companies. He has more recently participated on teams tasked to assess and advise Fortune 100 clients, with a focus on maturing an organization’s ability to more quickly and effectively detect, respond to, and contain targeted attacks.Key Takeaways:A good hunter is a “jack of all trades” and is able t ...
Follow
31
Answering Questions Before They’re Asked (Guest Article by Chris Sanders)
Investigations are all about iterating through evidence that helps you make decisions about what events transpired on your network. That sounds easy enough, but asking the right questions and identifying the data you need to answer them is tricky. This problem manifests in two ways. First, not having enough of the right data means you may be unable to answer the questions that will move the investigation forward. Conversely, having too much data may be overwhelming with a tremendous number of fi ...
Follow
Ryan Nolette and Adam Fuchs are teaming up for tomorrow\'s webinar training session \"Threat Hunting for Lateral Movement\" @ 2 pm ET | 1 pm CT | 11 am PT. Sign up:http://info.sqrrl.com/threat-hunting-lateral-movement
Follow
47
Retracing Investigation Steps When Threat Hunting
Finding evil is all about asking the right questions, finding answers, and using those answers to ask more questions. Each question and answer represent a decision point, branching the investigation off down a new path. The path of the analyst is far from linear, and sometimes we need to go back and retrace our steps to work from a previous decision point. Just like Hansel and Gretel left breadcrumbs along their path through the woods, we too need breadcrumbs to ensure that we’re fully explori ...
Follow
255
Hunter Profile: Pietro Bempos
Sqrrl's Hunter Profile series collects tips, tricks, and experiences from leading threat hunters. Our latest profile is on Zurich Insurance's Pietro Bempos. Check out more Hunter Profiles here. Who are you?Hello, my name is Pietro Bempos. I wrote my first computer program on my Amstrad CPC 6128 on 1989, and since then I haven’t stopped working with computers. I've worked professionally on IT for 10+ years and most recently have become a full time Threat Hunter. You can find m ...
Follow
64
Threat Hunter Profile: Quantum Security's James Bower
Our Threat Hunter Profiles series interviews leading hunters for their tips, tricks and stories. Read James' profile on our blog and check out the full profile series here! Who are you? My name is James Bower, and I’m a threat researcher and hunter for Quantum Security here in Atlanta. I currently advise and consult on threat hunting and red/blue team services for a handful of companies in metro Atlanta. I’ve been consulting in InfoSec for over a decade now and have been hunting in some form ...
Follow
84
Enterprise Cyber Threat Hunting using Big Data
This interview by TAG Cyber CEO Ed Amoroso was originally published here. The proper role for humans in real-time cyber security has not always been crystal clear. My belief two decades back was that automation should feed prioritized alarms to friendly operators wearing headsets (think colorful ADT brochure), and that customers would receive timely notifications whenever something was amiss in their network. It was a logical, attractive view of cyber operations – and it was wrong. The problem ...
Follow
Check out our newest threat hunter profile on Ryan Nolette with this tips, tricks, and walkthrough of uncovering a major enterprise breach!http://blog.sqrrl.com/threat-hunter-profile-ryan-nolette
Follow
248
Four Common Threat Hunting Techniques with Sample Hunts
The buzz around threat hunting continues to build. Anton Chuvakin at Gartner is developing his first paper on the topic, and Richard Bejtlich recently unearthed the origins of the concept in his blog. However, the security industry is still in need of practical examples of how to hunt. In this post, I’ll give you a quick refresher on a few common hunting techniques and show you what they look like in practice with two example hunts:Example 1: Utilizes a list ...
Follow
142
The Nuts and Bolts of Detecting DNS Tunneling
This post originally appeared on Sqrrl's blog. DNS-based attacks have been commonly used since the early 2000’s, but over 40% of firms still fall prey to DNS tunneling attacks. Tunneling attacks originate from uncommon vectors, so traditional automated tools like SIEMs have difficulty detecting them, but they also must be found in massive sets of DNS data, so hunting for tunneling manually can be challenging as well. So, how can we use more advanced analytic techniques to isolate t ...
Follow
Get tips from veteran security analysts in our Threat Hunter Profile series! Our newest profile is on Kris Merritt of Vector8. Check out his tips on tools and intelligence sources (and hear about the time his team detected a Russian state actor!) http://blog.sqrrl.com/threat-hunter-profile-kris-merritt
Follow
Sign up for our March 1st training session on uncovering advanced threats using DNS and data science! http://sqrl.ly/2kHVZ36

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

Skip to toolbar
Cybrary works best if you switch to our Android-friendly app
Continue

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel