SlideShare uma empresa Scribd logo

SQRRLTHREAT HUNTING PLATFORM OVERVIEW

Transferir como PPTX, PDF
DataWorks Summit/Hadoop Summit
DataWorks Summit/Hadoop Summit

The document discusses the SqrrlThreat Hunting Platform, which collects security, network, and endpoint data to detect threats. It uses Apache Accumulo for distributed storage and processing. Behavioral analytics models adversary behavior based on the attack kill chain. Analytics run on the data to detect rare events and chain them together using graphs. Results are then collated for visualization and analysis to hunt, detect, and disrupt threats.

Tecnologia
1 de 10
SQRRLTHREAT HUNTING PLATFORM ADAM FUCHS CTO, SQRRL COMMITTER, ACCUMULO MEMBER, ASF
© 2016 Sqrrl Data, Inc. All rights reserved. 2 Accelerating Investigations
© 2016 Sqrrl Data, Inc. All rights reserved. 3 The SqrrlThreat Hunting Platform SECURITY DATA NETWORK DATA ENDPOINT/IDENTITY DATA Firewall / IDS Threat Intel Bro SIEM Alerts NetflowProxy ProcessesHR
© 2016 Sqrrl Data, Inc. All rights reserved. 4 Sqrrl Architecture Visualization + API Physical Data Storage Data Model Processing Interface Audit Encryption Labeling+Policy Query Engine: Accumulo Iterators Bulk/Graph Processing: YARN + Spark Raw Events Linked Data HDFS Accumulo+ Commodity Hardware
© 2016 Sqrrl Data, Inc. All rights reserved. 5 The Apache Accumulo Project Accumulo Stores Sorted Key,Value Pairs High Performance Writes Great Scalability Embedded Processing (Iterators) We leverage Accumulo for: Low-Latency Information Retrieval Indexing Distributed Processing GraphOrganization Ingest-Time Aggregation Secure Storage
Behavioral Analytics
© 2016 Sqrrl Data, Inc. All rights reserved. 7 Attack Chain Behavior detection Adversary behavior is modeled based on a kill chain Kill chain alignment of behavior detection analytics: Helps to determine attack penetration and risk Supports arguments of completeness of detection coverage
© 2016 Sqrrl Data, Inc. All rights reserved. 8 Kill Chain-Based Behavioral Analytic Example • Lateral Movement: Multiple host logins, credential theft • Active Directory • Windows event logs • Unsupervised machine learning for rarity detection • Graph algorithm for chaining • Analyst whitelisting of false positives
© 2016 Sqrrl Data, Inc. All rights reserved. 9 Collating Results ForVisualization and Analysis Behavioral Analytics Entity Risk Scoring Raw Data Modeled Data (Graph) API Applications AnalyticsAnalyticsAnalyticsAnalytics
Target. Hunt. Disrupt.

Recomendados

Threat Hunting Platforms (Collaboration with SANS Institute)
Threat Hunting Platforms (Collaboration with SANS Institute)Threat Hunting Platforms (Collaboration with SANS Institute)
Threat Hunting Platforms (Collaboration with SANS Institute)Sqrrl
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with SplunkSplunk
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkSqrrl
 
Threat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivityThreat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivitySqrrl
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabTeymur Kheirkhabarov
 
SIEM and Threat Hunting
SIEM and Threat HuntingSIEM and Threat Hunting
SIEM and Threat Huntingn|u - The Open Security Community
 
Splunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learningSplunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learningDigital Transformation EXPO Event Series
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise SecuritySplunk
 

Recomendados

Threat Hunting Platforms (Collaboration with SANS Institute)
Threat Hunting Platforms (Collaboration with SANS Institute)Threat Hunting Platforms (Collaboration with SANS Institute)
Threat Hunting Platforms (Collaboration with SANS Institute)Sqrrl
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with SplunkSplunk
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkSqrrl
 
Threat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivityThreat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivitySqrrl
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabTeymur Kheirkhabarov
 
SIEM and Threat Hunting
SIEM and Threat HuntingSIEM and Threat Hunting
SIEM and Threat Huntingn|u - The Open Security Community
 
Splunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learningSplunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learningDigital Transformation EXPO Event Series
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise SecuritySplunk
 
フォレンジックツールの開発と実装
フォレンジックツールの開発と実装フォレンジックツールの開発と実装
フォレンジックツールの開発と実装IIJ
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onSplunk
 
클라우드 보안 위협에 가장 현명한 대처 ‘안랩 클라우드 보안 서비::김준호::AWS Summit Seoul 2018
클라우드 보안 위협에 가장 현명한 대처 ‘안랩 클라우드 보안 서비::김준호::AWS Summit Seoul 2018 클라우드 보안 위협에 가장 현명한 대처 ‘안랩 클라우드 보안 서비::김준호::AWS Summit Seoul 2018
클라우드 보안 위협에 가장 현명한 대처 ‘안랩 클라우드 보안 서비::김준호::AWS Summit Seoul 2018 Amazon Web Services Korea
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
学術会議 ITシンポジウム資料「プライバシー保護技術の概観と展望」
学術会議 ITシンポジウム資料「プライバシー保護技術の概観と展望」学術会議 ITシンポジウム資料「プライバシー保護技術の概観と展望」
学術会議 ITシンポジウム資料「プライバシー保護技術の概観と展望」Hiroshi Nakagawa
 
CompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the examCompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the examInfosec
 
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021Florian Roth
 
Red + Blue, How Purple Are You
Red + Blue, How Purple Are YouRed + Blue, How Purple Are You
Red + Blue, How Purple Are YouJared Atkinson
 
TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics Robb Boyd
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
UEBA
UEBAUEBA
UEBAChristophe M. Anciaux ☁
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onSplunk
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALRisi Avila
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with SplunkSplunk
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Insider Threats Detection in Cloud using UEBA
Insider Threats Detection in Cloud using UEBAInsider Threats Detection in Cloud using UEBA
Insider Threats Detection in Cloud using UEBALucas Ko
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOARDNIF
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshopArpan Raval
 
Imperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. DImperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. Dscoopnewsgroup
 
Apache Accumulo 1.8.0 Overview
Apache Accumulo 1.8.0 OverviewApache Accumulo 1.8.0 Overview
Apache Accumulo 1.8.0 OverviewJosh Elser
 

Mais conteúdo relacionado

Mais procurados

フォレンジックツールの開発と実装
フォレンジックツールの開発と実装フォレンジックツールの開発と実装
フォレンジックツールの開発と実装IIJ
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onSplunk
 
클라우드 보안 위협에 가장 현명한 대처 ‘안랩 클라우드 보안 서비::김준호::AWS Summit Seoul 2018
클라우드 보안 위협에 가장 현명한 대처 ‘안랩 클라우드 보안 서비::김준호::AWS Summit Seoul 2018 클라우드 보안 위협에 가장 현명한 대처 ‘안랩 클라우드 보안 서비::김준호::AWS Summit Seoul 2018
클라우드 보안 위협에 가장 현명한 대처 ‘안랩 클라우드 보안 서비::김준호::AWS Summit Seoul 2018 Amazon Web Services Korea
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
学術会議 ITシンポジウム資料「プライバシー保護技術の概観と展望」
学術会議 ITシンポジウム資料「プライバシー保護技術の概観と展望」学術会議 ITシンポジウム資料「プライバシー保護技術の概観と展望」
学術会議 ITシンポジウム資料「プライバシー保護技術の概観と展望」Hiroshi Nakagawa
 
CompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the examCompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the examInfosec
 
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021Florian Roth
 
Red + Blue, How Purple Are You
Red + Blue, How Purple Are YouRed + Blue, How Purple Are You
Red + Blue, How Purple Are YouJared Atkinson
 
TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics Robb Boyd
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onSplunk
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALRisi Avila
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with SplunkSplunk
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Insider Threats Detection in Cloud using UEBA
Insider Threats Detection in Cloud using UEBAInsider Threats Detection in Cloud using UEBA
Insider Threats Detection in Cloud using UEBALucas Ko
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOARDNIF
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshopArpan Raval
 

Mais procurados (20)

フォレンジックツールの開発と実装
フォレンジックツールの開発と実装フォレンジックツールの開発と実装
フォレンジックツールの開発と実装
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
 
클라우드 보안 위협에 가장 현명한 대처 ‘안랩 클라우드 보안 서비::김준호::AWS Summit Seoul 2018
클라우드 보안 위협에 가장 현명한 대처 ‘안랩 클라우드 보안 서비::김준호::AWS Summit Seoul 2018 클라우드 보안 위협에 가장 현명한 대처 ‘안랩 클라우드 보안 서비::김준호::AWS Summit Seoul 2018
클라우드 보안 위협에 가장 현명한 대처 ‘안랩 클라우드 보안 서비::김준호::AWS Summit Seoul 2018
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
学術会議 ITシンポジウム資料「プライバシー保護技術の概観と展望」
学術会議 ITシンポジウム資料「プライバシー保護技術の概観と展望」学術会議 ITシンポジウム資料「プライバシー保護技術の概観と展望」
学術会議 ITシンポジウム資料「プライバシー保護技術の概観と展望」
 
CompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the examCompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the exam
 
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
 
Red + Blue, How Purple Are You
Red + Blue, How Purple Are YouRed + Blue, How Purple Are You
Red + Blue, How Purple Are You
 
TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
 
UEBA
UEBAUEBA
UEBA
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINAL
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar Users
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Insider Threats Detection in Cloud using UEBA
Insider Threats Detection in Cloud using UEBAInsider Threats Detection in Cloud using UEBA
Insider Threats Detection in Cloud using UEBA
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOAR
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshop
 

Destaque

Imperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. DImperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. Dscoopnewsgroup
 
Apache Accumulo 1.8.0 Overview
Apache Accumulo 1.8.0 OverviewApache Accumulo 1.8.0 Overview
Apache Accumulo 1.8.0 OverviewJosh Elser
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Big data advance topics - part 2.pptx
Big data advance topics - part 2.pptxBig data advance topics - part 2.pptx
Big data advance topics - part 2.pptxMoldovan Radu Adrian
 
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016Danny Akacki
 
2017 02-07 - elastic & spark. building a search geo locator
2017 02-07 - elastic & spark. building a search geo locator2017 02-07 - elastic & spark. building a search geo locator
2017 02-07 - elastic & spark. building a search geo locatorAlberto Paro
 

Destaque (9)

Imperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. DImperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. D
 
Apache Accumulo 1.8.0 Overview
Apache Accumulo 1.8.0 OverviewApache Accumulo 1.8.0 Overview
Apache Accumulo 1.8.0 Overview
 
Near Real-Time Outlier Detection and Interpretation
Near Real-Time Outlier Detection and InterpretationNear Real-Time Outlier Detection and Interpretation
Near Real-Time Outlier Detection and Interpretation
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
 
Introduction to Accumulo
Introduction to AccumuloIntroduction to Accumulo
Introduction to Accumulo
 
Big data advance topics - part 2.pptx
Big data advance topics - part 2.pptxBig data advance topics - part 2.pptx
Big data advance topics - part 2.pptx
 
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
 
2017 02-07 - elastic & spark. building a search geo locator
2017 02-07 - elastic & spark. building a search geo locator2017 02-07 - elastic & spark. building a search geo locator
2017 02-07 - elastic & spark. building a search geo locator
 
The Impala Cookbook
The Impala CookbookThe Impala Cookbook
The Impala Cookbook
 

Semelhante a SQRRLTHREAT HUNTING PLATFORM OVERVIEW

Smart Data Slides: Emerging Hardware Choices for Modern AI Data Management
Smart Data Slides: Emerging Hardware Choices for Modern AI Data ManagementSmart Data Slides: Emerging Hardware Choices for Modern AI Data Management
Smart Data Slides: Emerging Hardware Choices for Modern AI Data ManagementDATAVERSITY
 
Apache Eagle: Architecture Evolvement and New Features
Apache Eagle: Architecture Evolvement and New FeaturesApache Eagle: Architecture Evolvement and New Features
Apache Eagle: Architecture Evolvement and New FeaturesHao Chen
 
Oracle Cloud Café hybrid Cloud 19 mai 2016
Oracle Cloud Café hybrid Cloud 19 mai 2016Oracle Cloud Café hybrid Cloud 19 mai 2016
Oracle Cloud Café hybrid Cloud 19 mai 2016Sorathaya Sirimanotham
 
Oracle Management Cloud - HybridCloud Café - May 2016
Oracle Management Cloud - HybridCloud Café - May 2016Oracle Management Cloud - HybridCloud Café - May 2016
Oracle Management Cloud - HybridCloud Café - May 2016Bastien Leblanc
 
Sqrrl February Webinar: Breaking Down Data Silos
Sqrrl February Webinar: Breaking Down Data SilosSqrrl February Webinar: Breaking Down Data Silos
Sqrrl February Webinar: Breaking Down Data SilosSqrrl
 
Model-driven Telemetry: The Foundation of Big Data Analytics
Model-driven Telemetry: The Foundation of Big Data AnalyticsModel-driven Telemetry: The Foundation of Big Data Analytics
Model-driven Telemetry: The Foundation of Big Data AnalyticsCisco Canada
 
2024 February 28 - NYC - Meetup Unlocking Financial Data with Real-Time Pipel...
2024 February 28 - NYC - Meetup Unlocking Financial Data with Real-Time Pipel...2024 February 28 - NYC - Meetup Unlocking Financial Data with Real-Time Pipel...
2024 February 28 - NYC - Meetup Unlocking Financial Data with Real-Time Pipel...Timothy Spann
 
Apache metron - An Introduction
Apache metron - An IntroductionApache metron - An Introduction
Apache metron - An IntroductionBaban Gaigole
 
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissancePreparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissanceCloudera, Inc.
 
IoT Edge Data Processing with NVidia Jetson Nano oct 3 2019
IoT Edge Data Processing with NVidia Jetson Nano oct 3 2019IoT Edge Data Processing with NVidia Jetson Nano oct 3 2019
IoT Edge Data Processing with NVidia Jetson Nano oct 3 2019Timothy Spann
 
Getting Started with Splunk
Getting Started with SplunkGetting Started with Splunk
Getting Started with SplunkSplunk
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionSplunk
 
Daten anonymisieren und pseudonymisieren in Splunk Enterprise
Daten anonymisieren und pseudonymisieren in Splunk EnterpriseDaten anonymisieren und pseudonymisieren in Splunk Enterprise
Daten anonymisieren und pseudonymisieren in Splunk Enterprisejenny_splunk
 
Analyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-timeAnalyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-timeDataWorks Summit
 
Apache Eagle Architecture Evolvement
Apache Eagle Architecture EvolvementApache Eagle Architecture Evolvement
Apache Eagle Architecture EvolvementHao Chen
 
Model driven telemetry
Model driven telemetryModel driven telemetry
Model driven telemetryCisco Canada
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 

Semelhante a SQRRLTHREAT HUNTING PLATFORM OVERVIEW (20)

Smart Data Slides: Emerging Hardware Choices for Modern AI Data Management
Smart Data Slides: Emerging Hardware Choices for Modern AI Data ManagementSmart Data Slides: Emerging Hardware Choices for Modern AI Data Management
Smart Data Slides: Emerging Hardware Choices for Modern AI Data Management
 
Apache Eagle: Architecture Evolvement and New Features
Apache Eagle: Architecture Evolvement and New FeaturesApache Eagle: Architecture Evolvement and New Features
Apache Eagle: Architecture Evolvement and New Features
 
Sqrrl and Accumulo
Sqrrl and AccumuloSqrrl and Accumulo
Sqrrl and Accumulo
 
Oracle Cloud Café hybrid Cloud 19 mai 2016
Oracle Cloud Café hybrid Cloud 19 mai 2016Oracle Cloud Café hybrid Cloud 19 mai 2016
Oracle Cloud Café hybrid Cloud 19 mai 2016
 
Oracle Management Cloud - HybridCloud Café - May 2016
Oracle Management Cloud - HybridCloud Café - May 2016Oracle Management Cloud - HybridCloud Café - May 2016
Oracle Management Cloud - HybridCloud Café - May 2016
 
Sqrrl February Webinar: Breaking Down Data Silos
Sqrrl February Webinar: Breaking Down Data SilosSqrrl February Webinar: Breaking Down Data Silos
Sqrrl February Webinar: Breaking Down Data Silos
 
Model-driven Telemetry: The Foundation of Big Data Analytics
Model-driven Telemetry: The Foundation of Big Data AnalyticsModel-driven Telemetry: The Foundation of Big Data Analytics
Model-driven Telemetry: The Foundation of Big Data Analytics
 
2024 February 28 - NYC - Meetup Unlocking Financial Data with Real-Time Pipel...
2024 February 28 - NYC - Meetup Unlocking Financial Data with Real-Time Pipel...2024 February 28 - NYC - Meetup Unlocking Financial Data with Real-Time Pipel...
2024 February 28 - NYC - Meetup Unlocking Financial Data with Real-Time Pipel...
 
Apache metron - An Introduction
Apache metron - An IntroductionApache metron - An Introduction
Apache metron - An Introduction
 
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissancePreparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity Renaissance
 
IoT Edge Data Processing with NVidia Jetson Nano oct 3 2019
IoT Edge Data Processing with NVidia Jetson Nano oct 3 2019IoT Edge Data Processing with NVidia Jetson Nano oct 3 2019
IoT Edge Data Processing with NVidia Jetson Nano oct 3 2019
 
Getting Started with Splunk
Getting Started with SplunkGetting Started with Splunk
Getting Started with Splunk
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
 
Daten anonymisieren und pseudonymisieren in Splunk Enterprise
Daten anonymisieren und pseudonymisieren in Splunk EnterpriseDaten anonymisieren und pseudonymisieren in Splunk Enterprise
Daten anonymisieren und pseudonymisieren in Splunk Enterprise
 
CRYPTTECH PRODUCTS
CRYPTTECH PRODUCTSCRYPTTECH PRODUCTS
CRYPTTECH PRODUCTS
 
Analyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-timeAnalyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-time
 
Apache Eagle Architecture Evolvement
Apache Eagle Architecture EvolvementApache Eagle Architecture Evolvement
Apache Eagle Architecture Evolvement
 
Model driven telemetry
Model driven telemetryModel driven telemetry
Model driven telemetry
 
IOT, Streaming Analytics and Machine Learning
IOT, Streaming Analytics and Machine Learning IOT, Streaming Analytics and Machine Learning
IOT, Streaming Analytics and Machine Learning
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 

Mais de DataWorks Summit/Hadoop Summit

Unleashing the Power of Apache Atlas with Apache Ranger
Unleashing the Power of Apache Atlas with Apache RangerUnleashing the Power of Apache Atlas with Apache Ranger
Unleashing the Power of Apache Atlas with Apache RangerDataWorks Summit/Hadoop Summit
 
Enabling Digital Diagnostics with a Data Science Platform
Enabling Digital Diagnostics with a Data Science PlatformEnabling Digital Diagnostics with a Data Science Platform
Enabling Digital Diagnostics with a Data Science PlatformDataWorks Summit/Hadoop Summit
 
Double Your Hadoop Performance with Hortonworks SmartSense
Double Your Hadoop Performance with Hortonworks SmartSenseDouble Your Hadoop Performance with Hortonworks SmartSense
Double Your Hadoop Performance with Hortonworks SmartSenseDataWorks Summit/Hadoop Summit
 
Building a Large-Scale, Adaptive Recommendation Engine with Apache Flink and ...
Building a Large-Scale, Adaptive Recommendation Engine with Apache Flink and ...Building a Large-Scale, Adaptive Recommendation Engine with Apache Flink and ...
Building a Large-Scale, Adaptive Recommendation Engine with Apache Flink and ...DataWorks Summit/Hadoop Summit
 
Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...
Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...
Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...DataWorks Summit/Hadoop Summit
 
Mool - Automated Log Analysis using Data Science and ML
Mool - Automated Log Analysis using Data Science and MLMool - Automated Log Analysis using Data Science and ML
Mool - Automated Log Analysis using Data Science and MLDataWorks Summit/Hadoop Summit
 
The Challenge of Driving Business Value from the Analytics of Things (AOT)
The Challenge of Driving Business Value from the Analytics of Things (AOT)The Challenge of Driving Business Value from the Analytics of Things (AOT)
The Challenge of Driving Business Value from the Analytics of Things (AOT)DataWorks Summit/Hadoop Summit
 
From Regulatory Process Verification to Predictive Maintenance and Beyond wit...
From Regulatory Process Verification to Predictive Maintenance and Beyond wit...From Regulatory Process Verification to Predictive Maintenance and Beyond wit...
From Regulatory Process Verification to Predictive Maintenance and Beyond wit...DataWorks Summit/Hadoop Summit
 

Mais de DataWorks Summit/Hadoop Summit (20)

Running Apache Spark & Apache Zeppelin in Production
Running Apache Spark & Apache Zeppelin in ProductionRunning Apache Spark & Apache Zeppelin in Production
Running Apache Spark & Apache Zeppelin in Production
 
State of Security: Apache Spark & Apache Zeppelin
State of Security: Apache Spark & Apache ZeppelinState of Security: Apache Spark & Apache Zeppelin
State of Security: Apache Spark & Apache Zeppelin
 
Unleashing the Power of Apache Atlas with Apache Ranger
Unleashing the Power of Apache Atlas with Apache RangerUnleashing the Power of Apache Atlas with Apache Ranger
Unleashing the Power of Apache Atlas with Apache Ranger
 
Enabling Digital Diagnostics with a Data Science Platform
Enabling Digital Diagnostics with a Data Science PlatformEnabling Digital Diagnostics with a Data Science Platform
Enabling Digital Diagnostics with a Data Science Platform
 
Revolutionize Text Mining with Spark and Zeppelin
Revolutionize Text Mining with Spark and ZeppelinRevolutionize Text Mining with Spark and Zeppelin
Revolutionize Text Mining with Spark and Zeppelin
 
Double Your Hadoop Performance with Hortonworks SmartSense
Double Your Hadoop Performance with Hortonworks SmartSenseDouble Your Hadoop Performance with Hortonworks SmartSense
Double Your Hadoop Performance with Hortonworks SmartSense
 
Hadoop Crash Course
Hadoop Crash CourseHadoop Crash Course
Hadoop Crash Course
 
Data Science Crash Course
Data Science Crash CourseData Science Crash Course
Data Science Crash Course
 
Apache Spark Crash Course
Apache Spark Crash CourseApache Spark Crash Course
Apache Spark Crash Course
 
Dataflow with Apache NiFi
Dataflow with Apache NiFiDataflow with Apache NiFi
Dataflow with Apache NiFi
 
Schema Registry - Set you Data Free
Schema Registry - Set you Data FreeSchema Registry - Set you Data Free
Schema Registry - Set you Data Free
 
Building a Large-Scale, Adaptive Recommendation Engine with Apache Flink and ...
Building a Large-Scale, Adaptive Recommendation Engine with Apache Flink and ...Building a Large-Scale, Adaptive Recommendation Engine with Apache Flink and ...
Building a Large-Scale, Adaptive Recommendation Engine with Apache Flink and ...
 
Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...
Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...
Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...
 
Mool - Automated Log Analysis using Data Science and ML
Mool - Automated Log Analysis using Data Science and MLMool - Automated Log Analysis using Data Science and ML
Mool - Automated Log Analysis using Data Science and ML
 
How Hadoop Makes the Natixis Pack More Efficient
How Hadoop Makes the Natixis Pack More Efficient How Hadoop Makes the Natixis Pack More Efficient
How Hadoop Makes the Natixis Pack More Efficient
 
HBase in Practice
HBase in Practice HBase in Practice
HBase in Practice
 
The Challenge of Driving Business Value from the Analytics of Things (AOT)
The Challenge of Driving Business Value from the Analytics of Things (AOT)The Challenge of Driving Business Value from the Analytics of Things (AOT)
The Challenge of Driving Business Value from the Analytics of Things (AOT)
 
Breaking the 1 Million OPS/SEC Barrier in HOPS Hadoop
Breaking the 1 Million OPS/SEC Barrier in HOPS HadoopBreaking the 1 Million OPS/SEC Barrier in HOPS Hadoop
Breaking the 1 Million OPS/SEC Barrier in HOPS Hadoop
 
From Regulatory Process Verification to Predictive Maintenance and Beyond wit...
From Regulatory Process Verification to Predictive Maintenance and Beyond wit...From Regulatory Process Verification to Predictive Maintenance and Beyond wit...
From Regulatory Process Verification to Predictive Maintenance and Beyond wit...
 
Backup and Disaster Recovery in Hadoop
Backup and Disaster Recovery in Hadoop Backup and Disaster Recovery in Hadoop
Backup and Disaster Recovery in Hadoop
 

Último

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

Último (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

SQRRLTHREAT HUNTING PLATFORM OVERVIEW

  • 1. SQRRLTHREAT HUNTING PLATFORM ADAM FUCHS CTO, SQRRL COMMITTER, ACCUMULO MEMBER, ASF
  • 2. © 2016 Sqrrl Data, Inc. All rights reserved. 2 Accelerating Investigations
  • 3. © 2016 Sqrrl Data, Inc. All rights reserved. 3 The SqrrlThreat Hunting Platform SECURITY DATA NETWORK DATA ENDPOINT/IDENTITY DATA Firewall / IDS Threat Intel Bro SIEM Alerts NetflowProxy ProcessesHR
  • 4. © 2016 Sqrrl Data, Inc. All rights reserved. 4 Sqrrl Architecture Visualization + API Physical Data Storage Data Model Processing Interface Audit Encryption Labeling+Policy Query Engine: Accumulo Iterators Bulk/Graph Processing: YARN + Spark Raw Events Linked Data HDFS Accumulo+ Commodity Hardware
  • 5. © 2016 Sqrrl Data, Inc. All rights reserved. 5 The Apache Accumulo Project Accumulo Stores Sorted Key,Value Pairs High Performance Writes Great Scalability Embedded Processing (Iterators) We leverage Accumulo for: Low-Latency Information Retrieval Indexing Distributed Processing GraphOrganization Ingest-Time Aggregation Secure Storage
  • 7. © 2016 Sqrrl Data, Inc. All rights reserved. 7 Attack Chain Behavior detection Adversary behavior is modeled based on a kill chain Kill chain alignment of behavior detection analytics: Helps to determine attack penetration and risk Supports arguments of completeness of detection coverage
  • 8. © 2016 Sqrrl Data, Inc. All rights reserved. 8 Kill Chain-Based Behavioral Analytic Example • Lateral Movement: Multiple host logins, credential theft • Active Directory • Windows event logs • Unsupervised machine learning for rarity detection • Graph algorithm for chaining • Analyst whitelisting of false positives
  • 9. © 2016 Sqrrl Data, Inc. All rights reserved. 9 Collating Results ForVisualization and Analysis Behavioral Analytics Entity Risk Scoring Raw Data Modeled Data (Graph) API Applications AnalyticsAnalyticsAnalyticsAnalytics

Notas do Editor

  1. Identify Pain Point It is hard to find attackers moving from a beechhead machine to more interesting machines in a sea of login data Every Windows machine has tens to hundreds of logins a day normally Project datasets Use a subset of windows event login data most likely to contain attacker movement Constrain Output LMs will only be of certain login chain shapes Localized in time Identify Algorithms Use modern classifiers on projected log event set to identify logins that are more or less likely to be in a LM Use motif search algorithms to find patterns of logins that fit the output constraints Self-learning and feedback