SlideShare uma empresa Scribd logo

April 2015 Webinar: Cyber Hunting with Sqrrl

Sqrrl
Sqrrl

The days when Security Operations Center analysts could sit back and wait for alerts to come to them have long passed. Years of breaches and attacks at Fortune 100 banks, retailers, and government agencies have shown that traditional measures like firewalls, IDS, and SIEMs are not enough. While these measures are still important, today’s threats demand a more active role in detecting and isolating sophisticated attacks. It’s hunting season!

Dados e análise
1 de 37
Baixar para ler offline
Securely explore your data IT’S HUNTING SEASON! Tips for getting started with proactive detection
© 2015 Sqrrl | All Rights Reserved ABOUT ME Security Architect at Sqrrl. Research areas include threat intelligence, security analytics and the art & science of hunting. 15 years of detection & response experience in government, research, educational and corporate arenas. A founding member of a Fortune 5’s CIRT. Spent 5 years helping to build a global detection & response capability (500+ sensors, 5PB PCAP, 4TB logs/day).
© 2015 Sqrrl | All Rights Reserved WHAT IS “HUNTING”? The collective name for any manual or machine-assisted techniques used to detect security incidents.
HOW TO BUILD A HUNT CAPABILITY © 2015 Sqrrl | All Rights Reserved Embrace Big Data Get Your Data Science On Always Have a Good Strategy Ask Lots of Questions Pivot… Then Pivot Again Automation is the Key to Continuous Improvement
Securely explore your data TIP #1: EMBRACE BIG DATA
THE THREE DATA DOMAINS © 2015 Sqrrl | All Rights Reserved Keep as much as you can comfortably store Network •  Authentication •  Session data •  Proxy Logs •  File transfers •  DNS resolution Host •  Authentication •  Audit logs •  Process creation Application •  Authentication •  DB queries •  Audit & transaction logs •  Security alerts
THE HUNTING PROCESS © 2015 Sqrrl | All Rights Reserved Hypothesize Query Analyze Revise Successful hunting requires many iterations through this cycle. The faster your analysts get through this loop, the better. Apache’s Hadoop platform offers fast search and processing of huge amounts of data. You will still need tooling on top of whatever platform you choose.
THE HUNTING PROCESS © 2015 Sqrrl | All Rights Reserved Hypothesize Query Analyze Revise Keep as much data as you can comfortably store… …and work with!
Securely explore your data TIP #2: GET YOUR DATA SCIENCE ON
WHEN’S THE LAST TIME YOU HEARD…? © 2015 Sqrrl | All Rights Reserved “It is a Best Practice to review all your logs each day.”
WHEN’S THE LAST TIME YOU HEARD…? © 2015 Sqrrl | All Rights Reserved “It is a Best Practice to review all your logs each day.”
BEST-ER PRACTICE © 2015 Sqrrl | All Rights Reserved Data Deduplication & Reduction Machine-Assisted Analysis Parsing & Normalization
MACHINE-ASSISTED ANALYSIS © 2015 Sqrrl | All Rights Reserved Computers Bad at context and understanding Good at repetition and drudgery Algorithms work cheap! People Contextual analysis experts who love patterns Posses curiosity & intuition Business knowledge Empowered Analysts Process massive amounts of data Agile investigations Quickly turn questions into insight
Securely explore your data TIP #3: ALWAYS HAVE A GOOD STRATEGY
STRATEGY ENABLES RESULTS © 2015 Sqrrl | All Rights Reserved Where do I start? What should I look for? What’s my path to improve? Your strategy determines the quality of your results. Choose a strategy that supports your detection goals. Don’t underestimate the importance of good planning!
STRATEGY #1 © 2015 Sqrrl | All Rights Reserved Make the most of what you already collect Advantages Disadvantages You probably already collect at least some data. Someone is already familiar with its contents. You may already have some idea of the key questions you want answered. Your ability to ask questions is limited by the available data. External forces have more influence over your results. May confuse “easy” with “effective”.
STRATEGY #2 © 2015 Sqrrl | All Rights Reserved Follow the Kill Chain Reconnaissance Weaponization Delivery Exploitation Installation Command & Control (C2) Actions on Objectives Source: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains”, Hutchins, Cloppert, Amin, http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf (Last checked April 29th,2015)
STRATEGY #2 © 2015 Sqrrl | All Rights Reserved Follow the Kill Chain Reconnaissance Weaponization Delivery Exploitation Installation Command & Control (C2) Actions on Objectives Source: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains”, Hutchins, Cloppert, Amin, http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf (Last checked April 29th,2015) Find attacks already happening
STRATEGY #2 © 2015 Sqrrl | All Rights Reserved Follow the Kill Chain Reconnaissance Weaponization Delivery Exploitation Installation Command & Control (C2) Actions on Objectives Source: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains”, Hutchins, Cloppert, Amin, http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf (Last checked April 29th,2015) Find attacks already happening Expand the stories you are able to tell
STRATEGY #2 © 2015 Sqrrl | All Rights Reserved Follow the Kill Chain Reconnaissance Weaponization Delivery Exploitation Installation Command & Control (C2) Actions on Objectives Source: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains”, Hutchins, Cloppert, Amin, http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf (Last checked April 29th,2015) Find attacks already happening Expand the stories you are able to tell Predict attacks before they happen
Securely explore your data TIP #4: ASK LOTS OF QUESTIONS
© 2015 Sqrrl | All Rights Reserved ALL HUNTS START WITH QUESTIONS What data do I have and what does it “look like”?
© 2015 Sqrrl | All Rights Reserved ALL HUNTS START WITH QUESTIONS What data do I have and what does it “look like”? Is there any data exfiltration going on in my network?
© 2015 Sqrrl | All Rights Reserved ALL HUNTS START WITH QUESTIONS What data do I have and what does it “look like”? Is there any data exfiltration going on in my network? Are there any unauthorized users on my VPN?
© 2015 Sqrrl | All Rights Reserved ALL HUNTS START WITH QUESTIONS What data do I have and what does it “look like”? Is there any data exfiltration going on in my network? Are there any unauthorized users on my VPN? Have my users been spearphished?
© 2015 Sqrrl | All Rights Reserved ALL HUNTS START WITH QUESTIONS What data do I have and what does it “look like”? Is there any data exfiltration going on in my network? Are there any unauthorized users on my VPN? Is anyone misusing their database credentials? Have my users been spearphished?
© 2015 Sqrrl | All Rights Reserved ALL HUNTS START WITH QUESTIONS What data do I have and what does it “look like”? Is there any lateral movement going on? Is there any data exfiltration going on in my network? Are there any unauthorized users on my VPN? Is anyone misusing their database credentials? Have my users been spearphished?
QUESTIONS BECOME HYPOTHESES © 2015 Sqrrl | All Rights Reserved Hypothesize Query Analyze Revise “If this activity is going on, it might look like…” That’s your hypothesis! If at first you don’t succeed, reimagine it.
Securely explore your data TIP #5: PIVOT… THEN PIVOT AGAIN
© 2015 Sqrrl | All Rights Reserved ATTACKERS LEAVE TRAILS EVERYWHERE Email logs Endpoint process accounting HTTP proxy logs Authentication records Filesystem metadata Network session data Database query logs
© 2015 Sqrrl | All Rights Reserved DATA DIVERSITY Leverage different types of data to… Reveal relationships Clarify the situation Highlight inconsistencies Tell a complete story
© 2015 Sqrrl | All Rights Reserved TOOLSET DIVERSITY Different techniques, different perspectives
Securely explore your data BONUS TIP: AUTOMATION IS THE KEY TO IMPROVEMENT
© 2015 Sqrrl | All Rights Reserved
Securely explore your data CONCLUSION
LET’S REVIEW © 2015 Sqrrl | All Rights Reserved Embrace Big Data Get Your Data Science On Always Have a Good Strategy Ask Lots of Questions Pivot… Then Pivot Again Automation is the Key to Continuous Improvement
QUESTIONS? © 2015 Sqrrl | All Rights Reserved David J. Bianco dbianco@sqrrl.com @DavidJBianco

Recomendados

Transitioning Government Technology
Transitioning Government TechnologyTransitioning Government Technology
Transitioning Government TechnologySqrrl
 
Sqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch WebinarSqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch WebinarSqrrl
 
Modernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingModernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingSqrrl
 
Machine Learning for Incident Detection: Getting Started
Machine Learning for Incident Detection: Getting StartedMachine Learning for Incident Detection: Getting Started
Machine Learning for Incident Detection: Getting StartedSqrrl
 
Leveraging Threat Intelligence to Guide Your Hunts
Leveraging Threat Intelligence to Guide Your HuntsLeveraging Threat Intelligence to Guide Your Hunts
Leveraging Threat Intelligence to Guide Your HuntsSqrrl
 
User and Entity Behavior Analytics using the Sqrrl Behavior Graph
User and Entity Behavior Analytics using the Sqrrl Behavior GraphUser and Entity Behavior Analytics using the Sqrrl Behavior Graph
User and Entity Behavior Analytics using the Sqrrl Behavior GraphSqrrl
 
Threat Hunting Platforms (Collaboration with SANS Institute)
Threat Hunting Platforms (Collaboration with SANS Institute)Threat Hunting Platforms (Collaboration with SANS Institute)
Threat Hunting Platforms (Collaboration with SANS Institute)Sqrrl
 
Sqrrl March Webinar: How to Build a Big App
Sqrrl March Webinar: How to Build a Big AppSqrrl March Webinar: How to Build a Big App
Sqrrl March Webinar: How to Build a Big AppSqrrl
 

Recomendados

Transitioning Government Technology
Transitioning Government TechnologyTransitioning Government Technology
Transitioning Government TechnologySqrrl
 
Sqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch WebinarSqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch WebinarSqrrl
 
Modernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingModernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingSqrrl
 
Machine Learning for Incident Detection: Getting Started
Machine Learning for Incident Detection: Getting StartedMachine Learning for Incident Detection: Getting Started
Machine Learning for Incident Detection: Getting StartedSqrrl
 
Leveraging Threat Intelligence to Guide Your Hunts
Leveraging Threat Intelligence to Guide Your HuntsLeveraging Threat Intelligence to Guide Your Hunts
Leveraging Threat Intelligence to Guide Your HuntsSqrrl
 
User and Entity Behavior Analytics using the Sqrrl Behavior Graph
User and Entity Behavior Analytics using the Sqrrl Behavior GraphUser and Entity Behavior Analytics using the Sqrrl Behavior Graph
User and Entity Behavior Analytics using the Sqrrl Behavior GraphSqrrl
 
Threat Hunting Platforms (Collaboration with SANS Institute)
Threat Hunting Platforms (Collaboration with SANS Institute)Threat Hunting Platforms (Collaboration with SANS Institute)
Threat Hunting Platforms (Collaboration with SANS Institute)Sqrrl
 
Sqrrl March Webinar: How to Build a Big App
Sqrrl March Webinar: How to Build a Big AppSqrrl March Webinar: How to Build a Big App
Sqrrl March Webinar: How to Build a Big AppSqrrl
 
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Sqrrl
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert TriageSqrrl
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
 
Grace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Grace Hopper Open Source Day Findings | Thorn & Cloudera CaresGrace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Grace Hopper Open Source Day Findings | Thorn & Cloudera CaresCloudera, Inc.
 
Cyber strategies stack the odds in your favor
Cyber strategies stack the odds in your favorCyber strategies stack the odds in your favor
Cyber strategies stack the odds in your favorNational Retail Federation
 
Jisheng Wang at AI Frontiers: Deep Learning in Security
Jisheng Wang at AI Frontiers: Deep Learning in SecurityJisheng Wang at AI Frontiers: Deep Learning in Security
Jisheng Wang at AI Frontiers: Deep Learning in SecurityAI Frontiers
 
Sqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric SecuritySqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric SecuritySqrrl
 
Building a Successful Threat Hunting Program
Building a Successful Threat Hunting ProgramBuilding a Successful Threat Hunting Program
Building a Successful Threat Hunting ProgramCarl C. Manion
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Building a Threat Hunting Practice in the Cloud
Building a Threat Hunting Practice in the CloudBuilding a Threat Hunting Practice in the Cloud
Building a Threat Hunting Practice in the CloudProtectWise
 
Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017Kevin Finley
 
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...ThreatConnect
 
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE - ATT&CKcon
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...
Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...
Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...BAINIDA
 
Netskope Overview
Netskope OverviewNetskope Overview
Netskope OverviewNetskope
 
Big Data Analytics to Enhance Security
Big Data Analytics to Enhance SecurityBig Data Analytics to Enhance Security
Big Data Analytics to Enhance SecurityData Science Thailand
 
Save Time and Act Faster with Playbooks
Save Time and Act Faster with PlaybooksSave Time and Act Faster with Playbooks
Save Time and Act Faster with PlaybooksThreatConnect
 
Abstract Tools for Effective Threat Hunting
Abstract Tools for Effective Threat HuntingAbstract Tools for Effective Threat Hunting
Abstract Tools for Effective Threat Huntingchrissanders88
 
Sqrrl February Webinar: Breaking Down Data Silos
Sqrrl February Webinar: Breaking Down Data SilosSqrrl February Webinar: Breaking Down Data Silos
Sqrrl February Webinar: Breaking Down Data SilosSqrrl
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
The Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseThe Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseLancope, Inc.
 

Mais conteúdo relacionado

Mais procurados

Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Sqrrl
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert TriageSqrrl
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
 
Grace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Grace Hopper Open Source Day Findings | Thorn & Cloudera CaresGrace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Grace Hopper Open Source Day Findings | Thorn & Cloudera CaresCloudera, Inc.
 
Jisheng Wang at AI Frontiers: Deep Learning in Security
Jisheng Wang at AI Frontiers: Deep Learning in SecurityJisheng Wang at AI Frontiers: Deep Learning in Security
Jisheng Wang at AI Frontiers: Deep Learning in SecurityAI Frontiers
 
Sqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric SecuritySqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric SecuritySqrrl
 
Building a Successful Threat Hunting Program
Building a Successful Threat Hunting ProgramBuilding a Successful Threat Hunting Program
Building a Successful Threat Hunting ProgramCarl C. Manion
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Building a Threat Hunting Practice in the Cloud
Building a Threat Hunting Practice in the CloudBuilding a Threat Hunting Practice in the Cloud
Building a Threat Hunting Practice in the CloudProtectWise
 
Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017Kevin Finley
 
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...ThreatConnect
 
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE - ATT&CKcon
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...
Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...
Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...BAINIDA
 
Netskope Overview
Netskope OverviewNetskope Overview
Netskope OverviewNetskope
 
Big Data Analytics to Enhance Security
Big Data Analytics to Enhance SecurityBig Data Analytics to Enhance Security
Big Data Analytics to Enhance SecurityData Science Thailand
 
Save Time and Act Faster with Playbooks
Save Time and Act Faster with PlaybooksSave Time and Act Faster with Playbooks
Save Time and Act Faster with PlaybooksThreatConnect
 
Abstract Tools for Effective Threat Hunting
Abstract Tools for Effective Threat HuntingAbstract Tools for Effective Threat Hunting
Abstract Tools for Effective Threat Huntingchrissanders88
 
Sqrrl February Webinar: Breaking Down Data Silos
Sqrrl February Webinar: Breaking Down Data SilosSqrrl February Webinar: Breaking Down Data Silos
Sqrrl February Webinar: Breaking Down Data SilosSqrrl
 

Mais procurados (20)

Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert Triage
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar Users
 
Grace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Grace Hopper Open Source Day Findings | Thorn & Cloudera CaresGrace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Grace Hopper Open Source Day Findings | Thorn & Cloudera Cares
 
Cyber strategies stack the odds in your favor
Cyber strategies stack the odds in your favorCyber strategies stack the odds in your favor
Cyber strategies stack the odds in your favor
 
Jisheng Wang at AI Frontiers: Deep Learning in Security
Jisheng Wang at AI Frontiers: Deep Learning in SecurityJisheng Wang at AI Frontiers: Deep Learning in Security
Jisheng Wang at AI Frontiers: Deep Learning in Security
 
Sqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric SecuritySqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric Security
 
Building a Successful Threat Hunting Program
Building a Successful Threat Hunting ProgramBuilding a Successful Threat Hunting Program
Building a Successful Threat Hunting Program
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
 
Building a Threat Hunting Practice in the Cloud
Building a Threat Hunting Practice in the CloudBuilding a Threat Hunting Practice in the Cloud
Building a Threat Hunting Practice in the Cloud
 
Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017
 
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
 
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...
Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...
Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...
 
Netskope Overview
Netskope OverviewNetskope Overview
Netskope Overview
 
Big Data Analytics to Enhance Security
Big Data Analytics to Enhance SecurityBig Data Analytics to Enhance Security
Big Data Analytics to Enhance Security
 
Save Time and Act Faster with Playbooks
Save Time and Act Faster with PlaybooksSave Time and Act Faster with Playbooks
Save Time and Act Faster with Playbooks
 
Abstract Tools for Effective Threat Hunting
Abstract Tools for Effective Threat HuntingAbstract Tools for Effective Threat Hunting
Abstract Tools for Effective Threat Hunting
 
Sqrrl February Webinar: Breaking Down Data Silos
Sqrrl February Webinar: Breaking Down Data SilosSqrrl February Webinar: Breaking Down Data Silos
Sqrrl February Webinar: Breaking Down Data Silos
 

Semelhante a April 2015 Webinar: Cyber Hunting with Sqrrl

Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
The Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseThe Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseLancope, Inc.
 
Pivotal Digital Transformation Forum: Data Science
Pivotal Digital Transformation Forum: Data Science Pivotal Digital Transformation Forum: Data Science
Pivotal Digital Transformation Forum: Data Science VMware Tanzu
 
Pivotal Digital Transformation Forum: Data Science Bridging the Gap
Pivotal Digital Transformation Forum: Data Science Bridging the GapPivotal Digital Transformation Forum: Data Science Bridging the Gap
Pivotal Digital Transformation Forum: Data Science Bridging the GapVMware Tanzu
 
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Netskope
 
The X Factor in Data Centric Security
The X Factor in Data Centric SecurityThe X Factor in Data Centric Security
The X Factor in Data Centric SecurityWatchful Software
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)Lancope, Inc.
 
2015 1029 webinar_meet_the_tech_savvy_cfo
2015 1029 webinar_meet_the_tech_savvy_cfo2015 1029 webinar_meet_the_tech_savvy_cfo
2015 1029 webinar_meet_the_tech_savvy_cfoIntacct Corporation
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportWebinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportCyren, Inc
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]APNIC
 
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsThe State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsImperva
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackinghcls
 
Internet Of Things: How Data Science Driven Software is Eating the Connected ...
Internet Of Things: How Data Science Driven Software is Eating the Connected ...Internet Of Things: How Data Science Driven Software is Eating the Connected ...
Internet Of Things: How Data Science Driven Software is Eating the Connected ...VMware Tanzu
 
Internet Of Things: How Data Science Driven Software is Eating the Connected ...
Internet Of Things: How Data Science Driven Software is Eating the Connected ...Internet Of Things: How Data Science Driven Software is Eating the Connected ...
Internet Of Things: How Data Science Driven Software is Eating the Connected ...Sarah Aerni
 
Monitorama 2017 - Who Watches the Watchers?
Monitorama 2017 - Who Watches the Watchers?Monitorama 2017 - Who Watches the Watchers?
Monitorama 2017 - Who Watches the Watchers?brantstrand
 
IoT: How Data Science Driven Software is Eating the Connected World
IoT: How Data Science Driven Software is Eating the Connected WorldIoT: How Data Science Driven Software is Eating the Connected World
IoT: How Data Science Driven Software is Eating the Connected WorldDataWorks Summit
 

Semelhante a April 2015 Webinar: Cyber Hunting with Sqrrl (20)

Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
The Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseThe Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident Response
 
Pivotal Digital Transformation Forum: Data Science
Pivotal Digital Transformation Forum: Data Science Pivotal Digital Transformation Forum: Data Science
Pivotal Digital Transformation Forum: Data Science
 
Pivotal Digital Transformation Forum: Data Science Bridging the Gap
Pivotal Digital Transformation Forum: Data Science Bridging the GapPivotal Digital Transformation Forum: Data Science Bridging the Gap
Pivotal Digital Transformation Forum: Data Science Bridging the Gap
 
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
 
The X Factor in Data Centric Security
The X Factor in Data Centric SecurityThe X Factor in Data Centric Security
The X Factor in Data Centric Security
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
 
2015 1029 webinar_meet_the_tech_savvy_cfo
2015 1029 webinar_meet_the_tech_savvy_cfo2015 1029 webinar_meet_the_tech_savvy_cfo
2015 1029 webinar_meet_the_tech_savvy_cfo
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
Mind the gap
Mind the gapMind the gap
Mind the gap
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportWebinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
 
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsThe State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Internet Of Things: How Data Science Driven Software is Eating the Connected ...
Internet Of Things: How Data Science Driven Software is Eating the Connected ...Internet Of Things: How Data Science Driven Software is Eating the Connected ...
Internet Of Things: How Data Science Driven Software is Eating the Connected ...
 
Internet Of Things: How Data Science Driven Software is Eating the Connected ...
Internet Of Things: How Data Science Driven Software is Eating the Connected ...Internet Of Things: How Data Science Driven Software is Eating the Connected ...
Internet Of Things: How Data Science Driven Software is Eating the Connected ...
 
Monitorama 2017 - Who Watches the Watchers?
Monitorama 2017 - Who Watches the Watchers?Monitorama 2017 - Who Watches the Watchers?
Monitorama 2017 - Who Watches the Watchers?
 
IoT: How Data Science Driven Software is Eating the Connected World
IoT: How Data Science Driven Software is Eating the Connected WorldIoT: How Data Science Driven Software is Eating the Connected World
IoT: How Data Science Driven Software is Eating the Connected World
 

Mais de Sqrrl

How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkSqrrl
 
Threat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivityThreat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivitySqrrl
 
Leveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker ActivityLeveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker ActivitySqrrl
 
Reducing Mean Time to Know
Reducing Mean Time to KnowReducing Mean Time to Know
Reducing Mean Time to KnowSqrrl
 
Sqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use CaseSqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use CaseSqrrl
 
The Linked Data Advantage
The Linked Data AdvantageThe Linked Data Advantage
The Linked Data AdvantageSqrrl
 
Sqrrl Enterprise: Integrate, Explore, Analyze
Sqrrl Enterprise: Integrate, Explore, AnalyzeSqrrl Enterprise: Integrate, Explore, Analyze
Sqrrl Enterprise: Integrate, Explore, AnalyzeSqrrl
 
Sqrrl Datasheet: Cyber Hunting
Sqrrl Datasheet: Cyber HuntingSqrrl Datasheet: Cyber Hunting
Sqrrl Datasheet: Cyber HuntingSqrrl
 
Benchmarking The Apache Accumulo Distributed Key–Value Store
Benchmarking The Apache Accumulo Distributed Key–Value StoreBenchmarking The Apache Accumulo Distributed Key–Value Store
Benchmarking The Apache Accumulo Distributed Key–Value StoreSqrrl
 
Scalable Graph Clustering with Pregel
Scalable Graph Clustering with PregelScalable Graph Clustering with Pregel
Scalable Graph Clustering with PregelSqrrl
 
What's Next for Google's BigTable
What's Next for Google's BigTableWhat's Next for Google's BigTable
What's Next for Google's BigTableSqrrl
 
October 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat DetectionOctober 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat DetectionSqrrl
 
Performance Models for Apache Accumulo
Performance Models for Apache AccumuloPerformance Models for Apache Accumulo
Performance Models for Apache AccumuloSqrrl
 
Sqrrl June Webinar: An Accumulo Love Story
Sqrrl June Webinar: An Accumulo Love StorySqrrl June Webinar: An Accumulo Love Story
Sqrrl June Webinar: An Accumulo Love StorySqrrl
 
Sqrrl November Webinar: Encryption and Security in Accumulo
Sqrrl November Webinar: Encryption and Security in AccumuloSqrrl November Webinar: Encryption and Security in Accumulo
Sqrrl November Webinar: Encryption and Security in AccumuloSqrrl
 
Sqrrl October Webinar: Data Modeling and Indexing
Sqrrl October Webinar: Data Modeling and IndexingSqrrl October Webinar: Data Modeling and Indexing
Sqrrl October Webinar: Data Modeling and IndexingSqrrl
 

Mais de Sqrrl (16)

How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your Network
 
Threat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivityThreat Hunting for Command and Control Activity
Threat Hunting for Command and Control Activity
 
Leveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker ActivityLeveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker Activity
 
Reducing Mean Time to Know
Reducing Mean Time to KnowReducing Mean Time to Know
Reducing Mean Time to Know
 
Sqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use CaseSqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use Case
 
The Linked Data Advantage
The Linked Data AdvantageThe Linked Data Advantage
The Linked Data Advantage
 
Sqrrl Enterprise: Integrate, Explore, Analyze
Sqrrl Enterprise: Integrate, Explore, AnalyzeSqrrl Enterprise: Integrate, Explore, Analyze
Sqrrl Enterprise: Integrate, Explore, Analyze
 
Sqrrl Datasheet: Cyber Hunting
Sqrrl Datasheet: Cyber HuntingSqrrl Datasheet: Cyber Hunting
Sqrrl Datasheet: Cyber Hunting
 
Benchmarking The Apache Accumulo Distributed Key–Value Store
Benchmarking The Apache Accumulo Distributed Key–Value StoreBenchmarking The Apache Accumulo Distributed Key–Value Store
Benchmarking The Apache Accumulo Distributed Key–Value Store
 
Scalable Graph Clustering with Pregel
Scalable Graph Clustering with PregelScalable Graph Clustering with Pregel
Scalable Graph Clustering with Pregel
 
What's Next for Google's BigTable
What's Next for Google's BigTableWhat's Next for Google's BigTable
What's Next for Google's BigTable
 
October 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat DetectionOctober 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat Detection
 
Performance Models for Apache Accumulo
Performance Models for Apache AccumuloPerformance Models for Apache Accumulo
Performance Models for Apache Accumulo
 
Sqrrl June Webinar: An Accumulo Love Story
Sqrrl June Webinar: An Accumulo Love StorySqrrl June Webinar: An Accumulo Love Story
Sqrrl June Webinar: An Accumulo Love Story
 
Sqrrl November Webinar: Encryption and Security in Accumulo
Sqrrl November Webinar: Encryption and Security in AccumuloSqrrl November Webinar: Encryption and Security in Accumulo
Sqrrl November Webinar: Encryption and Security in Accumulo
 
Sqrrl October Webinar: Data Modeling and Indexing
Sqrrl October Webinar: Data Modeling and IndexingSqrrl October Webinar: Data Modeling and Indexing
Sqrrl October Webinar: Data Modeling and Indexing
 

Último

Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusTimothy Spann
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfLars Albertsson
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfRachmat Ramadhan H
 
Industrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfIndustrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfLars Albertsson
 
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Callshivangimorya083
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptxAnupama Kate
 
Ukraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICSUkraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICSAishani27
 
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptdokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptSonatrach
 
Brighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data StorytellingBrighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data StorytellingNeil Barnes
 
RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998YohFuh
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz1
 
Call Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts ServiceCall Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts ServiceSapana Sha
 
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130Suhani Kapoor
 
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...Suhani Kapoor
 
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一ffjhghh
 
CebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxCebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxolyaivanovalion
 
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfKantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfSocial Samosa
 
Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxIntroduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxfirstjob4
 

Último (20)

Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and Milvus
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdf
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
 
Industrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfIndustrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdf
 
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
 
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in KishangarhDelhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx
 
Ukraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICSUkraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICS
 
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptdokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
 
Brighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data StorytellingBrighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data Storytelling
 
RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signals
 
Call Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts ServiceCall Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts Service
 
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
 
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
 
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
 
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
 
CebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxCebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptx
 
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfKantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
 
Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxIntroduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptx
 

April 2015 Webinar: Cyber Hunting with Sqrrl

  • 1. Securely explore your data IT’S HUNTING SEASON! Tips for getting started with proactive detection
  • 2. © 2015 Sqrrl | All Rights Reserved ABOUT ME Security Architect at Sqrrl. Research areas include threat intelligence, security analytics and the art & science of hunting. 15 years of detection & response experience in government, research, educational and corporate arenas. A founding member of a Fortune 5’s CIRT. Spent 5 years helping to build a global detection & response capability (500+ sensors, 5PB PCAP, 4TB logs/day).
  • 3. © 2015 Sqrrl | All Rights Reserved WHAT IS “HUNTING”? The collective name for any manual or machine-assisted techniques used to detect security incidents.
  • 4. HOW TO BUILD A HUNT CAPABILITY © 2015 Sqrrl | All Rights Reserved Embrace Big Data Get Your Data Science On Always Have a Good Strategy Ask Lots of Questions Pivot… Then Pivot Again Automation is the Key to Continuous Improvement
  • 5. Securely explore your data TIP #1: EMBRACE BIG DATA
  • 6. THE THREE DATA DOMAINS © 2015 Sqrrl | All Rights Reserved Keep as much as you can comfortably store Network •  Authentication •  Session data •  Proxy Logs •  File transfers •  DNS resolution Host •  Authentication •  Audit logs •  Process creation Application •  Authentication •  DB queries •  Audit & transaction logs •  Security alerts
  • 7. THE HUNTING PROCESS © 2015 Sqrrl | All Rights Reserved Hypothesize Query Analyze Revise Successful hunting requires many iterations through this cycle. The faster your analysts get through this loop, the better. Apache’s Hadoop platform offers fast search and processing of huge amounts of data. You will still need tooling on top of whatever platform you choose.
  • 8. THE HUNTING PROCESS © 2015 Sqrrl | All Rights Reserved Hypothesize Query Analyze Revise Keep as much data as you can comfortably store… …and work with!
  • 9. Securely explore your data TIP #2: GET YOUR DATA SCIENCE ON
  • 10. WHEN’S THE LAST TIME YOU HEARD…? © 2015 Sqrrl | All Rights Reserved “It is a Best Practice to review all your logs each day.”
  • 11. WHEN’S THE LAST TIME YOU HEARD…? © 2015 Sqrrl | All Rights Reserved “It is a Best Practice to review all your logs each day.”
  • 12. BEST-ER PRACTICE © 2015 Sqrrl | All Rights Reserved Data Deduplication & Reduction Machine-Assisted Analysis Parsing & Normalization
  • 13. MACHINE-ASSISTED ANALYSIS © 2015 Sqrrl | All Rights Reserved Computers Bad at context and understanding Good at repetition and drudgery Algorithms work cheap! People Contextual analysis experts who love patterns Posses curiosity & intuition Business knowledge Empowered Analysts Process massive amounts of data Agile investigations Quickly turn questions into insight
  • 14. Securely explore your data TIP #3: ALWAYS HAVE A GOOD STRATEGY
  • 15. STRATEGY ENABLES RESULTS © 2015 Sqrrl | All Rights Reserved Where do I start? What should I look for? What’s my path to improve? Your strategy determines the quality of your results. Choose a strategy that supports your detection goals. Don’t underestimate the importance of good planning!
  • 16. STRATEGY #1 © 2015 Sqrrl | All Rights Reserved Make the most of what you already collect Advantages Disadvantages You probably already collect at least some data. Someone is already familiar with its contents. You may already have some idea of the key questions you want answered. Your ability to ask questions is limited by the available data. External forces have more influence over your results. May confuse “easy” with “effective”.
  • 17. STRATEGY #2 © 2015 Sqrrl | All Rights Reserved Follow the Kill Chain Reconnaissance Weaponization Delivery Exploitation Installation Command & Control (C2) Actions on Objectives Source: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains”, Hutchins, Cloppert, Amin, http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf (Last checked April 29th,2015)
  • 18. STRATEGY #2 © 2015 Sqrrl | All Rights Reserved Follow the Kill Chain Reconnaissance Weaponization Delivery Exploitation Installation Command & Control (C2) Actions on Objectives Source: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains”, Hutchins, Cloppert, Amin, http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf (Last checked April 29th,2015) Find attacks already happening
  • 19. STRATEGY #2 © 2015 Sqrrl | All Rights Reserved Follow the Kill Chain Reconnaissance Weaponization Delivery Exploitation Installation Command & Control (C2) Actions on Objectives Source: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains”, Hutchins, Cloppert, Amin, http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf (Last checked April 29th,2015) Find attacks already happening Expand the stories you are able to tell
  • 20. STRATEGY #2 © 2015 Sqrrl | All Rights Reserved Follow the Kill Chain Reconnaissance Weaponization Delivery Exploitation Installation Command & Control (C2) Actions on Objectives Source: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains”, Hutchins, Cloppert, Amin, http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf (Last checked April 29th,2015) Find attacks already happening Expand the stories you are able to tell Predict attacks before they happen
  • 21. Securely explore your data TIP #4: ASK LOTS OF QUESTIONS
  • 22. © 2015 Sqrrl | All Rights Reserved ALL HUNTS START WITH QUESTIONS What data do I have and what does it “look like”?
  • 23. © 2015 Sqrrl | All Rights Reserved ALL HUNTS START WITH QUESTIONS What data do I have and what does it “look like”? Is there any data exfiltration going on in my network?
  • 24. © 2015 Sqrrl | All Rights Reserved ALL HUNTS START WITH QUESTIONS What data do I have and what does it “look like”? Is there any data exfiltration going on in my network? Are there any unauthorized users on my VPN?
  • 25. © 2015 Sqrrl | All Rights Reserved ALL HUNTS START WITH QUESTIONS What data do I have and what does it “look like”? Is there any data exfiltration going on in my network? Are there any unauthorized users on my VPN? Have my users been spearphished?
  • 26. © 2015 Sqrrl | All Rights Reserved ALL HUNTS START WITH QUESTIONS What data do I have and what does it “look like”? Is there any data exfiltration going on in my network? Are there any unauthorized users on my VPN? Is anyone misusing their database credentials? Have my users been spearphished?
  • 27. © 2015 Sqrrl | All Rights Reserved ALL HUNTS START WITH QUESTIONS What data do I have and what does it “look like”? Is there any lateral movement going on? Is there any data exfiltration going on in my network? Are there any unauthorized users on my VPN? Is anyone misusing their database credentials? Have my users been spearphished?
  • 28. QUESTIONS BECOME HYPOTHESES © 2015 Sqrrl | All Rights Reserved Hypothesize Query Analyze Revise “If this activity is going on, it might look like…” That’s your hypothesis! If at first you don’t succeed, reimagine it.
  • 29. Securely explore your data TIP #5: PIVOT… THEN PIVOT AGAIN
  • 30. © 2015 Sqrrl | All Rights Reserved ATTACKERS LEAVE TRAILS EVERYWHERE Email logs Endpoint process accounting HTTP proxy logs Authentication records Filesystem metadata Network session data Database query logs
  • 31. © 2015 Sqrrl | All Rights Reserved DATA DIVERSITY Leverage different types of data to… Reveal relationships Clarify the situation Highlight inconsistencies Tell a complete story
  • 32. © 2015 Sqrrl | All Rights Reserved TOOLSET DIVERSITY Different techniques, different perspectives
  • 33. Securely explore your data BONUS TIP: AUTOMATION IS THE KEY TO IMPROVEMENT
  • 34. © 2015 Sqrrl | All Rights Reserved
  • 35. Securely explore your data CONCLUSION
  • 36. LET’S REVIEW © 2015 Sqrrl | All Rights Reserved Embrace Big Data Get Your Data Science On Always Have a Good Strategy Ask Lots of Questions Pivot… Then Pivot Again Automation is the Key to Continuous Improvement
  • 37. QUESTIONS? © 2015 Sqrrl | All Rights Reserved David J. Bianco dbianco@sqrrl.com @DavidJBianco