Sqrrl - A Better Approach To Detecting And Investigating Cybersecurity Incidents

SThe community for designers Dribbble helps you hire designer, grow and look for design inspiration!

Listen to this article

Sqrrl is the Big Data Analytics startup that develops solutions for detecting, analyzing and visualizing advanced cyber security threats. Sqrrl raised a total of $14.2 Million in VC funding, $7.1 Million of which it raised in a recent funding round for its Linked data analysis toolkit. Below is our interview with Ethan Kopit from Sqrrl team:

Q: Could you explain the function and advantages of your platform?

A: Many current cybersecurity solutions focus solely on alert-oriented data, which are difficult to prioritize because they only provide a limited view as to what’s going on. A security analyst cannot easily ascertain the full context of the alert, the object it’s alerting on, and everything else that object relates to. Analysts are left digging through log files, manually jumping from repository to repository in order to find and assemble the pieces to the puzzle. There is a better approach to detecting and investigating cybersecurity incidents: a technique called Linked Data Analysis, which is at the foundation of Sqrrl’s cybersecurity platform.

Linked Data Analysis gives cyber “hunters” and incident responders a way to quickly identify the important assets, actors, and events relevant to their organization, accentuating the natural connections between them and providing contextual perspective. This context is built on a variety of different data sources, some you would expect and some you wouldn’t, for example, router logs are an important data source in connecting specific IP addresses with the sites they access, which makes them an important data source for Sqrrl to ingest. However, Sqrrl is also capable of ingesting and analyzing less obvious data sources, like human resource profiles, to augment the effectiveness of models. As analysts identify and collect more data, it can continually be added to their cybersecurity platform and the models will be updated. With this added context, it becomes much easier to see abnormal activity and assess the blast radius of an attack.

Q: How does Sqrrl differ from other Big Data Analytics companies?

A: At a top-level Sqrrl is focused on cybersecurity use cases, which sets it apart from general BDA companies. More generally, Sqrrl’s primary differentiators include the following:

Scalability.
Sqrrl’s platform is built on a foundation of Apache Hadoop and Accumulo, and Sqrrl has successfully scaled these tools to tens of petabytes running mission critical applications in the U.S. Intelligence Community. Sqrrl combines this massive scalability with near real-time search across all data (i.e., there are no concepts of hot, warm, and cold data in Sqrrl unlike many log-based analysis systems.
Linked Data.
Sqrrl goes beyond simple log search and histograms, and provides linked data analysis and visualization capabilities. Linked data analysis and visualization involves the fusion of disparate data sources via defined ontologies enables better ad hoc interrogation of data, greater contextual awareness, faster search, and more intuitive visualization.
Advanced Analytics. Sqrrl has built-in anomaly detection capabilities that provide analysts with point-and-click outlier detection without the writing of complicated scripts or algorithms.
Security.
Sqrrl provides best-in-class “data-centric security” of all data stored in Sqrrl. This includes fine-grained access controls at the field- or “cell-level”, encryption-at-rest and in-motion, and auditing of all queries. These data-centric capabilities ensure only authorized access to stored data and enables HIPAA compliance.

Q: What are your plans?

A: There are a lot of amazing new features on the way for our product, but generally speaking we are focused on continuing to simplify the product. This means more prepackaged solutions, models, and applications that sit on top of our platform.

Activate Social Media: