Professional Documents
Culture Documents
SQRRL Reservior RSAC 2016 1
SQRRL Reservior RSAC 2016 1
Securely Disrupt.
explore your data
Proxy
What?
IPS
205 days on average to detect a breach
Advanced adversaries
IdM
Firewa
ll
Perimeter defenses and current detection not sufficient
Why?
1 Limited effectiveness 2 Increased attack surface 3 Drowning in 4 Not enough
of signatures and rules and hacking tool availability alerts and data security ninjas
Faster and more powerful detection and response capabilities are required
© 2016 Sqrrl and Reservoir Labs | All Rights Reserved 2
WHAT IS THREAT HUNTING?
HR data Visualization
Business context
Asset configuration Email Machine Learning
Logs Link Analysis
Alerts
Search
Threat Intel SIEM
Data Tools
Analytics Collaboration
KEY CAPABILITIES:
• Asset / activity modeling
• Visualization, exploration, search
EXFIL
• Behavioral analytics
LATERAL MOVEMENT
• Big data scale & security
Incident Proactive
Investigation Threat
Hunting
User and
Entity
Behavior
Analytics
© 2016 Sqrrl and Reservoir Labs | All Rights Reserved 9
SECURITY DATA CONTEXT GAP
Sqrrl Enterprise
© 2016 Sqrrl and Reservoir Labs | All Rights Reserved 11
THE BEST THREAT HUNTING EXPERIENCE