Sqrrl 2.0 Launch Webinar
27
Securely explore your data SQRRL 2.0 LAUNCH WEBINAR The Revolution in Cybersecurity and Linked Data Analysis with Richard Stiennon (IT-Harvest) and Luis Maldonado (Sqrrl)
-
Upload
sqrrl -
Category
Data & Analytics
-
view
26 -
download
0
Transcript of Sqrrl 2.0 Launch Webinar
Securely explore your data
SQRRL 2.0 LAUNCH WEBINAR
The Revolution in Cybersecurity and Linked Data Analysis with Richard Stiennon (IT-Harvest) and Luis Maldonado (Sqrrl)
© 2015 Sqrrl | All Rights Reserved 2
AGENDA
• Richard Stiennon: Chief Research Analyst, IT-Harvest – “The Revolution in Cybersecurity”
• Luis Maldonado: VP Products, Sqrrl – “Linked Data Analysis” – Sqrrl Enterprise 2.0 Demonstration
3
LINKING Richard Stiennon Chief Research Analyst, IT-Harvest Executive Editor, securitycurrent Blog: forbes.com/richardstiennon twitter.com/cyberwar
© 2015 IT-Harvest | All Rights Reserved
4
Start May, 2010 Stopped August, 2013
The Book That Did Not Happen (Yet)
© 2015 IT-Harvest | All Rights Reserved
5
• Adversary knows what they want • Where it is • Who has it • Will stop at nothing
Targeting
© 2015 IT-Harvest | All Rights Reserved
Starting in 2000 and persisting for at least ten years: “over the years [Chinese hackers] downloaded technical papers, research-and-development reports, business plans, employee emails and other documents”
6 © 2015 IT-Harvest | All Rights Reserved
Compromised Designs include: The advanced Patriot missile system (PAC-3) The Terminal High Altitude Area Defense (THAAD) Navy’s Aegis ballistic-missile defense system. F/A-18 fighter jet V-22 Osprey Black Hawk helicopter Littoral Combat Ship F-35 Joint Strike Fighter
7 © 2015 IT-Harvest | All Rights Reserved
Hold Security discovers massive repository of IDs. Leads to discovery of stolen cert at JPM website. Leads to discovery of internal breach through a privileged user.
8 © 2015 IT-Harvest | All Rights Reserved
A persistent, relentless drive to capture SecurID seeds.
The RSA Attack, March 2011
9 © 2015 IT-Harvest | All Rights Reserved
”…at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers” source: OPEN LETTER http://www.sec.gov/Archives/edgar/data/790070/000119312511070159/dex991.htm
But Don’t Worry
10 © 2015 IT-Harvest | All Rights Reserved
Tracking the same campaign for over a year Saw the escalation Cut off all access via RSA SecurID tokens
Lockheed Martin, May 2011
11 © 2015 IT-Harvest | All Rights Reserved
Tracking attacks by campaign Extracting key indicators Continuous monitoring Threat actor research and alerting Objective Pen Testing Organization
Cyber Defense
12 © 2015 IT-Harvest | All Rights Reserved
Campaign Tracking
The single most valuable tool for communicating with executive management
13 © 2015 IT-Harvest | All Rights Reserved
14 Source: Lockheed Martin Cyber Kill Chain White Paper 2011
© 2015 IT-Harvest | All Rights Reserved
The Cyber Kill Chain
Situational Awareness Alerting Let machines and big data augment your expertise Work on the critical incidents.
Security Analytics
15 © 2015 IT-Harvest | All Rights Reserved
X-47B the first autonomous drone
Autonomous code will shorten possible response time from days to hours to seconds. Imperative to get your breach response abilities in place today so you can keep up.
Demands on reaction time
16 © 2015 IT-Harvest | All Rights Reserved
Securely explore your data
SQRRL ENTERPRISE V2
Linked Data Analysis
© 2015 Sqrrl | All Rights Reserved 18
From securing the country to securing your enterprise SQRRL HISTORY
Google’s BigTable
Paper 2006
NSA Builds Accumulo
2008
Sqrrl Founded
2012
Sqrrl Enterprise
1.0 2013
Sqrrl Enterprise
2.0 2015
Investors: Patented Technology:
INCIDENT RESPONSE LIFECYCLE
© 2015 Sqrrl | All Rights Reserved
© 2015 Sqrrl | All Rights Reserved 20
YOUR MOST EFFECTIVE TOOLS: LOGS
VS.
LINKED DATA
© 2015 Sqrrl | All Rights Reserved 21
LINKED DATA • Organizes data into entities
and relationships (links)
• Provides perspective
• Surfaces meaning & context
• Enables faster analysis
© 2015 Sqrrl | All Rights Reserved 22
SQRRL LINKED DATA ANALYSIS
© 2015 Sqrrl | All Rights Reserved 23
DEMONSTRATION
© 2015 Sqrrl | All Rights Reserved 24
Cyber, Compliance & Risk Investigations Large Telecommunications Company
Results
Challenge Sqrrl Solution
Ensured compliance with data security regulations
Reduce investigation time from days/weeks to minutes
Visibility across more data than previously possible
Analyzing more than 1 year of multi-structured security data including for Advanced Persistent (APT), fraud, and insider threats
• Aggregate and store all data • Gather and profile employee and device behaviors • Search, query and analyze behaviors, details and anomalies
© 2015 Sqrrl | All Rights Reserved 25
HOW TO LEARN MORE • sqrrl.com
– Download the Linked Data Analysis White Paper – Request the Test Drive VM
• Come visit us at upcoming conferences – HIMSS (Chicago, April 12-16) – RSA (San Francisco, April 20-24) – Accumulo Summit (College Park, April 28-29)
Securely explore your data
Q & A
Thank you
26
© 2015 Sqrrl | All Rights Reserved 27
DEMONSTRATION
