Sqrrl Threat Hunting Platform

Promote this Nomination

Additional Info

Company size (employees)50 - 99
Type of solutionSoftware


Sqrrl is an industry-leading Threat Hunting Platform that unites proactive hunting workflows, link analysis, user and entity behavior analytics (UEBA), and multi-petabyte scalability capabilities into an integrated solution. Sqrrl reduces attacker dwell time (i.e. the amount of time between when a breach occurs and when it is detected) by isolating adversarial behavior faster and with fewer resources than traditional security solutions. As a proactive investigation tool, it enables analysts to evaluate the scope, impact, and root cause of an incident more efficiently and thoroughly than ever before.

A core feature of Sqrrl Enterprise is an array of adversarial behavior detectors that identify threat actor Tactics, Techniques, and Procedures (TTPs) by utilizing a combination of analytical approaches including machine learning, behavioral baselining, peer group analysis, and graph analytics. The Behavior Graph, an interactive visualization at the heart of Sqrrl investigations, automatically recognizes and analyzes inherent connections or links in data, evaluating their meaning and context and deriving new insights for the end user to interpret. Sqrrl’s organization of data in a linked data model streamlines the question-based, iterative process of threat hunting through its powerful and interactive graph representation of users and entities.

Sqrrl’s visualization tools enable more junior analysts and hunters alike to improve and expand their analysis workflows with relative ease. The platform addresses many of the challenges and obstacles to hunting, such as the difficulty of knowing how to find starting points for hunts or knowing how to recognize anomalous behaviors. Using Sqrrl’s risk scores, profiles, and reports, analysts can quickly assess user and asset risks, holistically evaluate the conditions of even a large group of entities, and identify new insights to improve their automated solutions. These capabilities lower the barrier to entry for hunting and make the practice accessible to less experienced analysts, not just veterans.

How we are different

-As a pioneer in enterprise threat hunting, Sqrrl is one of the first purpose built solutions for this important Security Operations Center (SOC) activity. Accompanied by a trove of hunting thought leadership, including the hunting loop and hunting maturity model, Sqrrl's threat hunting platform makes it easier than it ever has been for organizations to establish a hunting program, even if they have had no such program in place before.

-The aim of Sqrrl is to lower the barrier of entry to hunting for less experienced analysts, so that hunting does not need to be a practice of only the top 1% of security practitioners. Through capabilities that include predefined search pathways in a linked data model, a comprehensive search language, asset tagging, investigation recording, and multiple domain data fusion, Sqrrl brings aspects of multiple different hunting tools together into one. This means that everything that an analyst needs to hunt is right in a single platform.

-Sqrrl has created a platform that brings together three critical aspects of SOC activity, including traditional proactive threat hunting, incident investigations, and automated analytics for making hunts repeatable and machine powered. No other threat hunting product on the market has so far looked to tackle each of these important aspects of the security puzzle, and bring them together into a cohesive platform.