Overview

Sqrrl is an industry-leading Threat Hunting Platform that unites proactive hunting workflows, link analysis, user and entity behavior analytics (UEBA), and multi-petabyte scalability capabilities into an integrated solution. Sqrrl reduces attacker dwell time (i.e. the amount of time between when a breach occurs and when it is detected) by isolating adversarial behavior faster and with fewer resources than traditional security solutions. As a proactive investigation tool, it enables analysts to evaluate the scope, impact, and root cause of an incident more efficiently and thoroughly than ever before.

A core feature of Sqrrl Enterprise is an array of adversarial behavior detectors that identify threat actor Tactics, Techniques, and Procedures (TTPs) by utilizing a combination of analytical approaches including machine learning, behavioral baselining, peer group analysis, and graph analytics. The Behavior Graph, an interactive visualization at the heart of Sqrrl investigations, automatically recognizes and analyzes inherent connections or links in data, evaluating their meaning and context and deriving new insights for the end user to interpret. Sqrrl’s organization of data in a linked data model streamlines the question-based, iterative process of threat hunting through its powerful and interactive graph representation of users and entities. The latest Sqrrl release expands these capabilities by introducing custom-built, analyst-defined analytics and risk triggers.

Sqrrl’s visualization tools enable more junior analysts and hunters alike to improve and expand their analysis workflows with relative ease. The platform addresses many of the challenges and obstacles to hunting, such as finding starting points for hunts or recognizing anomalous behaviors. Using Sqrrl’s risk scores, profiles, and reports, analysts can quickly assess user and asset risks, holistically evaluate the conditions of even a large group of entities, and identify new insights to improve their automated solutions.