Sqrrl is the threat hunting company that enables organizations to target, hunt, and disrupt advanced cyber threats. Sqrrl’s industry-leading threat hunting platform unites link analysis, User and Entity Behavior Analytics (UEBA), and multi-petabyte scalability capabilities into an integrated solution. Sqrrl’s unique approach enables security analysts to discover threats faster and reduces the time and resources required to investigate them.
Unlike traditional signature- or rule-based detection solutions, Sqrrl’s platform detects the Tactics, Techniques, and Procedures (TTPs) of cyber adversaries using kill chain analytics. This both decreases attacker dwell time and greatly reduces the time to investigate cyber incidents. Sqrrl utilizes linked data, machine learning, User and Entity Behavior Analytics (UEBA), risk scoring, and Big Data technologies to power a Behavior Graph that reveals malicious patterns and anomalies hidden within security datasets. Sqrrl leverages network, endpoint, and perimeter security datasets and integrates with various Security Information and Event Management (SIEM) tools.
Sqrrl Enterprise unifies several Big Data technologies into a single platform, including Hadoop, Linked Data Analysis, machine learning, and advanced visualization. Sqrrl Enterprise excels in the following cyber threat hunting use cases:
- Advanced Persistent Threat Detection
- Data Breach Detection
- Malware Detection
- Insider Threat Detection
- Alert Triage
- Incident Investigations
- Threat Intelligence Analysis
- Cyber Situational Awareness
At the foundation of Sqrrl Enterprise is Apache Accumulo, a database project that is closely tied to Sqrrl’s history.
Development of Accumulo began in 2008, when the National Security Agency (NSA) began searching for a new data store that could meet its growing data challenges. No database solution existed at the time that met these requirements, so NSA decided to build a solution of scratch (with some help from Google’s BigTable paper). NSA called this new data store Accumulo.
Today Accumulo is used throughout the Department of Defense and the U.S. Intelligence Community and by various companies. In late 2011 NSA open sourced Accumulo, and in the spring of 2012 Accumulo become a top-level project at the Apache Foundation.
In the summer of 2012 a group of the core creators, committers, and contributors to the Accumulo project co-founded Sqrrl. Sqrrl Enterprise builds upon a base of Accumulo and has combined it with various other Big Data tools and technologies to create the most secure hunting platform for quick, actionable threat detection across multiple security datasets.