Deloitte CyberSOC EMEA Center, SL. closed a strategic agreement with Sqrrl to provide Managed Threat Hunting Services to clients in the EMEA region using Sqrrl’s threat hunting platform.
Threat hunting is the proactive search for cyber adversaries that have slipped past other defences. With the developing sophistication of “low and slow” and the growing impact of data breaches, the need for threat hunting is increasing.
Armed with Sqrrl’s threat hunting technology, Deloitte will perform a careful inspection of their clients’ IT environment to identify the presence of compromises and threat actors via Deloitte’s new Threat Hunting-As-A-Service offering.
An analyst may start with a hypothesis such as, “I expect malicious behavior to involve one of my hosts hitting an Indicator of Compromise (IOC) in conjunction with other suspicious TTPs,” as we can see with 10.10.1.4
From there the analyst investigates and finds that a number of internal resources were involved and that the compromised machines used an unusual pattern of SMB traffic.
Given this pattern, we can create a risk trigger looking for unusual spikes in SMB traffic, which will associate risk with the hosts that do so in the future.
“Sqrrl’s Platform is purpose-built for threat hunting, and enables our threat analysts to conduct hunts more effectively,” said Cesar Martín Lara, Deloitte Spain Cyber Risk Services partner. “We chose Sqrrl because of its ability to enable easy pivoting across datasets via link analysis and Sqrrl’s Security Behaviour Graph machine learning analytics, and ability to unite diverse network, endpoint, identity, and security datasets into a powerful hunt-focused data model.”
“We are honoured to be working with Deloitte, who we consider the premier cybersecurity consultancy in the world,” said Sqrrl CEO Mark Terenzoni. “The flexibility of our platform enables Deloitte to easily create new analytics and data models and embed their world-class cyber intelligence into our Threat Hunting Platform.”
In addition to Managed Threat Hunting, Deloitte is also working with Sqrrl to build permanent Threat Hunting Platforms at Deloitte client locations and in cloud environments.
from Help Net Security http://ift.tt/2zC8XX6
0 comments:
Post a Comment