October 17, 2017

Sqrrl: In Cybersecurity, Knowledge Is Power

Target. Hunt. Disrupt.

Those are the words emblazoned on Sqrrl’s website. The company takes cybersecurity so seriously that if you saw the website’s references to “threat hunting” out of context, you might think that Sqrrl was hunting actual game. 

In reality, Sqrrl’s game is of the cyber variety, but in a time where the Equifax story keeps getting worse, cyber threats need to be taken more and more seriously. After all, a security breach can bring a company to its knees, and Sqrrl knows this. They equip enterprise-level security analysts with the power to detect and respond to threats before those threats become far more severe.

Sqrrl’s birthplace is in Apache Accumulo, a key/value store created by the NSA in 2008. The project was developed in an effort to allow intelligence agencies to seamlessly share data with each other. Sqrrl Co-Founder and CTO Adam Fuchs was a co-founder of this project, and after Accumulo was open-sourced in 2011, Fuchs began thinking of various ways he could commercially utilize the technology to solve enterprise-level problems.

Meanwhile, fellow Co-Founder Ely Kahn was going to the University of Pennsylvania for his MBA in Entrepreneurial Management. He, like Fuchs, was an experienced government employee. Kahn had served as Director of Cybersecurity for the National Security Council – where his staff advised the Obama administration on homeland and national security issues – until 2010. 

Ely Kahn
Sqrrl Co-Founder Ely Kahn.

While Kahn was in school, he would be introduced to the rest of the six-person co-founding team, and the group started working together. Accumulo became a top-level Apache project in the spring of 2012, and later that summer, Sqrrl was born.

“Accumulo was this massively scalable, very flexible, and very secure database, and we decided that we were going to commercialize that database with an enterprise grade version of it,” said Kahn, who serves as VP of Business Development and Marketing.

Sqrrl wasn’t a cybersecurity company at this point. When it launched, they still hadn’t figured out their business model yet. They had a powerful database and a small array of customers across various sectors, but they were still searching for the right market. Based on some early success with customers, the team decided to focus the company on the cybersecurity market, as they were looking to solve interesting and real-world problems.

Sqrrl would grow into what it is today: a threat hunting platform that detects advanced cybersecurity attacks for the large companies that use it. 

A screenshot of the Sqrrl interface.

Here’s how it works.

First and foremost, the platform takes in massive amounts of cybersecurity data, which might come from a company’s SIEM tool, network visibility software like Gigamon, or endpoint security software like Carbon Black. 

After using Accumulo’s technology to import all of the various data, Sqrrl semantically fuses the data into graphs, from log file storage into a link data format. 

From there, machine learning and advanced algorithms allow Sqrrl to search for patterns and detect threats. Finally, the affected company can determine their own course of remediation.

“We’re looking for hacker behaviors, like DNS tunneling, data exfiltration, malware, et cetera. We have various algorithms that automate the search for those kinds of behaviors.”

As for the name, Sqrrl follows the tradition of Apache Hadoop products naming themselves after animals. Moreover, they went with a squirrel because squirrels collect and store nuts (AKA data). 

And when it comes to storing data, the company does so at a very large scale.

“We are working with various Fortune 50 companies on a truly massive scale. One of our largest customers is injecting over 50 terabytes of data with us, has 10 petabytes of data in the system, and has hundreds of analysts using the system on a daily basis.”

Since closing $12.3M in Series C funding in June, the company has begun to focus on building out their sales and marketing team, while also adding more security experts to the team. 

The Cambridge-based company finds itself excited to be part of Boston’s cybersecurity scene. 

“It’s one of the most exciting industries out there, and it’s one of the few industries making headlines – for better or worse – on a daily basis. There’s a need for better cybersecurity and better risk management, and I’m excited that Boston is one of the country’s cybersecurity epicenters for both new and established companies. Frankly, it’s why we decided to start the company in Boston.”

Images courtesy of Sqrrl.

Alexander Culafi is a Staff Writer for VentureFizz. You can follow him on Twitter @culafia.