Transportation Security Administration Adding Threat Hunting Platform

The U.S. Transportation Security Administration (TSA) will be using Sqrrl's Threat Hunting Platform to see intrusions on its network. Under a Department of Homeland Security (DHS) FirstSource II contract with Govplace, a reseller and integrator, TSA will deploy the Cambridge, Massachusets-based company's software to inspect its IT environments to proactively identify compromises and evict any cyber adversaries. TSA's requirements for a threat hunting tool included: scalable cyber data analytics and machine learning capability for searching and detecting anomalous behaviors in the TSA enterprise; support of highly scalable data analytics and searches petabytes of data; support near real time searches across all of the stores data; and provide a risk scoring framework that prioritizes both high-risk behaviors and high-risk users and entities. TSA was also looking for a graphical user interface that supported threat hunting workflows via the use of link analysis. TSA intends to integrate Sqrrl with its existing security solutions, as well as share Sqrrl-generated data with the Department of Homeland Security. "We are honored to partner with TSA and assist them with their threat hunting program," said Ely Kahn, Sqrrl co-founder and vice president of business development. "Our unique approach to threat hunting will enhance TSA’s threat detection capability while also potentially reducing the time and resources required for threat investigations."