SQRRL ENTERPRISE INTEGRATE. EXPLORE. ANALYZE.

DATASHEET
SQRRL ENTERPRISE
INTEGRATE. EXPLORE. ANALYZE.
Sqrrl Enterprise is a real-time platform for securely
integrating, exploring, and analyzing all of your
data to accelerate analyst search and discovery.
Sqrrl Enterprise features:
• Automated contextual
knowledge extraction
• Visual data lineage and
research
• Ingest and fuse disparate data
Sqrrl Enterprise unifies several Big Data approaches into a single platform, including Hadoop, linked data sources into a common data
model
analysis, machine learning, Data-Centric Security, and advanced visualization. Sqrrl Enterprise excels in
use cases such as advanced data breach detection, fraud/waste/abuse analysis, and intelligence
• Explore your data through an
processing/exploitation/dissemination.
intuitive visual search interface
Sqrrl Enterprise 2.0
Sqrrl Enterprise is a real-time platform for securely
integrating, exploring, and analyzing massive
amounts of structured, semi-structured,
and unstructured data. It scales elastically
to tens of petabytes of data and enables
organizations to eliminate their internal data
silos through fine-grained security
controls. Sqrrl Enterprise supports both
real-time exploratory and predictive
analytics and helps companies find hidden
value in their data via dynamic and interactive
queries and visualizations. Sqrrl Enterprise’s
architecture consists of five layers, as depicted
in Figure 1:
• Discover anomalies in your data
via predictive analytics powered
by Apache Spark and R
• Interact with your data as
property graphs and/or JSON
documents
• Powerful query language that
supports SQL-like, full-text, and
graph search
• Multi-petabyte scalability and
stability at scale
• Works with static or streaming
data feeds
Figure 1. Sqrrl Enterprise Capabilities
• Fine-grained access controls
for unstructured, semistructured, and structured data
1. Hadoop/NoSQL. Apache Accumulo powers the core of Sqrrl Enterprise. Accumulo is a sorted,
distributed key/value store that integrates natively with Apache Hadoop. It can process petabytes of
• Encryption of data-at-rest and
data-in-motion
structured, semi-structured, and unstructured data as a robust, scalable, and real-time data storage and
retrieval system. Accumulo possesses fine-grained access controls (i.e., “cell-level” security) that enable • Compatibility with any
granular tagging of key/value pairs with visibility labels. Accumulo’s
distribution of Hadoop
• Runs on bare metal or in public
2. Secure Collaboration. Sqrrl Enterprise builds on Apache Accumulo’s fine-grained access controls
or private clouds
and provides seamless integration to Enterprise Identity and Access Management (IAM) Systems via a
• Utilizes low cost commodity
Sqrrl Policy Engine and a Sqrrl Labeling Engine. This allows data access to be controlled at the cell-level. hardware
Sqrrl Enterprise also supports encryption of data-in-motion and data-at-rest and database auditing and
monitoring tools. These security capabilities enable analysts to securely collaborate by ensuring that
each analyst is only able to access the data that he or she is authorized to see.
Integrate. Explore. Analyze. | Page 2
What People Are Saying
3. Predictive Analytics. Sqrrl Enterprise supports various types of advanced analytics (including
machine learning), such anomaly detection, clustering, pattern matching, and shortest path
calculation. These advanced analytics are supported by Sqrrl Enterprise’s integrations with Apache
Spark (GraphX), R, Pig, and MapReduce. Sqrrl Enterpise comes prepackaged with algorithms that
align to these analytic frameworks.
“Wikibon practitioners tell us that
increasingly, value from their big
data initiatives will come from
making solutions work with many
data sources in real-time” said
David Vellante, Chief Analyst at
Wikibon.org. “The challenges of
delivering on this vision are
substantial, however, and include
constraints around performance,
complexity, scale, data access
and skill sets. Sqrrl Enterprise,
has the potential to dramatically
simplify Big Data analysis by
providing a unified platform to
securely explore relationships in
disparate datasets and analyze
those datasets for trends and
anomalies.”
4. Exploratory Analytics. Sqrrl Enterprise’s search and query layer provides interactive access to
data. Specifically, Sqrrl Enterprise supports real-time full-text search, SQL-like queries, and graph
search. Sqrrl’s query language (referred to as SqrrlQL) is enabled by Sqrrl Enterprise’s hybrid data
model structure. Users can access the data stored in Sqrrl Enterprise as both JSON document and as
a property graph. In this sense, users can toggle between standard database queries and more
advanced graph searches.
5. Visualization. Sqrrl
Enterprise comes with a
powerful user interface to
explore your data as a
connected property graph.
This means that you
can easily explore your data
as connected nodes and
edges with the nodes
representing entities (e.g.,
users, IP addresses,
servers, etc.) and edges
depicting the relationships
between the nodes. The user
interface also includes
reporting and dashboard
capabilities and analyst
Figure 2. Sqrrl User Interface
collaboration tools. Developers can also utilize the Sqrrl API to power their own custom applications.
Example Use Case
Sqrrl Enterprise can be utilized to
conduct Big Data Security
Analytics across diverse cyber
datasets, such as logs,
configuration info, system and
audit trails, identity context,
network flows, external
intelligence feeds, full packet and
DNS capture, email /social
activity, and customer
transactions. These datasets are
analyzed using to detect
suspicious behavior in real-time
and analysts are alerted when
thresholds are triggered. Access
to sensitive data, such as PII, can
be restricted based on
organizational roles.
Benefits
Sqrrl Enterprise is most beneficial for organizations that want explore hidden relationships in their Big
Data and find anomalies in their data. Sqrrl Enterprise also greatly improves information sharing
within and across organizations that have security- or privacy-sensitive information. By utilizing
Accumulo’s fine-grained access controls, Sqrrl Enterprise helps organizations bring together datasets
that were previously kept segregated for security reasons. When these security controls are combined
with Sqrrl’s petabyte scalability, organizations can bring their diverse datasets together for real-time
analysis on a single platform.
Who We Are For
• Cybersecurity analysts looking to find threats that their SIEMs and firewalls miss.
• Defense and Intelligence analysts tracking patterns of life across Multi-INT data sources.
• Healthcare analysts that want to find fraud, waste, or abuse in payments.
• Financial analysts trying to detect hidden operational, credit, or market risks.
ABOUT SQRRL
Sqrrl powers secure, massively scalable Big Apps and was founded in 2012 by creators of Apache Accumulo. With their roots in the U.S. Intelligence
Community, Sqrrl’s founders have deep experience integrating and analyzing complex petabyte-scale datasets. Sqrrl is headquartered in Cambridge, MA and
is a venture-backed company with investors from Matrix Partners and Atlas Venture.
130 Prospect Street
Cambridge, MA 0213
p: (617) 902-0784
e: info@sqrrl.com
www.sqrrl.com
@SqrrlData