Today, businesses can encounter any number of cyber-threats. Travis Farral, director of security strategy at Anomali, explains how the company’s comprehensive and user-friendly solutions help businesses identify and tackle threats, and facilitate secure intelligence sharing.
Enterprises today face myriad business challenges. From changes in corporate regulations to marketplace competition, there is no shortage of concerns facing executive teams. But one of the most prevalent issues is the rise of cybersecurity threats. No one can say they’re not a target – no matter the size of the company. If you have a business that generates revenue, then you have something of value to a cyberattacker.
Whether breaking into someone’s email to expose their personal and/or embarrassing corporate communications, or holding proprietary data hostage for ransom, cybercriminals are working hard to create new tools, techniques and processes to infiltrate your network, and compromise your brand.
Currently, corporations lack the cybersecurity professionals needed to monitor the millions of nefarious indicators. Enterprises are looking to supplement their teams with cybersecurity solutions to keep them alert to the evolving threat landscape.
One of these types of solutions is the threat intelligence platform (TIP). TIP is an emerging technology that helps businesses aggregate, correlate and analyse threat data from multiple sources in real time to support defensive actions.
Anomali ThreatStream combines threat data from feeds and other sources with data from inside the network to surface relevant threats to an organisation. It is mission control for threat intelligence.
By mapping indicators of compromise (IOCs) with a strategic threat model, analysts using the Anomali ThreatStream platform are able to quickly identify, investigate and react to security threats.
Anomali brings together all available threat intelligence data, turning it into useful, highly actionable information. With Anomali ThreatStream, users can:
- aggregate feeds across multiple sources
- manage millions of IOCs
- normalise feed data, or make data more usable
- enrich IOC data with security context, including actors, campaigns and TTPs.
Anomali ThreatStream integrates with many common security and IT products, allowing businesses to quickly start finding threats lurking on the internal networks by taking advantage of tools they already own. Applications include:
- IOC management, and identification of specific indicators to push to internal systems for blocking and monitoring
- integration with internal IT/security systems such as SIEM, firewalls and endpoint solutions
- Anomali ThreatStream APIs allow users to integrate with other systems as well.
Once suspicious IOC activity is detected within your network, it’s critical to understand the nature and scope of the threat. Anomali gives you all the context at your fingertips.
Clicking an IOC match takes you to the Anomali ThreatStream investigation portal, where you can determine:
- actors and campaigns associated with the IOC
- details of the threat – for example, origin, threat type and TTPs
- other IOCs associated with the initial match.
Anomali also supports multiple threat models, including Kill Chain, Diamond Model and STIX.
A corporate brand is just as much of a target as company data. Anomali ThreatStream provides users with the tools to monitor for two common tactics, typosquatted domains and compromised credentials.
To tackle typosquatting, Anomali ThreatStream is able to identify and research malicious domains, automatically scan registered domains for similar ones to the corporate brand and alert customers of corporate keywords found in registered domains.
Anomali also helps businesses to monitor various sources for compromised user IDs and passwords, alerting customers of compromised credentials containing their domain and automatically collecting exposed credentials.
Secure intelligence sharing
Anomali believes in the power of the community as a force multiplier in the defence against cyberthreats. To that end, Anomali ThreatStream offers these secure collaboration capabilities to allow cybersecurity analysts and organisations to share intelligence seamlessly:
- Trusted circles: Anomali ThreatStream offers simple creation of public and private communities for secure sharing.
Two-way collaboration: users can conveniently contribute intelligence to their communities. Company proprietary information can be extracted or masked with ease to ensure the confidentiality of shared information.
Identify lurking threats with 365 days of searchable data
In addition, Anomali offers a very powerful threat-hunting engine: Anomali Enterprise (AE).
AE compares millions of IOCs against your internal traffic to identify active threats. It is the only solution that scales to analyse millions of IOCs against billions of events every day, 365 days a year.
Indicator expansion and data enrichment easily adds context to any investigation by layering in data from additional sources such as WHOIS, Passive DNS and historical data. Combined with easy pivoting and visualisation tools, Anomali Enterprise allows analysts to quickly work through investigations.
AE integrates closely with SIEMs, allowing organisations to look back over historical activity to identify matches against millions of events. It enables users to search events in the past 12 months, review timelines of all matches and view the anatomy of attack with all associated IOCs.
With Anomali, organisations can implement a robust threat intelligence program, allowing cybersecurity teams to identify the initial indicators of potential breaches, and accelerate time to detection and response.