Anomali

Anomali is the leader in global intelligence-driven cybersecurity. Their customers rely on them to see and detect threats, stop breaches and improve the productivity of security operations. The Anomali Platform is fueled by big data management, machine learning and the world’s largest intelligence repository to automatically correlate ALL installed security telemetry against active threat intelligence to stop breaches and attackers in real time. By cutting through the noise and surfacing relevant threats, the Anomali Platform provides security teams with the tools and insights needed to detect threats, make informed decisions and defend against today’s sophisticated attacks.

Products and Services

Threat Intelligence Distribution and Sharing
- ThreatStream Community Edition is purpose-built to facilitate the collection and management of threat intelligence from multiple sources and at scale, enabling these processes to be automated, thus mitigating time-intensive manual tasks.
- ThreatStream Community is designed to enable the secure, meaningful, and automated sharing of relevant threat data (Indicators of Compromise) via bi-directional TAXII capabilities. Strategic Intelligence around Threat Actors, Campaigns, TTPs, Vulnerabilities, and other models can be distributed to all participants. This allows community members to take a proactive approach by gaining insight into their adversaries.
- Participant members can gain additional benefits by upgrading to Anomali’s enterprise- grade solutions to further ‘operationalize’ the threat intelligence through uniting all the tools in their security infrastructure, speeding the detection of threats, and enabling proactive defense measures.
Threat Detection and Response
- Anomali Match is purpose-built to automate and speed time to detection in your environment. Anomali Match correlates years of metadata against active threat intelligence to expose previously unknown threats to your organization.
  - Threat Intel and Log Matching Scalability
  - Analyze millions of Indicators of Compromise (IOCs) against billions of events every day
  - Multi-year event history matching/lookback
  - Threat Intel Integration
  - Native integration with ThreatStream
  - Turnkey integration with leading SIEMs (Splunk, QRadar, Arcsight)
Threat Research and Analysis
- LENS+Anomali Lens uses Natural Language Processing (NLP) to automatically scan and identify threat data in any web-based content, Office 365 (Outlook, Word, Excel) and PDFs – and operationalizes it into actionable intelligence for containing and resolving threats as they arise.
- Lens+ supports the MITRE ATT&CK framework, allowing analysts to take a model-based approach to threat analysis by identifying the tactics, techniques and procedures (TTPS) identifyied in scanned pages.
  - Natural Language Processing (NLP) for any digital content
  - Threat Actor Identification
  - Malware Family Identification
  - CVE Identification
  - Malicious IP Address and URL Identification
  - MITER ATT&CK TTP Recognition
  - MITRE ATT&CK Model Investigation

Tags: Distribution of Information, Technology Platforms, Threat Management and Analysis

The ISAO Standards Organization

About author

The ISAO Standards Organization is a non-governmental organization established October 1, 2015, and led by the University of Texas at San Antonio (UTSA) with support from LMI and R-CISC. Our mission is to improve the Nation’s cybersecurity posture by identifying standards and guidelines for robust and effective information sharing and analysis related to cybersecurity risks, incidents, and best practices.