Addressing the 'Last Mile' Problem for Threat Intelligence Data

<p>Over the last several months, ThreatStream has rebranded as Anomali and launched two new products-- Anomali Match and Anomali Reports. Today we announced a new <a href="{page_2083}">C-round of funding</a> for the company, in what is widely known as a time when it is harder to get funding from venture capitalist firms. In some cases for companies that are looking for their next round of funding, this can mean getting a "down round" (less funding than the last round) meaning lowered valuations. I'm happy to say this was not the case for Anomali. The management team, the ability to execute, the market size, the quick adoption of our new products made this an easy round for the company.</p><p><a href="http://it-harvest.com/2016/03/16/it-harvest-analysis-threat-intelligence-market-growing-at-84-cagr-to-hit-1-5-billion-in-2018/">According to IT-Harvest</a>, "... the 2015 threat intelligence market was $190 million and is growing at 85% annually. The TIP [Threat Intelligence Platform] space accounted for $61 million and is growing at 84%. In addition, the total 2015 market for threat intelligence products was $251 million and is on pace to exceed $460 million in 2016. At current growth rates the market for threat intelligence products will exceed $1.5 billion in 2018."</p><p><a href="{page_3508}">Anomali Match</a> and Anomali Reports seamlessly address markets from SMB to the largest enterprises. More important, they address the two scaling problems that are and will continue to be faced by all organizations that want to use threat intelligence to drive security decision making in their organizations.</p><p><strong>Information Overload!</strong></p><p>When ThreatStream (now Anomali ) was started in early 2013, the company had amassed about 100,000 indicators of compromise ( IOCs ) from threat intelligence data, in 2014, that number became 1,000,000. In February of 2016 it was over 75,000,000. This is a growth rate of 39% a month ! Of the 75,000,000 we list over 25,000,000 as "Active." Threat analysts, incident responders and SOC managers all have the same pervasive problem, "How do I decide what to do first? How do I know which ones are relevant for my company? I can't push 25,000,000 IOCs into memory for my SIEM to correlate against events coming in at 50,000-80,000 events per second." This represents the "last mile" problem currently faced by organizations that need to make effective use of threat intelligence data.</p><p><strong>The Time Machine is Broken!</strong></p><p>Almost all organizations keep about 90 days of data online for analysis in their SIEM . Yet all third-party reports tell us that if the attacker gets past initial security detection and defense products, on average, they aren't detected for over 200 days and even then usually by a third-party. The attacker can simply wait out the ability for the security team to see his initial activities. Locating the initial compromise and understanding the scope of the attack becomes a challenge that can take weeks--if the attacker is found at all.</p><p><strong>The Solution</strong></p><p>Anomali Reports and Anomali Match address these problems for two different market segments. Anomali constantly reads your log data once it arrives in your log management solution looking for potential IOCs and matches them to those in our constantly updated library. A year's worth of potential IOCs is kept on-line for over a year and are constantly compared to new threat intelligence data as it arrives. For large enterprises, we've seen this approach reduce the number of IOCs they should be concerned about from tens of millions to approximately a few hundred that are true-positives specifically for your organization. A company may see more or less depending on their security hygiene. Those found are linked directly to what we see in your log data. This scales to create incident prioritization and alignment across the entire security team.</p><p>Anomali Reports, a cloud-based breach detection service, provides an SMB a way to point their log data to Anomali for analysis. The service provides easy to read reports about anomalous in-bound and out-bound activity against our vast curated library of IOCs. The combined value of correlation, analysis and threat intelligence are all provided as a service.</p><p><strong>Want to know more? Just click the button below!</strong></p><p><span class="hs-cta-wrapper" id="hs-cta-wrapper-ff5685c6-716a-440e-9035-fc0328826466"><span class="hs-cta-node hs-cta-ff5685c6-716a-440e-9035-fc0328826466" data-hs-drop="true" id="hs-cta-ff5685c6-716a-440e-9035-fc0328826466" style="visibility: visible;"><a class="cta_button" cta_dest_link="{page_3451}" href="https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/c/?cta_guid=3f378abe-6680-4ed3-9173-e5958a1c8fad&amp;placement_guid=ff5685c6-716a-440e-9035-fc0328826466&amp;portal_id=458120&amp;redirect_url=APefjpH-1gNslRqLxNFVK2KiafcF4G2vZjgts5Z1fGQ11ReHdiS_eN9sk8xdKDpv6hDdhHITXDymLIGwnbHd90ZswItVEujgEjQwxkIwvPh_CBjFhIpeGrmLM0xDgGr_QSd_kDeqOt2kqHoaVX9vFo8RxzP7KElAKOiZpWNg_r_QSznCMTmBiMDUjU5USDRG6eOTTcnH-81xS_6bVXun0gQLgVS1g5coqc5H6cmNzMne8nmknKy9kzKROQuc7-llBBLOhr4ZAENwQ2BkoW7k08QloCjLor6V2rLjOdVoOXJwXKUWysN7LfVcERvHh9ax7GX3_yEz_CbDjGgwb7lwYoVcZx8ostzRnw&amp;hsutk=2767d93d6471d657e0c9f660e4b58ef8&amp;utm_referrer=https%3A%2F%2Fblog.anomali.com%2Fanomali-addressing-the-last-mile-problem-for-threat-intelligence-data&amp;canon=https%3A%2F%2Fblog.anomali.com%2Fanomali-addressing-the-last-mile-problem-for-threat-intelligence-data&amp;pageId=4221416305&amp;__hstc=41179005.2767d93d6471d657e0c9f660e4b58ef8.1456736058655.1478831861868.1478887113345.180&amp;__hssc=41179005.51.1478887113345&amp;__hsfp=1335165674" id="cta_button_458120_3f378abe-6680-4ed3-9173-e5958a1c8fad" style="" title="Free White Paper">Free White Paper </a> </span> <script charset="utf-8" src="https://js.hscta.net/cta/current.js"></script> <script type="text/javascript">hbspt.cta.load(458120, 'ff5685c6-716a-440e-9035-fc0328826466', {});</script> </span></p>