Key Highlights of this Release
As summer winds down and we move into fall, the team has been working hard to close out our quarterly release.
We’re excited to announce our quarterly product release for August 2021, as we continue to introduce new XDR capabilities across our threat intelligence driven solutions.
Key highlights for this quarter include:
- Introduction of Intelligence Initiatives
- Enhanced STIX 2.1 support
- Support for MITRE ATT&CK Enterprise Sub-techniques in Security Controls, Investigations, and Lens+ (BETA)
- Lens+ Added Features and Microsoft Office 365 Support
- AirGap 5.1 Expanded support and coverage
Align Organizational Intelligence Goals with Intelligence Initiatives
Most organizations continue to work in silos. As other technology and intelligence gets introduced to add detection and response capabilities, priorities may not align.
We’re excited to introduce a new feature within ThreatStream called Intelligence Initiatives that enables customers to track and map their organizational security goals and objectives. Intelligence Initiatives provide foundational support for organizations to integrate the CTI (Cyber Threat Intelligence) lifecycle as part of their working process.
Intelligence Initiatives is included as part of your ThreatStream subscription and configured with out-of-the-box initiatives, including ' Adversary Monitoring', ‘Fraudulent Activity’, ‘Phishing, ‘Threat and Risk Analysis, and others.
Once established, organizational goals can be mapped and users can associate appropriate intelligence collections or feeds by tailoring entities to better align activities as well as enhance the decision-making process. An integrated dashboard also provides quick access to key metrics relating to an Initiative, giving management an immediate overview of activity and the ability to track ongoing Intelligence Initiatives being worked on.
Intelligence Initiatives further increases the value of your investment with Anomali and enables analysts to focus their efforts to complete investigations more efficiently, in less time, with more confidence.
Reach out to your CSM to learn more.
Screenshot: Viewing key metrics on current Intelligence Initiatives configured for the Organization.
Enhanced STIX 2.1 Support for Establishing Object Relationships
Anomali believes in the importance of threat intelligence sharing and continues to increase support for STIX (Structured Threat Information Expression) from Oasis Open.
In this release, we’ve extended the current capabilities of ThreatStream STIX2.1, enabling users to import, edit, and export STIX compliant relationships from ThreatStream for use in 3rd party systems.
The platform now also allows users to create STIX compliant associations or relationships on existing threat intelligence in the platform, enabling the creation of net-new STIX compliant intelligence for use elsewhere.
Look for additional support in upcoming releases.
Screenshot: Defining a relationship type (and direction) within an association between two threat model actors in ThreatStream using STIX 2.1 relationship types.
MITRE ATT&CK Enterprise Sub-techniques in Security Controls and Investigations
Anomali continues to increase support for the MITRE ATT&CK Framework, making it easier for analysts to integrate threat intelligence into their investigations process. With this release, we’ve further extended support for Mitre ATT&CK Enterprise. with the addition of Enterprise v9.0 and intervening releases in the ThreatStream platform.
Recent MITRE releases broke out adversarial Tactics, Techniques and Procedures (TTPs) into Techniques and Sub-Techniques, in the form of Attack Patterns. ThreatStream now has full operational support for both TTP and Attack Pattern variants of the framework, allowing customers to select and utilize whichever version of the Framework in use by their organization.
Both Security Controls and Investigations features now support the additional MITRE versions, enabling customers to pinpoint gaps in an organization’s security coverage as part of their ThreatStream investigation work.
As the MITRE ATT&CK Framework continues to evolve, so will our support and goal of making the investigations process easier for our customers.
*Currently restricted to Cloud customers only.
Screenshot: MITRE ATT&CK Security Coverage with v9 - showing technigues and sub-techniques in a nested view.
Screenshot: Finding vulnerabilities (in red) in your Organization's security posture as a result of a ThreatStream Investigation.
Expanded Threat Visibility with Lens+ Microsoft Office 365 Support
The Anomali team continues to add features to Lens+ to make it the go-to extension for security teams in obtaining threat information quickly to complement detection and response capabilities like XDR.
Lens + customers can now update their plug-ins to version 4.9 to optimize support for browsers, Microsoft Office 365, and new MITRE ATT&CK Attack patterns.
- Users can scan Microsoft Office 365 content to find mentions of global threat intelligence such IOCs and Threat Models.
- Users can raise Investigations, create Threat Bulletins, and Import IOCs via Lens Summary Screen directly from Microsoft Office 365 application
- Partial support is now available for Len+ customers running MITRE ATT&CK v7+ to show Attack Patterns in the Lens summary screen rather than TTPs.
Anomali Lens+ Add-In for the three Microsoft Office 365 applications are now available on the Microsoft Add-Ins store.
Lens+ continues to evolve and set the standard for threat research tools. If you’re not a current customer, reach out to your CSM so they can demo why you should be.
*For Anomali Lens+ customers only.
Screenshot: Lens Summary screen showing threat intelligence found in a Microsoft Excel document.
AirGap 5.1 Expanding Coverage and Support
Anomali recognizes that some of our customer base prefer to retain overall control of their intelligence dataset; at times this is due to the nature of their business, but may also be based on data sovereignty requirements amongst others. ThreatStream has support for multiple deployment types, and can support both a hybrid or standalone deployment when required.
Anomali is excited to announce the latest version of our standalone product: AirGap v5.1. With significant new features and support for more complex designs and data synchronization requirements, customers can now avail of a more extensive data management feature set to support their Threat Intelligence management and distribution needs.
Contact your Anomali Support or your Customer Support Manager for further information about the release.
Anomali continues to work with our customers to understand what keeps them up at night introduce new features and capabilities to help them meet their goals.
Until next quarter, reach out to your Customer Success Manager with any questions.
Enjoy the rest of the summer!