Anomali Automation Streamlines Investigations, Eases Threat Intelligence Analyst Workloads

<p>We are happy to announce the Anomali Summer 2020 Release. To deliver this latest set of features, we worked closely with our customers to focus specifically on what they need to improve the efficacy of their threat intelligence operations. As customers advance into the next phase of their threat intelligence journeys, they’ve expressed to us that in order to continue building on the success of their programs, they want to especially empower their threat intelligence analysts by simplifying their lives and helping them to be more effective at what they do. In response, we delivered:</p> <ul> <li>More automated and efficient workflows to ease threat intelligence analyst workloads and to eliminate redundant tasks.</li> <li>Expanded threat detection capabilities via easier integration of telemetry from a broader range of security solutions into Anomali Match, our enterprise threat detection solution.</li> <li>Custom dashboards and reports that deliver strategic, actionable intelligence to CISOs and a wider set of IT and security team members.</li> </ul> <p>Anomali is also experiencing increased demand from MSSPs that want to expand their investigation and detection offerings. To accommodate these requests and to continue strengthening our existing relationships with service providers, we’ve given them more options to integrate Anomali Match into their platforms.</p> <p>“We’re going to continually deliver new features that respond directly to the enterprise security challenges that our customers face. We are also going to lead when it comes to introducing new innovations that maximize the value of threat intelligence to further improve security, increase efficiency, and reduce risk,” said Mark Alba, chief product officer, Anomali. “Our customers and several leading industry analysts are referring to this release as ‘intelligence-driven security’ that delivers value across the SOC and to all levels of the business.”</p> <h2>New Anomali ThreatStream Features</h2> <h3>Rules Engine Enhancements</h3> <p><img alt="Rules Engine Enhancements" src="https://cdn.filestackcontent.com/Ex0XCzfxTci1g9beaNLt"/></p> <p>The Anomali Rules Engine is a powerful tool used by customers to define threats that are relevant to their organization, and automatically assign research and investigation tasks. In this release, we've extended the granularity of these rules to create automated workflows that assign investigations to specific analysts and teams.</p> <h3>Custom Dashboards</h3> <p><img alt="Custom Dashboards" src="https://cdn.filestackcontent.com/y1dfmF7VRWfrffXU2P7d"/></p> <p>With improved visualization over threat data managed on ThreatStream, analysts can gain deeper insights over threats faced, automatically map them to the MITRE ATT&amp;CK framework, and more easily and quickly provide specialized views and strategic reports to business stakeholders, CISOs, SOC teams, and other IT and security team members.</p> <h3>Finished Intelligence Reporting Templates</h3> <p><img alt="Finished Intelligence Reporting Templates" src="https://cdn.filestackcontent.com/lw02EeOlSuuWgTwbYXod"/></p> <p>Anomali continues to evolve its Finished Intelligence capabilities. Customers can now create templates, allowing users to operationalize report editing and customization capabilities to more quickly produce Finished Intelligence products. With the ability to create and share templates, analysts can eliminate repetitive work, deliver branded research products, and focus their time where it has the most impact.</p> <h2>New Anomali Match Features</h2> <h3>Azure Deployment</h3> <p>To accommodate a wider segment of the enterprise security market, Anomali Match can now be deployed via Azure, in addition to existing support for AWS deployment. This option gives organizations that have shifted security operations to the cloud the ability to leverage all available intelligence and telemetry for continuous and immediate threat detection.</p> <h3>MSSP Support</h3> <p><img alt="MSSP Support" src="https://cdn.filestackcontent.com/2GtEA4gyTi2PhL0L33ql"/></p> <p>Anomali products have been designed from the ground up to support multi-tenant MSSP operations. In the Summer 2020 release, we’ve added Anomali Match turnkey integrations for Splunk Link, ArcSight Link, and MyEvents Map.</p> <h3>Telemetry Integrations</h3> <p>To increase the value of existing security solutions and gain added visibility over new and existing threats, customers can now integrate telemetry into Match from Azure Sentinel, RSA Netwitness, and Kafka.</p> <h3>Backup and Restore</h3> <p>Anomali Match now includes an intuitive backup and restore feature to assist our clients where business continuity planning (BCP) is of importance, and to make migrations and upgrades simple, safe, predictable and reliable.</p> <h3>Enrichments</h3> <p><img alt="Enrichments" src="https://cdn.filestackcontent.com/Knx4rxiMTdygcUVeItJa"/></p> <p>Anomali Match has added the ability for users to easily find additional information on threat entities by using a number of pre-packaged enrichments as well as the ability to create custom enrichments if needed.</p> <h2>New Anomali Lens Features</h2> <h3>Improved Investigation Workflow</h3> <p>Anomali Lens now supports an improved workflow of bringing in web content to an Investigation within ThreatStream. The workflow includes automated grouping, linking, and a MITRE ATT&amp;CK Heatmap of the content being brought in the Investigation.</p> <p><img alt="Improved Investigation Workflow" src="https://cdn.filestackcontent.com/VuPJJZ0hTzCc5eJDiqsG"/></p> <h3>Strategic Info at a Glance</h3> <p>In the Summary window, Anomali Lens now highlights the categories of the entities scanned on the webpage. The filterable categories include a cumulative count, Matches, Active, Inactive, and Unknown threat entities.</p> <h3>Risk Score Preview</h3> <p>When reading content on a webpage, Anomali Lens users will now see the Confidence Score surfaced alongside observables.</p> <p>To learn more about the Summer Release and new feature availability, <a href="https://www.anomali.com/products">visit our product site</a> or <a href="https://www.anomali.com/resources/whitepapers/the-definitive-guide-to-sharing-threat-intelligence">contact Anomali</a>.</p>