We are happy to announce the Anomali Quarterly Release for December 2020. For our product and engineering teams to deliver this latest set of features and enhancements, they worked closely with our customers with a particular eye to further improving the speed of threat intelligence operations. As organizations mature in their threat intelligence programs and seek to leverage ever-larger quantities of threat intelligence inputs and security telemetry data, the need for capabilities that enhance the efficiency of threat intelligence and SOC analysts becomes paramount. So we worked (and will continue to work) to reduce friction in the moment-to-moment workday of our users and add velocity to overall workflows in a way that improves their organizations’ overall security posture. Examples of enhancements in this latest release include:
Pre-Built Themed Dashboards
The addition of pre-customized, themed dashboards allow analysts to quickly focus on new and relevant intelligence investigations about specific events impacting their organizations. Anomali Threat Research analysts applied their expertise to aid in the design and development of these dashboards for real-world investigation scenarios. Now available via the Anomali ThreatStream threat intelligence platform (TIP), new dashboard themes include COVID-19 indicators of compromise (IOC’s), relevant global cyberthreat activities, and a view to vulnerabilities and exploits that adversaries are using to compromise your systems and data.
Figure 1 - Example Covid-19 IOCs focused dashboard
Figure 2 - Example Global Threat Activity dashboard
Flexible MITRE ATT&CK Framework Coverage — With this new capability, threat intelligence analysts can configure their security coverage levels for each technique in the framework. This allows them to align their work more precisely with targeted organizational security response strategies, which removes friction and increases the speed of overall workflows.
Figure 3 - Analysts can tune security coverage for each Mitre Attack technique
To continue making threat analysts’ lives easier and more productive, we’ve added a Threat Card feature that allows users to gain deeper insights into threats without having to navigate to additional pages, and have also improved collaboration in active investigations by introducing visibility and access controls. Analysts will be able to mark their Investigations until completed as “Private,” and optionally increase the visibility to their workgroups or their organization. While users are editing their Investigation, it can be locked so that other team members do not duplicate efforts. Threat analysts also now have greater control over the UI via added mouse functionality, the type of utility that helps them move more quickly through an investigation.
Figure 4 - Active investigations benefit from Threat Cards and privacy controls
Faster Finished Intelligence
Anomali ThreatStream now offers multiple default templates for the creation of finished intelligence products, giving analysts the ability to apply their organizations’ branding to reports and then distribute them directly from ThreatStream to all relevant stakeholders. This added feature gives analysts a more simplified, intuitive and faster way to format and distribute insights and findings they’ve developed.
Figure 5 - Faster finished intelligence with default report production and distribution templates
Faster Ingestion of Unstructured Threat Research
This release adds further improvements in the speed, fidelity, and management of investigations initiated with Anomali Lens, a Natural Processing Language (NLP) research tool that analysts use to automatically scan and convert unstructured data found on the web and in reports into actionable intelligence. Updates and new capabilities include centrally managed scanning exclusions, PDF scanning enhancements, navigation speed improvements like in-page jumping from the discovered threat entities summary to specific items, and accessibility guidelines support.
Enhanced Intelligence Distribution to Security Controls
To improve delivery of prioritized threat intelligence to security infrastructure and services, this ThreatStream Anomali release provides updates and significant enhancements to integrations with several leading security solutions, including Splunk, LogRhythm, CrowdStrike, IBM Resilient, IBM QRadar, and Microsoft Azure Sentinel.
On-Premises Deployment Enhancements
Significant additions have been made to Anomali ThreatStream’s hybrid deployment option, which gives global enterprise customers with data sovereignty and regulatory requirements the ability to keep portions of their datasets within their own security domains, while benefiting from the elastic scale and power of direct access to the Anomali cloud environment. Among other key new features:
- An updated version of Anomali Lens support, including the most recent MITRE ATT&CK Framework capabilities
- Enhanced ADFS support, now with permissions mapping to your user store on Microsoft Active Directory or Azure AD
- A custom dashboards capability to provide a graphical view of your local and upstream intelligence metrics