Anomali ThreatStream Integrator is a software with a small footprint that allows you to integrate the powerful threat intelligence of Anomali ThreatStream with your existing security tools. Today I'm excited to announce the latest version of Integrator.
In addition to the SIEMs, endpoints and numerous other security solutions (e.g. IDS, DNS, and DHCP tools) Integrator can currently sync threat intelligence data with, the release of Integrator 6.3.5 provides an additional integration destination to growing list of best-of-bread firewall integrations, Cisco ASA devices.
Syncing threat intelligence from ThreatStream to Cisco ASA devices using Integrator enables you to automatically blacklist known malicious indicators of compromise (IOCs) on your Cisco firewalls to either monitor/alert or block any incoming or outgoing traffic. Cisco ASA Fire Power currently supports the ability to sync domain, IP, and URL IOCs from ThreatStream.
In some cases, Anomali customers have thousands of Cisco ASA devices in their environments. Syncing threat intelligence to multiple Cisco ASA destinations is a simple and efficient process with Integrator because of its flexible user interface, which is designed to give you an easy way to add and edit new configurations.
Once threat intelligence connection points and data flows are established, customers can use the Integrator confidence filter to ensure only the most current and highest scoring and therefore most malicious threats are synced to Cisco ASA devices. Integrator also supports a number of other useful filters, including indicator type (e.g. malware domains, Phishing domains, etc) and intelligence source. New IOCs are automatically synced to Cisco ASA devices to keep the blacklists up-to-date and to both detect and protect your network from newly identified potentially hostile activity.
Further, the combined usage of the Integrator filter plus the Firepower user interface can help you maintain agile, yet complete control of the blacklists under the Security Intelligence tab. As you can see in the example above, you can create a number of categories for each threat type for easy administration and ongoing management.
Anomali ThreatStream Integrator 6.3.5 is now available to download via the ThreatStream Platform.
It doesn't stop there...
In addition to adding threat intelligence to Cisco ASA devices, Integrator can support many other solutions including Splunk, Arcsight, QRadar, Carbon Black, and Tanium (to name but a few).
David is a Product Manager at Anomali. He's responsible for developing and executing strategy for integrations to and from the ThreatStream platform, working closely with Anomali customers to help them realize the value that threat intelligence can deliver to their business.