Click here for more information on AWS Partner Network blog.
By Ranjith Raman, Sr. Partner Solutions Architect – AWS
By Oded Rosenmann, Global Practice Lead, SaaS Partners – AWS
Organizations are increasingly looking for new ways to defend themselves against cyber threats, fraud, and ransomware attacks. Many enterprises and government agencies turn to cyber security solutions that provide efficient and effective detection and response capabilities to proactively prevent attackers from breaching their networks and applications.
To help organizations overcome these challenges, Anomali, a leader in intelligence-driven cybersecurity solutions, has recently launched its Cloud-Native extended detection and response (XDR) solution, The Anomali Platform. Building upon its leadership position in the cyber threat intelligence space, The Anomali Platform provides customers with a new dimension of security visibility across all log telemetry from endpoints to the cloud. The Anomali Platform provides precision detection and optimized response capabilities that extends across their entire security infrastructure.
With the support of AWS SaaS Factory, Anomali has built the Anomali Cloud-Native XDR offering as a software-as-a-services (SaaS) solution that helps improve organizational efficiencies, providing security teams with the tools and insights needed to detect relevant threats, make informed decisions, and respond effectively.
“The AWS SaaS Factory team was instrumental in helping us identify appropriate service options aligned with our enterprise customer requirements. Working with the team, we saved months of engineering efforts to build a powerful platform that meets our current needs and allows us to scale.”
Mark Alba, Chief Product Officer, Anomali
The cloud-native XDR solution is fueled by big data management, machine learning, and the world’s largest repository of global intelligence. With the new SaaS model, The Anomali Platform can be easily integrated with existing security infrastructures, enabling CIOs, CISOs, and other business leaders to optimize their overall security investments and create more efficient and effective detection and response programs that proactively address advanced cyber threats.
Check out the new Anomali Cloud-Native XDR SaaS solution >>
The SaaS Factory team spoke with Mark Alba, Chief Product Officer at Anomali, to learn more about Anomali Cloud-Native XDR SaaS, the value its new solution brings to customers, and the key lessons learned from the journey to SaaS on AWS.
Q&A with Anomali
AWS SaaS Factory: Mark, thank you for taking the time to speak with us today. Could you share a bit about your background and role at Anomali?
My name is Mark Alba, and I’m the Chief Product Officer at Anomali. I’ve been with Anomali since April 2020 and am responsible for product management, user experience, threat research, and technology incubator functions.
My background includes over 20 years of experience building, managing, and marketing disruptive products and services. I brought to market the security industry’s first fully-integrated appliance firewall, leading the integration of global threat intelligence into perimeter security technologies and introducing advanced analytics in support of cyber security operations. I’ve also led product efforts in both start-up and large enterprise organizations, including Check Point Technologies, Security Focus, Symantec, and Hewlett Packard Enterprise.
SaaS Factory: What products and solutions has Anomali previously built on AWS?
Anomali has made its mark delivering Threat Intelligence powered detection and response solutions with its ThreatStream, Match, and Lens components of The Anomali Platform.
ThreatStream and Lens are both cloud-native solutions built on the AWS platform.
The ThreatStream component of The Anomali Platform offers threat intelligence management that automates the collection and processing of raw data and transforms it into actionable threat intelligence for security teams.
The Lens component of the platform is a powerful Natural Language Processing engine that helps operationalize threat intelligence by automatically scanning digital content (webpages, PDF’s, Office 365 files) to identify relevant threats.
SaaS Factory: Can you talk about the Anomali Cloud-Native XDR SaaS solution that you recently launched on AWS?
What we’ve done is move our Match offering to the cloud as part of The Anomali Platform, combining our threat intelligence management capabilities with our threat detection capabilities to create a cloud-native XDR solution. In short, by moving Match to the Cloud, we have unlocked our capability to ingest telemetry from any telemetry source and correlate it with our global repository of threat intelligence to deliver highly performant threat detection.
With this single cloud-native platform approach, customers will have the ability to leverage common platform capabilities through a single sign-on experience. Shared cloud capabilities include:
- High-performance indicator correlation at a rate of 190 trillion EPS
- Appliance and cloud-to-cloud-based ingestion of any security control telemetry
- Global intel management across open, commercial, and proprietary sources
- STIX/TAXII for bi-directional intelligence exchange between TAXII source and clients
- Interactive, simplified dashboards for visualization of IOCs
- Global Intelligence feed optimizer and scoring
- OOTB appliance/API integration for response orchestration with security tools
- Vulnerability enrichment aligning global threats with potential org impact.
SaaS Factory: Who are your customers, and what are some of the key customer benefits?
Anomali serves global B2B enterprise businesses as well as large public sector organizations, ISACs, service providers, and Global 1000 customers. This list includes Morgan Stanley, Air Canada, First Energy, Ubisoft, and Bank of Hope.
By correlating the world's largest repository of global actor, technique, and indicator intelligence with our infinite detection capabilities, we deliver a one-of-a-kind extended detection and response solution that continuously detects threats and prevents attacks before they happen. Key benefits for our customers include:
- Increased threat visibility and insights into emerging threats, and the actors behind them, to respond quickly.
- Actionable intelligence to understand the impact and root cause to respond effectively to threats and minimize the damage.
- Precision detection and increased situational awareness to cut through the noise to analyze and validate relevant threats and enable decisive response
SaaS Factory: What were your primary business motivations for building Anomali Cloud-Native XDR as a SaaS deployment model?
There are a lot of benefits to offering security solutions as a service. It’s flexible, easily accessible, resilient, has cost advantages, and it’s hands-off for our customers. We can manage all the technical issues and the tedious tasks like installing, managing, and updating our software – meaning customers don’t need to lean on their in-house IT expertise and can focus on what they do best.
SaaS Factory: Can you share key areas you addressed when moving to a SaaS model and how the AWS SaaS Factory team supported these efforts?
The AWS SaaS Factory team was instrumental in helping us identify appropriate service options aligned with our enterprise customer requirements. We needed to have an experience that is lightning-fast and can ingest information at great scale to effectively help our customers close security gaps. So, scale and performance were essential for seizing the opportunity to move beyond our previous on-premise deployments. We also focused on refining our long-term approach. We needed to ensure our technical requirements were met while also managing our costs. This helped us ensure our customer needs will be met while enabling competitive pricing. The AWS SaaS Factory team helped us engineer a powerful platform to serve our current needs today and future needs as we scale. We were able to marry a combination of service options, cost, and performance that will grow as our business does.
SaaS Factory: How is Anomali leveraging AWS services and which services are key?
We’re using AWS services in several ways, pushing data to Guard Duty and pulling data from AWS VPC Flow and Route 53.
The Anomali Platform uses Guard Duty for IOC matching, collecting telemetry data and intelligence from AWS, and then correlating it with our own IOCs and threat data to generate alerts.
We also collect telemetry for our cloud-XDR solution by ingesting data from AWS VPC flow and DNS query into The Anomali Platform and correlating it with our threat intel data and threat models to obtain rich context on billions of IOCs.
SaaS Factory: What are some of the challenges you faced with tenant and data isolation, and how did the SaaS Factory content and workshops help address them?
SaaS Factory conducted technical workshops on tenant isolation models (silo, pool, bridge), SaaS Identity and onboarding, running multitenant workloads, and data isolation and partitioning models. SaaS Factory also facilitated several specialist conversations by bringing experts in topics on storage, data analytics, and machine learning.