Anomali Detect

September 20 - 22, 2017

BLOG

Category: Cyber Threat Intelligence

Cyber Threat Intelligence

TAXIIing to the Runway

Common challenges in starting a threat intelligence programOnce considered a “nice to have”, threat intelligence is now increasingly seen as an critical part of security programs. In the 2016 Value of Threat Intelligence: Ponemon Study, 78 percent of respondents polled agreed that threat intelligence was essential to a strong...
Read More


Cyber Threat Intelligence

Anomali Forum - Your Cyber War Room

Zero-day exploits such as last week’s Petya can be a nightmare of damage to a company’s information, systems and reputation. One of the more practical solutions for such an attack is for companies to band together and share information that could bolster defences or...
Read More


Anomali Enterprise Cyber Threat Intelligence

How Anomali Enterprise Helped Me Detect Malware In My Home Network

Have you ever wondered who is trying to connect to your home network? Or from your home network to the internet? Few internet users consider either of these questions (and the ones that do usually work in the security industry). Many believe the router their...
Read More


Cyber Threat Intelligence SIEM Splunk ThreatStream

Proactively monitor your network against attacks using our FREE Threat Intelligence in Splunk

A few weeks ago I showed how to use the Anomali ThreatStream Splunk App to hunt known actors that had been observed trying to access your environment, and in some cases where they were already inside.For those who are not yet ThreatStream customers, do not fear. Our...
Read More


Cyber Threat Intelligence

Targeted vs Indiscriminate Attacks

The motivations for a cyber attack are familiar- money, notoriety, political scheming, protests- the list goes on. Whatever the case may be, understanding the incentive behind an attack can be a good indicator of how an attack may have been carried out. One element of investigating these attacks is discerning...
Read More


Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform ThreatStream

Malicious Actors Inside Your Network? Here’s How To Find Them.

As an analyst, context is key.With hundreds, often thousands, of security incidents raised by modern SIEM products it can make the process of triaging the most serious of them incredibly difficult. Adding context to events that form a security incident can help investigations by reducing both time and effort....
Read More


Anomali Enterprise Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform

Anomali Reports: Analyse Splunk Events To See If You’ve Been Breached

Anomali Reports analyses your companies IT activity against millions of Indicators of Comprimise (IOCs) stored in Threatstream. Each week a Threat Analysis report is automatically generated for you to review. Reports are delivered via web and email and they highlight the most critical security incidents, alerting you to potential security...
Read More


Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform

ThreatStream App for Splunk: Introducing Seamless Integration with Enterprise Security

Splunk continues lead the way with it's powerful big data SIEM capabilities inside their Enterprise Security App.Here at Anomali we were especially excited with one initiative the company introduced last year, Adaptive Response. We liked it so much we partnered with Splunk to give security teams a powerful...
Read More


Cyber Threat Intelligence Research Threat Intelligence Platform

3 Most Common Pitfalls When Implementing Threat Intelligence and How to Avoid Them

Executive SummaryEffective threat intelligence requires a combination of sources and techniques, analysts to interpret data, and a platform through which to manage and leverage data. Many people will unwittingly fall into a “threat intelligence trap” when trying to implement a successful threat intelligence program.Despite having access...
Read More


Cyber Threat Intelligence Research

Ways To Maintain Your Cybersecurity Infrastructure

Network security is a great undertaking early on. The benefits to protecting your network are immediate as well as beneficial in the long term. However, the systems and practices which defend your organization and its network are not a “set it and forget it” machine. As threats are...
Read More


Cyber Threat Intelligence Weekly Threat Briefing

Anomali Weekly Threat Intelligence Briefing - March 14, 2017

Figure 1: IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.Trending ThreatsThis section provides summaries and links to the top threat intelligence stories from this past week. All IOCs from these stories are attached to this threat briefing...
Read More


Cyber Threat Intelligence

Why A Computer Beating Poker Pros Is Great News for Cybersecurity

Use of Machine Learning (ML) is a hot topic in cybersecurity, one which will undoubtedly shape the industry for years to come. To see evidence of this we’d have to look no further than the booths at this most recent RSA Security Conference, where ML was promised as...
Read More


Cyber Threat Intelligence Modern Honey Network SIEM Splunk

Splunking The Modern Honey Network: Community Data (Part 4)

Over the last 3 weeks, I’ve looked at: ingesting Modern Honey Network data into Splunk, adding context to MHN data using threat feeds, and creating alerts using MHN data.In this post I am going to give you a brief insight into the data that was reported back from...
Read More


Cyber Threat Intelligence Modern Honey Network

MHN Radar: Databases Under Siege

Anomali’s Modern Honeypot Network (MHN for short) is a worldwide network of honeypot sensors that collects data on scans, probes and intrusions of various network ports and services. By looking at data collected by MHN we can piece together a picture of the current threat landscape for a...
Read More


Cyber Threat Intelligence Modern Honey Network SIEM Splunk

Splunking The Modern Honey Network: Honeypot Alert Automation (Part 3)

In my last post, I looked at enriching Modern Honey Network events against a threat feed, specifically Anomali Threatstream IOCs.The idea of enriching events helps filter out false positives — events that pose no real risk to a network. False positives can obviously — and do — waste many...
Read More


Cyber Threat Intelligence Modern Honey Network SIEM Splunk

Splunking The Modern Honey Network: Adding Context Using Threat Feeds (Part 2)

Last week, I showed how to ingest Modern Honey Network data into Splunk and visualise it with the MHN Splunk App.Hopefully you’ve been getting lots of additional value on-top of the Modern Honey Network web app. I’m sure you’re now ready to...
Read More


Cyber Threat Intelligence Modern Honey Network SIEM Splunk

Splunking The Modern Honey Network: Getting Value From Your Honeypots Data (Part 1)

Whilst The Modern Honey Network Server alone is powerful, exporting the data for further manipulation and analysis can be very useful. It is common to see security teams feeding MHN attack data directly into their SIEM for correlation against events generated from other security tools, like...
Read More


Cyber Threat Intelligence Threat Intelligence Platform

2017 Cyber Security Predictions

2016 has now come to an end and a new set of security predictions are being revealed. The past year has been a whirlwind tour of challenges and changes in the cybersecurity landscape. Targeted threat activity took on a new emphasis by focusing on both disinformation and weaponized, confidential information. Ransomware...
Read More


Cyber Threat Intelligence Threat Intelligence Platform Weekly Threat Briefing

Anomali Weekly Threat Intelligence Briefing - December 29, 2016

Trending Threats This section provide summaries and links to the top threat intelligence stories from this past week. All IOCs from these stories are attached to this threat briefing and can be used for indicator matching against your logs. Figure 1: IOC Summary Charts. These charts summarize the IOCs attached...
Read More


Cyber Threat Intelligence Threat Intelligence Platform

Locky Ransomware Shifts to .OSIRIS Extension

Locky ransomware continues to evolve and has again changed the filename extension used to encrypt files. This time using the file extension “.osiris” on all files it encrypts.Locky will encrypt image files found on the system leaving them inaccessible unless the ransom is paid to acquire the...
Read More


Get the latest threat intelligence news in your email.