September 20 - 22, 2017
BLOG
Category: Cyber Threat Intelligence
TAXIIing to the Runway
Common challenges in starting a threat intelligence programOnce considered a “nice to have”, threat intelligence is now increasingly seen as an critical part of security programs. In the 2016 Value of Threat Intelligence: Ponemon Study, 78 percent of respondents polled agreed that threat intelligence was essential to a strong...
Read More
Anomali Forum - Your Cyber War Room
Zero-day exploits such as last week’s Petya can be a nightmare of damage to a company’s information, systems and reputation. One of the more practical solutions for such an attack is for companies to band together and share information that could bolster defences or...
Read More
Anomali Enterprise Cyber Threat Intelligence
How Anomali Enterprise Helped Me Detect Malware In My Home Network
Have you ever wondered who is trying to connect to your home network? Or from your home network to the internet? Few internet users consider either of these questions (and the ones that do usually work in the security industry). Many believe the router their...
Read More
Cyber Threat Intelligence SIEM Splunk ThreatStream
Proactively monitor your network against attacks using our FREE Threat Intelligence in Splunk
A few weeks ago I showed how to use the Anomali ThreatStream Splunk App to hunt known actors that had been observed trying to access your environment, and in some cases where they were already inside.For those who are not yet ThreatStream customers, do not fear. Our...
Read More
Targeted vs Indiscriminate Attacks
The motivations for a cyber attack are familiar- money, notoriety, political scheming, protests- the list goes on. Whatever the case may be, understanding the incentive behind an attack can be a good indicator of how an attack may have been carried out. One element of investigating these attacks is discerning...
Read More
Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform ThreatStream
Malicious Actors Inside Your Network? Here’s How To Find Them.
As an analyst, context is key.With hundreds, often thousands, of security incidents raised by modern SIEM products it can make the process of triaging the most serious of them incredibly difficult. Adding context to events that form a security incident can help investigations by reducing both time and effort....
Read More
Anomali Enterprise Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform
Anomali Reports: Analyse Splunk Events To See If You’ve Been Breached
Anomali Reports analyses your companies IT activity against millions of Indicators of Comprimise (IOCs) stored in Threatstream. Each week a Threat Analysis report is automatically generated for you to review. Reports are delivered via web and email and they highlight the most critical security incidents, alerting you to potential security...
Read More
Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform
ThreatStream App for Splunk: Introducing Seamless Integration with Enterprise Security
Splunk continues lead the way with it's powerful big data SIEM capabilities inside their Enterprise Security App.Here at Anomali we were especially excited with one initiative the company introduced last year, Adaptive Response. We liked it so much we partnered with Splunk to give security teams a powerful...
Read More
Cyber Threat Intelligence Research Threat Intelligence Platform
3 Most Common Pitfalls When Implementing Threat Intelligence and How to Avoid Them
Executive SummaryEffective threat intelligence requires a combination of sources and techniques, analysts to interpret data, and a platform through which to manage and leverage data. Many people will unwittingly fall into a “threat intelligence trap” when trying to implement a successful threat intelligence program.Despite having access...
Read More
_500_332.png)
Cyber Threat Intelligence Research
Ways To Maintain Your Cybersecurity Infrastructure
Network security is a great undertaking early on. The benefits to protecting your network are immediate as well as beneficial in the long term. However, the systems and practices which defend your organization and its network are not a “set it and forget it” machine. As threats are...
Read More
Cyber Threat Intelligence Weekly Threat Briefing
Anomali Weekly Threat Intelligence Briefing - March 14, 2017
Figure 1: IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.Trending ThreatsThis section provides summaries and links to the top threat intelligence stories from this past week. All IOCs from these stories are attached to this threat briefing...
Read More
Why A Computer Beating Poker Pros Is Great News for Cybersecurity
Use of Machine Learning (ML) is a hot topic in cybersecurity, one which will undoubtedly shape the industry for years to come. To see evidence of this we’d have to look no further than the booths at this most recent RSA Security Conference, where ML was promised as...
Read More
Cyber Threat Intelligence Modern Honey Network SIEM Splunk
Splunking The Modern Honey Network: Community Data (Part 4)
Over the last 3 weeks, I’ve looked at: ingesting Modern Honey Network data into Splunk, adding context to MHN data using threat feeds, and creating alerts using MHN data.In this post I am going to give you a brief insight into the data that was reported back from...
Read More
Cyber Threat Intelligence Modern Honey Network
MHN Radar: Databases Under Siege
Anomali’s Modern Honeypot Network (MHN for short) is a worldwide network of honeypot sensors that collects data on scans, probes and intrusions of various network ports and services. By looking at data collected by MHN we can piece together a picture of the current threat landscape for a...
Read More
Cyber Threat Intelligence Modern Honey Network SIEM Splunk
Splunking The Modern Honey Network: Honeypot Alert Automation (Part 3)
In my last post, I looked at enriching Modern Honey Network events against a threat feed, specifically Anomali Threatstream IOCs.The idea of enriching events helps filter out false positives — events that pose no real risk to a network. False positives can obviously — and do — waste many...
Read More
Cyber Threat Intelligence Modern Honey Network SIEM Splunk
Splunking The Modern Honey Network: Adding Context Using Threat Feeds (Part 2)
Last week, I showed how to ingest Modern Honey Network data into Splunk and visualise it with the MHN Splunk App.Hopefully you’ve been getting lots of additional value on-top of the Modern Honey Network web app. I’m sure you’re now ready to...
Read More
Cyber Threat Intelligence Modern Honey Network SIEM Splunk
Splunking The Modern Honey Network: Getting Value From Your Honeypots Data (Part 1)
Whilst The Modern Honey Network Server alone is powerful, exporting the data for further manipulation and analysis can be very useful. It is common to see security teams feeding MHN attack data directly into their SIEM for correlation against events generated from other security tools, like...
Read More
Cyber Threat Intelligence Threat Intelligence Platform
2017 Cyber Security Predictions
2016 has now come to an end and a new set of security predictions are being revealed. The past year has been a whirlwind tour of challenges and changes in the cybersecurity landscape. Targeted threat activity took on a new emphasis by focusing on both disinformation and weaponized, confidential information. Ransomware...
Read More
Cyber Threat Intelligence Threat Intelligence Platform Weekly Threat Briefing
Anomali Weekly Threat Intelligence Briefing - December 29, 2016
Trending Threats
This section provide summaries and links to the top threat intelligence stories from this past week. All IOCs from these stories are attached to this threat briefing and can be used for indicator matching against your logs. Figure 1: IOC Summary Charts. These charts summarize the IOCs attached...
Read More
Cyber Threat Intelligence Threat Intelligence Platform
Locky Ransomware Shifts to .OSIRIS Extension
Locky ransomware continues to evolve and has again changed the filename extension used to encrypt files. This time using the file extension “.osiris” on all files it encrypts.Locky will encrypt image files found on the system leaving them inaccessible unless the ransom is paid to acquire the...
Read More
