Analysis and perspectives from the leading voice in threat intelligence.
On June 27, I had the pleasure of participating in an SC Media webcast on building a threat intelligence environment. The host, Stephen Lawton, posed some good questions about challenges and misconceptions around building a threat intelligence program inside an organization.Since threat intelligence first became a new buzzword in…
SIEM solutions have been positioned to provide visibility across multiple applications, systems, and networks. Piecing together log data from multiple sources means that you potentially identify attacks as they occur. But these solutions also come with complexity and limitations; sizing, performance, scalability, and keeping on…
You're probably familiar with Anomali's Threat Bulletins. If not, go and have a read of our most recent one covering "TODO." Threat Bulletins provide information about an event to derive information detailing the tactics, techniques, and procedures used by the attacker. This helps you to create profiles of the…
Getting threat intelligence into your existing security products - SIEMs, endpoints, network tools -- can significantly enhance their effectiveness and longevity. Here at Anomali we understand the value of product integrations, so much so that my entire job is to manage the 30+ we currently offer.Recently we launched a feature…
A few months ago I wrote a post detailing how Anomali Match helped me to identify a malware threat to my home network. Many have since emailed me asking how they can do the same (please keep them coming!).Since writing that post, my router has generated millions of logs that have been ingested by Anomali Match (thankfully still no…
Performance is often one of the biggest gripes I hear from Splunk users. Even after spending time carefully architecting a distributed search environment, running it on top-of-the-range hardware, and carefully assigning user permissions, Splunk searches can still often run painfully slowly.This scenario is particularly true of…
In a previous post I showed how the Anomali ThreatStream Splunk app can integrate with Splunk's own Enterprise Security app to provide analysts with familiar and powerful investigation workflows. Since the post was published I've received a number of emails from the Anomali community asking; is it possible to include a…
A few weeks ago I showed how to use the Anomali ThreatStream Splunk App to hunt known actors that had been observed trying to access your environment, and in some cases where they were already inside.For those who are not yet ThreatStream customers, do not fear. Our free ThreatStream Community Splunk App can get you started with…
As an analyst, context is key.With hundreds, often thousands, of security incidents raised by modern SIEM products it can make the process of triaging the most serious of them incredibly difficult. Adding context to events that form a security incident can help investigations by reducing both time and effort. Sometimes looking at…
Anomali Reports analyses your companies IT activity against millions of Indicators of Comprimise (IOCs) stored in Threatstream. Each week a Threat Analysis report is automatically generated for you to review. Reports are delivered via web and email and they highlight the most critical security incidents, alerting you to potential…
Get the latest Anomali updates and cybersecurity news straight to your inbox each month.
Subscribe Now