BLOG

Category: Threat Intelligence Platform

Cyber Threat Intelligence SIEM Threat Intelligence Platform

Building a Threat Intelligence Environment

On June 27, I had the pleasure of participating in an SC Media webcast on building a threat intelligence environment. The host, Stephen Lawton, posed some good questions about challenges and misconceptions around building a threat intelligence program inside an organization.Since threat intelligence first became a new buzzword in...
Read More


Threat Intelligence Platform

Verizon Launches Threat Intelligence Platform Service in Partnership with Anomali

Today is another exciting day at Anomali - we have announced a major partnership with Verizon for their new Threat Intelligence Platform Service. Verizon is in a unique position to enter the threat intelligence space given their cyber-situational awareness across their own massive IP backbone. Combining Verizon awareness with the...
Read More


Cyber Threat Intelligence Threat Intelligence Platform ThreatStream

Making a Case for Internal Threat Intelligence

Very often when I demonstrate our Threat Intelligence Platform (TIP), ThreatStream and show the breadth of open source threat intelligence we collect and curate, organizations struggle to understand that:a. We do not have a record of every indicator that’s bad or malicious b. The definition...
Read More


Cyber Threat Intelligence Threat Intelligence Platform ThreatStream

Seven Characteristics of a Successful Threat Intelligence Program

For every enterprise Threat Intelligence Program, there is a fine line between success, neglect, and failure. But what defines the success of a Threat Intelligence Program? The definitions of that success can vary greatly depending on the nature of the organization. Given the varying sizes, technologies, and skill levels of...
Read More


Cyber Threat Intelligence STAXX Threat Intelligence Platform ThreatStream

Making Sense of a “Threat Intelligence Platform”

Recently while minding my business at a trade show, a passerby turned his head towards my booth, scanned the Anomali banner behind me proclaiming our status as a Threat Intelligence Platform, and blurted out “You’ve got too many buzzwords!”.  As my self-righteous accoster scurried along...
Read More


Cyber Threat Intelligence Threat Intelligence Platform ThreatStream

Anomali at RSA Conference 2018

It’s the last day of RSA Conference 2018, and what a week it’s been!We made a few announcements....We’re collaborating with Microsoft Intelligent Security Graph (ISG) to bring new security insights into threat data for joint customers. The integration pairs threat intelligence from Anomali...
Read More


Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform ThreatStream

Heads Up! A Phishing Attack Early Warning System

You're probably familiar with Anomali's Threat Bulletins. If not, go and have a read of our most recent one covering "TODO." Threat Bulletins provide information about an event to derive information detailing the tactics, techniques, and procedures used by the attacker. This helps you to...
Read More


Anomali Enterprise Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform ThreatStream

Generating Your Own Threat Intelligence Feeds in ThreatStream

Getting threat intelligence into your existing security products - SIEMs, endpoints, network tools -- can significantly enhance their effectiveness and longevity. Here at Anomali we understand the value of product integrations, so much so that my entire job is to manage the 30+ we currently offer.Recently we launched...
Read More


Cyber Threat Intelligence Threat Intelligence Platform

Introducing Anomali ThreatStream Integrator 6.3.5

Anomali ThreatStream Integrator is a software with a small footprint that allows you to integrate the powerful threat intelligence of Anomali ThreatStream with your existing security tools. Today I'm excited to announce the latest version of Integrator.In addition to the SIEMs, endpoints and numerous other security solutions ...
Read More


Cyber Threat Intelligence Threat Intelligence Platform

Using ThreatStream Indicators of Compromise with AWS GuardDuty

It has been a busy week for AWS at their re:Invent 2017 conference in Las Vegas. One of the new product launches that caught my eye yesterday was GuardDuty, a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help protect AWS accounts and...
Read More


Cyber Threat Intelligence Threat Intelligence Platform

Anomali Provides Threat-Sharing Expertise Before Congress

Cyber Threat Intelligence provider Anomali appeared before Congress on Wednesday, November 15th to provide threat-sharing expertise before the U.S. House of Representatives Homeland Security Committee. The purpose of this hearing was to discuss methods for improving the value of cyber threat information shared by the government and increasing participation...
Read More


Anomali Enterprise SIEM Splunk Threat Intelligence Platform

Give Splunk (And Your Security Team) A Helping Hand With Threat Intelligence

Performance is often one of the biggest gripes I hear from Splunk users. Even after spending time carefully architecting a distributed search environment, running it on top-of-the-range hardware, and carefully assigning user permissions, Splunk searches can still often run painfully slowly.This scenario is particularly true of security use-cases where...
Read More


Anomali Enterprise Threat Intelligence Platform

Addressing Threat Blindness

In just four years since launching Anomali we’ve seen Threat Intelligence become a standard element of enterprise security programs. Last week we published a Ponemon Institute report on “The Value of Threat Intelligence” (our 2nd year sponsoring this research) – in it we found:80%of enterprises...
Read More


Cyber Threat Intelligence Threat Intelligence Platform

The Second Annual Ponemon Study - The Value of Threat Intelligence

Today we released our findings from the Ponemon Study, “The Value of Threat Intelligence: The Second Annual Study of North American and United Kingdom Companies." The Ponemon Institute surveyed over a thousand IT security professionals on a range of threat intelligence topics. Results show that organizations are rapidly incorporating...
Read More


Threat Intelligence Platform

Improve Security Through People in Four Simple Steps

Organizations have an incredible variety of security solutions to choose from to protect their networks. A walk down the showroom floor at RSA or BlackHat can be downright overwhelming (both the product explanations and the swag). Whatever solutions your security team deploys though it’s important to remember that...
Read More


Cyber Threat Intelligence Splunk Threat Intelligence Platform ThreatStream

Automate Your Workflows With Threat Intelligence Alerts in Slack

Recently, I was speaking to a friend who is using the popular messaging app, Slack, to help run the Security Operations Centre (SOC) at his organisation. Not only have they have setup alerts that feed from their security tools into Slack, but the analysts can run queries against these tools,...
Read More


Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform ThreatStream

Malicious Actors Inside Your Network? Here’s How To Find Them.

As an analyst, context is key.With hundreds, often thousands, of security incidents raised by modern SIEM products it can make the process of triaging the most serious of them incredibly difficult. Adding context to events that form a security incident can help investigations by reducing both time and effort....
Read More


Anomali Enterprise Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform

Anomali Reports: Analyse Splunk Events To See If You’ve Been Breached

Anomali Reports analyses your companies IT activity against millions of Indicators of Comprimise (IOCs) stored in Threatstream. Each week a Threat Analysis report is automatically generated for you to review. Reports are delivered via web and email and they highlight the most critical security incidents, alerting you to potential security...
Read More


Threat Intelligence Platform

Maximizing the Potential of Open Source Threat Intelligence Feeds

Open source feeds are a popular and abundant source of threat intelligence indicators. These feeds originate from a variety of sources- companies, special projects, honeypots, individual contributors, and more. There are hundreds to choose from, providing a vast reserve of millions of indicators of compromise (IOCs) that can be ingested...
Read More


Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform

ThreatStream App for Splunk: Introducing Seamless Integration with Enterprise Security

Splunk continues lead the way with it's powerful big data SIEM capabilities inside their Enterprise Security App.Here at Anomali we were especially excited with one initiative the company introduced last year, Adaptive Response. We liked it so much we partnered with Splunk to give security teams a powerful...
Read More


Get the latest threat intelligence news in your email.