BLOG

Category: Threat Intelligence Platform

Cyber Threat Intelligence Threat Intelligence Platform

The Second Annual Ponemon Study - The Value of Threat Intelligence

Today we released our findings from the Ponemon Study, “The Value of Threat Intelligence: The Second Annual Study of North American and United Kingdom Companies." The Ponemon Institute surveyed over a thousand IT security professionals on a range of threat intelligence topics. Results show that organizations are rapidly incorporating...
Read More


Threat Intelligence Platform

Improve Security Through People in Four Simple Steps

Organizations have an incredible variety of security solutions to choose from to protect their networks. A walk down the showroom floor at RSA or BlackHat can be downright overwhelming (both the product explanations and the swag). Whatever solutions your security team deploys though it’s important to remember that...
Read More


Cyber Threat Intelligence Splunk Threat Intelligence Platform ThreatStream

Automate Your Workflows With Threat Intelligence Alerts in Slack

Recently, I was speaking to a friend who is using the popular messaging app, Slack, to help run the Security Operations Centre (SOC) at his organisation. Not only have they have setup alerts that feed from their security tools into Slack, but the analysts can run queries against these tools,...
Read More


Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform ThreatStream

Malicious Actors Inside Your Network? Here’s How To Find Them.

As an analyst, context is key.With hundreds, often thousands, of security incidents raised by modern SIEM products it can make the process of triaging the most serious of them incredibly difficult. Adding context to events that form a security incident can help investigations by reducing both time and effort....
Read More


Anomali Enterprise Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform

Anomali Reports: Analyse Splunk Events To See If You’ve Been Breached

Anomali Reports analyses your companies IT activity against millions of Indicators of Comprimise (IOCs) stored in Threatstream. Each week a Threat Analysis report is automatically generated for you to review. Reports are delivered via web and email and they highlight the most critical security incidents, alerting you to potential security...
Read More


Threat Intelligence Platform

Maximizing the Potential of Open Source Threat Intelligence Feeds

Open source feeds are a popular and abundant source of threat intelligence indicators. These feeds originate from a variety of sources- companies, special projects, honeypots, individual contributors, and more. There are hundreds to choose from, providing a vast reserve of millions of indicators of compromise (IOCs) that can be ingested...
Read More


Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform

ThreatStream App for Splunk: Introducing Seamless Integration with Enterprise Security

Splunk continues lead the way with it's powerful big data SIEM capabilities inside their Enterprise Security App.Here at Anomali we were especially excited with one initiative the company introduced last year, Adaptive Response. We liked it so much we partnered with Splunk to give security teams a powerful...
Read More


SIEM Splunk Threat Intelligence Platform

The New and Improved Anomali Threatstream Splunk App

Over the past few months I have had the opportunity to talk to so many Anomali customers using our Splunk Commercial App to seamlessly match their data against Threatstream Indicators of Compromise (IOCs). It has been great to see the excitement around the dashboards and insights our app offers that...
Read More


Cyber Threat Intelligence Research Threat Intelligence Platform

3 Most Common Pitfalls When Implementing Threat Intelligence and How to Avoid Them

Executive SummaryEffective threat intelligence requires a combination of sources and techniques, analysts to interpret data, and a platform through which to manage and leverage data. Many people will unwittingly fall into a “threat intelligence trap” when trying to implement a successful threat intelligence program.Despite having access...
Read More


Threat Intelligence Platform

Doing Threat Intel The Hard Way - Part 6: Threat Intelligence Maintenance

This is the sixth and final post in a series on manual IOC management for threat intelligence. See the previous posts:Part 1: Manual IOC Management Part 2: Capturing Threat Intelligence Part 3: Processing Threat Intelligence Part 4: Operationalizing Threat Intelligence Part 5: Analyze Threat IntelligenceThreat intelligence MaintenanceOnce an analyst has decided on...
Read More


Threat Intelligence Platform

Doing Threat Intel the Hard Way - Part 5: Analyze Threat Intelligence

This is the fifth post in a series on manual IOC management for threat intelligence. See the previous posts:Part 1: Manual IOC Management Part 2: Capturing Threat Intelligence Part 3: Processing Threat Intelligence  Part 4: Operationalizing Threat Intelligence Analyze Threat IntelligenceEverything we have discussed to this point...
Read More


Malware Research Threat Intelligence Platform

Decreasing Dwell Time - How Long Intruders Go Undetected

The evaluation of technical threat intelligence data is a nascent art. When evaluating Indicator sources many focus on counting the number of indicators the source has. The next step in evaluating indicator sources is usually based upon the number of True Positive alerts generated by the IoCs compared to the...
Read More


Threat Intelligence Platform

Doing Threat Intel the Hard Way - Part 4: Operationalizing Threat Intelligence

This is the fourth post in a series on manual IOC management for threat intelligence. See the previous posts:Part 1: Manual IOC Management Part 2: Capturing Threat Intelligence Part 3: Processing Threat IntelligenceOperationalizing Threat IntelligenceAlthough a database of indicators and contextual information is useful, it is not enough. Once a...
Read More


Cyber Threat Intelligence Threat Intelligence Platform

2017 Cyber Security Predictions

2016 has now come to an end and a new set of security predictions are being revealed. The past year has been a whirlwind tour of challenges and changes in the cybersecurity landscape. Targeted threat activity took on a new emphasis by focusing on both disinformation and weaponized, confidential information. Ransomware...
Read More


Cyber Threat Intelligence Threat Intelligence Platform Weekly Threat Briefing

Anomali Weekly Threat Intelligence Briefing - December 29, 2016

Trending Threats This section provide summaries and links to the top threat intelligence stories from this past week. All IOCs from these stories are attached to this threat briefing and can be used for indicator matching against your logs. Figure 1: IOC Summary Charts. These charts summarize the IOCs attached...
Read More


Threat Intelligence Platform

Doing Threat Intel the Hard Way - Part 3: Processing Threat Intelligence

This is the third post in a series on manual IOC management for threat intelligence. See the previous posts:Part 1: Manual IOC Management Part 2: Capturing Threat IntelligenceProcessing Threat IntelligenceOnce captured, threat intelligence data must be processed. Processing includes several steps,Normalization Deduplication Storage of Indicators Update, Expiration...
Read More


Cyber Threat Intelligence Threat Intelligence Platform

Locky Ransomware Shifts to .OSIRIS Extension

Locky ransomware continues to evolve and has again changed the filename extension used to encrypt files. This time using the file extension “.osiris” on all files it encrypts.Locky will encrypt image files found on the system leaving them inaccessible unless the ransom is paid to acquire the...
Read More


Cyber Threat Intelligence Threat Intelligence Platform

More On Detection Gaps…

How often have we seen a security news headline detailing a new malware strain or exploit kit campaign? The next question for security teams will usually be, do we detect that? In today’s threat landscape, delivery methods and network traffic patterns that are detected at present will eventually...
Read More


Threat Intelligence Platform

Doing Threat Intel the Hard Way - Part 2: Capturing Threat Intelligence

Part #2: Capturing Threat IntelligenceThis is the second post of a series on manual management of IOCs for threat intelligence.Part 1: Manual IOC ManagementOnce you have settled on the sources you wish to collect, a method, or more frequently methods, of collection must be established. If you...
Read More


STAXX Threat Intelligence Platform

Introducing STAXX: A Free On-Premise STIX/TAXII Solution

In December of 2014, the Financial Services Information Sharing and Analysis Center (FS-ISAC) and Depository Trust and Clearing Corporation (DTCC) announced the general availability of Soltra Edge, a program designed to help facilitate the sharing of threat intelligence in a more organized and automated manner than over email or other...
Read More


Get the latest threat intelligence news in your email.