Blog

Category: Threat Intelligence Platform

Doing Threat Intel the Hard Way - Part 5: Analyze Threat Intelligence

This is the fifth post in a series on manual IOC management for threat intelligence. See the previous posts:Part 1: Manual IOC Management Part 2: Capturing Threat Intelligence Part 3: Processing Threat Intelligence  Part 4: Operationalizing Threat Intelligence Analyze Threat IntelligenceEverything we have discussed to this point...

Read More

Decreasing Dwell Time - How Long Intruders Go Undetected

The evaluation of technical threat intelligence data is a nascent art. When evaluating Indicator sources many focus on counting the number of indicators the source has. The next step in evaluating indicator sources is usually based upon the number of True Positive alerts generated by the IoCs compared to the...

Read More

Doing Threat Intel the Hard Way - Part 4: Operationalizing Threat Intelligence

This is the fourth post in a series on manual IOC management for threat intelligence. See the previous posts:Part 1: Manual IOC Management Part 2: Capturing Threat Intelligence Part 3: Processing Threat IntelligenceOperationalizing Threat IntelligenceAlthough a database of indicators and contextual information is useful, it is not enough. Once a...

Read More

2017 Cyber Security Predictions

2016 has now come to an end and a new set of security predictions are being revealed. The past year has been a whirlwind tour of challenges and changes in the cybersecurity landscape. Targeted threat activity took on a new emphasis by focusing on both disinformation and weaponized, confidential information. Ransomware...

Read More

Anomali Weekly Threat Intelligence Briefing - December 29, 2016

Trending Threats This section provide summaries and links to the top threat intelligence stories from this past week. All IOCs from these stories are attached to this threat briefing and can be used for indicator matching against your logs. Figure 1: IOC Summary Charts. These charts summarize the IOCs attached...

Read More

Doing Threat Intel the Hard Way - Part 3: Processing Threat Intelligence

This is the third post in a series on manual IOC management for threat intelligence. See the previous posts:Part 1: Manual IOC Management Part 2: Capturing Threat IntelligenceProcessing Threat IntelligenceOnce captured, threat intelligence data must be processed. Processing includes several steps,Normalization Deduplication Storage of Indicators Update, Expiration...

Read More

Locky Ransomware Shifts to .OSIRIS Extension

Locky ransomware continues to evolve and has again changed the filename extension used to encrypt files. This time using the file extension “.osiris” on all files it encrypts.Locky will encrypt image files found on the system leaving them inaccessible unless the ransom is paid to acquire the...

Read More

More On Detection Gaps…

How often have we seen a security news headline detailing a new malware strain or exploit kit campaign? The next question for security teams will usually be, do we detect that? In today’s threat landscape, delivery methods and network traffic patterns that are detected at present will eventually...

Read More

Doing Threat Intel the Hard Way - Part 2: Capturing Threat Intelligence

Part #2: Capturing Threat IntelligenceThis is the second post of a series on manual management of IOCs for threat intelligence.Part 1: Manual IOC ManagementOnce you have settled on the sources you wish to collect, a method, or more frequently methods, of collection must be established. If you...

Read More

Introducing STAXX: A Free On-Premise STIX/TAXII Solution

In December of 2014, the Financial Services Information Sharing and Analysis Center (FS-ISAC) and Depository Trust and Clearing Corporation (DTCC) announced the general availability of Soltra Edge, a program designed to help facilitate the sharing of threat intelligence in a more organized and automated manner than over email or other...

Read More
Register for a Free Anomali Account Register now