Recent attacks related to the Apache Log4j vulnerabilities, Solar Winds, and the Emotet ransomware resurgence require global visibility, big data correlation and a comprehensive response to get ahead of the attack chain. Anomali’s platform, including ThreatStream, Lens, and Match accelerates response by leveraging the largest global intelligence repository to pinpoint threats in seconds, giving security professionals the tools they need to respond both to the attack, and the attacker.
Here is how Defenders using Anomali got ahead of Log4j by effectively detecting the threat and prioritizing the response.
Threat Investigation. To start, Defenders had Anomali’s machine learning curated intelligence on Log4j within hours of global discovery. This included all known attack indicators and impacted vulnerabilities displayed on a dashboard that visualized the potential risk, allowing them to either further investigate, or to immediately respond.
Threat Research. Defenders that chose to continue their research used Anomali’s Investigation capability to enrich the Log4j data with context on observed vulnerabilities, geolocation of attackers, and other intelligence that further increased fidelity. Additionally, using Anomali Lens, Defenders researched public, private, and security monitoring intel sources to collect new attack information to be used for detection.
Threat Detection. Defenders used the high-fidelity signals collected through the investigation and research process to quickly detect Log4j attacks using Match Forensic and Retrospective search. Able to correlate a massive amount of security telemetry together with global intelligence, Match determined whether the organization was a victim of a Log4j attack within seconds. And because most advanced attacks leverage techniques that have existed for years, Match’s big data approach was able to detect other breaches going back as far as five years.
Threat Response. Finally, using Anomali’s MITRE ATT&CK dashboard, Defenders were able to visualize the impact of the detected attack on their existing security posture. With this information, they pivoted to a response based on Anomali provided mitigation strategies and detection signatures to bolster their security against existing and future breaches. To complete the response cycle, automated dissemination of machine-readable threat intelligence to the organization’s security controls using Anomali Integrator ensured that the organization’s security posture could detect new and evolving Log4j related attacks.
Based on customer testimonials, with Anomali, what would have taken them hours or days to simply identify a breach, turned into minutes to detect, prioritize, and protect against immediate – and future Log4j cyber threats.
Log4j threat detection intelligence delivered by Anomali Threat Research