July 29, 2016
Joe Franscella

How ThreatStream 6.0 Protects Your Network

<p>Good anti-virus software applications notify you immediately upon detection of malware. Great solutions alert you of an infection and can scrub it away without incident. But would you know if your website had been probed by your direct competition or hacktivists like Anonymous? Can you tell if an <a href="http://lawnewz.com/high-profile/defense-contractor-employee-charged-with-espionage-after-allegedly-selling-secrets-to-undercover-agent/" target="_blank">employee is scheming</a> to walk off with proprietary secrets? You wouldn’t know what to look for without the benefit of others’ experiences as applied to your network. Threat intelligence goes beyond virus scans to inform you of all manner of suspicious traffic.</p><p>ThreatStream 6.0 works with your existing security platform to super-charge it with the benefit of tens of millions of known indicators of compromise. It collects data and examines it for 50 known threat indicators. Using underlying knowledge about your particular challenges and vulnerabilities, threats are translated into actionable intelligence. The platform then directs the alerts throughout the existing security infrastructure as needed. To make all of this happen fast enough for you to take meaningful action requires very sophisticated data transmittal and analysis. It works as a SaaS-based platform. Network traffic is compared to a cloud-based library of known threat actors and other suspicious patterns. For even faster processing, the application can be installed locally on all devices which are to be protected.</p><p>Our platform collects web traffic logs from multiple points on the network and transmutes them through a central processor which manages and aggregates the data. Indicators of compromise, if matched, are acknowledged in an alert. In many cases, the location of the breach is not always exactly the same piece which needs protection from the hacker who caused the alert. Another feature that sets Anomali products apart are their ability to cull threats from multiple sites and deliver alerts to many destinations simultaneously.</p><p>Standalone anti-malware applications cannot work together to protect one another like ThreatStream 6.0 can. The Modern Honeynet Project has fostered sharing of indicators of compromise to build an incredibly rich data resource of known threat actors and profiles of their methodologies. Searching your traffic logs for indicators of compromise requires nuanced analysis. Studying activity on one segment and flagging it as a threat to another can only be achieved with sophisticated factors which place the event into context as threatening.</p><p>Most enterprises have <a href="https://www.anomali.com/blog/threat-intelligence-platforms-tracking-more-than-just-threats">certain threats</a> that are more prevalent among their type of business. Be it healthcare, government, or finance sometimes hackers focus on a special industry or identify a particular class of target. These would-be victims do well to work together, even if they compete in the marketplace. Sharing of threat indicators is the first step towards identifying these criminals, stopping them, and hopefully bringing them to justice. However, this goal is mitigated by a need to keep some affairs including details about your network and what’s happened to it private. The Anomali solution to this quandary was to create solutions to facilitate this.</p><p>You can build a personalized set of threat indicators with a tool called Threat Intelligence Package and then share the info in your TIPs with peers at your discretion. Some activities which are not classically malicious still indicate misuse or some kind of trouble. Add on TIPs that alert you of these suspicious behaviors:</p><ul><li>Anonymizing <a href="http://www.cnet.com/news/nsa-likely-targets-anybody-whos-tor-curious/" target="_blank">browsers like TOR</a></li><li>Free or notorious spam email addresses (Hotmail, mail.ru, etc.)</li><li>Traffic to/from a Virtual Protocol Network (VPN) or dynamic web domain</li><li>Speed test websites</li><li>IP Checking domains (like whatismyip.com)</li><li>Geographic lookup tools</li></ul><p>Threat intelligence extends to devices, too. Experts predict the next battle will be fought over safeguarding the Internet of Things, the newer category of traffic created by web-enabled gadgets we are coming to rely on more and more. Attempts to hijack our smart appliances, security cameras, etc. will be monitored as part of the umbrella of network protection.</p><p>From all this data, ThreatStream 6.0 can deliver risk-scored threat intelligence. Alerts that give you more detailed information allow you to understand the severity of the threat and respond appropriately. With actionable <a href="https://www.anomali.com/blog/4-traits-to-look-for-in-cyber-intelligence-companies">threat intelligence from a reputable company</a>, alerts come with suggestions of specific actions to take. Don’t panic, respond.</p><p>Want a free trial of ThreatStream 6.0?</p><p><span class="hs-cta-wrapper" id="hs-cta-wrapper-72748759-de3b-4071-8b46-927309e5c0e2"><span class="hs-cta-node hs-cta-72748759-de3b-4071-8b46-927309e5c0e2" data-hs-drop="true" id="hs-cta-72748759-de3b-4071-8b46-927309e5c0e2" style="visibility: visible; display: block; text-align: center;"><a class="cta_button " cta_dest_link="https://ui.threatstream.com/registration?__hstc=41179005.2806f0780d8468d5c6aeb03c3d74664b.1458055548847.1462303596270.1462894002796.11&__hssc=41179005.4.1462894002796&__hsfp=1123498312" href="https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/c/?cta_guid=934dfefa-640b-40f3-a7d6-8d43f9c1a542&placement_guid=72748759-de3b-4071-8b46-927309e5c0e2&portal_id=458120&redirect_url=APefjpFeycpwqyTguxvk1qrBxpD2g0UqtQsa3FvMS07u2hBmCJdCdKxS56wMGP9IL-PoSzp158Tpc_N3fBmuCE3_w3hvXvzRthA6vWU46RZb4mPFY4Av0ngZpzkDtOpBpmXqgUFGqNsDw28-RUjI5Dr2A0y838O9Yw568Ib_0gyLxLfBayS-RCS9x5RQDZ6cBs9y24RJAUgEU9UnSslZprb6fDHqKVBIlhAEaq8UkilUIls2cnAgBEPeZEz1m07NLqJ8HuDshUpEQTZGdxgw2mCEp-df7XZ9hSSpEV5pVxJlddnYVFQNIZXmciQlOARhat-EHWhX24IXfGJFncvdJKP5Rqz3Q0YAr_sekgCnYAq4NkiES2oFZkxZRcQQ1SD6RjR4Uxd9Zs6dn7LvYlhk0-8BD5-fqkYA1dk1rTjHupieQ-FbHyuXhhIVuuLD8rwIMnU9X1x6sI8et5DRJ3C04gWO7kess7nJxw&hsutk=2767d93d6471d657e0c9f660e4b58ef8&utm_referrer=https%3A%2F%2Fblog.anomali.com%2Fhow-threatstream-6.0-protects-your-network&canon=https%3A%2F%2Fblog.anomali.com%2Fhow-threatstream-6.0-protects-your-network&pageId=4292506213&__hstc=41179005.2767d93d6471d657e0c9f660e4b58ef8.1456736058655.1478822660171.1478831861868.179&__hssc=41179005.64.1478831861868&__hsfp=1335165674" id="cta_button_458120_934dfefa-640b-40f3-a7d6-8d43f9c1a542" style="margin: 20px auto;" target="_blank" title="Start Your Free Trial Today">Start Your Free Trial Today </a> </span> <script charset="utf-8" src="https://js.hscta.net/cta/current.js"></script> <script type="text/javascript">hbspt.cta.load(458120, '72748759-de3b-4071-8b46-927309e5c0e2', {});</script> </span></p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.