One of the key differentiators between good security and great security is the interconnectedness between security solutions. Organizations need numerous specialized tools to aggregate, analyze, monitor, block, share - the list goes on. The more seamless the transfer of information and actions between these tools, the more effectively security teams can combat threats ranging from indiscriminate phishing to nation state attacks.
Anomali is constantly adding partners to its ecosystem to ensure that organizations get the best from the tools and information they already have and those they want to acquire. We’ve made this even easier by creating three software development kits for Feeds, Enrichments, and Integrations. Partners and users of the Anomali Threat Platform can add new capabilities to make their security programs more dynamic and actionable than ever. We’re incredibly happy to dedicate this partner spotlight to Silobreaker, our first partner to build out integrations using these SDKs!
Silobreaker is an intelligence platform that processes and analyses unstructured data. By indexing and analysing information from close to a million different sources, including blogs, feeds, news, forums, research, pastes and social media, Silobreaker lets customers understand the “what,” “how,” “when,” and “why” of events – as well as the context behind them.
This context is something we feel is missing from many other intelligence-focused security products. From vulnerabilities and data breaches to phishing campaigns, hacktivism and advanced persistent threats, the breadth and scope of cyber risks to business have never been greater. Yet while there is more information about these issues than ever before, answering the same key questions has only become harder:
- How is my business or industry being targeted – and by whom?
- Are there known vulnerabilities in my products or systems – and are they exploitable?
- Am I aware of emergent and strategic threats to my sector – and how can I prepare for them?
Indicators such as hashes and IP addresses provide evidence for these important questions, but they can’t provide the answers. For those we need to look at the overwhelming amount of unstructured information available across open and closed sources, analyse and process this data, and, most importantly, make sure that it is relevant, actionable and available. With customisable data-sets and queries, analytical tools and dissemination options, Silobreaker’s purpose is to do this heavy lifting.
Our integration with Anomali is a brilliant marriage of two complementary products. From the Enrichments side, we’re bringing context to observables; providing the “who”, “what” and “why” around a hash, an IP address, a domain and so on. It’s quickly queryable in graphs within ThreatStream and comes fully sourced and dated.
On the Feeds side, we’re populating Threat Models with documents around any topic or entity a client might want to see – from people, products and vulnerabilities to malware, threat actors and TTPs. It’s completely customisable and users can manage almost all of it themselves. In both cases we’re extracting indicators and providing the original source along with links back to Silobreaker, but it’s all interactable with ThreatStream acting as the single pane of glass.
As the first company to make use of two of the new software development kits from Anomali, we’re very pleased with the speed at which we were able to complete this integration and with how easy the SDKs were to use. We’ve already seen significant interest from both existing and potential customers, so we’re excited to see what the future holds.