Tag Cyber interviews Anomali about Our Intelligence Driven Approach to XDR

AN INTERVIEW WITH MARK ALBA, CHIEF PRODUCT OFFICER, ANOMALI and TAG CYBER

The purpose of any extended detection and response platform is to support the translation of data collection into actionable prevention, detection and response. This objective benefits from an intelligence-driven emphasis where all-sourced threat intelligence is analyzed and correlated into proactive defensive actions that optimize returns on investment.

Anomali offers a commercial solution that consists of an intelligence-driven, cloud-native XDR solution for global enterprises. We wanted to learn more about how Anomali supports customer engagement by utilizing all-sourced telemetry to stop breaches and repel cyber threats.

TAG Cyber: What is meant exactly by XDR and how does it relate to threat intelligence?

ANOMALI: An effective XDR solution is vendor agnostic and brings a proactive approach to threat detection and response. It easily integrates into existing environments to deliver visibility across all security telemetry—including endpoint, network, and cloud data—while applying analytics and automation to address today’s increasingly sophisticated threats. Our cloud-native open XDR platform provides increased visibility across an organization and its threat landscape to help quickly identify threats in real-time by automatically correlating all security telemetry against active threat intelligence to expose known and unknown threats. By correlating the world’s largest repository of global actor, technique, and indicator intelligence with our nearly infinite detection capabilities, we can deliver a one-of-a-kind extended detection and response solution that continuously detects threats and prevents attacks before they happen.

TAG Cyber: How does The Anomali Platform work?

ANOMALI: Anchored by big data management and refined by artificial intelligence, our platform is made up of three key components that work together to gather security data from any telemetry source. We then correlate it with our global repository of threat intelligence to deliver high-performance threat detection. First, there is our ThreatStream Intelligence Management system that automates the collection and processing of raw data, transforming it into actionable threat intelligence for security teams. Next is Anomali Lens, a powerful natural language processing engine that helps operationalize threat intelligence and empower analysts with real-time context to inform their organization and accelerate decision making. Finally, there is Anomali Match, which provides precision threat detection to help a SOC identify and respond to threats in real-time by automatically correlating all security telemetry against active threat intelligence, thereby quickly and effectively stopping breaches and attackers. Our platform’s suite of components empowers security-operation teams by detecting threats with precision, optimizing response and achieving resiliency. Our SaaS-based solutions easily integrate into existing security tech stacks through native-cloud, multi-cloud, on-premises and hybrid deployments to solve security use cases that aren’t addressed by any other solutions on the market.

TAG Cyber: How does your solution support incident response?

ANOMALI: Our platform helps reduce false positives, enabling analysts to cut through the noise by only analyzing, validating and responding to relevant threats. We deliver an increased understanding of the attacker, as well as its techniques and tools, to enable an optimized response. In addition, analysts and incident responders can investigate via an integrated workbench to increase security-analyst productivity in threat research, analysis and finished intelligence publication. They can also automatically associate adversarial tactics, techniques, and procedures (TTPs) and attack patterns with techniques and sub-techniques in the MITRE ATT&CK enterprise framework to identify gaps in security coverage, take action to mitigate these gaps, and prevent follow-on attack stages. Finally, they can automatically disseminate data to other security products via the industry’s most extensive set of turnkey integrations for blocking and monitoring—including SIEM, Firewall, IPS, EDR and SOAR.

TAG Cyber: Tell us more about how your customers can prioritize their security investment based on output from your platform.

ANOMALI: Our platform helps elevate response performance and increase return on existing security investments via cloud-native multi-tenant solutions that easily integrate into existing security tech stacks. We provide differentiated insights by correlating all telemetries—the “X” in XDR, extending from endpoints to the public cloud—with the largest repository of global intelligence to help improve efficacy and reduce a security team’s workload, while enabling more private and secured community collaboration.

TAG Cyber: Can you share some insights into the future of enterprise threats in the coming years?

ANOMALI: With an increasing dependency on the cloud, along with a growth in digital transformation and remote workforces, the relentless expansion of the enterprise attack surface will continue to create challenges for security teams and opportunities for their adversaries. Boards and management teams are navigating a complex new terrain of escalated cybersecurity activities, geopolitical uncertainty and macro headwinds, including inflation, at a time when digital transformation is paramount and talent scarcity is at an all-time high. Now, more than ever, management teams need relevant business insights to swiftly protect themselves and their stakeholders from cyberattacks. That is the focus of our open XDR solution: to help management teams amplify visibility, enrich with relevant context, predict an adversary’s next move, and, ultimately, stop the attack.

Reach out to learn more about how Anomali's cloud-native XDR solution can help you stop breaches and attackers.

And click here to download the Tag Cyber Security Annual Quarterly Report.