The Securities and Exchange Commission on July 26, 2023, approved and adopted a new rule within the Framework of Form 8K reporting - which requires public companies to report on material events that affect shareholders or investors - which has now been expanded to include cybersecurity breaches.
The new rule requires companies to disclose information within four business days after determining whether the cybersecurity incident is considered material. Also included in the ruling is the disclosure on an annual basis of the following measures; cybersecurity risk management, strategy, and governance.
This ruling is meant to protect investors and provide more transparency as many breaches go unreported. This is fine, but it also puts a very short timeframe for most companies to 1) determine the extent of the breach, and 2) report out on it. And all of this is separate from actually responding to the breach itself.
So how can Anomali help?
Let’s start with preventing the breach by leveraging the Anomali platform to identify risk, hunt and mitigate threats, and leverage Intelligence and big data at scale and speed.
Anomali Attack Surface Management
A single security gap can leave your organization’s data open to attack. To fortify your attack surface, you must discover all your exposed assets, prioritize them based on the risk they pose to your business, and remediate them quickly.
Modern hybrid environments, distributed workforces, multi-vendor security, and shadow IT make it hard to gain complete visibility and understanding across the enterprise attack surface. To work faster and smarter, security teams need both comprehensive visibility and data-driven insight into each vulnerability and the risk it presents.
Anomali Attack Surface Management continuously inventories and monitors your entire digital footprint, including hardware, applications, SaaS deployments, cloud resources, websites, subdomains, IP addresses, social media accounts, and vendors’ infrastructures— as well as the shadow IT assets that leave many organizations exposed.
Ongoing visibility, scanning, and discovery on both sides of the firewall help you track:
- Internet-facing hosts
- Unreachable assets
- SSH services
- Open ports
- CVE exploits
- End-of-life software
- Expired certificates
Anomali Match - Advanced Security Analytics
When a new threat emerges, security teams need answers fast: Have we been impacted? Are we protected? How are we responding? What are we doing to prevent this kind of breach in the future? Match helps improve organizational efficiencies and productivity by automating detection activities to immediately profile a threat and its impact on the organization to enable an effective response. Match collects security telemetry from across your organization – SIEM, EDR, Messaging, and network – and integrates layered threat detection to pinpoint relevant threats and provide analysts with the actionable intelligence required to investigate the root cause or a precise confirmation of an attack to respond immediately.
Pinpoint Relevant Threats Learn in seconds if a threat indicator is present in your historical event logs going back years, including asset data, vulnerability scan data, and threat intelligence.
Elevate Strategic Intelligence View alerts enriched with comprehensive threat intelligence context, MITRE ATT&CK framework IDs, asset criticality, and risk scores.
Accelerate Threat Hunting Proactively identify threats in your environment based on MITRE ATT&CK TTPs, actors, campaigns, threat bulletins, and vulnerabilities.
Predict the Next Attack Gain relevant visibility through continuous intelligence monitoring to uncover threats and prioritize response.
Anomali ThreatStream transforms raw data into actionable threat intelligence and insights so you can make informed decisions, respond quickly, and block threats in real-time.
Threat intelligence from hundreds of diverse sources is curated, centralized, and enriched to provide context for SOC alerts and investigations. Relevant intelligence is distributed automatically across your existing security controls to stop breaches and strengthen your attack surface. An integrated investigations workbench deepens insight and accelerates threat research.
Connecting the Anomali Security Operations Platform to the global community of cybersecurity researchers, ThreatStream puts the world’s largest repository of actioned intelligence at your fingertips. High-quality data helps teams investigate security events and assess threats in real time. Filtered for relevance and pushed into Anomali Match, ThreatStream intelligence can be correlated automatically with vulnerabilities in your own environment to enable analytics-powered security operations.
Unstructured threat intelligence is a vital resource for analysts and executives, but searching through page after page of documents for relevant information can be arduous and time-consuming—especially when reports of a new cyberattack, data breach, and the associated regulatory response increase the urgency.
Anomali Lens is a powerful Natural Language Processing engine that helps operationalize threat intelligence by automatically scanning digital content (PDF, HTML, Office 365 (Word, Excel, Outlook)) to identify relevant threats and streamline the lifecycle of researching and reporting on them. Available as a browser extension or Office 365 plug-in, Lens automatically highlights information that matters in news articles, threat bulletins, social media, research papers, blogs, coding repositories, and internal content sources, then helps you quickly communicate to inform executives and operationalize this intelligence across your organization to reduce risk. For security analysts: Quickly capture the full significance and context of a threat, then provide an executive summary with a clear analysis and risk assessment for the organization.
For executives: Gain immediate context for online cyberattack reports with one‐click visibility into the presence or absence of the threat in the organization’s own historic security event logs.
With only a 4-day window to react Anomali Solutions can not only help prevent a breach but also report quickly when one occurs providing timely information to CIOS's, SOC Teams, Hunt teams, and regulators.
To see a brief demo video of this capability in action, click here.