Der umfangreiche Marktplatz für Threat Intelligence, Anreicherungen und Integrationen
Der Anomali Preferred Partner Store (APP Store) ist ein umfangreicher Marktplatz für den Zugang zu Anbietern von Threat Intelligence, Integrationspartnern und Analysetools.
Anomali Threat Platform-Kunden können Threat Feeds von APP Store-Partnern einfach testen und erwerben. Hier finden Sie die richtigen Informationen für Ihr Unternehmen, Ihre Branche, geografische Region, Bedrohungsart usw.
Die Anomali Threat Platform lässt sich nahtlos in viele Sicherheits- und IT-Systeme integrieren, um Threatdaten zu operationalisieren. Das Developer SDK ermöglicht es Unternehmen außerdem, maßgeschneiderte Integrationen selbst zu entwickeln.
Integration
Zscaler services enable customers to move securely to a modern cloud architecture. The Zscaler cloud connects users to applications, regardless of where users connect or where the applications are hosted, while providing comprehensive security and a fast user experience. Zscaler offers two service suites that eliminate the cost and complexity of gateway appliances. Zscaler Internet Access securely connects users to internet and SaaS applications, scanning every byte of traffic to protect against cyber threats and data leakage. Zscaler Private Access provides fast access to internal applications hosted in the data center or public clouds—without the need for a VPN.
Threat Intelligence
The ZeroFOX for Anomali app extends social media and digital visibility across the cyber threat landscape into the Anomali Threat Platform to provide early warning into digital attacks on your business, executives and assets.
Security
VMRay delivers advanced threat analysis and detection that combines a unique agentless hypervisor-based network sandbox with a real-time reputation engine. The combination provides both fast, high volume file classification and deep malware analysis. The VMRay Analyzer is platform independent and highly scalable, the result of a decade of R&D by some of the world’s leading experts on dynamic malware analysis. By monitoring at the hypervisor level, it is undetectable by malware running in the target operating system. VMRay serves leading enterprises around the world.
Enrichment
VirusTotal inspects items with over 60 antivirus scanners and URL/domain blacklisting services, in addition to a myriad of tools to extract signals from the studied content. Any user can select a file from their computer using their browser and send it to VirusTotal. VirusTotal offers a number of file submission methods, including the primary public web interface, desktop uploaders, browser extensions and a programmatic API. The web interface has the highest scanning priority among the publicly available submission methods. Submissions may be scripted in any programming language using the HTTP-based public API.
Integration
Verodin, part of FireEye, is a platform that has made it possible for organizations to validate the effectiveness of cyber security controls, thereby protecting their reputation and economic value. The Verodin Security Instrumentation Platform (SIP) proactively identifies gaps in security effectiveness attributable to equipment misconfiguration, changes in the IT environment, evolving attacker tactics, and more. By measuring and testing security environments against both known and newly discovered threats, Verodin SIP identifies risks in security controls before a breach occurs and permits companies to rapidly adapt their defenses to the evolving threat landscape. Verodin SIP does this by instrumenting an IT environment to test the effectiveness of network, endpoint, email and cloud controls and provides quantifiable evidence that investments made in controls are actually delivering the expected business outcomes.
Integration
Tripwire delivers advanced threat, security and compliance solutions used by over 9,000 organizations, including over 50% of the Fortune 500. Tripwire enables enterprises, service providers and government agencies around the world to detect, prevent and respond to cyber security threats.
Threat Intelligence
The Media Trust works with the world's largest, most-heavily trafficked digital properties—websites and mobile apps—to provide real-time security, first-party data protection and privacy, performance management and quality assurance solutions that help protect, monetize and optimize the user experience across desktop, smartphone, tablet and gaming devices.
Threat Intelligence
TeamT5 is a group of hackers dedicated to cyber threat research. The team started out with outstanding research ability and has been delivering cyber threat intelligence (CTI) for more than 5 years. Compared with other CTI vendors, TeamT5 has the deepest and best understanding of cyber attackers in the Asia Pacific region. With leading intelligence and knowledge of cyber-attacks, TeamT5 developed unique technologies and methodology to help clients deal with targeted attacks. The solutions have been verified and have helped numerous victims to solve their problems.
Integration
Tanium gives the world’s largest enterprises and government organizations the unique power to secure, control and manage millions of endpoints across the enterprise within seconds. Serving as the “central nervous system” for enterprises, Tanium empowers security and IT operations teams to ask questions about the state of every endpoint across the enterprise in plain English, retrieve data on their current state and execute change as necessary, all within seconds. With the unprecedented speed, scale and simplicity of Tanium, organizations now have complete and accurate information on the state of endpoints at all times to more effectively protect against modern day threats and realize new levels of cost efficiency in IT operations.
Threat Intelligence
Symantec sees more threats, and protects more customers from the next generation of attacks. Symantec DeepSight addresses every stage of the attack lifecycle with industry-leading threat intelligence, advanced monitoring, incident response, and cyber skills development services.
Integration
Blue Coat, Inc. is a leading provider of advanced web security solutions for global enterprises and governments, protecting 15,000 organizations including over 70 percent of the Fortune Global 500. Through the Blue Coat Security Platform, Blue Coat unites network, security and cloud, protecting enterprises and their users from cyber threats – whether they are on the network, on the web, in the cloud or mobile.
Security
Sqrrl is the threat hunting company that enables security analysts to discover advanced threats faster, and reduces the time and resources required to investigate them. Sqrrl’s industry-leading Threat Hunting Platform unites link analysis, advanced machine learning analytics, and multi-petabyte scalability capabilities into an integrated solution.
Integration
Splunk Inc. (NASDAQ: SPLK) provides the leading software platform for real-time Operational Intelligence. Splunk® software and cloud services enable organizations to search, monitor, analyze and visualize machine-generated big data coming from websites, applications, servers, networks, sensors and mobile devices. More than 8,400 enterprises, government agencies, universities and service providers in more than 100 countries use Splunk software to deepen business and customer understanding, mitigate cybersecurity risk, prevent fraud, improve service performance and reduce cost. Splunk products include Splunk® Enterprise, Splunk Cloud™, Hunk®, Splunk MINT Express™ and premium Splunk Apps.
Enrichment
Soltra Edge® is an industry-driven software that automates processes to share, receive, validate and act on cyber threat intelligence. It enables an end-to-end community defense model and changes the posture of cybersecurity defenders from reactive to proactive. Soltra Edge is the most widely used Cyber Threat Communications Platform for two-way sharing of cybersecurity information among peers, trust groups, communities and government.
Integration
Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Threat Intelligence
Sixgill’s cyber threat intelligence solution focuses on your intelligence needs, helping you mitigate risk to your organization, more effectively and more efficiently. Using an agile and automatic collection methodology, Sixgill provides you with broad coverage of exclusive-access deep and dark web sources as well as relevant surface web sources. Utilizing artificial intelligence and machine learning, Sixgill automates the production cycle of cyber intelligence from monitoring, to extraction to production, uniquely focusing on relevant threats operating in these sources. A market leader in deep and dark web cyber threat intelligence, Sixgill provides threat intelligence solutions to enterprises around the world including Fortune 500 companies, financial institutions, and law enforcement agencies, addressing a wide range of cybersecurity challenges.
Threat Intelligence, Enrichment
Silobreaker helps security, business and intelligence professionals make sense of the overwhelming amount of data available on the web. By discovering insights that are buried deep inside the data, we help you uncover the information that is most valuable to you. Our products are designed to support your workflow, from collecting and analysing data to disseminating your findings across your organisation.
Integration
Securing your organization from unknown threats means taking a proactive security approach. By working with ServiceNow Security Operations, Anomali Threat Intelligence empowers security analysts with an end-to-end security orchestration, automation, and response engine covering monitoring, visibility, and remediation.
Integration
Securonix is re-defining the next generation of cyber-threat detection using the power of entity context, machine learning, and big data. Our purpose-built, security analytics platform mines, enriches, analyzes, scores and visualizes data into actionable intelligence on the highest risk threats. Using machine learning techniques that track user, account and system behavior, Securonix detects the most advanced insider threats, cyber threats and fraud attacks in real-time. Globally, customers are using Securonix to address needs around insider threat detection, privileged misuse, cloud security, cyber threat detection, patient data monitoring, fraud detection and application security monitoring.
Integration
RSA® Business-Driven Security™ solutions uniquely link business context with security incidents to help organizations manage risk and protect what matters most. RSA solutions are designed to effectively detect and respond to advanced attacks; manage user identities and access; and reduce business risk, fraud and cybercrime. RSA protects millions of users worldwide and works with more than 90 percent of the Fortune 500.
Threat Intelligence
ReversingLabs provides the industry’s first modular, high volume file classification solution, that scales to assess million of files from various sources including endpoints, network and storage.
Threat Intelligence
An online cyber threat intelligence collaborative – a private, X-industry ISAC/ISAO. Founded in 2011, Red Sky Alliance analysts share information about targeted, advanced, and emerging cyber threats in a private secure portal. Red Sky Alliance membership is open to individuals who work for companies, organizations and government. We follow most industry segments and write reports that are of interest to INFOSEC professionals.
Enrichment
Recorded Future arms threat analysts, security operators, and incident responders to rapidly connect the dots and reveal unknown threats. Our patented technology automatically collects and analyzes threat intelligence from technical, open, and dark web sources to provide invaluable context for faster human analysis and real-time integration with your existing security systems.
Threat Intelligence
Q6 Cyber monitors the Digital Underground - a vast universe of online sites, marketplaces, communities, and forums where hackers, fraudsters, and cyber criminals operate and interact. Our 24x7 coverage includes not only the DarkWeb and DeepWeb, but also malware networks, botnets, private messaging platforms and other cybercrime infrastructure. Q6 delivers exceptional ROI to enterprise customers around the world through significant reduction of fraud losses, data breaches, and electronic crimes including Customer Account Takeovers and Payment Card Fraud. Our e-Crime Intelligence helps to transform your information security and fraud operations from reactive to proactive.
Security
Phantom is leading a revolution in the Security Operations Center (SOC) with the first community-powered security automation & orchestration platform. Phantom's mission is to close the security gap by enabling teams to work smarter, respond faster, and strengthen their defenses.
Integration
Palo Alto Networks is the next-generation security company maintaining trust in the digital age by helping tens of thousands of organizations worldwide prevent cyber breaches. With our deep cybersecurity expertise, commitment to innovation, and game-changing Next-Generation Security Platform, customers can confidently pursue a digital-first strategy and embark on new technology initiatives, such as cloud and mobility. This kind of thinking and know-how helps customer organizations grow their business and empower employees all while maintaining complete visibility and the control needed to protect their critical control systems and most valued data assets.
Integration
Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.
Integration
NSS Labs, Inc. is the global leader in operationalizing cybersecurity, empowering enterprises by providing relevant information to reduce the operational burden of cybersecurity and address crucial gaps in their cybersecurity efforts. Our unmatched and well-respected foundation in security testing, along with our enterprise research and global threat analysis capabilities, provide the basis for our CAWS Continuous Security Validation Platform, an advanced platform that substantiates the effectiveness of enterprise security controls and uncovers unmitigated risks to enterprise systems. Using fact-based threat data and objective risk information, CAWS enables businesses to strengthen their cyber risk posture, continuously validate their security controls and take timely action to mitigate threats to their Operating Systems and applications. CISOs, Chief Security Architects, SOC and Threat Analysts, and SOC and information security professionals from many of the world's largest and most demanding enterprises rely on trusted insights from NSS Labs.
Integration
Mimecast is a leading cybersecurity provider that helps tens of thousands of organizations worldwide make email safer, restore trust and strengthen cyber resilience. As a 100% cloud suite, Mimecast provides: Enhanced email security to further protect against phishing, malware attacks and impersonation attempts; Web security to ensure users remain safe online; Continuity with a 100% SLA on availability - keep users communicating during an Office 365 / Exchange migration or downtime; A multipurpose archive and data protection for both remediation, corporate governance and compliance; Awareness training to educate your users on the best practice when tackling the modern emerging threats; Brand protection to protect against the fraudulent web domains you don't own; DMARC enforcement to protect those domains you do own. All delivered through one simple interface and designed to help you stand strong in the face of cyberattacks, compliance risk, human error and technical failure. Whether you choose one, some, or all of the services in the Mimecast suite, we make it easy to do business with us.
Integration
Micro Focus is a global software company with 40 years of experience in delivering and supporting enterprise software solutions that help customers innovate faster with lower risk. Our portfolio enables our 20,000 customers to build, operate and secure the applications and IT systems that meet the challenges of change. We are a global software company, committed to enabling customers to both embrace the latest technologies and maximize the value of their IT investments. Everything we do is based on a simple idea: the fastest way to get results from new technology investments is to build on what you have–in essence, bridging the old and the new.
Integration
McAfee Enterprise Security Manager is a security information and event management (SIEM) solution that delivers actionable intelligence and integrations to prioritize, investigate, and respond to threats.
Threat Intelligence
Malware Patrol provides real-time threat intelligence that protects companies in over 175 countries against the latest cyber threats, including phishing, malware, ransomware, data exfiltration, and brand infringement. Security teams rely on our dependable and historically rich data to expand their threat landscape visibility, resulting in improved detection rates and response times.
Enrichment
Maltego servers can be deployed within your organization meaning that instead of having your transforms running over Paterva’s infrastructure you can host your transform servers on infrastructure you control. An internal server gives you the ability to integrate with your structured internal data and leverage internal processes as well as the ability to distribute these transforms across your enterprise.
Integration
LogRhythm, a leader in Threat Lifecycle Management, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyberthreats. The company’s patented award-winning platform unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration (SAO) and advanced security analytics. In addition to protecting customers from the risks associated with cyberthreats, LogRhythm provides compliance automation and assurance, and enhanced IT intelligence.
Integration
The LogicHub SOAR+ platform delivers autonomous detection and response, advanced analytics, and machine learning to automate decision making with extreme accuracy.
Security
Lastline provides breach protection products that are innovating the way companies defend against advanced malware. We deliver the visibility, context, analysis, and integrations enterprise security teams need to quickly and completely eradicate malware-based threats before a damaging and costly data breach occurs. Headquartered in Redwood City, California with offices throughout North America, Europe and Asia, Lastline’s technology is used by Global 5000 enterprises, is offered directly and through resellers and security service providers, and is integrated into leading third-party security technologies worldwide.
Threat Intelligence
Most Tested. Most Awarded. For over 20 years, we’ve been recognized as experts in the fight against malware and cybercrime. In 2017, Kaspersky products participated in 86 independents tests & reviews – and were awarded 72 first places and 78 top-three finishes.
Security
Joe Security specializes in the development of automated malware analysis systems for malware detection and forensics. Based on the idea of deep malware analysis & multi technology platform, Joe Security has developed unique technologies to analyze malware in a depth previously not possible. Joe Security provides malware analysis systems as a cloud service or as a standalone software package on premise. Analysis targets include Windows, macOS, Linux, Android and iOS at any scale. With its products Joe Security empowers CERTS, CIRTS, SOCs, malware analyst and incident responders around the world to detect and deeply understand malware.
Threat Intelligence
FireEye iSIGHT Threat Intelligence is a proactive, forward-looking means of qualifying threats poised to disrupt your business based on the intents, tools and tactics of the attacker. Our high-fidelity, comprehensive intelligence delivers visibility beyond the typical attack lifecycle, adding context and priority to global threats before, during and after an attack. It helps mitigate risk, bolster incident response, and enhance your overall security ecosystem. Get the intel you need to predict attack and refocus your attention on what matters most to your business.
Threat Intelligence
Intel 471 provides an actor-centric intelligence collection capability for the world's leading cyber threat intelligence teams. Their intelligence collection focuses on infiltrating and maintaining access to closed sources where threat actors collaborate, communicate and plan cyber attacks.
Integration
Infoblox delivers Actionable Network Intelligence to enterprise, government, and service provider customers around the world. We are the industry leader in DNS, DHCP, and IP address management, the category known as DDI. We empower thousands of organizations to control and secure their networks from the core—enabling them to increase efficiency and visibility, improve customer service, and meet compliance requirements.
Threat Intelligence
iDefense empowers its customers’ environments with contextual, timely and actionable security intelligence, enabling businesses and governments to make smarter decisions to defend against new and evolving threats.
Security
IBM Resilient’s mission is to help organizations thrive in the face of any cyberattack or business crisis. The industry’s leading Incident Response Platform (IRP) empowers security teams to analyze, respond to, and mitigate incidents faster, more intelligently, and more efficiently. The Resilient IRP is the industry’s only complete IR orchestration and automation platform, enabling teams to integrate and align people, processes, and technologies into a single incident response hub. With Resilient, security teams can have best-in-class response capabilities. IBM Resilient has more than 200 global customers, including 50 of the Fortune 500, and hundreds of partners globally.
Integration
IBM® QRadar® SIEM consolidates log events and network flow data from thousands of devices, endpoints and applications distributed throughout a network. It normalizes and correlates raw data to identify security offenses, and uses an advanced Sense Analytics engine to baseline normal behavior, detect anomalies, uncover advanced threats, and remove false positives. As an option, this software incorporates IBM X-Force® Threat Intelligence which supplies a list of potentially malicious IP addresses including malware hosts, spam sources and other threats. IBM QRadar SIEM can also correlate system vulnerabilities with event and network data, helping to prioritize security incidents.
Integration
Hadoop is an open-source software framework for storing data and running applications on clusters of commodity hardware. It provides massive storage for any kind of data, enormous processing power and the ability to handle virtually limitless concurrent tasks or jobs.
Threat Intelligence
Group-IB is one of the global leaders in preventing and investigating high-tech crimes and online fraud. Since 2003, the company has been active in the field of computer forensics and information security, protecting the largest international companies against financial losses and reputation risks.
Threat Intelligence
The Georgia Tech Research Institute is a highly-regarded applied research and development organization. Each day, GTRI’s science and engineering expertise is used to solve some of the toughest problems facing government and industry across the nation and around the globe. GTRI redefines innovation by tackling customers’ most complex challenges with the right mix of expertise, creativity and practicality. Our expert scientists and engineers turn ideas into workable solutions and then put those solutions into action. GTRI has 76 active US Letters Patents, 43 pending US patent applications and 15 pending provisional applications in the United States.
Integration
FortiSIEM enables cross-correlated analytics from diverse information sources including logs, performance metrics, SNMP Traps, security alerts and configuration changes. FortiSIEM takes the analytics traditionally monitored in separate SOC and NOC silos and brings that data together for a holistic view of the threats in the organization. FortiSIEM expands network visibility through the Fortinet Security Fabric's integrations with leading security vendors.
Threat Intelligence
Flashpoint strives to empower their customers to make better decisions in support of their customers' business or mission by gathering the most salient data publicly available on the internet and providing meaningful, timely, relevant, and actionable insights through a fusion of technology and subject matter expertise. Their ultimate goal is to make the world a safer place by empowering people and organizations everywhere to detect, understand, and mitigate the risks that matter to them the most.
Threat Intelligence, Integration
FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and our world-renowned Mandiant consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks.
Threat Intelligence
Farsight Security provides rapid threat detection and response to rapidly identify and react to incursions of your internet presence and brand. Real-time contextual information increases the value of threat data for the enterprise, government and security industries. Farsight provides the world’s most security conscious organizations with threat intelligence and incident threat detection, protecting users and their infrastructure.
Threat Intelligence
Most threat intelligence solutions suffer because the data is too hard to standardize and verify. Facebook created the ThreatExchange platform so that participating organizations can share threat data using a convenient, structured, and easy-to-use API that provides privacy controls to enable sharing with only desired groups.
Threat Intelligence
Proofpoint ET Intelligence delivers the most timely and accurate threat intelligence. Their fully verified intel provides deeper context and integrates seamlessly with your security tools to enhance your decision-making.
Threat Intelligence
The Dragos ICS asset identification, threat detection and response platform distills decades of real-world experience from an elite team of ICS cybersecurity experts across the U.S. intelligence community and private industrial companies. Dragos’ offerings also include professional services, and Dragos WorldView for regular threat intelligence reports. Dragos is headquartered in the Washington, DC area.
Enrichment
The DomainTools Iris App for Anomali delivers a subset of DomainTools Iris data, together with pivot capability and domain risk score, directly to the analyst inside the Threatstream platform. This integration enables rapid in-context assessments of domain name observables and discovery of connected domains that share the same IP, hostname, or SSL certificate hash.
Threat Intelligence
Digital Shadows monitors and manages an organization’s digital risk across the widest range of data sources within the visible, deep and dark web to protect the company’s business and reputation. Digital Shadows SearchLight™ service combines the industry’s most comprehensive and scalable data analytics combined with human data security experts to protect an organization from digital risks.
Security
CyberSponse enables companies to defend and counter attackers through a unique and collaborative security operations platform that facilitates comprehensive incident response lifecycle management. Founded in 2011, CyberSponse is a leading provider of automated incident response (IR) solutions for cyber security threat management. Most security groups within organization’s today use Word, Excel, and internal email to manage their daily security operations. CyberSponse takes a different approach and believes that an automated and transparent view of SecOp efforts and true situational awareness for all levels of management is required for proactive management of the complexity of IT Security. The CyberSponse technology platform dramatically improves the efficiency and the effectiveness of the daily SecOps team’s efforts against cyber-attacks by providing a centralized system for managing, monitoring, reporting, and analyzing an organization’s entire IT Security infrastructure and processes.
Security
Cuckoo Sandbox is a malware analysis system. In other words, you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment. Malware is the Swiss-army knife of cybercriminals and any other adversary to your corporation or organization. In these evolving times, detecting and removing malware artifacts is not enough: it's vitally important to understand how they operate in order to understand the context, the motivations and the goals of a breach, for better protecting in the future Cuckoo Sandbox is a free software that automated the task of analyzing any malicious file under Windows, OS X, Linux, and Android.
Threat Intelligence
We're an independent cyber security services company with a single focus - detecting and mitigating threats to protect our customers’ assets, brands and users. We create value by sharing our threat intelligence expertise, and help protect some of the world's largest commercial enterprises. Trusted by law enforcement agencies, government, business and news media, we are more than 60 cyber security professionals from over 20 countries.
Threat Intelligence, Integration
CrowdStrike™ is a leading provider of next-generation endpoint protection, threat intelligence, and services. CrowdStrike Falcon enables customers to prevent damage from targeted attacks, detect and attribute advanced malware and adversary activity in real time, and effortlessly search all endpoints reducing overall incident response time. CrowdStrike customers include some of the largest blue chip companies in the financial services, energy, oil & gas, telecommunications, retail, and technology sectors, along with some of the largest and most sophisticated government agencies worldwide.
Threat Intelligence
Cofense empowers your people to recognize phishing attacks and stop them in minutes, not days. Our end-to-end phishing defense solution combines cutting-edge technology with collective human intelligence to protect your organization from inbox to SOC. Cofense Intelligence is timely, trusted, high-fidelity, and contextual phishing-specific attack intelligence to help fight rapidly evolving threat landscape.
Integration
Cloudera delivers the modern platform for machine learning and advanced analytics built for the cloud. The world’s leading organizations trust Cloudera to help solve their most challenging business problems by efficiently capturing, storing, processing and analyzing vast amounts of data.
Enrichment
Cisco Umbrella is a cloud security platform that provides the first line of defense against threats on the internet wherever users go. And because it’s built into the foundation of the internet and delivered from the cloud, Umbrella is the simplest security product to deploy and delivers powerful, effective protection. The intelligence from Cisco Umbrella Investigate provides the most complete view of the relationships and evolution of internet domains, IPs, and malware, and adds the security context needed to uncover and predict threats.
Threat Intelligence
Cisco® Threat Grid combines two of the leading malware protection solutions: unified malware analysis and context-rich intelligence. It empowers security professionals to proactively defend against and quickly recover from cyber attacks. Cisco Threat Grid crowd-sources malware from a closed community and analyzes all samples using proprietary, highly secure techniques that include static and dynamic (sandboxing) analysis. It correlates the results with hundreds of millions of other analyzed malware artifacts to provide a global view of malware attacks, campaigns, and their distribution. Security teams can quickly correlate a single sample of observed activity and characteristics against millions of other samples to fully understand its behaviors in a historical and global context.
Integration
Check Point Software Technologies Ltd., the largest pure-play security vendor globally, provides industry-leading solutions, and protects customers from cyberattacks with an unmatched catch rate of malware and other types of attacks. Check Point offers a complete security architecture defending enterprises’ networks to mobile devices, in addition to the most comprehensive and intuitive security management. Check Point first pioneered the industry with FireWall-1 and its patented stateful inspection technology.
Integration
Carbon Black leads a new era of endpoint security by enabling organizations to disrupt advanced attacks, deploy the best prevention strategies for their business, and leverage the expertise of 10,000 professionals from IR firms, MSSPs and enterprises to shift the balance of power back to security teams. Only Carbon Black continuously records and centrally retains all endpoint activity, making it easy to track an attacker’s every action, instantly scope every incident, unravel entire attacks and determine root causes. Carbon Black also offers a range of prevention options so organizations can match their endpoint defense to their business needs. Carbon Black has been named #1 in endpoint protection, incident response, and market share. Forward-thinking companies choose Carbon Black to arm their endpoints, enabling security teams to: Disrupt. Defend. Unite.
Integration
Bro is a passive, open-source network traffic analyzer. It is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Bro supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting.
Threat Intelligence
Blueliv is a leading provider of targeted cyber threat information and analysis intelligence for large enterprises and service providers. Our deep expertise, global high-quality data sources, and proprietary big-data analysis capabilities enable our clients to successfully prevent targeted cyber attacks and strategically minimize future threats. The Blueliv cyber threat platform and feed address a comprehensive range of cyber threats to turn global threat data into predictive, actionable intelligence specifically for each enterprise and the unique threats it faces. Our powerful search and big-data analytics capabilities deliver real-time actionable information and adaptive response to our clients and partners.
Integration
The Bandura Cyber Threat Intelligence Gateway (TIG) is a purpose-built solution that, along with out-of-box threat intelligence, integrates with the Anomali Threat Platform to aggregate, automate, and operationalize massive amounts of threat intelligence. The TIG blocks known threats and unwanted traffic, enabling organizations to strengthen their network defenses, reduce staff workload, and maximize the value of existing security controls.
Um ein vollständiges Bild einer Bedrohung zu erhalten, müssen Sicherheitsanalytiker anhand einer Teilinformation weitere Datenquellen suchen. Mit Anomali entfällt dieser umständliche Vorgang, denn hiermit lassen sich derartige Integrationen mit nur einem Klick bewerkstelligen.
Geben Sie Ihre Informationen, Integrationen und Anreicherungen an die gesamte Anomali-Community weiter.
Integration
Zscaler services enable customers to move securely to a modern cloud architecture. The Zscaler cloud connects users to applications, regardless of where users connect or where the applications are hosted, while providing comprehensive security and a fast user experience. Zscaler offers two service suites that eliminate the cost and complexity of gateway appliances. Zscaler Internet Access securely connects users to internet and SaaS applications, scanning every byte of traffic to protect against cyber threats and data leakage. Zscaler Private Access provides fast access to internal applications hosted in the data center or public clouds—without the need for a VPN.
Threat Intelligence
The ZeroFOX for Anomali app extends social media and digital visibility across the cyber threat landscape into the Anomali Threat Platform to provide early warning into digital attacks on your business, executives and assets.
Security
VMRay delivers advanced threat analysis and detection that combines a unique agentless hypervisor-based network sandbox with a real-time reputation engine. The combination provides both fast, high volume file classification and deep malware analysis. The VMRay Analyzer is platform independent and highly scalable, the result of a decade of R&D by some of the world’s leading experts on dynamic malware analysis. By monitoring at the hypervisor level, it is undetectable by malware running in the target operating system. VMRay serves leading enterprises around the world.
Enrichment
VirusTotal inspects items with over 60 antivirus scanners and URL/domain blacklisting services, in addition to a myriad of tools to extract signals from the studied content. Any user can select a file from their computer using their browser and send it to VirusTotal. VirusTotal offers a number of file submission methods, including the primary public web interface, desktop uploaders, browser extensions and a programmatic API. The web interface has the highest scanning priority among the publicly available submission methods. Submissions may be scripted in any programming language using the HTTP-based public API.
Integration
Verodin, part of FireEye, is a platform that has made it possible for organizations to validate the effectiveness of cyber security controls, thereby protecting their reputation and economic value. The Verodin Security Instrumentation Platform (SIP) proactively identifies gaps in security effectiveness attributable to equipment misconfiguration, changes in the IT environment, evolving attacker tactics, and more. By measuring and testing security environments against both known and newly discovered threats, Verodin SIP identifies risks in security controls before a breach occurs and permits companies to rapidly adapt their defenses to the evolving threat landscape. Verodin SIP does this by instrumenting an IT environment to test the effectiveness of network, endpoint, email and cloud controls and provides quantifiable evidence that investments made in controls are actually delivering the expected business outcomes.
Integration
Tripwire delivers advanced threat, security and compliance solutions used by over 9,000 organizations, including over 50% of the Fortune 500. Tripwire enables enterprises, service providers and government agencies around the world to detect, prevent and respond to cyber security threats.
Threat Intelligence
The Media Trust works with the world's largest, most-heavily trafficked digital properties—websites and mobile apps—to provide real-time security, first-party data protection and privacy, performance management and quality assurance solutions that help protect, monetize and optimize the user experience across desktop, smartphone, tablet and gaming devices.
Threat Intelligence
TeamT5 is a group of hackers dedicated to cyber threat research. The team started out with outstanding research ability and has been delivering cyber threat intelligence (CTI) for more than 5 years. Compared with other CTI vendors, TeamT5 has the deepest and best understanding of cyber attackers in the Asia Pacific region. With leading intelligence and knowledge of cyber-attacks, TeamT5 developed unique technologies and methodology to help clients deal with targeted attacks. The solutions have been verified and have helped numerous victims to solve their problems.
Integration
Tanium gives the world’s largest enterprises and government organizations the unique power to secure, control and manage millions of endpoints across the enterprise within seconds. Serving as the “central nervous system” for enterprises, Tanium empowers security and IT operations teams to ask questions about the state of every endpoint across the enterprise in plain English, retrieve data on their current state and execute change as necessary, all within seconds. With the unprecedented speed, scale and simplicity of Tanium, organizations now have complete and accurate information on the state of endpoints at all times to more effectively protect against modern day threats and realize new levels of cost efficiency in IT operations.
Threat Intelligence
Symantec sees more threats, and protects more customers from the next generation of attacks. Symantec DeepSight addresses every stage of the attack lifecycle with industry-leading threat intelligence, advanced monitoring, incident response, and cyber skills development services.
Integration
Blue Coat, Inc. is a leading provider of advanced web security solutions for global enterprises and governments, protecting 15,000 organizations including over 70 percent of the Fortune Global 500. Through the Blue Coat Security Platform, Blue Coat unites network, security and cloud, protecting enterprises and their users from cyber threats – whether they are on the network, on the web, in the cloud or mobile.
Security
Sqrrl is the threat hunting company that enables security analysts to discover advanced threats faster, and reduces the time and resources required to investigate them. Sqrrl’s industry-leading Threat Hunting Platform unites link analysis, advanced machine learning analytics, and multi-petabyte scalability capabilities into an integrated solution.
Integration
Splunk Inc. (NASDAQ: SPLK) provides the leading software platform for real-time Operational Intelligence. Splunk® software and cloud services enable organizations to search, monitor, analyze and visualize machine-generated big data coming from websites, applications, servers, networks, sensors and mobile devices. More than 8,400 enterprises, government agencies, universities and service providers in more than 100 countries use Splunk software to deepen business and customer understanding, mitigate cybersecurity risk, prevent fraud, improve service performance and reduce cost. Splunk products include Splunk® Enterprise, Splunk Cloud™, Hunk®, Splunk MINT Express™ and premium Splunk Apps.
Enrichment
Soltra Edge® is an industry-driven software that automates processes to share, receive, validate and act on cyber threat intelligence. It enables an end-to-end community defense model and changes the posture of cybersecurity defenders from reactive to proactive. Soltra Edge is the most widely used Cyber Threat Communications Platform for two-way sharing of cybersecurity information among peers, trust groups, communities and government.
Integration
Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Threat Intelligence
Sixgill’s cyber threat intelligence solution focuses on your intelligence needs, helping you mitigate risk to your organization, more effectively and more efficiently. Using an agile and automatic collection methodology, Sixgill provides you with broad coverage of exclusive-access deep and dark web sources as well as relevant surface web sources. Utilizing artificial intelligence and machine learning, Sixgill automates the production cycle of cyber intelligence from monitoring, to extraction to production, uniquely focusing on relevant threats operating in these sources. A market leader in deep and dark web cyber threat intelligence, Sixgill provides threat intelligence solutions to enterprises around the world including Fortune 500 companies, financial institutions, and law enforcement agencies, addressing a wide range of cybersecurity challenges.
Threat Intelligence, Enrichment
Silobreaker helps security, business and intelligence professionals make sense of the overwhelming amount of data available on the web. By discovering insights that are buried deep inside the data, we help you uncover the information that is most valuable to you. Our products are designed to support your workflow, from collecting and analysing data to disseminating your findings across your organisation.
Integration
Securing your organization from unknown threats means taking a proactive security approach. By working with ServiceNow Security Operations, Anomali Threat Intelligence empowers security analysts with an end-to-end security orchestration, automation, and response engine covering monitoring, visibility, and remediation.
Integration
Securonix is re-defining the next generation of cyber-threat detection using the power of entity context, machine learning, and big data. Our purpose-built, security analytics platform mines, enriches, analyzes, scores and visualizes data into actionable intelligence on the highest risk threats. Using machine learning techniques that track user, account and system behavior, Securonix detects the most advanced insider threats, cyber threats and fraud attacks in real-time. Globally, customers are using Securonix to address needs around insider threat detection, privileged misuse, cloud security, cyber threat detection, patient data monitoring, fraud detection and application security monitoring.
Integration
RSA® Business-Driven Security™ solutions uniquely link business context with security incidents to help organizations manage risk and protect what matters most. RSA solutions are designed to effectively detect and respond to advanced attacks; manage user identities and access; and reduce business risk, fraud and cybercrime. RSA protects millions of users worldwide and works with more than 90 percent of the Fortune 500.
Threat Intelligence
ReversingLabs provides the industry’s first modular, high volume file classification solution, that scales to assess million of files from various sources including endpoints, network and storage.
Threat Intelligence
An online cyber threat intelligence collaborative – a private, X-industry ISAC/ISAO. Founded in 2011, Red Sky Alliance analysts share information about targeted, advanced, and emerging cyber threats in a private secure portal. Red Sky Alliance membership is open to individuals who work for companies, organizations and government. We follow most industry segments and write reports that are of interest to INFOSEC professionals.
Enrichment
Recorded Future arms threat analysts, security operators, and incident responders to rapidly connect the dots and reveal unknown threats. Our patented technology automatically collects and analyzes threat intelligence from technical, open, and dark web sources to provide invaluable context for faster human analysis and real-time integration with your existing security systems.
Threat Intelligence
Q6 Cyber monitors the Digital Underground - a vast universe of online sites, marketplaces, communities, and forums where hackers, fraudsters, and cyber criminals operate and interact. Our 24x7 coverage includes not only the DarkWeb and DeepWeb, but also malware networks, botnets, private messaging platforms and other cybercrime infrastructure. Q6 delivers exceptional ROI to enterprise customers around the world through significant reduction of fraud losses, data breaches, and electronic crimes including Customer Account Takeovers and Payment Card Fraud. Our e-Crime Intelligence helps to transform your information security and fraud operations from reactive to proactive.
Security
Phantom is leading a revolution in the Security Operations Center (SOC) with the first community-powered security automation & orchestration platform. Phantom's mission is to close the security gap by enabling teams to work smarter, respond faster, and strengthen their defenses.
Integration
Palo Alto Networks is the next-generation security company maintaining trust in the digital age by helping tens of thousands of organizations worldwide prevent cyber breaches. With our deep cybersecurity expertise, commitment to innovation, and game-changing Next-Generation Security Platform, customers can confidently pursue a digital-first strategy and embark on new technology initiatives, such as cloud and mobility. This kind of thinking and know-how helps customer organizations grow their business and empower employees all while maintaining complete visibility and the control needed to protect their critical control systems and most valued data assets.
Integration
Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.
Integration
NSS Labs, Inc. is the global leader in operationalizing cybersecurity, empowering enterprises by providing relevant information to reduce the operational burden of cybersecurity and address crucial gaps in their cybersecurity efforts. Our unmatched and well-respected foundation in security testing, along with our enterprise research and global threat analysis capabilities, provide the basis for our CAWS Continuous Security Validation Platform, an advanced platform that substantiates the effectiveness of enterprise security controls and uncovers unmitigated risks to enterprise systems. Using fact-based threat data and objective risk information, CAWS enables businesses to strengthen their cyber risk posture, continuously validate their security controls and take timely action to mitigate threats to their Operating Systems and applications. CISOs, Chief Security Architects, SOC and Threat Analysts, and SOC and information security professionals from many of the world's largest and most demanding enterprises rely on trusted insights from NSS Labs.
Integration
Mimecast is a leading cybersecurity provider that helps tens of thousands of organizations worldwide make email safer, restore trust and strengthen cyber resilience. As a 100% cloud suite, Mimecast provides: Enhanced email security to further protect against phishing, malware attacks and impersonation attempts; Web security to ensure users remain safe online; Continuity with a 100% SLA on availability - keep users communicating during an Office 365 / Exchange migration or downtime; A multipurpose archive and data protection for both remediation, corporate governance and compliance; Awareness training to educate your users on the best practice when tackling the modern emerging threats; Brand protection to protect against the fraudulent web domains you don't own; DMARC enforcement to protect those domains you do own. All delivered through one simple interface and designed to help you stand strong in the face of cyberattacks, compliance risk, human error and technical failure. Whether you choose one, some, or all of the services in the Mimecast suite, we make it easy to do business with us.
Integration
Micro Focus is a global software company with 40 years of experience in delivering and supporting enterprise software solutions that help customers innovate faster with lower risk. Our portfolio enables our 20,000 customers to build, operate and secure the applications and IT systems that meet the challenges of change. We are a global software company, committed to enabling customers to both embrace the latest technologies and maximize the value of their IT investments. Everything we do is based on a simple idea: the fastest way to get results from new technology investments is to build on what you have–in essence, bridging the old and the new.
Integration
McAfee Enterprise Security Manager is a security information and event management (SIEM) solution that delivers actionable intelligence and integrations to prioritize, investigate, and respond to threats.
Threat Intelligence
Malware Patrol provides real-time threat intelligence that protects companies in over 175 countries against the latest cyber threats, including phishing, malware, ransomware, data exfiltration, and brand infringement. Security teams rely on our dependable and historically rich data to expand their threat landscape visibility, resulting in improved detection rates and response times.
Enrichment
Maltego servers can be deployed within your organization meaning that instead of having your transforms running over Paterva’s infrastructure you can host your transform servers on infrastructure you control. An internal server gives you the ability to integrate with your structured internal data and leverage internal processes as well as the ability to distribute these transforms across your enterprise.
Integration
LogRhythm, a leader in Threat Lifecycle Management, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyberthreats. The company’s patented award-winning platform unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration (SAO) and advanced security analytics. In addition to protecting customers from the risks associated with cyberthreats, LogRhythm provides compliance automation and assurance, and enhanced IT intelligence.
Integration
The LogicHub SOAR+ platform delivers autonomous detection and response, advanced analytics, and machine learning to automate decision making with extreme accuracy.
Security
Lastline provides breach protection products that are innovating the way companies defend against advanced malware. We deliver the visibility, context, analysis, and integrations enterprise security teams need to quickly and completely eradicate malware-based threats before a damaging and costly data breach occurs. Headquartered in Redwood City, California with offices throughout North America, Europe and Asia, Lastline’s technology is used by Global 5000 enterprises, is offered directly and through resellers and security service providers, and is integrated into leading third-party security technologies worldwide.
Threat Intelligence
Most Tested. Most Awarded. For over 20 years, we’ve been recognized as experts in the fight against malware and cybercrime. In 2017, Kaspersky products participated in 86 independents tests & reviews – and were awarded 72 first places and 78 top-three finishes.
Security
Joe Security specializes in the development of automated malware analysis systems for malware detection and forensics. Based on the idea of deep malware analysis & multi technology platform, Joe Security has developed unique technologies to analyze malware in a depth previously not possible. Joe Security provides malware analysis systems as a cloud service or as a standalone software package on premise. Analysis targets include Windows, macOS, Linux, Android and iOS at any scale. With its products Joe Security empowers CERTS, CIRTS, SOCs, malware analyst and incident responders around the world to detect and deeply understand malware.
Threat Intelligence
FireEye iSIGHT Threat Intelligence is a proactive, forward-looking means of qualifying threats poised to disrupt your business based on the intents, tools and tactics of the attacker. Our high-fidelity, comprehensive intelligence delivers visibility beyond the typical attack lifecycle, adding context and priority to global threats before, during and after an attack. It helps mitigate risk, bolster incident response, and enhance your overall security ecosystem. Get the intel you need to predict attack and refocus your attention on what matters most to your business.
Threat Intelligence
Intel 471 provides an actor-centric intelligence collection capability for the world's leading cyber threat intelligence teams. Their intelligence collection focuses on infiltrating and maintaining access to closed sources where threat actors collaborate, communicate and plan cyber attacks.
Integration
Infoblox delivers Actionable Network Intelligence to enterprise, government, and service provider customers around the world. We are the industry leader in DNS, DHCP, and IP address management, the category known as DDI. We empower thousands of organizations to control and secure their networks from the core—enabling them to increase efficiency and visibility, improve customer service, and meet compliance requirements.
Threat Intelligence
iDefense empowers its customers’ environments with contextual, timely and actionable security intelligence, enabling businesses and governments to make smarter decisions to defend against new and evolving threats.
Security
IBM Resilient’s mission is to help organizations thrive in the face of any cyberattack or business crisis. The industry’s leading Incident Response Platform (IRP) empowers security teams to analyze, respond to, and mitigate incidents faster, more intelligently, and more efficiently. The Resilient IRP is the industry’s only complete IR orchestration and automation platform, enabling teams to integrate and align people, processes, and technologies into a single incident response hub. With Resilient, security teams can have best-in-class response capabilities. IBM Resilient has more than 200 global customers, including 50 of the Fortune 500, and hundreds of partners globally.
Integration
IBM® QRadar® SIEM consolidates log events and network flow data from thousands of devices, endpoints and applications distributed throughout a network. It normalizes and correlates raw data to identify security offenses, and uses an advanced Sense Analytics engine to baseline normal behavior, detect anomalies, uncover advanced threats, and remove false positives. As an option, this software incorporates IBM X-Force® Threat Intelligence which supplies a list of potentially malicious IP addresses including malware hosts, spam sources and other threats. IBM QRadar SIEM can also correlate system vulnerabilities with event and network data, helping to prioritize security incidents.
Integration
Hadoop is an open-source software framework for storing data and running applications on clusters of commodity hardware. It provides massive storage for any kind of data, enormous processing power and the ability to handle virtually limitless concurrent tasks or jobs.
Threat Intelligence
Group-IB is one of the global leaders in preventing and investigating high-tech crimes and online fraud. Since 2003, the company has been active in the field of computer forensics and information security, protecting the largest international companies against financial losses and reputation risks.
Threat Intelligence
The Georgia Tech Research Institute is a highly-regarded applied research and development organization. Each day, GTRI’s science and engineering expertise is used to solve some of the toughest problems facing government and industry across the nation and around the globe. GTRI redefines innovation by tackling customers’ most complex challenges with the right mix of expertise, creativity and practicality. Our expert scientists and engineers turn ideas into workable solutions and then put those solutions into action. GTRI has 76 active US Letters Patents, 43 pending US patent applications and 15 pending provisional applications in the United States.
Integration
FortiSIEM enables cross-correlated analytics from diverse information sources including logs, performance metrics, SNMP Traps, security alerts and configuration changes. FortiSIEM takes the analytics traditionally monitored in separate SOC and NOC silos and brings that data together for a holistic view of the threats in the organization. FortiSIEM expands network visibility through the Fortinet Security Fabric's integrations with leading security vendors.
Threat Intelligence
Flashpoint strives to empower their customers to make better decisions in support of their customers' business or mission by gathering the most salient data publicly available on the internet and providing meaningful, timely, relevant, and actionable insights through a fusion of technology and subject matter expertise. Their ultimate goal is to make the world a safer place by empowering people and organizations everywhere to detect, understand, and mitigate the risks that matter to them the most.
Threat Intelligence, Integration
FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and our world-renowned Mandiant consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks.
Threat Intelligence
Farsight Security provides rapid threat detection and response to rapidly identify and react to incursions of your internet presence and brand. Real-time contextual information increases the value of threat data for the enterprise, government and security industries. Farsight provides the world’s most security conscious organizations with threat intelligence and incident threat detection, protecting users and their infrastructure.
Threat Intelligence
Most threat intelligence solutions suffer because the data is too hard to standardize and verify. Facebook created the ThreatExchange platform so that participating organizations can share threat data using a convenient, structured, and easy-to-use API that provides privacy controls to enable sharing with only desired groups.
Threat Intelligence
Proofpoint ET Intelligence delivers the most timely and accurate threat intelligence. Their fully verified intel provides deeper context and integrates seamlessly with your security tools to enhance your decision-making.
Threat Intelligence
The Dragos ICS asset identification, threat detection and response platform distills decades of real-world experience from an elite team of ICS cybersecurity experts across the U.S. intelligence community and private industrial companies. Dragos’ offerings also include professional services, and Dragos WorldView for regular threat intelligence reports. Dragos is headquartered in the Washington, DC area.
Enrichment
The DomainTools Iris App for Anomali delivers a subset of DomainTools Iris data, together with pivot capability and domain risk score, directly to the analyst inside the Threatstream platform. This integration enables rapid in-context assessments of domain name observables and discovery of connected domains that share the same IP, hostname, or SSL certificate hash.
Threat Intelligence
Digital Shadows monitors and manages an organization’s digital risk across the widest range of data sources within the visible, deep and dark web to protect the company’s business and reputation. Digital Shadows SearchLight™ service combines the industry’s most comprehensive and scalable data analytics combined with human data security experts to protect an organization from digital risks.
Security
CyberSponse enables companies to defend and counter attackers through a unique and collaborative security operations platform that facilitates comprehensive incident response lifecycle management. Founded in 2011, CyberSponse is a leading provider of automated incident response (IR) solutions for cyber security threat management. Most security groups within organization’s today use Word, Excel, and internal email to manage their daily security operations. CyberSponse takes a different approach and believes that an automated and transparent view of SecOp efforts and true situational awareness for all levels of management is required for proactive management of the complexity of IT Security. The CyberSponse technology platform dramatically improves the efficiency and the effectiveness of the daily SecOps team’s efforts against cyber-attacks by providing a centralized system for managing, monitoring, reporting, and analyzing an organization’s entire IT Security infrastructure and processes.
Security
Cuckoo Sandbox is a malware analysis system. In other words, you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment. Malware is the Swiss-army knife of cybercriminals and any other adversary to your corporation or organization. In these evolving times, detecting and removing malware artifacts is not enough: it's vitally important to understand how they operate in order to understand the context, the motivations and the goals of a breach, for better protecting in the future Cuckoo Sandbox is a free software that automated the task of analyzing any malicious file under Windows, OS X, Linux, and Android.
Threat Intelligence
We're an independent cyber security services company with a single focus - detecting and mitigating threats to protect our customers’ assets, brands and users. We create value by sharing our threat intelligence expertise, and help protect some of the world's largest commercial enterprises. Trusted by law enforcement agencies, government, business and news media, we are more than 60 cyber security professionals from over 20 countries.
Threat Intelligence, Integration
CrowdStrike™ is a leading provider of next-generation endpoint protection, threat intelligence, and services. CrowdStrike Falcon enables customers to prevent damage from targeted attacks, detect and attribute advanced malware and adversary activity in real time, and effortlessly search all endpoints reducing overall incident response time. CrowdStrike customers include some of the largest blue chip companies in the financial services, energy, oil & gas, telecommunications, retail, and technology sectors, along with some of the largest and most sophisticated government agencies worldwide.
Threat Intelligence
Cofense empowers your people to recognize phishing attacks and stop them in minutes, not days. Our end-to-end phishing defense solution combines cutting-edge technology with collective human intelligence to protect your organization from inbox to SOC. Cofense Intelligence is timely, trusted, high-fidelity, and contextual phishing-specific attack intelligence to help fight rapidly evolving threat landscape.
Integration
Cloudera delivers the modern platform for machine learning and advanced analytics built for the cloud. The world’s leading organizations trust Cloudera to help solve their most challenging business problems by efficiently capturing, storing, processing and analyzing vast amounts of data.
Enrichment
Cisco Umbrella is a cloud security platform that provides the first line of defense against threats on the internet wherever users go. And because it’s built into the foundation of the internet and delivered from the cloud, Umbrella is the simplest security product to deploy and delivers powerful, effective protection. The intelligence from Cisco Umbrella Investigate provides the most complete view of the relationships and evolution of internet domains, IPs, and malware, and adds the security context needed to uncover and predict threats.
Threat Intelligence
Cisco® Threat Grid combines two of the leading malware protection solutions: unified malware analysis and context-rich intelligence. It empowers security professionals to proactively defend against and quickly recover from cyber attacks. Cisco Threat Grid crowd-sources malware from a closed community and analyzes all samples using proprietary, highly secure techniques that include static and dynamic (sandboxing) analysis. It correlates the results with hundreds of millions of other analyzed malware artifacts to provide a global view of malware attacks, campaigns, and their distribution. Security teams can quickly correlate a single sample of observed activity and characteristics against millions of other samples to fully understand its behaviors in a historical and global context.
Integration
Check Point Software Technologies Ltd., the largest pure-play security vendor globally, provides industry-leading solutions, and protects customers from cyberattacks with an unmatched catch rate of malware and other types of attacks. Check Point offers a complete security architecture defending enterprises’ networks to mobile devices, in addition to the most comprehensive and intuitive security management. Check Point first pioneered the industry with FireWall-1 and its patented stateful inspection technology.
Integration
Carbon Black leads a new era of endpoint security by enabling organizations to disrupt advanced attacks, deploy the best prevention strategies for their business, and leverage the expertise of 10,000 professionals from IR firms, MSSPs and enterprises to shift the balance of power back to security teams. Only Carbon Black continuously records and centrally retains all endpoint activity, making it easy to track an attacker’s every action, instantly scope every incident, unravel entire attacks and determine root causes. Carbon Black also offers a range of prevention options so organizations can match their endpoint defense to their business needs. Carbon Black has been named #1 in endpoint protection, incident response, and market share. Forward-thinking companies choose Carbon Black to arm their endpoints, enabling security teams to: Disrupt. Defend. Unite.
Integration
Bro is a passive, open-source network traffic analyzer. It is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Bro supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting.
Threat Intelligence
Blueliv is a leading provider of targeted cyber threat information and analysis intelligence for large enterprises and service providers. Our deep expertise, global high-quality data sources, and proprietary big-data analysis capabilities enable our clients to successfully prevent targeted cyber attacks and strategically minimize future threats. The Blueliv cyber threat platform and feed address a comprehensive range of cyber threats to turn global threat data into predictive, actionable intelligence specifically for each enterprise and the unique threats it faces. Our powerful search and big-data analytics capabilities deliver real-time actionable information and adaptive response to our clients and partners.
Integration
The Bandura Cyber Threat Intelligence Gateway (TIG) is a purpose-built solution that, along with out-of-box threat intelligence, integrates with the Anomali Threat Platform to aggregate, automate, and operationalize massive amounts of threat intelligence. The TIG blocks known threats and unwanted traffic, enabling organizations to strengthen their network defenses, reduce staff workload, and maximize the value of existing security controls.