Integrated tools and intelligence that provide context and actionable information
Security teams now have a wide variety of threat intelligence sources feeding them indicators of compromise, but knowing an IP address or domain name is just the first step in preventing or responding to a threat. Enriching the context around IOCs dramatically increases their value to analysts, and augmenting your threat research with advanced threat analysis services, such as sandboxing, provides critical details.
Threat Analysis Tools
Anomali provides 200+ advanced threat analysis services, including:
Join the Technology Partner Program
Authentic8 enables anyone, anywhere, on any device to experience the web without risk. The Silo Web Isolation Platform by Authentic8 separates the things you care about like apps, data and devices, from the things you cannot trust like public websites, external users and unmanaged devices. Silo executes all web code in a secure, isolated environment that is managed by policy, to provide protection and oversight. The world’s most at-risk organizations rely on Silo to deliver trust where it cannot otherwise be guaranteed.
Cisco Umbrella is a cloud security platform that provides the first line of defense against threats on the internet wherever users go. And because it’s built into the foundation of the internet and delivered from the cloud, Umbrella is the simplest security product to deploy and delivers powerful, effective protection. The intelligence from Cisco Umbrella Investigate provides the most complete view of the relationships and evolution of internet domains, IPs, and malware, and adds the security context needed to uncover and predict threats.
CrowdStrike™ is a leading provider of next-generation endpoint protection, threat intelligence, and services. CrowdStrike Falcon enables customers to prevent damage from targeted attacks, detect and attribute advanced malware and adversary activity in real time, and effortlessly search all endpoints reducing overall incident response time. CrowdStrike customers include some of the largest blue chip companies in the financial services, energy, oil & gas, telecommunications, retail, and technology sectors, along with some of the largest and most sophisticated government agencies worldwide.
The DomainTools Iris App for Anomali delivers a subset of DomainTools Iris data, together with pivot capability and domain risk score, directly to the analyst inside the Threatstream platform. This integration enables rapid in-context assessments of domain name observables and discovery of connected domains that share the same IP, hostname, or SSL certificate hash.
GreyNoise's integration with Anomali ThreatStream helps security analysts save time by revealing which events they can ignore. GreyNoise's data is a curation of IPs that saturate security tools with noise, like mass-internet scanners and harmless business services. This unique perspective helps analysts confidently ignore irrelevant or harmless activity, creating more time to uncover and investigate true threats.
HYAS Insight’s integration with Anomali ThreatStream helps security analysts increase accuracy and speed investigations. Using exclusive data sources and non-traditional mechanisms, HYAS Insight data connects observables to billions of indicators of compromise to understand and counter adversary infrastructure. Users can find an interesting match in ThreatStream and amplify it with HYAS Insight to expand their understanding of the adversary’s infrastructure.
Joe Sandbox is the industry’s most advanced automated and deep malware analysis solution. With a unique multi-technology approach, Joe Sandbox combines instrumentation, simulation, hardware virtualization, graph and hybrid analysis with advanced machine learning and AI technologies to deeply analyze even the most evasive malware. Joe Sandbox enables security specialists to analyze threats on Windows, macOS, Linux, Android and iOS operating systems and it’s available as a cloud service or an on premises software license and hardware appliance. Joe Sandbox provides an excellent detection rate, unmatched in-depth analysis and evasion resistance.
Maltego servers can be deployed within your organization meaning that instead of having your transforms running over Paterva’s infrastructure you can host your transform servers on infrastructure you control. An internal server gives you the ability to integrate with your structured internal data and leverage internal processes as well as the ability to distribute these transforms across your enterprise.
Recorded Future arms threat analysts, security operators, and incident responders to rapidly connect the dots and reveal unknown threats. Our patented technology automatically collects and analyzes threat intelligence from technical, open, and dark web sources to provide invaluable context for faster human analysis and real-time integration with your existing security systems.
Silobreaker helps security, business and intelligence professionals make sense of the overwhelming amount of data available on the web. By discovering insights that are buried deep inside the data, we help you uncover the information that is most valuable to you. Our products are designed to support your workflow, from collecting and analysing data to disseminating your findings across your organisation.
Soltra Edge® is an industry-driven software that automates processes to share, receive, validate and act on cyber threat intelligence. It enables an end-to-end community defense model and changes the posture of cybersecurity defenders from reactive to proactive. Soltra Edge is the most widely used Cyber Threat Communications Platform for two-way sharing of cybersecurity information among peers, trust groups, communities and government.
VirusTotal inspects items with over 60 antivirus scanners and URL/domain blacklisting services, in addition to a myriad of tools to extract signals from the studied content. Any user can select a file from their computer using their browser and send it to VirusTotal. VirusTotal offers a number of file submission methods, including the primary public web interface, desktop uploaders, browser extensions and a programmatic API. The web interface has the highest scanning priority among the publicly available submission methods. Submissions may be scripted in any programming language using the HTTP-based public API.
VMRay delivers advanced threat analysis and detection that combines a unique agentless hypervisor-based network sandbox with a real-time reputation engine. The combination provides both fast, high volume file classification and deep malware analysis. The VMRay Analyzer is platform independent and highly scalable, the result of a decade of R&D by some of the world’s leading experts on dynamic malware analysis. By monitoring at the hypervisor level, it is undetectable by malware running in the target operating system. VMRay serves leading enterprises around the world.