What Can Anomali Do For You?Whether you are just getting started with the notion of threat intelligence or have a threat intelligence team focused on running your security operations, Anomali has solutions to help you wade through all that data. Anomali has created a threat intelligence platform that aggregates and analyzes threat intelligence from a multitude of sources, delivers actionable intelligence, lets you share and acquire threat intelligence from communities, and provides unmatched integrations of real-time threat intelligence with your existing security infrastructure.
Multi-Source Acquisition and Aggregation
ThreatStream is your one stop for all your threat intelligence needs. Not only does ThreatStream acquire threat intelligence from a multitude of sources, but it also:
- Aggregates unstructured and structured data from open source indicators, reputation feeds, and vendor provided threat feeds
- Sanitizes reduce false positives
- Enriches add threat scores based on ThreatStream's machine learning and Anomali Labs research
The ultimate result is threat intelligence that is meaningful for your business context and infrastructure.
If you already subscribe to public or private feeds, ThreatStream can import those feeds, enrich threat data, and automatically inject intelligence into your existing security infrastructure.
You can also import your private indicators into ThreatStream for additional context and relevancy, and tune those indicators for your needs. For example, you may want to whitelist certain domains or URLs.
Anomali partners with the a number of threat feeds providers—CrowdStrike, ReversingLabs, iSightPartners, Emerging Threats, FarSight Security, Flashpoint Partners, Threat Recon, Team Cymru, and Webroot.
Obtain Actionable Intelligence with Context
The Anomali threat intelligence platform is highly tunable—you can configure it to focus on threat intelligence relevant to your business and its needs. The platform does the heavy lifting for you by using its patented machine-learning technology—assigns business context to indicators, takes into account threat intelligence you have uploaded, communities you participate in, indicators you have whitelisted, filters out lower-priority threat data—and extracts actionable intelligence for your business from gigabytes of data thus allowing you to focus only on critical threats that may actually be harmful to your business and your data.
Threat Intelligence Packages created by threat intelligence experts and the user community on the Anomali platform allow you to obtain best practice workflows around specific incidents, adversaries, or events. Use these workflows to enhance the security posture of your organization.
Merge and Manage all Threat Intelligence
Threat intelligence knowledge management on the Anomali platform is dynamic and customizable. If you have a dedicated threat intelligence team that generates threat intelligence relevant to your organization, they can aggregate this intelligence on the Anomali platform. Analysts and security operators in your organization can then pivot on this intelligence and their contextual relationships to investigate incidents.
Using Anomali's integrated passive DNS and Reverse Whois services, available through the ThreatStream user interface, you can perform detailed analysis of an indicator or pivot out to query for and discover other related indicators. As you discover new indicators of interest, you can import them back into Anomali thus making them part of your threat intelligence.
Get Alerted – ON THE GO!
Threats don’t surface while you are in the SOC in front of a monitor. You need a finger on the pulse of your threat monitoring environment all the time. Anomali enables taking action and responding to priority threats that impact your business while you are on-the-go with its new Apple Watch and iOS apps! With these apps, ThreatStream provides complete situational awareness to busy security professionals and allows them to respond to adversary tactics with a few taps on your Apple Watch or iPhone.
Share Threat Intelligence
Anomali supports sharing of threat intelligence and analysis information across organizations and trusted communities while maintaining complete control and privacy of your data. Members of a community can collaborate and discuss threat activities they have observed around a specific campaign, adversary, or incident.
Trusted circles are communities within ThreatStream in which you can participate, share threat intelligence in real-time and get access to information others have shared. Once you are a member of a trusted circle, you can see other members of that circle so you have full transparency into who will have access to threat information you share. With Anomali, you control who you share threat information with and what information you share.
Since the security needs can be specific to the nature of business, Anomali provides trusted circles focused on specific business verticals such as healthcare, government, financial, power and energy, and so on. Membership to these trusted circles is controlled; Anomali carefully evaluates and qualifies members. You can join these existing trusted circles or create your own around specific outbreaks, breaches, or malware.
Integrate with industry standard SIEMs and other security solutions
Until now, there wasn’t a way to automatically inject up-to-date, real-time threat intelligence into SIEMs, IDS/IPS, firewalls, web gateways. Without this real-time intelligence, your existing security solutions’ effectiveness was as good as yesterday’s news.
Anomali delivers a game changing solution for you! Your SIEM/security solution + threat intelligence from Anomali = A powerful, automated threat monitoring and management solution!
Have ThreatStream Labs On Your Side
The Anomali Labs team is made up of security industry veterans and researchers. They are singly focused on researching ways to stay one-step ahead of the bad guys and ensuring that the threat intelligence you receive from ThreatStream is specific, context-relevant, and actionable. They are constantly enriching the Anomali threat intelligence platform with methods and threat intelligence data that can identify and pinpoint a breach, a bad actor, a compromise within minutes. If you’ve ever spent days and weeks determining if your infrastructure was compromised by the latest high profile breach or virus attack, or if you’ve ever had to answer to this question to your executive team—“Are we affected?”—fret no more. Anomali Labs researcher team can provide you an insight into it within hours for your peace of mind.
Integrate Additional Feeds through ThreatStream APP Store
The Anomali Alliance Preferred Partners (APP) Store is built into the ThreatStream platform. Featuring some of the most popular commercial intelligence feeds, the APP Store makes it easy for Anomali users to purchase the additional threat feeds they need with the click of a button. Anomali facilitates the purchase, and once completed, users begin immediately benefitting from the additional intelligence provided through the new threat feed.