Product Brochure

INTELLIGENCE WITH RELEVANCE

Problem

Boiling an Ocean of Threats to find those that are RelevantAdversaries continue to be successful at getting past most initial compromise detection and prevention solutions. They get malicious code onto a user’s computer through targeted spear phishing or because the employee surfed to an infected website. Once the attacker has valid credentials, he has access to all the value the employee creates and may have the ability to access other parts of the IT infrastructure. These successful security breaches go undetected for long periods of time. Recent organization surveys and threat reports indicate that once an attacker gets past perimeter detection systems, 200+ days is the normal amount of time the attack goes undiscovered. Notification is usually from a third party.

Many companies and government agencies that have reported a major data breach, had competent security staffs, typical security systems and access to threat intelligence data. However, the application of the treat intelligence data to this problem has yet to be practical or even widely adopted. Threat intelligence data is often sold “by-the-pound” and in the data, are tens of millions indicators of compromise (IOCs). It has become impractical to perform manual analysis to determine the relevance of massive amounts of indicators to your IT environment. Attempts at automated analysis through the use of security information and event management systems (SIEM) have also become unfeasible. The SIEM was never designed to compare 10-20 million IOCs to the terabytes of security relevant data collected from applications, security infrastructure and IT operations data sources. Finally, the SIEM rarely contains more than 90-days of log data and the security team stands no chance against a patient attacker.

INTELLIGENCE WITH RELEVANCE

Solution

Intelligence with RelevanceThe Anomali’s Harmony™ Breach Analytics and Anomali Reports products are an intelligence driven approach to threat detection in your environment. The Harmony cloud or on premise solution pulls potential IOC data from your log data, determines which are seen in threat data, and focuses your security team’s attention on threat data matches. This changes security processes so that threat analysis is driven in real-time by operational needs. Once an IOC is seen in security log data, the threat analyst can fully explore the threat and uncover additional threat indicators using the capabilities in Anomali’s Threat Intelligence platform. This proactive approach allows you to understand and take action against adversaries using internet address and domain fluxing techniques as fast as new attacker domains are generated and internet addresses changed.

For smaller organizations that don’t have a SIEM or a large security staff, the Anomali Reports provides a reasonably priced way for these companies to receive the same benefit. The service will collect your organization’s logs on a daily basis and provide a report of all the matches against Anomali’s vast store of threat intelligence data. These reports contain live links from any matches discovered to an interface that quickly provides information about the type of attack.

INTELLIGENTThreat Aggregation

AUTOMATEDEnterprise Integration

TRUSTEDCollaboration & Analysis

RELEVANTActionable & Scalable

The Threat Intelligence Platform Redefined

What Anomali Means to your Organization

Manage your Threats – Not your Threat Intelligence DataYou bought a SIEM to monitor tens of thousands of security events in real-time and data volumes have reached a a “big data” breaking point. With the number of active IOCs you need to be concerned about growing to the tens of millions, threat intelligence data represents a new big data problem your SIEM was never meant to solve. Anomali off-loads this scaling problem from your SIEM to Harmony Breach Analytics. Harmony automatically and in real-time discovers indicators of compromise in your log data. This focuses security team actions on confirmed security events and not on the management of millions of IOCs that aren’t relevant to your business.

Explore Your IOCs – Create Additional RelevanceOnce you have a threat intelligence IOC (IP address or Domain) that matches data in your environment, Anomali’s Harmony platform gives you the ability to explore that indicator to understand relationships to other adversary owned IP addresses or domains based on lookups to the registrar’s email address. New information discovered in this process can be loaded into your SIEM and a variety of other security solutions.

Change the Relationship Between the SOC and your Threat Intelligence AnalystsYour security operations personnel and incident response teams are focused on the ‘now.’ They are reacting to threats detected by various parts of the security infrastructure, determining if the threat is real or a false-positive, classifying the severity of the incident and escalating to analysts with more experience. There may be no process to escalate to persons that analyze threat intelligence data. If there is one, it may be hours or days before they are engaged in the process. With Harmony, a match between an IOC in threat data and an IOC gleened from your security logs generates a real-time alert kicking off a process that includes both teams at the same time.

Operationalize your Threat Analysis Models There are several threat models often used by threat intelligence data analysts: Lockheed Martin’s “Kill Chain”™, Mandiant / FireEye’s Attack Chain, and the Diamond Model. While some threat intelligence platform vendors will emphasize one threat model over another, Harmony allows you to support any threat model you choose. Harmony supports the use of any of these models for threat data analysis and operationalizes these models for the entire security team.

The Products

ThreatStream – Is our award winning Threat Intelligence SaaS-based platform that provides, curated threat intelligence from open source feeds, proprietary threat intelligence from Anomali Labs, indicators from our Modern Honeynet (MHN), vetted trusted circles and workflows for IOC discovery and integration into security information and event management systems (SIEM). ThreatStream give you full management of your threat intelligence feeds and the ability to manage and purchase addition feeds directly from threat feed vendors.

Harmony – Harmony Breach Analytics can be made available as an on premise or cloud solution in three configurations:

• A complete stand-alone Threat Intelligence platform that includes all of the ThreatStream capabilities while supporting and IOC relevance and matching to IOCs in log data collected in your SIEM to IOCs in your log data. • As an integrated add-on to augment any existing threat intelligence platform to support security operations use cases. • As a stand alone can be configured for security operations center and incident response team members providing prioritization and alerts for IOC matches. Harmony’s value is operationalization of threat data to create focus for the threat analyst team, SOC team and incident responders.

Anomali Reports – Anomali’s Breach Detection Report Service allows an organization without a security practice to simply and easily submit their raw log data to Anomali. The service strips out potential indicators of compromise from the data and looks for matches in Anomali’s vast store of threat intelligence data. The report provides threat intelligence that is relevant to your business. Reports generated provide security metrics for inbound and out bound threats, a view of all matches and live links for additional attacker information. These reports, available as a subscription, provide automated security situational awareness.

About AnomaliAnomali delivers earlier detection and identification of adversaries in your organizations network by making it possible to correlate tens of millions of threat indicators against your real time network activity logs and up to a year or more of forensic log data. Anomali’s approach enables detection at every point along the kill chain, making it possible to mitigate threats before material damage to your organization has occurred.

For More InformationContact sales@anomali.com1-844-4-THREATS

2317 Broadway, 3rd Floor, Redwood City, CA 94063 USA1-844-4-THREATS | info@anomali.com | www.anomali.com Copyright ©2016 Anomali. All Rights Reserved. Anomali and the Anomali logo are registered trademarks of Anomali.

For More InformationContact sales@anomali.com1-844-4-THREATS