ThreatStream changed its name to Anomali and launched two new products at RSA Conference: Harmony Breach Analytics for mid-to-large enterprises and the Anomali Threat Analysis Reports Service for small to medium sized businesses.
“SIEMs today can only ingest and correlate a small fraction of the 25 Million indicators of compromise we’ve curated that are currently listed as active. We see threat intelligence as the next ‘big data’ problem,” said Hugh Njemanze, CEO of Anomali. “For perspective, hackers are automating the production of 18 million fraudulent domain names per day and the amount of active IoCs is currently growing 39 percent each month. This makes non-curated threat intelligence data far too noisy for use by incident response and security operations teams. Harmony Breach Analytics and Threat Analysis Reports Service were purpose-built to find and focus an organization’s attention on only threat intelligence that is relevant to their organization at any given moment.”
Intelligence with relevance
Harmony Breach Analytics, built on the ThreatStream Threat Intelligence Platform, can work with your existing threat intelligence platform or completely replace it. It will read your organization’s log data, cull the possible IoCs from it and compare them to Anomali’s massive library of threat data in real-time. This approach focuses security operations, incident responders and threat analysts on actionable threats.
Threat matches are pushed back into an organization’s SIEM to support intelligence driven workflows. Harmony’s approach scales to create threat intelligence with relevance beyond the 200+ day threat exposure window often sited in threat research. Harmony Breach Analytics unlocks the hidden operational value of threat intelligence data for incident responders and SOC personnel.
The security team benefits include the ability to:
- Focus the security team on threat intelligence that’s relevant and specific to their organization at any given time
- View evidence of a data breach past the data volume and correlation limits of a SIEM
- Create an intelligence driven SOC (ISOC)
- Link indicators of compromise to threats at all points along the attack chain.
Breach detection service
The Anomali Threat Analysis Reports Service allows an organization to simply and easily submit their raw log data to Anomali. The service strips out potential indicators of compromise from the data and looks for matches in Anomali’s vast store of threat intelligence data. The report provides threat analysis reports that are relevant and actionable. The reports generated provide security metrics for inbound and outbound threats and a view of all matches and live links for additional attacker information. These reports are available as a subscription and provide automated security situational awareness.
The business and security benefits include the ability to:
- Act as an SMB’s threat analyst, leaving internal staff to take action based on reported threats
- Make specific and relevant threat intelligence available as an automated service
- Provide ongoing reports to business partners for security assurance
- Correlate, alert and analyze without having to invest in a SIEM or other costly infrastructure
- Create a report cadence and subscription size that’s the right size for an organization.