Anomali automates and speeds essential tasks performed by threat intelligence

Anomali has added new features and capabilities across its product suite that further automate and speed essential tasks performed by threat intelligence and security operations analysts.

Customers deploying this latest version will improve overall detection and response, conduct more collaborative and faster threat investigations, and experience greater efficiency.

To provide capabilities that work in real-world investigation scenarios, Anomali Threat Research analysts applied their expertise to aid in the design and development of pre-customized, themed threat intelligence dashboards.

Now available via the Anomali ThreatStream threat intelligence platform (TIP), the new dashboards provide access to COVID-19 indicators of compromise (IOC’s), relevant global cyberthreat activities, and vulnerabilities and exploits that adversaries are using to compromise systems and data.

The pre-built dashboards allow analysts to quickly focus on new and relevant intelligence and investigations about specific events impacting their organizations.

“The world wasn’t ready for COVID-19 or the wave of related cyberattacks that followed. To remain protected moving forward, organizations have to deploy solutions developed with the help of experts who are actively involved in the fight against adversaries,” said Mark Alba, Chief Product Officer, Anomali.

“With this release, our customers gain a new level of efficiency in their threat intelligence operations and an added level of confidence in knowing that their tools have been vetted by experienced peers.”

Anomali is releasing additional capabilities and features

Flexible MITRE ATT&CK Framework coverage — With this new capability, threat intelligence analysts can configure their security coverage levels for each technique in the framework. This allows them to align their work more precisely with targeted organizational security response strategies, which removes friction and increases the speed of overall workflows.

Faster investigations — To continue making threat analysts’ lives easier and more productive, we’ve added a “threat card” feature that allows users to gain deeper insights into threats without having to navigate to additional pages. Threat analysts also now have greater control over the UI via added mouse functionality.

Faster finished intelligence — Anomali ThreatStream now offers multiple default templates for the creation of finished intelligence products, giving analysts the ability to apply their organizations’ branding to reports and then distribute them directly from ThreatStream to all relevant stakeholders. This added feature gives analysts a more simplified, intuitive, and faster way to format and distribute insights and findings they’ve developed.

Faster ingestion of unstructured threat research — This release adds further improvements in the speed, fidelity, and management of investigations initiated with Anomali Lens, a Natural Processing Language (NLP) research tool that analysts use to automatically scan and convert unstructured data found on the web and in reports into actionable intelligence. Updates and new capabilities include centrally managed scanning exclusions, PDF scanning enhancements, navigation speed improvements like in-page jumping from the discovered threat entities summary to specific items, and accessibility guidelines support.

Enhanced intelligence distribution to security controls — To improve the delivery of prioritized threat intelligence to security infrastructure and services, this ThreatStream release provides updates and significant enhancements to integrations with several leading security solutions, including Splunk, LogRhythm, CrowdStrike, IBM Resilient, IBM QRadar, and Microsoft Azure Sentinel.

On-premises deployment enhancements — Significant additions have been made to Anomali ThreatStream’s hybrid deployment option, which gives global enterprise customers with data sovereignty and regulatory requirements the ability to keep portions of their datasets within their security domains while benefiting from the elastic scale and power of direct access to the Anomali cloud environment. Among other key new features:

• An updated version of Anomali Lens support, with recent MITRE ATT&CK Framework capabilities
• Enhanced ADFS support, now with permissions mapping to your user store on Microsoft Active Directory or Azure AD
• A custom dashboards capability to provide a graphical view of your local and upstream intelligence metrics
• Significant updates to other marquee features like investigations, finished intelligence, and reporting, and rules engine usability improvements