Anomali platform updates help security teams profile the adversary

At Black Hat USA 2022, Anomali released its quarterly platform update to meet the expanding needs of its customers and partners. This release introduces new capabilities to enhance Anomali’s threat intelligence and extended detection and response (XDR) use cases that enable enterprise organizations to stay one step ahead of adversaries and prevent business disruptions while optimizing security expenses.

“Anomali’s August release offers new capabilities and enhancements for security operations teams struggling to identify not only who’s targeting them, but how and why they are being targeted,” said Mark Alba, Chief Product Officer at Anomali.

Key highlights of this release include:

Creating extended visibility with anomali attack pattern detection and MITRE ATT&CK: In 2021, Anomali joined MITRE Engenuity’s Center for Threat-Informed Defense to collaborate on the Attack Flow Project to better understand adversary behavior and improve defensive capabilities. This partnership culminated with the public release of the project in March 2022.

Since then, Anomali has been working to incorporate attack flows into The Anomali Platform. This release moves the platform toward an Attack Flow Library for Anomali ThreatStream that will provide an access point for new Attack Flows that sequence cyberattack techniques. This capability will provide a new context around adversary behavior and help security teams profile the adversary. It will also enable them better to protect the organization in advance of an attack, detect an attack in real-time, and respond post-attack.

Furthermore, this predictive visual mapping will be leveraged by CISOs and security professionals to align attacks with potential holes in their security posture to get in front of the threat.

“ESG research found that 97% of security professionals believe that MITRE ATT&CK is important to their organization’s security operations strategy,” said Jon Oltsik, Senior Principal Analyst and Fellow, ESG Research. “Anomali’s commitment to integrating the MITRE ATT&CK Framework into its solutions and participating in the MITRE Engenuity Center for Threat Informed Defense can help security teams adopt the framework and better understand cyber-adversaries.”

Routine workflow automation: Given macro-economic conditions, customers are looking for capabilities that make their existing investments more impactful. We’ve introduced a new extensible framework to support the automation of routine tasks throughout the platform. This release’s first implementation is available to automate enrichments in the investigations workbench. A drag-and-drop process for configuring a multi-stage enrichment task can easily be set and run when conditions require it, saving analysts time performing repetitive tasks.

Additional enhancements with this platform release include:

• Support for MITRE ATT&CK Mobile & ICS: Intelligence aggregation, contextualization, and analysis for Mobile and ICS attack surfaces to strengthen overall security posture.
• MITRE ATT&CK Enterprise v11 in Anomali Lens
• Scheduled retrospective search: Helps the SOC automate the correlation of historical events with newly available intelligence to produce reports and gain insight into threat actors, TTPs, or other adversary behavior. This new capability enables CISOs to detect real-time threats in their local IT environment.