Anomali August Quarterly Product Release: Achieving Cyber Fusion


Key Highlights of this Release

 

As summer winds down and we move into fall, the team has been working hard to close out our quarterly release.

We’re excited to announce our quarterly product release update for August 2021, as we continue integrating XDR capabilities across our threat intelligence driven solutions.

Key highlights for this quarter include:

  • Introduction of Organizational Intelligence Initiatives
  • Enhanced STIX 2.1 support
  • Support for MITRE ATT&CK sub-techniques in Security Controls, Investigations, and Lens+ (BETA)
  • Lens+ Added Features and Microsoft Office 365 Support
  • Air Gap 5.1 Expanded support and coverage

Introduction of Intelligence Initiatives to Align Organizational Intelligence Goals

Most organizations continue to work in silos. As other technology and intelligence gets introduced to add detection and response capabilities, priorities may not align.

We’re excited to introduce a new feature within ThreatStream called Intelligence Initiatives that enables customers to track and map their organizational security goals and objectives. Intelligence Initiatives provide foundational support for organizations to integrate the CTI (Cyber Threat Intelligence) lifecycle as part of their working process.

Intelligence Initiatives is included as part of your ThreatStream subscription and configured with out-of-the-box initiatives, including ‘ Adversary Monitoring’, ‘Fraudulent Activity’, ‘Phishing, ‘Threat and Risk Analysis, and others.

Once established, organizational goals can be mapped and users can associate appropriate intelligence collections or feeds by tailoring entities to better align activities as well as enhance the decision-making process. An integrated dashboard also provides quick access to key metrics relating to an Initiative, giving management an immediate overview of activity and the ability to track ongoing Intelligence Initiatives being worked on.

Intelligence Initiatives further increases the value of your investment with Anomali and enables analysts to focus their efforts to complete investigations more efficiently, in less time, with more confidence.

Reach out to your CSM to learn more.

Enhanced STIX 2.1 Support for Establishing Object Relationships

Anomali believes in the importance of threat intelligence sharing and continues to increase support for STIX (Structured Threat Information Expression) from Oasis Open.

In this release, we’ve extended the current capabilities of ThreatStream STIX2.1, enabling users to import, edit, and export STIX compliant relationships from ThreatStream for use in 3rd party systems.

The platform now also allows users to create STIX compliant associations or relationships on existing threat intelligence in the platform, enabling the creation of net-new STIX compliant intelligence for use elsewhere.

Look for additional support in upcoming releases.

Support for MITRE ATT&CK Sub-techniques in Security Controls and Investigations

Anomali continues to increase support for the Mitre ATT&CK Framework, making it easier for analysts to integrate threat intelligence into their investigations process. With this release, we’ve added additional support within ThreatStream for the Mitre ATT&CK Framework.

In version 9, the MITRE ATT&CK framework extended its data schema to focus on Techniques and Sub-techniques, which were ingested into ThreatStream as Attack Pattern threat models in May 2021. In this release, we’ve enabled full operationalization of this latest MITRE version in both the management of an organization’s security posture, as well as leveraging this latest Framework for analysts to pinpoint gaps in an organization’s security coverage as part of ThreatStream investigation work.

  • Settings Enhancements to Support Sub-Techniques: Easily switch between different versions of the MITRE ATT&CK framework to use the specific version you’re looking to leverage.
  • Matrix Changes to Support Sub-Techniques: Leverage the latest versions of the MITRE ATT&CK Framework that support sub-techniques, including Security Coverage and the Investigations UI.

As the MITRE ATT&CK Framework continues to evolve, so will our support and goal of making the investigations process easier for our customers.

*Currently restricted to SaaS customers only.

Expanded Threat Visibility with Lens+ Microsoft Office 365 Support

The Anomali team continues to add features to Lens+ to make it the go-to extension for security teams in obtaining threat information quickly to complement detection and response capabilities like XDR.

Lens + customers can now update their plug-ins to version 4.9 to optimize support for browsers, Microsoft Office 365, and new MITRE ATT&CK Attack patterns.

  • Users can scan Microsoft Office 365 content to find mentions of global threat intelligence such IOCs and Threat Models.
  • Users can raise Investigations, create Threat Bulletins, and Import IOCs via Lens Summary Screen directly from Microsoft Office 365 application
  • Partial support is now available for Len+ customers running MITRE ATT&CK v7+ to show Attack Patterns in the Lens summary screen rather than TTPs.

Anomali Lens+ Add-In for the three Microsoft Office 365 applications are now available on the Microsoft Add-Ins store.

Lens+ continues to evolve and set the standard for threat research tools. If you’re not a current customer, reach out to your CSM so they can demo why you should be.

*For Anomali Lens+ customers only.

Air Gap 5.1 Expanding Coverage and Support

AirGap is the standalone, on-premise offering for our cloud-based ThreatStream threat intelligence platform. The on-premise system offers similar functionality and actionable threat intelligence without requiring it to be connected to the Internet or any other threat intelligence service for those organizations with specific requirements.

With this August release, we are pleased to announce AirGap 5.1, providing significant feature and improvement updates, as well as a comprehensive subset of functionality updates made in the ThreatStream SaaS environment since our last AirGap release.

A highlight of these include:

  • Updated support for 26 enrichments on the appliance
  • Advanced Search for Threat Models
  • Multiple investigations updates
  • Support for the MITRE Attack Enterprise framework (v6 only)
  • And more

We’ve also added new features and enhancements specifically for an AirGap implementation.

Reach out to your CSM to learn more.


Anomali continues to work with our customers to understand what keeps them up at night introduce new features and capabilities to help them meet their goals.

Until next quarter, reach out to your Customer Success Manager with any questions.

Enjoy the rest of the summer!





Source link