Anomali November 2022 Quarterly Product Release


We’re excited to announce our quarterly platform update for November. This update introduces new capabilities that automate defense actions and allow enterprise organizations to understand their relevant threat landscape and visualize what’s happening inside and outside their network.

Key highlights for this quarter include:

  • Attack Surface Management
  • Visualizations of Attack Flow Patterns
  • Anomali Intelligence Channels 
  • Cloud XDR Data Usage and Notification
  • Feeds Health Status

 

Attack Surface Management:

Understanding your threat landscape is essential in knowing which assets you need to protect. With this release, we’re proud to offer a unique Attack Surface Management solution that provides cyber security teams with a comprehensive, accurate view of their environment through the eyes of the attacker. 

“Recent ESG Research showed that security operations have become more difficult at most organizations over the past few years, partly due to a growing attack surface,” said Jon Oltsik, Senior Principal Analyst and Fellow, Enterprise Strategy Group. 

Anomali’s Attack Surface Management provides visibility into ALL external facing assets to identify exposures, enabling organizations to understand impact based on asset criticality, vulnerability, and attack severity. This allows analysts to prioritize investigation activities and perform remediation of misconfigured assets and security controls.

The real power is using it in combination with other Anomali solutions. For example, with Anomali Match, organizations can prioritize asset remediation based on real, detected threats to exposed assets. With this, they can assess the potential impact of the threat actors targeting organizations, their motivations for attacking, and their tactics and techniques as they carry out an active campaign.

Anomali’s proprietary data provides a point in time and a historical view with insights that others can’t. Reach out or download our datasheet to learn more.

 

Visualizations of Attack Flow Patterns: 

Understanding an attacker and their tools, techniques, and procedures TTPs is paramount to becoming a proactive security organization.

“Attack flows help defenders understand, share, and make threat-informed decisions based on the sequence of actions in a cyber-attack,” as per MITRE Enginuity’s Center for Threat Informed Defense.

Based upon our work with the MITRE Engenuity Center for Threat-Informed Defense, we’ve added a new Attack Flow Library that helps visualize the sequence of attack techniques in ThreatStream Cloud. An initial group of 15 Attack Flows is available in ThreatStream, curated by the Anomali Threat Research Team.

This library enables analysts to understand attack pattern sequences for infiltrating an environment. It also provides SOC teams with a foundation for future automated Attack Pattern detection capabilities that could help prevent, stop, or remediate an attack.

Keep an eye out for more innovations around this initiative. And download our ebook, The Need to Focus on the Adversary, to learn why understanding the attacker is important.

Intelligence Channels: 

Security teams are under pressure to do more with less. Unfortunately, most organizations need help effectively implementing threat intelligence, not benefiting from the value their threat intelligence team, processes, and tools provide.

We’ve made it easier for Security teams to implement out-of-the-box tailored intelligence with Intelligence Channels.

Intelligence Channels are for organizations that need help implementing threat intelligence. Curated by The Anomali Threat Research team, ready-to-go Intelligence Channels include: Threat Actor Monitoring and TTPs, Brand and Domain Monitoring, Phishing and Fraudulent Activity, Infrastructure, Malware Intelligence, Region or Sector Specific Threats, Social Media, Mobile Threat Defense, Vulnerabilities, and Exploits.

 

Cloud XDR- Data Usage Dashboard and Notifications:

The Anomali Platform leverages the power of cloud-to-cloud modern telemetry in Cloud XDR, ingesting all of your security telemetries and correlating them with intelligence to detect threats in your environment.

The new Data Usage Dashboard details an organization’s event data ingestion and event data retention limits providing a view of the entitled daily ingestion limit and available time frame of historical search, as well as daily, average, and historical data volume and configuration for triggering notifications. 

This new dashboard allows practitioners to understand how much data they ingest into the Anomali Platform to ensure they keep operating within licensed limits. CISOs can realize how much data their teams ingest to optimize log source ingestion and align usage, projected growth in volume, and budgeting to ensure future needs are met.

 

Feeds Health Status: 

Threat intelligence feeds provide an ongoing data stream related to potential or actual threats, delivering information about attacks, including zero-days, malware, botnets, and other security threats. 

Customers can now monitor the health status of their feeds to ensure they are up-to-date and accurate. Users will be proactively notified if a feed integration has been in an error state for 24 hours or more via an email or the app.

This new feature will allow ThreatStream customers to quickly resolve issues directly with feed vendors.

 

For more information, reach out to your customer success manager or check out the quarterly release webinar available at Anomali University.

Until next time.





Source link