SOURCE: Anomali


February 13, 2017 10:00 ET

Anomali Adds Intelligence Capabilities to Help Organizations Defend Against Multibillion-Dollar Cyber Threats

RSA Conference 2017, Booth 2039: Company Exhibiting Latest Threat Intelligence Innovations and Additions to STAXX, ThreatStream and Anomali Enterprise

REDWOOD CITY, CA and SAN FRANCISCO, CA--(Marketwired - Feb 13, 2017) - Anomali, provider of market-leading threat intelligence platforms, today announced new capabilities to STAXX, ThreatStream and Anomali Enterprise. Its three flagship platforms bring enterprises real-time identification and detection of millions of threat indicators at every point along the kill chain, mitigating devastating cyberattacks. New to the product line are bidirectional indicator of compromise (IOC) sharing, phishing email indicator management and integrated threat bulletins to further strengthen defenses.

"Overwhelming numbers of malicious attacks, advanced adversaries and an overload of threat intelligence are causing organizations to miss key indicators that point out where their systems have been compromised and where breaches have occurred," said Hugh Njemanze, CEO of Anomali. "Some of the world's most highly-targeted enterprises and government agencies rely on us to pinpoint threats before they develop into full-fledged disasters. The enhancements added to our proven product line will advance customers' ability to leverage actionable threat intelligence and further reduce risk."

ThreatStream Advancements Tackle Phishing, Threat Sharing in the Enterprise
A growing number of organizations across a wide range of industries, including four of the top five US banks and 25 percent of the Fortune 100, rely on Anomali ThreatStream to make sense of the mountains of threat data facing security teams. This week, Anomali released major new capabilities to enable earlier detection and identification of adversaries:

  • Phishing Indicator Sharing: Phishing attacks increased by more than 270 percent in 2016 according to the FBI. ThreatStream now automatically extracts indicators from known phishing emails, which can then be shared with other internal or external users, providing early warning to fellow community members and users.
  • Bidirectional Threat Intelligence: New client/server implementation enables bi directional threat intelligence exchange with TAXII servers. This allows users to access and distribute high fidelity threat intelligence over STIX/TAXII protocols.
  • Import Assistant: The ThreatStream platform has streamlined the import workflow to improve efficiency and provide simple steps for importing threat intelligence into the ThreatStream platform. This eliminates barriers to threat sharing and facilitates broader exchanging of threat information.
  • Updated Community App for Splunk: The addition of an adaptive response workflow from Splunk Enterprise Security promotes seamless investigation and sharing of threats between Security Operations Center and threat analysts.

STAXX 2.0 Extends High Fidelity Threat Intelligence Accessibility
Anomali created STAXX to provide the threat intelligence community a simple, easy way to receive STIX/TAXII threat intelligence feeds. STAXX uniquely provides direct access to intelligence sources, without passing information through an intermediary. STAXX has seen rapid adoption by the threat intelligence community. With STAXX 2.0 Anomali adds:

  • Bidirectional IOC Sharing: STAXX 2.0 allows users to both receive IOC data from TAXII servers, and now distribute critical intelligence for faster collaboration, detection and response.
  • Threat Intel Expansion: Using either the STAXX portal or Anomali ThreatStream, users can explore the details of an IOC and gain a deeper understanding of related indicators. Users can have a holistic view of all the threats associated with a given indicator.
  • Export Indicator Information: STAXX enables users to export threat data to other security products through API and UI based mechanisms. This new capability maximizes the value of threat intelligence and increases the effectiveness of other technologies in the security stack.

Anomali Enterprise 2.0 Delivers Comprehensive Breach Analytics
Anomali Enterprise provides security operations, incident responders and threat analysts with the actionable threat intelligence they need. It automatically matches relevant high fidelity threat intelligence with event data. Latest additions to Anomali Enterprise include:

  • Threat Bulletin IOC Matching: Anomali Enterprise integrates with the new Weekly Threat Briefing, allowing users to discover the latest security threats and receive recommendations for mitigation and response from Anomali Labs. The briefing uniquely includes specific, actionable IOCs associated with each threat, and allows organizations to perform immediate Health Checks to identify exposure.
  • Malware Family in Domain Generation Algorithm (DGA): The DGA algorithm identifies malware-infected hosts by looking at the domains it attempts to communicate with. DGA domains are extremely dynamic and short-lived, making them difficult to capture on threat intelligence feeds. Anomali Enterprise automatically identifies DGA domains and monitors traffic, alerting organizations to any suspicious activity.
  • Next Generation UI: Anomali Enterprise 2.0 features a streamlined UI with new dashboards to facilitate the product's ease of use, and a timeline view of intrusion lifecycle stages to provide a visual understanding of the attack lifecycle.

To see a demo of these latest offerings, visit Anomali at RSA Conference 2017 in San Francisco's Moscone Center at Booth 2039.

In other news, Anomali was named a winner today in the Cyber Defense Magazine Infosec Awards' "Next Gen Threat Intelligence Solution" category. Additionally, the Bank of England announced last week that it is working with Anomali to improve its threat intelligence capabilities.

Learn more about Anomali products:
Follow us on Twitter: @Anomali
Follow us on LinkedIn

About Anomali
Anomali delivers earlier detection and identification of adversaries in your organization's network by making it possible to correlate tens of millions of threat indicators against your real time network activity logs and up to a year or more of forensic log data. Anomali's approach enables detection at every point along the kill chain, making it possible to mitigate threats before material damage to your organization has occurred. Headquartered in Redwood City, Calif., the company is privately held and has received venture capital backing from General Catalyst Partners, GV, Institutional Venture Partners, and Paladin Capital Group, as well as individual investors. To learn more, visit and follow us on Twitter: @anomali.

Contact Information

  • Press Contact
    Nicole Pitaro
    Bhava Communications for Anomali
    (630) 532-8879
    Email Contact