What does your product do?

Anomali plays in the threat intelligence space. We’ve established ourselves as the leader in this area thanks to our award winning ThreatStream Threat Intelligence Platform (TIP). Threat intelligence has quickly emerged as a key asset in helping organizations discover and respond to threats in their network. Threat Intelligence provides the context in any meaningful analysis of the events in a SOC. The problem is when you start subscribing to various intelligence feeds you’ll quickly have hundreds of thousands or millions of indicators (i.e., bad guy fingerprints). These will come in different formats from different providers so you’ll need to figure out how to normalize this data to make it useful. Then you’ll want to feed this intelligence into your monitoring tool (e.g., Splunk, ArcSight, QRadar) or your Firewall or your Endpoint system so they can take action on any bad guys seen on your network. Our ThreatStream TIP automates all of this, giving you everything you need to:

  • Collect your intelligence feeds from any source
  • Optimize/normalize/de-dup this information
  • Integrate it into your internal systems Investigate threats discovered in your network

What problems does it solve?

Too Much Data, Too many Formats, Too Little Relevance, Too Little Time

SOC operators, CSIRT teams, and security analysts and researchers are in a race against time. The good news is that there’s an overwhelming amount of threat data available today. The challenge is rapidly converting this unstructured, disparate, and duplicative data into the contextual information to drive your security monitoring process and infrastructure.

The other major problem we address is retrospective analysis. Remember the Anthem breach back in 2014? It was six months since their breach was discovered before the IOCs were shared publicly. That same day we had hundreds of healthcare organizations contact us for help to answer two questions:

  1. Have I already been breached?
  2. How can I monitor these IOCs going forward?

We built Anomali Enterprise (AE) to solve this specific problem. When new IOCs are published, you want to know if you already have exposure – this means being able to analyze historical data, billions of records, to identify matches. AE is purpose-built and highly optimized for do this type of threat hunting. It can search a year’s worth of logs with sub-second response times and show you every single event that matches against millions of IOCs. AE is one-of-a-kind product that is simple, easy, and cost-efficient for this purpose.  

There is not a day that does not go by where one does not hear about an organization that was breached resulting in thousands to millions of records such as PII, credit card, health records and more...that was stolen or held ransom by sophisticated cyber criminals, nation states or hacktivists.

Anomali Solutions can help an organization early detect cyber attacks from cyber threats before the attacker can evolve the initial breach attack to an exfiltration or ransom of the customer’s valuable data or systems.

How are you different than your competitors?

Anomali ThreatStream's threat intelligence platform utilizes a combination of state of the art machine learning, Anomali Labs and Anomali's Trusted Security Community to curate the indicators that come from over 120 threat feed sources. This ensures a very low rate of false positives thus the data in the ThreatStream platform is actionable and relevant.

Anomali is a Google Venture company and decorated with multiple industry awards and reviews such as The CyberSecurity Excellence Award, Cyber Defense Magazine InfoSec Award, Info Security Product Guide Excellence Award and more.

Who has done this before?

Approximately 30% of the Fortune 100 companies use Anomali Solutions. Anomali has hundreds of customers ranging from large enterprise to organizations in the middle tier.

How are you going to show measurable results?

Anomali shows immediate and measurable results once deployed and utilized by an organization's Threat Intel Team, SOC or Incident Response departments. Anomali's ability to immediately correlate the signals of the business (logs from various sources ranging from critical systems to solutions in the orgs security stack) and identify the hidden threats "needles in the needle stack" lurking in the customers network by providing immediate real time and retrospective analysis all without bringing the organizations SIEM or log management solution to its knees.