Anomali takes on SMB security at RSA conference
Renamed ThreatStream reveals enhanced analytics for enterprise and detection service for SMBs
Security vendor ThreatStream has reinvented itself as Anomali and, to celebrate the occasion, released two new products at RSA Conference 2016 in San Francisco.
The first of these two products, Anomali Threat Analysis Report service, targets the security challenges faced by SMBs.
"This focus on SMB is absolutely new for us and there are very few vendors out there that are focused on what I would call the 99 per cent of customers that don't have a security information and event management system," Mark Seward, VP of security solutions at Anomali, told IT Pro.
These same companies lack threat intelligence data, because systems that can generate it are too expensive for them, and may have just one or two IT professionals working there, if any, and no security specialists, he said.
"We think there's a massive pent-up demand for automated breach detection inside of those smaller organisations," said Seward, pointing to the Target breach, which happened, in part, due to lax security procedures in one of its suppliers.
The service works by allowing SMBs to submit raw log data to Anomali, which then automatically scans for potential indicators of compromise using the same software it delivers to enterprises.
This, the company claims, can not only help SMBs to identify and resolve intrusions much faster than they would otherwise be able to, but also provide on-going reports to partners to reassure them there is no weakness in their supply chain.
The second product is aimed at Anomali's more traditional business of enterprise IT.
Harmony Breach Analytics, which is built on the ThreatStream Threat Intelligence Platform, sits on the client's hardware and reads and analyses its log data, identifying any indicators of compromise. These are then sent securely to Anomali and compared to its database of 75 million indicators of compromise in real-time. Any matches are then pushed back into the organisations' SEIM.
According to Seward, the reason for producing the product is that purely SEIM-based protection is fundamentally flawed.
"The dwell time for an attacker for an advanced threat according to [most reports] is about 200 days," Seward told IT Pro. "But most customers only keep 60-90 days worth of data online in their security information and event management system.
"So the time-machine of the SEIM is already broken. It doesn't go back far enough to cover all the potential dwell time of an adversary inside of your network," he said.
Given this situation, Harmony Breach Analytics offers multiple benefits, Seward said. These include not overloading an SEIM with millions of indicators of compromise, providing relevant threat intelligence that becomes "operationally much more valuable for incident responders" - focusing them on immediate critical problems in their infrastructure. Finally, it brings threat analysts much closer with the rest of an organisation's IT team, making them part of the initial triage stage, which Seward described as "a process win".
Anomali Threat Analysis Report service is available immediately and Harmony Breach Analytics will be generally available by 30 April 2016.
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now