Anomali takes on SMB security at RSA conference

Renamed ThreatStream reveals enhanced analytics for enterprise and detection service for SMBs

Security vendor ThreatStream has reinvented itself as Anomali and, to celebrate the occasion, released two new products at RSA Conference 2016 in San Francisco.

The first of these two products, Anomali Threat Analysis Report service, targets the security challenges faced by SMBs.

"This focus on SMB is absolutely new for us and there are very few vendors out there that are focused on what I would call the 99 per cent of customers that don't have a security information and event management system," Mark Seward, VP of security solutions at Anomali, told IT Pro.

Advertisement - Article continues below

These same companies lack threat intelligence data, because systems that can generate it are too expensive for them, and may have just one or two IT professionals working there, if any, and no security specialists, he said.

"We think there's a massive pent-up demand for automated breach detection inside of those smaller organisations," said Seward, pointing to the Target breach, which happened, in part, due to lax security procedures in one of its suppliers.

The service works by allowing SMBs to submit raw log data to Anomali, which then automatically scans for potential indicators of compromise using the same software it delivers to enterprises.

This, the company claims, can not only help SMBs to identify and resolve intrusions much faster than they would otherwise be able to, but also provide on-going reports to partners to reassure them there is no weakness in their supply chain.

Advertisement - Article continues below

The second product is aimed at Anomali's more traditional business of enterprise IT.

Advertisement - Article continues below

Harmony Breach Analytics, which is built on the ThreatStream Threat Intelligence Platform, sits on the client's hardware and reads and analyses its log data, identifying any indicators of compromise. These are then sent securely to Anomali and compared to its database of 75 million indicators of compromise in real-time. Any matches are then pushed back into the organisations' SEIM.

According to Seward, the reason for producing the product is that purely SEIM-based protection is fundamentally flawed.

"The dwell time for an attacker for an advanced threat according to [most reports] is about 200 days," Seward told IT Pro. "But most customers only keep 60-90 days worth of data online in their security information and event management system.

"So the time-machine of the SEIM is already broken. It doesn't go back far enough to cover all the potential dwell time of an adversary inside of your network," he said.

Given this situation, Harmony Breach Analytics offers multiple benefits, Seward said. These include not overloading an SEIM with millions of indicators of compromise, providing relevant threat intelligence that becomes "operationally much more valuable for incident responders" - focusing them on immediate critical problems in their infrastructure. Finally, it brings threat analysts much closer with the rest of an organisation's IT team, making them part of the initial triage stage, which Seward described as "a process win".

Anomali Threat Analysis Report service is available immediately and Harmony Breach Analytics will be generally available by 30 April 2016.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular


How to find RAM speed, size and type

24 Jun 2020

Microsoft releases urgent patch for high-risk Windows 10 flaws

1 Jul 2020
Policy & legislation

UK gov buys "wrong" satellites in £500m blunder

29 Jun 2020