Anomali takes on SMB security at RSA conference
Renamed ThreatStream reveals enhanced analytics for enterprise and detection service for SMBs
Security vendor ThreatStream has reinvented itself as Anomali and, to celebrate the occasion, released two new products at RSA Conference 2016 in San Francisco.
The first of these two products, Anomali Threat Analysis Report service, targets the security challenges faced by SMBs.
"This focus on SMB is absolutely new for us and there are very few vendors out there that are focused on what I would call the 99 per cent of customers that don't have a security information and event management system," Mark Seward, VP of security solutions at Anomali, told IT Pro.
These same companies lack threat intelligence data, because systems that can generate it are too expensive for them, and may have just one or two IT professionals working there, if any, and no security specialists, he said.
"We think there's a massive pent-up demand for automated breach detection inside of those smaller organisations," said Seward, pointing to the Target breach, which happened, in part, due to lax security procedures in one of its suppliers.
The service works by allowing SMBs to submit raw log data to Anomali, which then automatically scans for potential indicators of compromise using the same software it delivers to enterprises.
This, the company claims, can not only help SMBs to identify and resolve intrusions much faster than they would otherwise be able to, but also provide on-going reports to partners to reassure them there is no weakness in their supply chain.
The second product is aimed at Anomali's more traditional business of enterprise IT.
Harmony Breach Analytics, which is built on the ThreatStream Threat Intelligence Platform, sits on the client's hardware and reads and analyses its log data, identifying any indicators of compromise. These are then sent securely to Anomali and compared to its database of 75 million indicators of compromise in real-time. Any matches are then pushed back into the organisations' SEIM.
According to Seward, the reason for producing the product is that purely SEIM-based protection is fundamentally flawed.
"The dwell time for an attacker for an advanced threat according to [most reports] is about 200 days," Seward told IT Pro. "But most customers only keep 60-90 days worth of data online in their security information and event management system.
"So the time-machine of the SEIM is already broken. It doesn't go back far enough to cover all the potential dwell time of an adversary inside of your network," he said.
Given this situation, Harmony Breach Analytics offers multiple benefits, Seward said. These include not overloading an SEIM with millions of indicators of compromise, providing relevant threat intelligence that becomes "operationally much more valuable for incident responders" - focusing them on immediate critical problems in their infrastructure. Finally, it brings threat analysts much closer with the rest of an organisation's IT team, making them part of the initial triage stage, which Seward described as "a process win".
Anomali Threat Analysis Report service is available immediately and Harmony Breach Analytics will be generally available by 30 April 2016.
Navigating the new normal: A fast guide to remote working
A smooth transition will support operations for years to comeDownload now
Putting a spotlight on cyber security
An examination of the current cyber security landscapeDownload now
The economics of infrastructure scalability
Find the most cost-effective and least risky way to scaleDownload now
IT operations overload hinders digital transformation
Clearing the path towards a modernised system of agreementDownload now