Anomali takes on SMB security at RSA conference

Renamed ThreatStream reveals enhanced analytics for enterprise and detection service for SMBs

Security vendor ThreatStream has reinvented itself as Anomali and, to celebrate the occasion, released two new products at RSA Conference 2016 in San Francisco.

The first of these two products, Anomali Threat Analysis Report service, targets the security challenges faced by SMBs.

"This focus on SMB is absolutely new for us and there are very few vendors out there that are focused on what I would call the 99 per cent of customers that don't have a security information and event management system," Mark Seward, VP of security solutions at Anomali, told IT Pro.

These same companies lack threat intelligence data, because systems that can generate it are too expensive for them, and may have just one or two IT professionals working there, if any, and no security specialists, he said.

Advertisement - Article continues below
Advertisement - Article continues below

"We think there's a massive pent-up demand for automated breach detection inside of those smaller organisations," said Seward, pointing to the Target breach, which happened, in part, due to lax security procedures in one of its suppliers.

The service works by allowing SMBs to submit raw log data to Anomali, which then automatically scans for potential indicators of compromise using the same software it delivers to enterprises.

This, the company claims, can not only help SMBs to identify and resolve intrusions much faster than they would otherwise be able to, but also provide on-going reports to partners to reassure them there is no weakness in their supply chain.

The second product is aimed at Anomali's more traditional business of enterprise IT.

Harmony Breach Analytics, which is built on the ThreatStream Threat Intelligence Platform, sits on the client's hardware and reads and analyses its log data, identifying any indicators of compromise. These are then sent securely to Anomali and compared to its database of 75 million indicators of compromise in real-time. Any matches are then pushed back into the organisations' SEIM.

According to Seward, the reason for producing the product is that purely SEIM-based protection is fundamentally flawed.

Advertisement - Article continues below

"The dwell time for an attacker for an advanced threat according to [most reports] is about 200 days," Seward told IT Pro. "But most customers only keep 60-90 days worth of data online in their security information and event management system.

"So the time-machine of the SEIM is already broken. It doesn't go back far enough to cover all the potential dwell time of an adversary inside of your network," he said.

Given this situation, Harmony Breach Analytics offers multiple benefits, Seward said. These include not overloading an SEIM with millions of indicators of compromise, providing relevant threat intelligence that becomes "operationally much more valuable for incident responders" - focusing them on immediate critical problems in their infrastructure. Finally, it brings threat analysts much closer with the rest of an organisation's IT team, making them part of the initial triage stage, which Seward described as "a process win".

Anomali Threat Analysis Report service is available immediately and Harmony Breach Analytics will be generally available by 30 April 2016.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020