Anomali takes on SMB security at RSA conference

Renamed ThreatStream reveals enhanced analytics for enterprise and detection service for SMBs

Security vendor ThreatStream has reinvented itself as Anomali and, to celebrate the occasion, released two new products at RSA Conference 2016 in San Francisco.

The first of these two products, Anomali Threat Analysis Report service, targets the security challenges faced by SMBs.

"This focus on SMB is absolutely new for us and there are very few vendors out there that are focused on what I would call the 99 per cent of customers that don't have a security information and event management system," Mark Seward, VP of security solutions at Anomali, told IT Pro.

These same companies lack threat intelligence data, because systems that can generate it are too expensive for them, and may have just one or two IT professionals working there, if any, and no security specialists, he said.

Advertisement - Article continues below
Advertisement - Article continues below

"We think there's a massive pent-up demand for automated breach detection inside of those smaller organisations," said Seward, pointing to the Target breach, which happened, in part, due to lax security procedures in one of its suppliers.

The service works by allowing SMBs to submit raw log data to Anomali, which then automatically scans for potential indicators of compromise using the same software it delivers to enterprises.

This, the company claims, can not only help SMBs to identify and resolve intrusions much faster than they would otherwise be able to, but also provide on-going reports to partners to reassure them there is no weakness in their supply chain.

The second product is aimed at Anomali's more traditional business of enterprise IT.

Harmony Breach Analytics, which is built on the ThreatStream Threat Intelligence Platform, sits on the client's hardware and reads and analyses its log data, identifying any indicators of compromise. These are then sent securely to Anomali and compared to its database of 75 million indicators of compromise in real-time. Any matches are then pushed back into the organisations' SEIM.

According to Seward, the reason for producing the product is that purely SEIM-based protection is fundamentally flawed.

Advertisement - Article continues below

"The dwell time for an attacker for an advanced threat according to [most reports] is about 200 days," Seward told IT Pro. "But most customers only keep 60-90 days worth of data online in their security information and event management system.

"So the time-machine of the SEIM is already broken. It doesn't go back far enough to cover all the potential dwell time of an adversary inside of your network," he said.

Given this situation, Harmony Breach Analytics offers multiple benefits, Seward said. These include not overloading an SEIM with millions of indicators of compromise, providing relevant threat intelligence that becomes "operationally much more valuable for incident responders" - focusing them on immediate critical problems in their infrastructure. Finally, it brings threat analysts much closer with the rest of an organisation's IT team, making them part of the initial triage stage, which Seward described as "a process win".

Anomali Threat Analysis Report service is available immediately and Harmony Breach Analytics will be generally available by 30 April 2016.

Featured Resources

Transform the operator experience with enhanced automation & analytics

Bring networking into the digital era

Download now

Artificially intelligent data centres

How the C-Suite is embracing continuous change to drive value

Download now

Deliver secure automated multicloud for containers with Red Hat and Juniper

Learn how to get started with the multicloud enabler from Red Hat and Juniper

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now



Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019

Patch issued for critical Windows bug

11 Dec 2019
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
big data

Google reveals UK’s most searched for terms in 2019

11 Dec 2019