Anomali announced quarterly updates to its platform to strengthen its customers and partners in profiling adversaries. The update enhances Anomali’s threat intelligence and extended detection and response (XDR) capabilities with new features, allowing enterprise organizations to stay one step ahead of adversaries and avoid business disruptions while optimizing security expenses.
Anomali has been working on incorporating attack flows into The Anomali Platform. This release pushes the platform closer to an Attack Flow Library for Anomali ThreatStream, which will serve as a gateway for new Attack Flows that sequence cyberattack techniques. This capability will add new context to adversary behavior and assist security teams in profiling the adversary. It will also allow them to better protect the organization prior to an attack, detect an attack in real-time, and respond post-attack.
Mark Alba, Chief Product Officer at Anomali stated, “Anomali’s August release offers new capabilities and enhancements for security operations teams struggling to identify not only who’s targeting them, but how and why they are being targeted.”
CISOs and security professionals can leverage this predictive visual mapping to align attacks with potential gaps in their security posture in order to get ahead of the threat. In the macroeconomic environment, customers are looking for capabilities that will increase the impact of their existing investments. The new extensible framework to the platform will enable the automation of routine tasks. The first implementation in this release is available to automate enrichments in the investigation’s workbench. A drag-and-drop process for configuring a multi-stage enrichment task can be easily set up and run as needed, saving analysts time performing repetitive tasks.
- This platform release also includes support for MITRE ATT&CK Mobile & ICS: intelligence aggregation, contextualization, and analysis for Mobile and ICS attack surfaces to strengthen overall security posture.
- MITRE ATT&CK Enterprise v11 in Anomali Lens Scheduled retrospective search Aids the SOC in automating the correlation of historical events with newly available intelligence in order to generate reports and learn about other adversary behavior, threat actors, and TTPs. This allows CISOs to detect real-time threats in their local IT environment.
Jon Oltsik, Senior Principal Analyst and Fellow, ESG Research stated, “ESG research found that 97% of security professionals believe that MITRE ATT&CK is important to their organization’s security operations strategy. Anomali’s commitment to integrating the MITRE ATT&CK Framework into its solutions and participating in the MITRE Engenuity Center for Threat Informed Defense can help security teams adopt the framework and better understand cyber adversaries.”