Company attributes
Other attributes
Anomali is a developer of a threat intelligence platform designed to help organizations find and respond to cyber threats. This includes an internal infrastructure capable of identifying new attacks or search forensically to discover existing breaches as well as offering a free tool to collect and share threat intelligence. Anomali's extended detection and response (XDR) cybersecurity solution includes artificial intelligence and big data management in order to provide proprietary capabilities that help security teams detect threats, optimize response, and increase resiliency.
Founded in 2013, the company is headquartered in Redwood City, California and serves public and private sector organizations in a variety of major industries.
Anomali's platform and related services work to deliver earlier detection and identification of adversaries in an organization's network through the correlation of millions of threat indicators through network activity logs and real-time network activity logs. Anomali's approach is intended to provide an organization with detection capabilities at every point along a kill chain and help the organization mitigate threats before those threats can cause material damage to an organization.
The Threatstream service offered by Anomali provides threat intelligence management that automates the collection and processing of raw data, is capable of filtering out noise and transforming the noise and data into relevant and actionable threat intelligence. This includes artificial intelligence for automating and accelerating the process of collecting threat data to provide enhanced visibility into a threat landscape. This is also capable of breaking down silos and create a foundation for teams to collaborate and attribute analyst activity with relevant intelligence.
For attack detection, the ThreatStream services works to provide users with more precision in understanding who is attacking and increasing the efficiency response of those teams. That includes threat intelligence for confidence and severity. It also automatically associates adversarial Tactics, Techniques, and Procedures (TTPs) and attack patterns with techniques and sub-techniques in the MITRE ATT&CK Enterprise Framework.
Anomali's Match uses intelligence technologies to automate extended detection and response (XDR) to help organizations detect and respond to threats in real time to stop breaches and attackers. This automation works to profile a threat and its possible impact on an organization, and match provides that ability to help security teams pinpoint those threats, understand criticality of a possible threat and prioritize the possible responses. Match is built to offer users the following features:
- On-demand and continuous threat detection
- Predictive detection of malicious domains
- Real-time indicator timeline for simple to use detection of threats
- Continuous monitoring of detected indicators and associated threat models
- In console IoC to threat model associations detection
- MITRE ATT&CK mapping with an immediate view of matched threat impact
Anomali Lens is an extension that operationalizes threat intelligence by scanning web-based content to identify relevant threats and streamline researching and reporting on them. This works to identify threats in unstructured data in seconds using Natural Language Processing (NLP) to scan and identify threat data in any web-based content, Office 365 content, and PDFs, and operationalizing the data into actionable intelligence. Other features of Anomli's Lens include the following:
- Unstructured data natural language processing analysis
- Identification and translation of unstructured attack description
- Automatic IoC import into TS Threat Bulletins, Investigations, and Sandbox detonation
- SOC analyst research to CTI threat investigation
- Export capabilities for distribution and collaboration of an investigation
