Tech Library is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.



Anomali detects adversaries and tells you who they are. Organizations rely on the Anomali Threat Platform to detect threats, understand the adversary, and respond effectively. Anomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments. Anomali enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs worldwide.

For more information, visit our website below and follow us on Twitter @Anomali

Our Website:

Latest Content From Anomali

Whitepaper: Organizing the Hunt for Cyber Threats with MITRE ATT&CK

by AnomaliMar 14, 2019

The first step to outsmarting your enemies-- think like them

Today's security teams are fully occupied reacting to the volumes of organizational data on potential malicious activity. Responding to a high volume of alarms can leave very little time for strategy or improving the overall security environment.

Organizations are harnessing MITRE ATT&CK to understand their adversaries and strengthen their defenses. The ATT&CK framework structures comprehensive information on attacker tactics and techniques to help you keep track of, and defend against, the evolving nature of cyber threats.

Learn how you can use MITRE ATT&CK to:

• Provide better insights into threat intelligence
• Reveal gaps and weaknesses in your security infrastructure
• Develop heightened detection and mitigation controls

Get the report now.

Whitepaper: 2019 Ponemon Report: The Value of Threat Intelligence from Anomali

by AnomaliMar 14, 2019

The Ponemon Institute surveyed over 1,000 security professionals in the United States and the United Kingdom

The survey covered a range of threat intelligence topics, participants included in the survey utilize threat intelligence as part of their cybersecurity programs.

Results show that participants strongly believe in the importance and value of threat intelligence data but are struggling to maximize its effectiveness in detecting cyber threats. They call the lack of progress in improving threat intelligence effectiveness the threat intelligence gap.

The purpose of this research is to examine trends and benefits of threat intelligence and the challenges companies are facing when closing the effectiveness gap and integrating threat intelligence with existing security platforms and technologies.

85% say threat intelligence is essential to a strong security posture
82% recognize the importance of having a detailed profile of their adversaries
42% say they are effective at detecting external threats (the threat intelligence gap)

Get detailed statistics on the effectiveness gap, eight best practices from top-performing cyber threat intelligence organizations, and comprehensive statistics from this year's report.

Research Report: Cyber Crime in the Payments Industry: Anomali Labs Threat Research

by AnomaliJan 22, 2019

Criminals Will Adapt Their Techniques to More Creatively Steal Digital Payment Card Data

Given the continued growth of innovative and disruptive technologies being introduced in the payment sector, we expect threat actors-particularly financially-motivated groups-to evolve their tactics in order to exploit weaknesses in these technologies and their implementation while employing tried-and-true tactics such as social engineering to compromise payment systems.

One of the biggest challenges facing retailers, merchants and payment processors is detecting cyber threats as early as possible and taking action to defeat attacks. Threat intelligence provides insight into malicious actors targeting your sector, geography, community, etc. Organizations are turning to threat intelligence to understand their adversaries, learn how to detect when they are being targeted, and combat threats efficiently.

Read the paper to get our 2019 attack predictions for the payment sector.

Download Now!

Research Report: Cybersecurity Insider 2018 Threat Intelligence Report

by AnomaliNov 29, 2018

77% of respondents say that threat intelligence is very to extremely important to their organization's overall security posture.

Threat intelligence has become a significant weapon in the fight against cybersecurity threats, and a large majority of organizations have made it a key part of their security strategies.

Among the key findings of the report are that organizations are leveraging threat intelligence data for a number of use cases, and many rate themselves fairly competent in their use of threat intelligence to identify and remediate cyber threats.

Organizations utilize threat intelligence tools when facing cyber threats such as phishing, zero-day attacks, insider attacks, advanced persistent threats, and malware. Other challenges include threat detection, gaining full visibility into all assets and vulnerabilities, and lack of advanced security staff.

Get the full report from Cybersecurtiy Insider and Anomali.

Whitepaper: STIX/TAXII: What You Need to Know

by AnomaliNov 28, 2018

Structured Threat Information eXpression (STIX) and Trusted Automated eXchange of Intelligence Information (TAXII)

The old adage of "sharing is caring" is paramount within the cyber threat intelligence community. Quick and in-depth transfer of knowledge between individuals, organizations, products, and platforms can lead to improved prevention and mitigation of cyber-attacks. There are many sources of information possible for acquiring such knowledge, but sharing opens many questions:

•How best to share this information and what should the information look like?
•What structure will ensure that it is quickly and efficiently parsed?
•How can you guarantee that the information you share is detailed and accurate?

Cyber threat sharing protocols called Structured Threat Information eXpression (STIX) and Trusted Automated eXchange of Intelligence Information (TAXII) have been developed in response to these questions. The establishment of STIX/TAXII is an open, community-driven effort that provides free specifications to aid in the automated expression of cyber threat information.

Download this whitepaper to learn more about these essential tools.

Whitepaper: NotPetya: One Year Later

by AnomaliNov 28, 2018

This whitepaper examines the NotPetya cyber-attack that occurred in late June 2017. Almost immediately following the WannaCry cyberattack, the NotPetya malware affected countries and organizations around the globe that had strikingly similar repercussions and lessons to take away.

We analyzed how organizations implemented policy or procedural changes, if any, immediately following WannaCry as well as within the past year to improve their resilience to the ever-changing cyber threat landscape.

This whitepaper looks at NotPetya in detail by:
•Examining NotPetya
•Outlining the technical analysis of the NotPetya malware
•Assessing the consequences the attack had on affected organizations
•Discussing the lessons organizations need to take away from this specific cyber incident
•Get up to date on NotPetya, download the paper.

Whitepaper: Threatscape of the US Election

by AnomaliNov 28, 2018

Cyber Attacks Targeting Political Elections Are In Full Swing

The aftermath of the 2016 US Presidential election left many Americans questioning the integrity of the election infrastructure. Fast-forward to the US 2018 midterm election, and you'd be hard-pressed to avoid seeing security researchers and media outlets discussing threats posed to nation's election infrastructure.

A wide range of threat actors pose risks to the elections from sophisticated, state-sponsored Advanced Persistent Threat (APT) groups, to hacktivist groups, and less sophisticated threat actors (script kiddies). The potential attack vectors can vary depending on the complexity and skill of the culpable group, however, there are a series of common vectors that will remain constant.

The objective of this report is to discuss the current state of election risk and the beliefs amongst security researchers regarding the security of the US election infrastructure and the plethora of threats posed to it. We'll also explore the various groups who are known to attack election infrastructure or who have threat capabilities.


Whitepaper: Turkish Hacktivists Respond to US Sanctions: Anomali Labs Cyber Threat Brief

by AnomaliOct 22, 2018

Escalation Between Turkey and the US Provokes a Response from Cyber Groups

The recent escalation in tensions between the United States and Turkey over the detention of pastor Andrew Brunson has prompted Turkish patriotic hacktivists groups to target American websites.

Historically, the two most prominent hacktivist groups Aslan Neferler Tim (ANT) and Turk Hack Team (THT) have reacted to political issues impacting Turkey, by targeting the perceived adversary with low-level nuisance attacks such as web defacements and Distributed Denial of Service attacks (DDoS). As the political situation deteriorates, Anomali expects to see an increase in hacktivist related activity targeting American websites.

This brief will run through a few key points of the escalation, with a focus on the Turkish hacktivist groups ANT and THT.

Read the brief for the latest on Turkey and US relations.

Research Report: The Changing Landscape of U.S. Election Security

by AnomaliOct 22, 2018

Protecting the Sanctity of the Ballot Box Against Cyberthreats Depends On Legislation, Enforcement, and Sharing Up-To-Date Threat Intelligence Data

Confidence in the honesty of election system has hit record lows, yet the federal executive branch still has not articulated an overarching strategy and plan of action to secure them. Disparate election systems operate with little standardization and no unified oversight, making them particularly vulnerable in the face of growing cybersecurity threats.

Government entities will need to ensure that every citizen has the right to secure vote, in order to ensure that all constituents have confidence that their votes will count.

Here are some of the issues addressed:

• The varying levels of cyber-readiness at the state and municipal levels
• Different legislation that has passed or halted around election security
• How threat intelligence technology can be adopted as the first line of defense

Get the report!

Research Report: SANS 2018 Threat Hunting Survey Results

by AnomaliOct 22, 2018

Threat Hunting is Not Simply a Compromise Assessment or Continuous Security Monitoring

Ultimately, threat hunting is an approach that drives security benefits across the organization by making sure that human adversaries are met by human defenders who are taking full advantage of the environment that they defend.

Top survey findings:

• Threat intelligence leads threat hunting
• Trained staff are key to running threat hunting engagements
• Hunting showing that organizations are using intelligence properly
• Threat hunting is helping organizations find threats more effectively

Get the report to find out about the top findings and how to implement good threat hunting practices.