Tech Library is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.



Anomali detects adversaries and tells you who they are. Organizations rely on the Anomali Threat Platform to detect threats, understand the adversary, and respond effectively. Anomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments. Anomali enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs worldwide.

For more information, visit our website below and follow us on Twitter @Anomali

Our Website:

Latest Content From Anomali

Research Report: SC Media Expert Focus: The Community Approach to Sharing Security Intel

by AnomaliOct 16, 2019

When Everyone Participates—Sharing and ISACs Can Be a Vital Source of Security Intelligence

Information Sharing Analysis Centers (ISACs) are private sector organizations that are sometimes known as Information Sharing and Analysis Organizations (ISAOs). They are one of the most effective weapons against mass cyberattacks, but companies often join ISACs without a firm plan in place on how to interact and leverage threat intel for the biggest return.

The key challenge ISACs face is getting members to understand that its intelligence is only valuable if everyone gives and receives. ISACs can deliver huge security benefits to companies, but it requires cooperation and active participation on the part of all members. An ISAC's effectiveness is predicated on seeing rivals as teammates in fighting attackers.

Read the full Expert Focus from SC Media and Anomali.

Research Report: SANS 2019 SOC Survey

by AnomaliOct 16, 2019

SANS Common and Best Practices for Security Operations Centers (SOC)

Lack of skilled staff, budget, and effective automation are the most commonly cited reasons for failing to achieve excellence in existing SOCs. To gain management support for resources, SOC managers need to move beyond quantity-based metrics to business-relevant metrics.

In this survey, senior SANS instructor and course author Christopher Crowley, along with advisor and SANS director of emerging technologies John Pescatore, provide objective data to security leaders who are looking to establish a SOC or optimize an existing one.

Get an overview of common and best practices, defendable metrics that can be used to justify SOC resources to management, and which key areas SOC managers can prioritize to increase the effectiveness and efficiency of security operations.

See how your SOC stacks up to others, get the full report.

Research Report: SANS 2019 Top New Attacks and Threat Report

by AnomaliOct 16, 2019

Basic Security Hygiene Practices are Key to Avoiding the Majority of Commodity Attacks

There is no shortage of media coverage of cybersecurity breaches and outages, and there are many places to find statistics about how many attacks were launched in cyberspace. What is harder to find is expert advice on areas that are worth focusing your resource and efforts on in an effort to protect your organization.

This SANS whitepaper analyzes a baseline of breach and malware data from the past year and goes further to summarize expert opinions from SANS instructors on the emerging threats to look out for in 2019 and beyond. SANS experts cover the areas they believe will have the highest impact for the future, in addition to mitigation advice for each.

Areas include:

  • DNS Related Attacks
  • Domain Fronting
  • Targeted Cloud-Based Personal Attacks
  • Management Infrastructure/Embedded Hardware Attacks

Get the full report and focus your efforts when protecting your organization.

E-Book: Managing Threat Intelligence Playbook

by AnomaliOct 16, 2019

Threat Intelligence for Improved Cyber Threat Mitigation and Accelerated Remediation

Understanding threat intelligence and implementing a threat intelligence solution to enhance your cybersecurity strategy should not be an intimidating process. With a solid plan, your transition to threat intelligence can be smooth, useful, and insightful. This ebook covers the basic steps for successfully adding threat intelligence to your environment, and how to avoid underutilizing it:

  • What Challenges Do Threat Intelligence Platforms Address?
  • What to Look for in a Threat Intelligence Platform?
  • How Threat Management Fits Into the Security Lifecycle
  • ThreatStream—Anomali Altitude
  • Case Studies

Get the eBook and achieve your threat intelligence and management goals.

Whitepaper: Organizing the Hunt for Cyber Threats with MITRE ATT&CK

by AnomaliMar 14, 2019

The first step to outsmarting your enemies-- think like them

Today's security teams are fully occupied reacting to the volumes of organizational data on potential malicious activity. Responding to a high volume of alarms can leave very little time for strategy or improving the overall security environment.

Organizations are harnessing MITRE ATT&CK to understand their adversaries and strengthen their defenses. The ATT&CK framework structures comprehensive information on attacker tactics and techniques to help you keep track of, and defend against, the evolving nature of cyber threats.

Learn how you can use MITRE ATT&CK to:

• Provide better insights into threat intelligence
• Reveal gaps and weaknesses in your security infrastructure
• Develop heightened detection and mitigation controls

Get the report now.

Whitepaper: 2019 Ponemon Report: The Value of Threat Intelligence from Anomali

by AnomaliMar 14, 2019

The Ponemon Institute surveyed over 1,000 security professionals in the United States and the United Kingdom

The survey covered a range of threat intelligence topics, participants included in the survey utilize threat intelligence as part of their cybersecurity programs.

Results show that participants strongly believe in the importance and value of threat intelligence data but are struggling to maximize its effectiveness in detecting cyber threats. They call the lack of progress in improving threat intelligence effectiveness the threat intelligence gap.

The purpose of this research is to examine trends and benefits of threat intelligence and the challenges companies are facing when closing the effectiveness gap and integrating threat intelligence with existing security platforms and technologies.

85% say threat intelligence is essential to a strong security posture
82% recognize the importance of having a detailed profile of their adversaries
42% say they are effective at detecting external threats (the threat intelligence gap)

Get detailed statistics on the effectiveness gap, eight best practices from top-performing cyber threat intelligence organizations, and comprehensive statistics from this year's report.

Research Report: Cyber Crime in the Payments Industry: Anomali Labs Threat Research

by AnomaliJan 22, 2019

Criminals Will Adapt Their Techniques to More Creatively Steal Digital Payment Card Data

Given the continued growth of innovative and disruptive technologies being introduced in the payment sector, we expect threat actors-particularly financially-motivated groups-to evolve their tactics in order to exploit weaknesses in these technologies and their implementation while employing tried-and-true tactics such as social engineering to compromise payment systems.

One of the biggest challenges facing retailers, merchants and payment processors is detecting cyber threats as early as possible and taking action to defeat attacks. Threat intelligence provides insight into malicious actors targeting your sector, geography, community, etc. Organizations are turning to threat intelligence to understand their adversaries, learn how to detect when they are being targeted, and combat threats efficiently.

Read the paper to get our 2019 attack predictions for the payment sector.

Download Now!

Research Report: Cybersecurity Insider 2018 Threat Intelligence Report

by AnomaliNov 29, 2018

77% of respondents say that threat intelligence is very to extremely important to their organization's overall security posture.

Threat intelligence has become a significant weapon in the fight against cybersecurity threats, and a large majority of organizations have made it a key part of their security strategies.

Among the key findings of the report are that organizations are leveraging threat intelligence data for a number of use cases, and many rate themselves fairly competent in their use of threat intelligence to identify and remediate cyber threats.

Organizations utilize threat intelligence tools when facing cyber threats such as phishing, zero-day attacks, insider attacks, advanced persistent threats, and malware. Other challenges include threat detection, gaining full visibility into all assets and vulnerabilities, and lack of advanced security staff.

Get the full report from Cybersecurtiy Insider and Anomali.

Whitepaper: STIX/TAXII: What You Need to Know

by AnomaliNov 28, 2018

Structured Threat Information eXpression (STIX) and Trusted Automated eXchange of Intelligence Information (TAXII)

The old adage of "sharing is caring" is paramount within the cyber threat intelligence community. Quick and in-depth transfer of knowledge between individuals, organizations, products, and platforms can lead to improved prevention and mitigation of cyber-attacks. There are many sources of information possible for acquiring such knowledge, but sharing opens many questions:

•How best to share this information and what should the information look like?
•What structure will ensure that it is quickly and efficiently parsed?
•How can you guarantee that the information you share is detailed and accurate?

Cyber threat sharing protocols called Structured Threat Information eXpression (STIX) and Trusted Automated eXchange of Intelligence Information (TAXII) have been developed in response to these questions. The establishment of STIX/TAXII is an open, community-driven effort that provides free specifications to aid in the automated expression of cyber threat information.

Download this whitepaper to learn more about these essential tools.

Whitepaper: NotPetya: One Year Later

by AnomaliNov 28, 2018

This whitepaper examines the NotPetya cyber-attack that occurred in late June 2017. Almost immediately following the WannaCry cyberattack, the NotPetya malware affected countries and organizations around the globe that had strikingly similar repercussions and lessons to take away.

We analyzed how organizations implemented policy or procedural changes, if any, immediately following WannaCry as well as within the past year to improve their resilience to the ever-changing cyber threat landscape.

This whitepaper looks at NotPetya in detail by:
•Examining NotPetya
•Outlining the technical analysis of the NotPetya malware
•Assessing the consequences the attack had on affected organizations
•Discussing the lessons organizations need to take away from this specific cyber incident
•Get up to date on NotPetya, download the paper.