Tech Library is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.



Anomali® delivers intelligence-driven cybersecurity solutions, these include Anomali ThreatStream®, Anomali Match™ and Anomali Lens™. Private enterprises and public organizations use Anomali to gain unlimited visibility, speed time to detection, and constantly improve security operations. Anomali customers include more than 1,500 global organizations, many of the Global 2000 and Fortune 500, and large government and defense organizations around the world. Founded in 2013, it is backed by leading venture firms including GV, Paladin Capital Group, Institutional Venture Partners, and General Cayalyst.

Our Website:

Latest Content From Anomali

Whitepaper: Frost Radar: Global Threat Intelligence Platform Market, 2020 from Anomali

by AnomaliDec 01, 2020

Within a field of eight competitors, Anomali was positioned on the Frost Radar as the clear innovation leader and ranked second in growth index. Frost & Sullivan profiled companies that demonstrate a commitment to improving their products and growing their market share.

Key points covered in the Frost Radar are as follows:

• Strategic Imperative and Growth Environment
• Frost Radar: Global Threat Intelligence Platforms Market
• Companies to Action: Anomali
• Strategic Insights
• Next Steps: Leveraging the Frost Radar to Empower Key Stakeholders

"Our awards program recognizes companies that are driving change, achieving growth, and setting new standards in performance. In our extensive study of the market, we determined that Anomali is outperforming competitors and owns the lion's share of enterprise customers using TIPS to improve security and risk," said Mikita Hanets, lead research analyst, Frost & Sullivan.

Download this report to see why Frost & Sullivan named Anomali the winner of its 2020 Frost Radar Innovation Excellence Award for the Global Threat Intelligence Platforms (TIP) Market and owns the highest share of the TIP market (40%) and continues to demonstrate substantial year-over-year growth.

Whitepaper: Malicious Activity Aligning with Gamaredon TTPs Targets Ukraine

by AnomaliJan 23, 2020

Russia-Sponsored APT Group, Gamaredon (Primitive Bear), Believed Responsible for Ukraine Targeting

The Anomali Threat Research (ATR) team has identified malicious activity that they believe is being conducted by the Russia-sponsored Advanced Persistent Threat (APT) group, Gamaredon (Primitive Bear). Lure documents observed appear to target Ukrainian entities such as diplomats, government employees, military officials, and more.

The object of this report is to highlight new Gamaredon tactics, techniques, and procedures (TTP) and share indicators of compromise (IOCs) to the security community for awareness and further analysis. You'll find:

• Current targeting landscape
• Lure document analysis
• Technical IOCs associated with the campaign

Learn about the indicated risk to Ukrainian government entities by APT threat group Gamaredon (Primitive Bear).

E-Book: Managing Threat Intelligence Playbook

by AnomaliOct 16, 2019

Threat Intelligence for Improved Cyber Threat Mitigation and Accelerated Remediation

Understanding threat intelligence and implementing a threat intelligence solution to enhance your cybersecurity strategy should not be an intimidating process. With a solid plan, your transition to threat intelligence can be smooth, useful, and insightful. This ebook covers the basic steps for successfully adding threat intelligence to your environment, and how to avoid underutilizing it:

  • What Challenges Do Threat Intelligence Platforms Address?
  • What to Look for in a Threat Intelligence Platform?
  • How Threat Management Fits Into the Security Lifecycle
  • Anomali Altitude™
  • Case Studies

Get the eBook and achieve your threat intelligence and management goals.

Research Report: Osterman Research-Nation-State Attack Survey: Top CISO Concerns

by AnomaliMar 27, 2020

The Situation Between the United States and Iran is Influencing CISO's Security Strategy and Operations.

Nation-state attacks--in which military of non-military government entities seek to infiltrate other governments, enterprises, or non-commercial organizations--are on the rise. For example, Microsoft revealed in mid-2019 that 8,000 of its enterprise customers had been targeted by these types of attacks during the previous twelve months.

Nation-state attacks are especially worrisome after kinetic incidents, such as the January 2020 altercations between the United States and Iran. While some nation-state attacks are driven by political aims, many are driven by industrial espionage, intelligence gathering, and other malicious goals.

To determine the extent of concern and readiness for nation-state attacks in enterprise-level organizations, Osterman Research conducted an in-depth survey of CISOs. Download the full Osterman Research Survey Report to learn what they discovered. To determine the extent of concern and readiness for nation-state attacks in enterprise-level organizations, Osterman Research conducted an in-depth survey of CISOs. Download the full Osterman Research Survey Report to learn what they discovered.

Whitepaper: Phishing Campaign Targets Multiple U.S. and International Government Procurement Services

by AnomaliJan 23, 2020

Global Phishing Campaign Spoofs Multiple Government Procurement Services With Credential Harvesting

Anomali researchers have identified a credential harvesting campaign designed to steal the login credentials for multiple government procurement services from a range of countries. The procurement services are used by multiple public sector organizations to match buyers and suppliers.

This whitepaper aims to provide an overview of the discovered phishing campaign, as Anomali researchers consider it likely that the actors will continue to target these services in the future. We'll cover:

• The targeted landscape and spoofed organizations
• Lure documents and credential harvesting sites
• Threat Infrastructure Analysis
• Specific indicators of compromise (IOCs) associated with the campaign

Read the full report to understand the possible motivations of this phishing campaign.

Whitepaper: ROI Study: Economic Validation Report of the Anomali Threat Intelligence Platform

by AnomaliDec 01, 2020

Never before has it been so critical for enterprises to effectively empower an increasingly remote workforce with access to applications and resources across a number of geographic regions, networks, and devices.

Enterprises have been forced to quickly implement solutions, ease restrictions and policies, and remove barriers to entry, placing an even greater burden on their security teams to operate effectively and efficiently to protect the organization and its assets.

Security teams must work smarter and more efficiently to incorporate as much threat intelligence information as possible to identify and remediate threats.

EGS's model predicts a return on investment of 233% and a payback period of only 11 months for an organization with a security team of 10 individuals choosing to implement Anomali versus continuing to operate without a threat intelligence platform.

Download the full report.

Research Report: SANS 2019 SOC Survey

by AnomaliOct 16, 2019

SANS Common and Best Practices for Security Operations Centers (SOC)

Lack of skilled staff, budget, and effective automation are the most commonly cited reasons for failing to achieve excellence in existing SOCs. To gain management support for resources, SOC managers need to move beyond quantity-based metrics to business-relevant metrics.

In this survey, senior SANS instructor and course author Christopher Crowley, along with advisor and SANS director of emerging technologies John Pescatore, provide objective data to security leaders who are looking to establish a SOC or optimize an existing one.

Get an overview of common and best practices, defendable metrics that can be used to justify SOC resources to management, and which key areas SOC managers can prioritize to increase the effectiveness and efficiency of security operations.

See how your SOC stacks up to others, get the full report.

Research Report: SANS 2019 Top New Attacks and Threat Report

by AnomaliOct 16, 2019

Basic Security Hygiene Practices are Key to Avoiding the Majority of Commodity Attacks

There is no shortage of media coverage of cybersecurity breaches and outages, and there are many places to find statistics about how many attacks were launched in cyberspace. What is harder to find is expert advice on areas that are worth focusing your resource and efforts on in an effort to protect your organization.

This SANS whitepaper analyzes a baseline of breach and malware data from the past year and goes further to summarize expert opinions from SANS instructors on the emerging threats to look out for in 2019 and beyond. SANS experts cover the areas they believe will have the highest impact for the future, in addition to mitigation advice for each.

Areas include:

  • DNS Related Attacks
  • Domain Fronting
  • Targeted Cloud-Based Personal Attacks
  • Management Infrastructure/Embedded Hardware Attacks

Get the full report and focus your efforts when protecting your organization.

Research Report: SANS 2020 Cyber Threat Intelligence Survey Results

by AnomaliMar 27, 2020

The Maturation of Cyber Threat Intelligence (CTI)

This year's survey had a record number of respondents (1,006) and the highest ever reporting of Cyber Threat Intelligence (CTI) programs within organizations. 2020 showed 80% of respondents reporting that they produce or consume CTI, an increase of 10% to last year.

As the field reaches maturity, understanding and improving the effectiveness of CTI programs will become more critical. This paper focuses on why finding the right people and tools for a Cyber Threat Intelligence (CTI) program is crucial, the intelligence cycle process, as well as the value and inhibitors of CTI.

Key takeaways from this year's survey:

• Collaboration is key
• Not all processes require the same level of automation
• The necessary data and tools change as CTI teams evolve
• Requirements are taking hold and are a staple of mature teams
• A community of consumers and producers contribute to CTI

Read this year's report to learn more about how to keep your CTI program moving forward.

Research Report: SC Media Expert Focus: The Community Approach to Sharing Security Intel

by AnomaliOct 16, 2019

When Everyone Participates—Sharing and ISACs Can Be a Vital Source of Security Intelligence

Information Sharing Analysis Centers (ISACs) are private sector organizations that are sometimes known as Information Sharing and Analysis Organizations (ISAOs). They are one of the most effective weapons against mass cyberattacks, but companies often join ISACs without a firm plan in place on how to interact and leverage threat intel for the biggest return.

The key challenge ISACs face is getting members to understand that its intelligence is only valuable if everyone gives and receives. ISACs can deliver huge security benefits to companies, but it requires cooperation and active participation on the part of all members. An ISAC's effectiveness is predicated on seeing rivals as teammates in fighting attackers.

Read the full Expert Focus from SC Media and Anomali.