Anomali ThreatStream
Offer a reference bonus
1.00

Anomali ThreatStream

Anomali

-
ROI-
USD
Using20
Selling2

PitchThreatStream operationalizes threat intelligence and unites all the tools in your security infrastructure, speeding the detection of threats and enabling proactive defense measures.

Product features

Description

SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also showed that 70% are overwhelmed with threat data. Anomali ThreatStream® makes it easier for security teams to achieve the full promise of threat intelligence. ThreatStream automates all the processes for collecting, managing and integrating threat intelligence, and gives security analysts the tools and resources to respond quickly to active threats.
Collect
ThreatStream manages ingesting intelligence from many disparate sources, including:
  • STIX/TAXII feeds
  • Open source threat feeds
  • Commercial threat intelligence providers
  • Unstructured intelligence: PDFs, CSVs, emails
  • ISAC/ISAO shared threat intelligence
Manage
ThreatStream takes raw threat data and turns it into rich, usable intelligence:
  • Normalizes feeds into a common taxonomy
  • De-duplicates data across feeds
  • Removes false positives
  • Enriches data with actor, campaign, and TTP
  • Associates related threat indicators
Integrate
ThreatStream integrates with internal security systems to make threat intelligence actionable.
  • Deep integration with SIEM, FW, IPS, and EDR
  • Scales to process millions of indicators
  • Risk ranks threats via machine learning
  • Includes Threat Bulletins from Anomali Labs
  • Secure, 2-way sharing with Trusted Circles

Problems that the product solves

Decentralized IT systems

High costs of IT personnel

Risk or Leaks of confidential information

Risk of attacks by hackers

Risk of data loss or damage

Values

Manage Risks

Enhance Staff Productivity

Testing

https://www.anomali.com/request-a-demo

Characteristics (Threat Intelligence Platforms)

Own feed providers / feed prep analytics centers

Avaliable

Normalization, feed deduplication

Avaliable

Number of feed suppliers out of the box

100+

CSV files

Avaliable

JSON files

Avaliable

HTTP-feed

Avaliable

Email

Avaliable

STIX / TAXII Standards Support

Avaliable

Unstructured text data

Avaliable

The ability to enrich data from external sources (for example, WHOis, PassiveDNS, VirusTotal, etc.)

Avaliable

Connecting additional feed providers

Avaliable

Search for matches in SIEM events

Avaliable

Direct incident response through integration with third-party information security systems

Avaliable

Responding to incidents using complex algorithms (playbooks)

N/A

REST API Integration Capability

Avaliable

Manual adjustment of “weight” parameters for feed’s

Avaliable

Ability to build a graph of links between feed’s objects and internal artifacts

Avaliable

Transaction Features

Partner average discount

Deal protection

Average deal size

Average deal closing time

Competitive products

User features

Roles of Interested Employees

Chief Information Officer

Chief IT Security Officer

IT Security and Risk Management

Organizational Features

Company branches in different countries

IT Security Department in company