{"global":{"lastError":{},"locale":"en","locales":{"data":[{"id":"de","name":"Deutsch"},{"id":"en","name":"English"}],"loading":false,"error":false},"currency":{"id":49,"name":"EUR"},"currencies":{"data":[{"id":49,"name":"EUR"},{"id":124,"name":"RUB"},{"id":153,"name":"UAH"},{"id":155,"name":"USD"}],"loading":false,"error":false},"translations":{"company":{"role-vendor":{"ru":"Производитель","_type":"localeString","en":"Vendor"},"role-supplier":{"_type":"localeString","en":"Supplier","ru":"Поставщик"},"products-popover":{"en":"Products","de":"die produkte","ru":"Продукты","_type":"localeString"},"introduction-popover":{"_type":"localeString","en":"introduction","ru":"внедрения"},"partners-popover":{"ru":"партнеры","_type":"localeString","en":"partners"},"update-profile-button":{"_type":"localeString","en":"Update profile","ru":"Обновить профиль"},"read-more-button":{"ru":"Показать ещё","_type":"localeString","en":"Show more"},"hide-button":{"ru":"Скрыть","_type":"localeString","en":"Hide"},"user-implementations":{"en":"Deployments","ru":"Внедрения","_type":"localeString"},"categories":{"_type":"localeString","en":"Categories","ru":"Компетенции"},"description":{"_type":"localeString","en":"Description","ru":"Описание"},"role-user":{"en":"User","ru":"Пользователь","_type":"localeString"},"partnership-vendors":{"_type":"localeString","en":"Partnership with vendors","ru":"Партнерство с производителями"},"partnership-suppliers":{"en":"Partnership with suppliers","ru":"Партнерство с поставщиками","_type":"localeString"},"reference-bonus":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus 4 reference"},"partner-status":{"_type":"localeString","en":"Partner status","ru":"Статус партнёра"},"country":{"ru":"Страна","_type":"localeString","en":"Country"},"partner-types":{"en":"Partner types","ru":"Типы партнеров","_type":"localeString"},"branch-popover":{"ru":"область деятельности","_type":"localeString","en":"branch"},"employees-popover":{"_type":"localeString","en":"number of employees","ru":"количество сотрудников"},"partnership-programme":{"ru":"Партнерская программа","_type":"localeString","en":"Partnership program"},"partner-discounts":{"_type":"localeString","en":"Partner discounts","ru":"Партнерские скидки"},"registered-discounts":{"_type":"localeString","en":"Additional benefits for registering a deal","ru":"Дополнительные преимущества за регистрацию сделки"},"additional-advantages":{"ru":"Дополнительные преимущества","_type":"localeString","en":"Additional Benefits"},"additional-requirements":{"en":"Partner level requirements","ru":"Требования к уровню партнера","_type":"localeString"},"certifications":{"en":"Certification of technical specialists","ru":"Сертификация технических специалистов","_type":"localeString"},"sales-plan":{"ru":"Годовой план продаж","_type":"localeString","en":"Annual Sales Plan"},"partners-vendors":{"en":"Partners-vendors","ru":"Партнеры-производители","_type":"localeString"},"partners-suppliers":{"ru":"Партнеры-поставщики","_type":"localeString","en":"Partners-suppliers"},"all-countries":{"_type":"localeString","en":"All countries","ru":"Все страны"},"supplied-products":{"ru":"Поставляемые продукты","_type":"localeString","en":"Supplied products"},"vendored-products":{"_type":"localeString","en":"Produced products","ru":"Производимые продукты"},"vendor-implementations":{"ru":"Производимые внедрения","_type":"localeString","en":"Produced deployments"},"supplier-implementations":{"_type":"localeString","en":"Supplied deployments","ru":"Поставляемые внедрения"},"show-all":{"ru":"Показать все","_type":"localeString","en":"Show all"},"not-yet-converted":{"ru":"Данные модерируются и вскоре будут опубликованы. Попробуйте повторить переход через некоторое время.","_type":"localeString","en":"Data is moderated and will be published soon. Please, try again later."},"schedule-event":{"ru":"Pасписание событий","_type":"localeString","en":"Events schedule"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"register":{"_type":"localeString","en":"Register","ru":"Регистрация "},"login":{"en":"Login","ru":"Вход","_type":"localeString"},"auth-message":{"en":"To view company events please log in or register on the sit.","ru":"Для просмотра ивентов компании авторизируйтесь или зарегистрируйтесь на сайт.","_type":"localeString"},"company-presentation":{"ru":"Презентация компании","_type":"localeString","en":"Company presentation"}},"header":{"help":{"_type":"localeString","en":"Help","de":"Hilfe","ru":"Помощь"},"how":{"ru":"Как это работает","_type":"localeString","en":"How does it works","de":"Wie funktioniert es"},"login":{"_type":"localeString","en":"Log in","de":"Einloggen","ru":"Вход"},"logout":{"ru":"Выйти","_type":"localeString","en":"Sign out"},"faq":{"de":"FAQ","ru":"FAQ","_type":"localeString","en":"FAQ"},"references":{"de":"References","ru":"Мои запросы","_type":"localeString","en":"Requests"},"solutions":{"ru":"Возможности","_type":"localeString","en":"Solutions"},"find-it-product":{"en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта","_type":"localeString"},"autoconfigurator":{"en":" Price calculator","ru":"Калькулятор цены","_type":"localeString"},"comparison-matrix":{"en":"Comparison Matrix","ru":"Матрица сравнения","_type":"localeString"},"roi-calculators":{"_type":"localeString","en":"ROI calculators","ru":"ROI калькуляторы"},"b4r":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference"},"business-booster":{"en":"Business boosting","ru":"Развитие бизнеса","_type":"localeString"},"catalogs":{"_type":"localeString","en":"Catalogs","ru":"Каталоги"},"products":{"ru":"Продукты","_type":"localeString","en":"Products"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"companies":{"en":"Companies","ru":"Компании","_type":"localeString"},"categories":{"ru":"Категории","_type":"localeString","en":"Categories"},"for-suppliers":{"en":"For suppliers","ru":"Поставщикам","_type":"localeString"},"blog":{"ru":"Блог","_type":"localeString","en":"Blog"},"agreements":{"ru":"Сделки","_type":"localeString","en":"Deals"},"my-account":{"ru":"Мой кабинет","_type":"localeString","en":"My account"},"register":{"ru":"Зарегистрироваться","_type":"localeString","en":"Register"},"comparison-deletion":{"ru":"Удаление","_type":"localeString","en":"Deletion"},"comparison-confirm":{"_type":"localeString","en":"Are you sure you want to delete","ru":"Подтвердите удаление"},"search-placeholder":{"ru":"Введите поисковый запрос","_type":"localeString","en":"Enter your search term"},"my-profile":{"ru":"Мои данные","_type":"localeString","en":"My profile"},"about":{"en":"About Us","_type":"localeString"},"it_catalogs":{"en":"IT catalogs","_type":"localeString"},"roi4presenter":{"_type":"localeString","en":"Roi4Presenter"},"roi4webinar":{"en":"Pitch Avatar","_type":"localeString"},"sub_it_catalogs":{"_type":"localeString","en":"Find IT product"},"sub_b4reference":{"_type":"localeString","en":"Get reference from user"},"sub_roi4presenter":{"en":"Make online presentations","_type":"localeString"},"sub_roi4webinar":{"_type":"localeString","en":"Create an avatar for the event"},"catalogs_new":{"_type":"localeString","en":"Products"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"},"it_our_it_catalogs":{"_type":"localeString","en":"Our IT Catalogs"},"it_products":{"en":"Find and compare IT products","_type":"localeString"},"it_implementations":{"_type":"localeString","en":"Learn implementation reviews"},"it_companies":{"_type":"localeString","en":"Find vendor and company-supplier"},"it_categories":{"_type":"localeString","en":"Explore IT products by category"},"it_our_products":{"_type":"localeString","en":"Our Products"},"it_it_catalogs":{"en":"IT catalogs","_type":"localeString"}},"footer":{"copyright":{"en":"All rights reserved","de":"Alle rechte vorbehalten","ru":"Все права защищены","_type":"localeString"},"company":{"de":"Über die Firma","ru":"О компании","_type":"localeString","en":"My Company"},"about":{"en":"About us","de":"Über uns","ru":"О нас","_type":"localeString"},"infocenter":{"ru":"Инфоцентр","_type":"localeString","en":"Infocenter","de":"Infocenter"},"tariffs":{"_type":"localeString","en":"Subscriptions","de":"Tarife","ru":"Тарифы"},"contact":{"ru":"Связаться с нами","_type":"localeString","en":"Contact us","de":"Kontaktiere uns"},"marketplace":{"_type":"localeString","en":"Marketplace","de":"Marketplace","ru":"Marketplace"},"products":{"ru":"Продукты","_type":"localeString","en":"Products","de":"Produkte"},"compare":{"_type":"localeString","en":"Pick and compare","de":"Wähle und vergleiche","ru":"Подобрать и сравнить"},"calculate":{"ru":"Расчитать стоимость","_type":"localeString","en":"Calculate the cost","de":"Kosten berechnen"},"get_bonus":{"en":"Bonus for reference","de":"Holen Sie sich einen Rabatt","ru":"Бонус за референс","_type":"localeString"},"salestools":{"de":"Salestools","ru":"Salestools","_type":"localeString","en":"Salestools"},"automatization":{"en":"Settlement Automation","de":"Abwicklungsautomatisierung","ru":"Автоматизация расчетов","_type":"localeString"},"roi_calcs":{"de":"ROI-Rechner","ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators"},"matrix":{"en":"Comparison matrix","de":"Vergleichsmatrix","ru":"Матрица сравнения","_type":"localeString"},"b4r":{"en":"Rebate 4 Reference","de":"Rebate 4 Reference","ru":"Rebate 4 Reference","_type":"localeString"},"our_social":{"de":"Unsere sozialen Netzwerke","ru":"Наши социальные сети","_type":"localeString","en":"Our social networks"},"subscribe":{"de":"Melden Sie sich für den Newsletter an","ru":"Подпишитесь на рассылку","_type":"localeString","en":"Subscribe to newsletter"},"subscribe_info":{"ru":"и узнавайте первыми об акциях, новых возможностях и свежих обзорах софта","_type":"localeString","en":"and be the first to know about promotions, new features and recent software reviews"},"policy":{"ru":"Политика конфиденциальности","_type":"localeString","en":"Privacy Policy"},"user_agreement":{"ru":"Пользовательское соглашение ","_type":"localeString","en":"Agreement"},"solutions":{"_type":"localeString","en":"Solutions","ru":"Возможности"},"find":{"ru":"Подбор и сравнение ИТ продукта","_type":"localeString","en":"Selection and comparison of IT product"},"quote":{"ru":"Калькулятор цены","_type":"localeString","en":"Price calculator"},"boosting":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"4vendors":{"en":"4 vendors","ru":"поставщикам","_type":"localeString"},"blog":{"ru":"блог","_type":"localeString","en":"blog"},"pay4content":{"en":"we pay for content","ru":"платим за контент","_type":"localeString"},"categories":{"en":"categories","ru":"категории","_type":"localeString"},"showForm":{"ru":"Показать форму","_type":"localeString","en":"Show form"},"subscribe__title":{"_type":"localeString","en":"We send a digest of actual news from the IT world once in a month!","ru":"Раз в месяц мы отправляем дайджест актуальных новостей ИТ мира!"},"subscribe__email-label":{"ru":"Email","_type":"localeString","en":"Email"},"subscribe__name-label":{"_type":"localeString","en":"Name","ru":"Имя"},"subscribe__required-message":{"ru":"Это поле обязательное","_type":"localeString","en":"This field is required"},"subscribe__notify-label":{"ru":"Да, пожалуйста уведомляйте меня о новостях, событиях и предложениях","_type":"localeString","en":"Yes, please, notify me about news, events and propositions"},"subscribe__agree-label":{"_type":"localeString","en":"By subscribing to the newsletter, you agree to the %TERMS% and %POLICY% and agree to the use of cookies and the transfer of your personal data","ru":"Подписываясь на рассылку, вы соглашаетесь с %TERMS% и %POLICY% и даете согласие на использование файлов cookie и передачу своих персональных данных*"},"subscribe__submit-label":{"_type":"localeString","en":"Subscribe","ru":"Подписаться"},"subscribe__email-message":{"ru":"Пожалуйста, введите корректный адрес электронной почты","_type":"localeString","en":"Please, enter the valid email"},"subscribe__email-placeholder":{"en":"username@gmail.com","ru":"username@gmail.com","_type":"localeString"},"subscribe__name-placeholder":{"ru":"Имя Фамилия","_type":"localeString","en":"Last, first name"},"subscribe__success":{"ru":"Вы успешно подписаны на рассылку. Проверьте свой почтовый ящик.","_type":"localeString","en":"You are successfully subscribed! Check you mailbox."},"subscribe__error":{"_type":"localeString","en":"Subscription is unsuccessful. Please, try again later.","ru":"Не удалось оформить подписку. Пожалуйста, попробуйте позднее."},"roi4presenter":{"de":"roi4presenter","ru":"roi4presenter","_type":"localeString","en":"Roi4Presenter"},"it_catalogs":{"en":"IT catalogs","_type":"localeString"},"roi4webinar":{"en":"Pitch Avatar","_type":"localeString"},"b4reference":{"en":"Bonus4Reference","_type":"localeString"}},"breadcrumbs":{"home":{"_type":"localeString","en":"Home","ru":"Главная"},"companies":{"en":"Companies","ru":"Компании","_type":"localeString"},"products":{"ru":"Продукты","_type":"localeString","en":"Products"},"implementations":{"en":"Deployments","ru":"Внедрения","_type":"localeString"},"login":{"_type":"localeString","en":"Login","ru":"Вход"},"registration":{"_type":"localeString","en":"Registration","ru":"Регистрация"},"b2b-platform":{"ru":"Портал для покупателей, поставщиков и производителей ИТ","_type":"localeString","en":"B2B platform for IT buyers, vendors and suppliers"}},"comment-form":{"title":{"_type":"localeString","en":"Leave comment","ru":"Оставить комментарий"},"firstname":{"_type":"localeString","en":"First name","ru":"Имя"},"lastname":{"en":"Last name","ru":"Фамилия","_type":"localeString"},"company":{"_type":"localeString","en":"Company name","ru":"Компания"},"position":{"ru":"Должность","_type":"localeString","en":"Position"},"actual-cost":{"en":"Actual cost","ru":"Фактическая стоимость","_type":"localeString"},"received-roi":{"ru":"Полученный ROI","_type":"localeString","en":"Received ROI"},"saving-type":{"ru":"Тип экономии","_type":"localeString","en":"Saving type"},"comment":{"ru":"Комментарий","_type":"localeString","en":"Comment"},"your-rate":{"ru":"Ваша оценка","_type":"localeString","en":"Your rate"},"i-agree":{"ru":"Я согласен","_type":"localeString","en":"I agree"},"terms-of-use":{"_type":"localeString","en":"With user agreement and privacy policy","ru":"С пользовательским соглашением и политикой конфиденциальности"},"send":{"_type":"localeString","en":"Send","ru":"Отправить"},"required-message":{"_type":"localeString","en":"{NAME} is required filed","ru":"{NAME} - это обязательное поле"}},"maintenance":{"title":{"ru":"На сайте проводятся технические работы","_type":"localeString","en":"Site under maintenance"},"message":{"_type":"localeString","en":"Thank you for your understanding","ru":"Спасибо за ваше понимание"}}},"translationsStatus":{"company":"success"},"sections":{},"sectionsStatus":{},"pageMetaData":{"company":{"meta":[{"content":"https://roi4cio.com/fileadmin/templates/roi4cio/image/roi4cio-logobig.jpg","name":"og:image"},{"name":"og:type","content":"website"}],"translatable_meta":[{"translations":{"ru":"Компания","_type":"localeString","en":"Company"},"name":"title"},{"name":"description","translations":{"ru":"Описание компании","_type":"localeString","en":"Company description"}},{"name":"keywords","translations":{"ru":"Ключевые слова для компании","_type":"localeString","en":"Company keywords"}}],"title":{"ru":"ROI4CIO: Компания","_type":"localeString","en":"ROI4CIO: Company"}}},"pageMetaDataStatus":{"company":"success"},"subscribeInProgress":false,"subscribeError":false},"auth":{"inProgress":false,"error":false,"checked":true,"initialized":false,"user":{},"role":null,"expires":null},"products":{"productsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null,"useProductLoading":false,"sellProductLoading":false,"templatesById":{},"comparisonByTemplateId":{}},"filters":{"filterCriterias":{"loading":false,"error":null,"data":{"price":{"min":0,"max":6000},"users":{"loading":false,"error":null,"ids":[],"values":{}},"suppliers":{"loading":false,"error":null,"ids":[],"values":{}},"vendors":{"loading":false,"error":null,"ids":[],"values":{}},"roles":{"id":200,"title":"Roles","values":{"1":{"id":1,"title":"User","translationKey":"user"},"2":{"id":2,"title":"Supplier","translationKey":"supplier"},"3":{"id":3,"title":"Vendor","translationKey":"vendor"}}},"categories":{"flat":[],"tree":[]},"countries":{"loading":false,"error":null,"ids":[],"values":{}}}},"showAIFilter":false},"companies":{"companiesByAlias":{"anomali":{"id":5298,"title":"Anomali","logoURL":"https://old.roi4cio.com/uploads/roi/company/Anomali.png","alias":"anomali","address":"","roles":[{"id":2,"type":"supplier"},{"id":3,"type":"vendor"}],"description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect threats, understand adversaries, and respond effectively.&nbsp; The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide.<br />Source: https://www.linkedin.com/company/anomali/about/","companyTypes":["supplier","vendor"],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[{"id":1271,"title":"Anomali ThreatStream for Bank of Hope","description":"<span style=\"font-weight: bold;\">CHALLENGE</span>\r\nBank of Hope needed a way to easily investigate potentially risky IPs without having to log in to multiple security product dashboards. The bank depends on its security information and event management (SIEM) tool as the heart of its incident response program, but when the SIEM flagged a potential problem IP address the analysts needed to spend up to a half hour confirming its reputation.<br /><span style=\"font-weight: bold;\"></span>\r\n<span style=\"font-weight: bold;\">SOLUTION</span><br />ThreatStream offered Bank of Hope a way to sync its actionable intelligence with the organization’s SIEM tool and provide analysis with minimal effort.<br /><span style=\"font-weight: bold;\"></span>\r\n<span style=\"font-weight: bold;\">RESULTS</span><br />• Reduced Mean-Time-To-Know<br />• SIEM Integration<br />• Headcount Savings<br /><span style=\"font-weight: bold;\"><br />BANK OF HOPE CHALLENGE</span>\r\nWhen the SIEM pointed to a threat indication, IT security analysts spent an inordinate amount of time looking up potential malicious IPs to confirm their current reputation. Bank of Hope had several systems in its IT environment that provided outside threat intelligence related to malicious IPs, but each of these had its own portal and its own dashboards. Each system provided threat intelligence, but none were intuitively embedded with the SIEM.<br />So analysts were left with a manual process that required them to look up information within each IT tool that had its own built-in threat information. With a lean staff, the bank could ill afford the kind of resource drain that looking up suspicious IPs was putting on its security operations. Staffers could take up to a half hour simply to determine whether the IP address had a known bad reputation, let alone to start acting on a potential incident once bad news was confirmed.<br /><span style=\"font-style: italic;\">“Doing the research was a strenuous process,”</span> said Arindam Bose, senior vice president and security officer for Bank of Hope. <span style=\"font-style: italic;\">“We had to go to multiple resources to understand the indication of relevance of that IP address to our environment.”</span><br />Bank of Hope needed a way to simplify the process so it could make better use of its analysts’ bandwidth to work deeper into the forensics and incident response process.<br /><br /><span style=\"font-weight: bold;\">OVERVIEW</span><br />Operating with $7.3 billion in assets Bank of Hope is the largest KoreanAmerican bank in the nation. As a major community financial institution with 50 branches across the U.S., Bank of Hope understandably must protect itself from a range of attacks against its IT systems. To keep tabs on the numerous security controls and monitoring systems it has in place, the bank depends on its security information and event management (SIEM) system to correlate events and help its analysts stay on top of trends. Unfortunately, until recently the bank’s IT security analysts were taxed by the amount of work needed to analyze and verify indicators of compromise (IOCs) related to outside IP addresses that surfaced from its SIEM correlation engine.<br /><br /><span style=\"font-weight: bold;\">THE THREATSTREAM SOLUTION</span><br />The bank turned to the power of ThreatStream to do exactly that. According to Bose, Bank of Hope chose ThreatStream for several reasons.<br />First and foremost, the ThreatStream Threat Intelligence Platform is able to tell analysts with just a few clicks what an IP address’ threat score is, along with the confidence level based on reputation ranking.<br />Not only is it able to utilize threat feeds already available to Bank of Hope, but it also provides other feeds that add value to Bank of Hope’s analyses. In addition to IP reputation analysis, the tool can also replay executables in its sandbox environment to give Bank of Hope analysts a leg up on early analysis of potential IOCs and threat indicators.<br />But most importantly, ThreatStream integrates into Bank of Hope’s SIEM, so staffers do not need to reroute their analysis process and can do early investigation from a single centralized platform.<br /><span style=\"font-style: italic;\">“The SIEM is a critical component of our environment and the heart of our program. It pulls in logs from a variety of different systems and correlates those indications to determine whether an activity<br />is malicious or not,”</span> Bose says. <span style=\"font-style: italic;\">“Integrating ThreatStream in our SIEM portal means we don’t have to go into five different systems, but can look at the validity of an IP or executable from a single place. The solution has minimized much of the team’s overhead.”</span><br />In addition, the bank needed a tool that could work with the FS-ISAC threat intelligence feed for information specific to the financial industry.<br />ThreatStream worked with the bank to develop that capability natively. It was this last point that truly tipped the scale in favor of ThreatStream for Bank of Hope.<br />Deployment was relatively painless for Bank of Hope, only requiring about an hour a week for the first month. The institution credits ThreatStream’s team with offering lots of guidance to get off the<br />ground running.<br /><br /><span style=\"font-weight: bold;\">THE THREATSTREAM IMPACT</span><br />Now that the tool is in place, Bose reports the value of ThreatStream to Bank of Hope is in the time it saves analysts and the opportunity they have to address more threats than they once could.<br />The time it takes to analyze a threat has gone down from 30 minutes to just a few minutes, time that adds up over the course of investigating many malicious IPs every week. <span style=\"font-style: italic;\">“There has been a substantial decrease in terms of meantime-toknow,”</span> Bose says.<br />These efficiencies have enabled Bank of Hope to save on headcount. Because the tool automatically handles a large analytical workload, Bank of Hope was able to increase capacity without having to hire one or two additional analysts. What’s more, the false positive rates have been very low, meaning analysts spend very little time chasing non-existent problems.<br />Overall, the ThreatStream implementation has been a huge success for the Bank of Hope team, so much so that it is now looking at integrating the tool into its IDS/IPS, giving it the potential to automatically block threats with very high malicious confidence ratings.","alias":"anomali-threatstream-for-bank-of-hope","roi":0,"seo":{"title":"Anomali ThreatStream for Bank of Hope","keywords":"","description":"<span style=\"font-weight: bold;\">CHALLENGE</span>\r\nBank of Hope needed a way to easily investigate potentially risky IPs without having to log in to multiple security product dashboards. The bank depends on its security information and event management (SIEM) ","og:title":"Anomali ThreatStream for Bank of Hope","og:description":"<span style=\"font-weight: bold;\">CHALLENGE</span>\r\nBank of Hope needed a way to easily investigate potentially risky IPs without having to log in to multiple security product dashboards. The bank depends on its security information and event management (SIEM) "},"deal_info":"","user":{"id":9169,"title":"Bank of Hope","logoURL":"https://old.roi4cio.com/uploads/roi/company/Bank-of-hope-bank.jpg","alias":"bank-of-hope","address":"3200 Wilshire Boulevard, Suite 1400, Los Angeles, CA 90010, US","roles":[],"description":" Bank of Hope is the largest Korean American bank. It is based in Los Angeles. It is owned by Hope Bancorp, Inc., a bank holding company. It offers commercial banking loan and deposit products through 58 branches in California, Washington, Texas, Illinois, New York, New Jersey, Virginia, Georgia, and Alabama. It also operates Small Business Administration loan production offices in Seattle, Denver, Dallas, Atlanta, Portland and Annandale, Virginia; a commercial loan production office in Fremont, California; residential mortgage loan production offices in California; and a representative office in Seoul, Korea.<br />It is on the list of largest banks in the United States.<br />Source: https://en.wikipedia.org/wiki/Bank_of_Hope","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://www.bankofhope.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Bank of Hope","keywords":"","description":" Bank of Hope is the largest Korean American bank. It is based in Los Angeles. It is owned by Hope Bancorp, Inc., a bank holding company. It offers commercial banking loan and deposit products through 58 branches in California, Washington, Texas, Illinois, New","og:title":"Bank of Hope","og:description":" Bank of Hope is the largest Korean American bank. It is based in Los Angeles. It is owned by Hope Bancorp, Inc., a bank holding company. It offers commercial banking loan and deposit products through 58 branches in California, Washington, Texas, Illinois, New","og:image":"https://old.roi4cio.com/uploads/roi/company/Bank-of-hope-bank.jpg"},"eventUrl":""},"supplier":{"id":5298,"title":"Anomali","logoURL":"https://old.roi4cio.com/uploads/roi/company/Anomali.png","alias":"anomali","address":"","roles":[],"description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect threats, understand adversaries, and respond effectively.&nbsp; The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide.<br />Source: https://www.linkedin.com/company/anomali/about/","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":3,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.anomali.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Anomali","keywords":"","description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:title":"Anomali","og:description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:image":"https://old.roi4cio.com/uploads/roi/company/Anomali.png"},"eventUrl":""},"vendors":[{"id":5298,"title":"Anomali","logoURL":"https://old.roi4cio.com/uploads/roi/company/Anomali.png","alias":"anomali","address":"","roles":[],"description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect threats, understand adversaries, and respond effectively.&nbsp; The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide.<br />Source: https://www.linkedin.com/company/anomali/about/","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":3,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.anomali.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Anomali","keywords":"","description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:title":"Anomali","og:description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:image":"https://old.roi4cio.com/uploads/roi/company/Anomali.png"},"eventUrl":""}],"products":[{"id":5889,"logo":false,"scheme":false,"title":"Anomali ThreatStream","vendorVerified":0,"rating":"1.00","implementationsCount":3,"suppliersCount":0,"alias":"anomali-threatstream","companyTypes":[],"description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also showed that 70% are overwhelmed with threat data. Anomali ThreatStream® makes it easier for security teams to achieve the full promise of threat intelligence. ThreatStream automates all the processes for collecting, managing and integrating threat intelligence, and gives security analysts the tools and resources to respond quickly to active threats.<br /><span style=\"font-weight: bold; \">Collect</span><br />ThreatStream manages ingesting intelligence from many disparate sources, including:\r\n<ul><li>STIX/TAXII feeds</li></ul>\r\n<ul><li>Open source threat feeds</li></ul>\r\n<ul><li>Commercial threat intelligence providers</li></ul>\r\n<ul><li>Unstructured intelligence: PDFs, CSVs, emails</li></ul>\r\n<ul><li>ISAC/ISAO shared threat intelligence</li></ul>\r\n<span style=\"font-weight: bold; \">Manage</span><br />ThreatStream takes raw threat data and turns it into rich, usable intelligence:\r\n<ul><li>Normalizes feeds into a common taxonomy</li></ul>\r\n<ul><li>De-duplicates data across feeds</li></ul>\r\n<ul><li>Removes false positives</li></ul>\r\n<ul><li>Enriches data with actor, campaign, and TTP</li></ul>\r\n<ul><li>Associates related threat indicators</li></ul>\r\n<span style=\"font-weight: bold; \">Integrate</span><br />ThreatStream integrates with internal security systems to make threat intelligence actionable.\r\n<ul><li>Deep integration with SIEM, FW, IPS, and EDR</li></ul>\r\n<ul><li>Scales to process millions of indicators</li></ul>\r\n<ul><li>Risk ranks threats via machine learning</li></ul>\r\n<ul><li>Includes Threat Bulletins from Anomali Labs</li></ul>\r\n<ul><li>Secure, 2-way sharing with Trusted Circles</li></ul>","shortDescription":"ThreatStream operationalizes threat intelligence and unites all the tools in your security infrastructure, speeding the detection of threats and enabling proactive defense measures.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Anomali ThreatStream","keywords":"","description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also ","og:title":"Anomali ThreatStream","og:description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also "},"eventUrl":"","translationId":5889,"dealDetails":{"avgPartnerDiscount":15,"dealProtection":1,"avgDealSize":150000,"dealSizeCurrency":"","avgDealClosing":9},"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"https://www.anomali.com/request-a-demo","categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&amp;C) software. The word &quot;botnet&quot; is a portmanteau of the words &quot;robot&quot; and &quot;network&quot;. The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the &quot;WannaCry worm&quot;, travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":5,"title":"Enhance Staff Productivity"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":177,"title":"Decentralized IT systems"},{"id":336,"title":"Risk or Leaks of confidential information"},{"id":382,"title":"High costs of IT personnel"},{"id":385,"title":"Risk of data loss or damage"},{"id":384,"title":"Risk of attacks by hackers"}]}},"categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&amp;C) software. The word &quot;botnet&quot; is a portmanteau of the words &quot;robot&quot; and &quot;network&quot;. The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the &quot;WannaCry worm&quot;, travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://www.anomali.com/resources/case-studies/bank-of-hope-case-study","title":"Supplier's web site"}},"comments":[],"referencesCount":0},{"id":1269,"title":"Anomali ThreatStream for Blackhawk Network Holdings","description":"<span style=\"font-weight: bold;\">CHALLENGE</span>\r\nBlackhawk Network Holdings threat intelligence was the result of a combination of tools pieced together, none of which were integrated with their SIEM implementation, or provided enough context around IOCs to understand their potential impact.<br />Blackhawk Network Holdings needed a way to easily investigate potentially risky alerts without having to log in to multiple security product dashboards, reduce their manual overhead requirements, and maximize their resources so their analysts could better focus on critical issues.\r\n<span style=\"font-weight: bold;\">SOLUTION</span><br />Anomali® ThreatStream® offered Blackhawk Network Holdings a way to sync actionable threat intelligence with their SIEM alerts, integrate disparate threat feeds into one single-view dashboard, and<br />provide the context around IOCs necessary to understand their true importance.\r\n<span style=\"font-weight: bold;\">RESULTS</span><br />• Single dashboard and consolidation of all threat intelligence feeds<br />• Seamless SIEM integration<br />• Sandboxed testing environment to detonate payloads<br />• Improved threat analysis and response times<br />• More efficient and effective workflow<br />• Reduced false positives by over 95%<br /><br />Before Anomali, Blackhawk Network Holdings relied on a variety of different security tools to manage their threat intelligence—a task they found extremely challenging. Like many organizations, they leveraged their security information and event management (SIEM) system to correlate events and help their analysts stay on top of trends. The problem was they had several systems in their IT environment that provided outside threat intelligence, each with its own portal and own dashboards. None of the systems integrated directly with their SIEM or communicated with each other. And the information was often duplicated or even worse, in disagreement. That meant whenever their SIEM pointed to a threat indication, their security analysts had to spend an inordinate amount of time analyzing and verifying indicators of compromise (IOCs) related to outside IP addresses. Thousands of alerts a day were more than the team could manage, let alone respond to.<br />Blackhawk Network Holdings wanted to simplify their threat intelligence processes so their analysts could focus more on forensics and remediation and less on research, management, and manual correlation. And they wanted to understand not just the type of attacks they were seeing, but the context of who their attackers were. They wanted a tool that could move their security forward but could also integrate with their current processes.<br /><br /><span style=\"font-weight: bold;\">THE ANOMALI SOLUTION</span>\r\nBlackhawk Network Holdings deployed Anomali ThreatStream, giving them an immediate threat intelligence solution via four key benefits:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">1. Consolidation:</span></span><br />ThreatStream consolidated all of Blackhawk Network Holdings’ sources of threat information into one dashboard view within their SIEM, reducing duplicated information and false positives. In turn, they were able to minimize much of their security team’s manual overhead, allowing them to focus on resolution and not research.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">2. Integration:</span></span><br />ThreatStream integrates directly into Blackhawk Network Holdings’ SIEM, so analysts do not need to reroute their analysis process and can do their early investigation from there.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">3. Correlation:</span></span>\r\nThreatStream gave Blackhawk Network Holdings a way to correlate actionable threat intelligence SIEM alerts within their SIEM. ThreatStream tells analysts the threat score for each IP address, along with the confidence level based on a reputation ranking of its maliciousness.<br /><br /><span style=\"font-style: italic;\">&quot;Unless we know who is after us, alerts lack context without Anomali&quot;</span> – Devin Ertel, CISO, Blackhawk Network Holdings.<br /><br /><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">4. Detonation:</span></span><br />ThreatStream enables analysts to replay executables in a sandboxed environment, giving them a safe place to test and a way to perform early analysis of potential IOCs and threat indicators.<br /><br /><span style=\"font-style: italic;\">&quot;When a suspicious email comes in, we can detonate it in a sandboxed environment to see if it’s a threat. We couldn’t do that before&quot;.</span> – Pablo Vega, Principal Security Engineer, Blackhawk Network Holdings<br /><br /><span style=\"font-style: italic;\">“Before Anomali, we had tons of information without context. We had to look through thousands of alerts quickly just to see what stood out and then react to those.”</span> – Devin Ertel, CISO, Blackhawk Network Holdings<br /><br /><span style=\"font-weight: bold;\">THE ANOMALI IMPACT</span>\r\nThreatStream gave Blackhawk Network Holdings the key capabilities and threat intelligence context that allowed their analysts to shift from searching through emails and dashboards to verify alerts to focusing on critical threats and issues.\r\nWith ThreatStream, Blackhawk Network Holdings has higher confidence that critical alerts are malicious and not false positives. ThreatStream has provided them with greater visibility into what threats they confront. And since false positives have been very low in both number and criticality, analysts have been spending less time chasing non-existent problems and more time focusing on solutions.\r\nThe value of ThreatStream is in the time it saves analysts and the opportunity they have to address more threats than they once could. Because the tool automatically handles a large analytical workload, Blackhawk Network Holdings was able to increase capacity without having to hire additional staff.\r\nThreatStream has been an incredible solution for Blackhawk Network Holdings, allowing them to maximize resources and focus on the threats that matter most. ThreatStream gives Blackhawk Network Holding the ability to curate and filter the information they need from all of their sources of threat intel. And they’ve been able to apply ThreatStream security context around their alerts, helping to separate the high priority threat intel from low priority alerts to improve their overall security posture.<br /><br />\r\n<span style=\"font-weight: bold;\">LONG TERM SUCCESS</span>\r\nBlackhawk Network Holdings is now looking at integrating Anomali ThreatStream intelligence context into more internal security tooling, giving them the potential to automatically respond to threats with very high malicious confidence ratings. Blackhawk Network Holdings is interested in expanding their capabilities with Anomali Match™ and Anomali Lens™.<br /><br />","alias":"anomali-threatstream-for-blackhawk-network-holdings","roi":0,"seo":{"title":"Anomali ThreatStream for Blackhawk Network Holdings","keywords":"","description":"<span style=\"font-weight: bold;\">CHALLENGE</span>\r\nBlackhawk Network Holdings threat intelligence was the result of a combination of tools pieced together, none of which were integrated with their SIEM implementation, or provided enough context around IOCs to ","og:title":"Anomali ThreatStream for Blackhawk Network Holdings","og:description":"<span style=\"font-weight: bold;\">CHALLENGE</span>\r\nBlackhawk Network Holdings threat intelligence was the result of a combination of tools pieced together, none of which were integrated with their SIEM implementation, or provided enough context around IOCs to "},"deal_info":"","user":{"id":9168,"title":"Blackhawk Network Holdings Inc.","logoURL":"https://old.roi4cio.com/uploads/roi/company/blackhawk-network.jpg","alias":"blackhawk-network-holdings-inc","address":"","roles":[],"description":" Blackhawk Network Holdings Inc. is a privately held company that operates in the prepaid, gift card and payments industries. It supports solutions, technology, management and distribution of branded value such as gift cards, telecom and financial service products. Blackhawk's network reaches people through a number of different channels including in-store, online, mobile, and incentive. Blackhawk is headquartered in Pleasanton, California and was incorporated in 2006.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://blackhawknetwork.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Blackhawk Network Holdings Inc.","keywords":"","description":" Blackhawk Network Holdings Inc. is a privately held company that operates in the prepaid, gift card and payments industries. It supports solutions, technology, management and distribution of branded value such as gift cards, telecom and financial service prod","og:title":"Blackhawk Network Holdings Inc.","og:description":" Blackhawk Network Holdings Inc. is a privately held company that operates in the prepaid, gift card and payments industries. It supports solutions, technology, management and distribution of branded value such as gift cards, telecom and financial service prod","og:image":"https://old.roi4cio.com/uploads/roi/company/blackhawk-network.jpg"},"eventUrl":""},"supplier":{"id":5298,"title":"Anomali","logoURL":"https://old.roi4cio.com/uploads/roi/company/Anomali.png","alias":"anomali","address":"","roles":[],"description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect threats, understand adversaries, and respond effectively.&nbsp; The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide.<br />Source: https://www.linkedin.com/company/anomali/about/","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":3,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.anomali.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Anomali","keywords":"","description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:title":"Anomali","og:description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:image":"https://old.roi4cio.com/uploads/roi/company/Anomali.png"},"eventUrl":""},"vendors":[{"id":5298,"title":"Anomali","logoURL":"https://old.roi4cio.com/uploads/roi/company/Anomali.png","alias":"anomali","address":"","roles":[],"description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect threats, understand adversaries, and respond effectively.&nbsp; The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide.<br />Source: https://www.linkedin.com/company/anomali/about/","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":3,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.anomali.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Anomali","keywords":"","description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:title":"Anomali","og:description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:image":"https://old.roi4cio.com/uploads/roi/company/Anomali.png"},"eventUrl":""}],"products":[{"id":5889,"logo":false,"scheme":false,"title":"Anomali ThreatStream","vendorVerified":0,"rating":"1.00","implementationsCount":3,"suppliersCount":0,"alias":"anomali-threatstream","companyTypes":[],"description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also showed that 70% are overwhelmed with threat data. Anomali ThreatStream® makes it easier for security teams to achieve the full promise of threat intelligence. ThreatStream automates all the processes for collecting, managing and integrating threat intelligence, and gives security analysts the tools and resources to respond quickly to active threats.<br /><span style=\"font-weight: bold; \">Collect</span><br />ThreatStream manages ingesting intelligence from many disparate sources, including:\r\n<ul><li>STIX/TAXII feeds</li></ul>\r\n<ul><li>Open source threat feeds</li></ul>\r\n<ul><li>Commercial threat intelligence providers</li></ul>\r\n<ul><li>Unstructured intelligence: PDFs, CSVs, emails</li></ul>\r\n<ul><li>ISAC/ISAO shared threat intelligence</li></ul>\r\n<span style=\"font-weight: bold; \">Manage</span><br />ThreatStream takes raw threat data and turns it into rich, usable intelligence:\r\n<ul><li>Normalizes feeds into a common taxonomy</li></ul>\r\n<ul><li>De-duplicates data across feeds</li></ul>\r\n<ul><li>Removes false positives</li></ul>\r\n<ul><li>Enriches data with actor, campaign, and TTP</li></ul>\r\n<ul><li>Associates related threat indicators</li></ul>\r\n<span style=\"font-weight: bold; \">Integrate</span><br />ThreatStream integrates with internal security systems to make threat intelligence actionable.\r\n<ul><li>Deep integration with SIEM, FW, IPS, and EDR</li></ul>\r\n<ul><li>Scales to process millions of indicators</li></ul>\r\n<ul><li>Risk ranks threats via machine learning</li></ul>\r\n<ul><li>Includes Threat Bulletins from Anomali Labs</li></ul>\r\n<ul><li>Secure, 2-way sharing with Trusted Circles</li></ul>","shortDescription":"ThreatStream operationalizes threat intelligence and unites all the tools in your security infrastructure, speeding the detection of threats and enabling proactive defense measures.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Anomali ThreatStream","keywords":"","description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also ","og:title":"Anomali ThreatStream","og:description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also "},"eventUrl":"","translationId":5889,"dealDetails":{"avgPartnerDiscount":15,"dealProtection":1,"avgDealSize":150000,"dealSizeCurrency":"","avgDealClosing":9},"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"https://www.anomali.com/request-a-demo","categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&amp;C) software. The word &quot;botnet&quot; is a portmanteau of the words &quot;robot&quot; and &quot;network&quot;. The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the &quot;WannaCry worm&quot;, travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":5,"title":"Enhance Staff Productivity"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":177,"title":"Decentralized IT systems"},{"id":336,"title":"Risk or Leaks of confidential information"},{"id":384,"title":"Risk of attacks by hackers"},{"id":385,"title":"Risk of data loss or damage"},{"id":382,"title":"High costs of IT personnel"}]}},"categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&amp;C) software. The word &quot;botnet&quot; is a portmanteau of the words &quot;robot&quot; and &quot;network&quot;. The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the &quot;WannaCry worm&quot;, travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://www.anomali.com/resources/case-studies/blackhawk-network-customer-case-study","title":"Supplier's web site"}},"comments":[],"referencesCount":0},{"id":1273,"title":"Anomali ThreatStream for Federal System Integrator","description":"<span style=\"font-weight: bold;\">ABOUT FEDERAL SYSTEMS INTEGRATOR</span>\r\nThis Federal Systems Integrator (FSI) is a proven provider of information solutions, engineering and analytics for the U.S. Intelligence Community, U.S. Department of Defense and other federal agencies. With more than 40 years of experience, this FSI designs, develops and delivers high impact, mission-critical services and solutions to overcome it’s customers’ most complex problems.<br />\r\n\r\n<span style=\"font-weight: bold;\">THE PROBLEM</span><br />\r\nWorking primarily as a systems integrator with clients in sensitive intelligence and security communities, this FSI’s intellectual property (IP) contains critical high-value information. This IP, essential to the U.S. government, must remain protected and secure.<br />\r\nOn a daily basis, this FSI receives hundreds of Indicators of Compromise (IOCs) from multiple sources, and each IOC requires evaluation of the level of confidence behind the intelligence. Analysis of the data must:\r\n<ul><li>Consolidate important threat intel data</li></ul>\r\n<ul><li>Put the intel into context</li></ul>\r\n<ul><li>Decide if intel is pertinent and reliable</li></ul>\r\n<ul><li>Show where to focus and take action</li></ul>\r\nThe volume of IOCs combined with the need for accurate assessment created a significant challenge for this FSI—threat data management is time consuming and crucial, and yet is not the core mission of the company. This FSI needed to scale operations and use manpower resources more efficiently.<br />This FSI needed a way to speed threat intelligence validation and integration, and to do it without compromising information security. The company sought an automated threat intelligence solution that would work with this FSI’s existing security information event management (SIEM) tools while reducing the time spent analyzing and operationalizing threat intelligence data.<br />\r\n\r\n<span style=\"font-weight: bold;\">THE THREATSTREAM SOLUTION</span><br />\r\nThis FSI turned to ThreatStream for an automated cyber threat intelligence solution. The ThreatStream Optic™ platform counters adversaries by fusing actionable intelligence with existing security infrastructure by:\r\n<ul><li>Consolidating and curating multiple threat intelligence sources while eliminating redundancies</li></ul>\r\n<ul><li>Providing cross-validated analysis</li></ul>\r\n<ul><li>Rapidly operationalizing intelligence with high confidence</li></ul>\r\n<span style=\"font-style: italic;\">“ThreatStream comes with a valuable reputation for providing quality intelligence in a timely manner, and their automated capability works seamlessly with the various cybersecurity tools you already have in your environment.”</span><br />\r\nBefore ThreatStream, this FSI staff spent thousands of hours annually to collect intelligence, sift through IOCs, validate intelligence and then operationalize that data by writing rules and actions into security infrastructure.<br />This FSI deployed ThreatStream Optic and immediately reduced the amount of time it took to not only identify valid threat intelligence, but also operationalize that threat intel by injecting it directly into this FSI’s existing security tools. ThreatStream Optic connects with this FSI’s SIEM through a single, cloud-based portal, consolidating, normalizing and validating intelligence.<br />\r\nThis seamless integration also eliminates the time and resource-intensive process of manually de-duplicating information from multiple feeds.<br />\r\nThis FSI chose ThreatStream because the ThreatStream Optic platform, unlike other threat feeds, provides the additional benefit of cross-validation analysis. This FSI is able to take the threat intel received from ThreatStream and other sources and use ThreatStream Optic to determine with a high degree of probability what is valid intelligence, and act accordingly. ThreatStream allows this FSI to act on threat intel with a high degree of confidence.<br />\r\nThe efficiencies created by ThreatStream Optic also allow this FSI to redeploy valuable human resources, which saves this FSI countless hours and thousands of dollars per year.<br />\r\n<span style=\"font-style: italic;\">“Rather than taking us days to implement threat intelligence into our cybersecurity tools, with Optic, we can do it in minutes.”</span><br /><br />\r\n<span style=\"font-weight: bold;\">IMPLEMENTATION</span><br />\r\nThreatStream provided this FSI integrations for multiple sets of technology architecture, ensuring a smooth implementation. This FSI’s SIEM tools easily connect with ThreatStream’s server to pull down and inject data directly into this FSI’s security architecture stack. The threat intelligence provided by ThreatStream is viewed and used at this FSI’s highest levels.<br />\r\n<span style=\"font-style: italic;\">“The reliability of the data and depth of information the ThreatStream solution provides is top-notch. ThreatStream only delivers data that’s been fully vetted, rich with context and insights, allowing us to take immediate action.”</span><br /><br />\r\n<span style=\"font-weight: bold;\">A PARTNERSHIP</span><br />\r\n<span style=\"font-style: italic;\">“Working with ThreatStream is really a partnership. We have regularly scheduled discussions, and if we need anything, it’s only a phone call away. It’s easy to communicate with our ThreatStream team, and they are very receptive of what we ask of them.”</span><br />\r\nThreatStream Optic is the first threat intelligence platform that manages the entire life cycle of threat intelligence from multi-source acquisition to operational integration across the entire ecosystem of existing security devices. ThreatStream Optic enables enterprise and government organizations to seamlessly aggregate and analyze threat intelligence and automatically inject the information into their security infrastructure.","alias":"anomali-threatstream-for-federal-system-integrator","roi":0,"seo":{"title":"Anomali ThreatStream for Federal System Integrator","keywords":"","description":"<span style=\"font-weight: bold;\">ABOUT FEDERAL SYSTEMS INTEGRATOR</span>\r\nThis Federal Systems Integrator (FSI) is a proven provider of information solutions, engineering and analytics for the U.S. Intelligence Community, U.S. Department of Defense and other f","og:title":"Anomali ThreatStream for Federal System Integrator","og:description":"<span style=\"font-weight: bold;\">ABOUT FEDERAL SYSTEMS INTEGRATOR</span>\r\nThis Federal Systems Integrator (FSI) is a proven provider of information solutions, engineering and analytics for the U.S. Intelligence Community, U.S. Department of Defense and other f"},"deal_info":"","user":{"id":4195,"title":"Hidden user","logoURL":"https://old.roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[],"description":"User Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":98,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden user","keywords":"Hidden, user, User, Information, confidential","description":"User Information is confidential ","og:title":"Hidden user","og:description":"User Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/hidden_user.jpg"},"eventUrl":""},"supplier":{"id":5298,"title":"Anomali","logoURL":"https://old.roi4cio.com/uploads/roi/company/Anomali.png","alias":"anomali","address":"","roles":[],"description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect threats, understand adversaries, and respond effectively.&nbsp; The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide.<br />Source: https://www.linkedin.com/company/anomali/about/","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":3,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.anomali.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Anomali","keywords":"","description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:title":"Anomali","og:description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:image":"https://old.roi4cio.com/uploads/roi/company/Anomali.png"},"eventUrl":""},"vendors":[{"id":5298,"title":"Anomali","logoURL":"https://old.roi4cio.com/uploads/roi/company/Anomali.png","alias":"anomali","address":"","roles":[],"description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect threats, understand adversaries, and respond effectively.&nbsp; The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide.<br />Source: https://www.linkedin.com/company/anomali/about/","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":3,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.anomali.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Anomali","keywords":"","description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:title":"Anomali","og:description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:image":"https://old.roi4cio.com/uploads/roi/company/Anomali.png"},"eventUrl":""}],"products":[{"id":5889,"logo":false,"scheme":false,"title":"Anomali ThreatStream","vendorVerified":0,"rating":"1.00","implementationsCount":3,"suppliersCount":0,"alias":"anomali-threatstream","companyTypes":[],"description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also showed that 70% are overwhelmed with threat data. Anomali ThreatStream® makes it easier for security teams to achieve the full promise of threat intelligence. ThreatStream automates all the processes for collecting, managing and integrating threat intelligence, and gives security analysts the tools and resources to respond quickly to active threats.<br /><span style=\"font-weight: bold; \">Collect</span><br />ThreatStream manages ingesting intelligence from many disparate sources, including:\r\n<ul><li>STIX/TAXII feeds</li></ul>\r\n<ul><li>Open source threat feeds</li></ul>\r\n<ul><li>Commercial threat intelligence providers</li></ul>\r\n<ul><li>Unstructured intelligence: PDFs, CSVs, emails</li></ul>\r\n<ul><li>ISAC/ISAO shared threat intelligence</li></ul>\r\n<span style=\"font-weight: bold; \">Manage</span><br />ThreatStream takes raw threat data and turns it into rich, usable intelligence:\r\n<ul><li>Normalizes feeds into a common taxonomy</li></ul>\r\n<ul><li>De-duplicates data across feeds</li></ul>\r\n<ul><li>Removes false positives</li></ul>\r\n<ul><li>Enriches data with actor, campaign, and TTP</li></ul>\r\n<ul><li>Associates related threat indicators</li></ul>\r\n<span style=\"font-weight: bold; \">Integrate</span><br />ThreatStream integrates with internal security systems to make threat intelligence actionable.\r\n<ul><li>Deep integration with SIEM, FW, IPS, and EDR</li></ul>\r\n<ul><li>Scales to process millions of indicators</li></ul>\r\n<ul><li>Risk ranks threats via machine learning</li></ul>\r\n<ul><li>Includes Threat Bulletins from Anomali Labs</li></ul>\r\n<ul><li>Secure, 2-way sharing with Trusted Circles</li></ul>","shortDescription":"ThreatStream operationalizes threat intelligence and unites all the tools in your security infrastructure, speeding the detection of threats and enabling proactive defense measures.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Anomali ThreatStream","keywords":"","description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also ","og:title":"Anomali ThreatStream","og:description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also "},"eventUrl":"","translationId":5889,"dealDetails":{"avgPartnerDiscount":15,"dealProtection":1,"avgDealSize":150000,"dealSizeCurrency":"","avgDealClosing":9},"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"https://www.anomali.com/request-a-demo","categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&amp;C) software. The word &quot;botnet&quot; is a portmanteau of the words &quot;robot&quot; and &quot;network&quot;. The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the &quot;WannaCry worm&quot;, travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":6,"title":"Ensure Security and Business Continuity"},{"id":5,"title":"Enhance Staff Productivity"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":177,"title":"Decentralized IT systems"},{"id":336,"title":"Risk or Leaks of confidential information"},{"id":385,"title":"Risk of data loss or damage"},{"id":384,"title":"Risk of attacks by hackers"},{"id":382,"title":"High costs of IT personnel"}]}},"categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&amp;C) software. The word &quot;botnet&quot; is a portmanteau of the words &quot;robot&quot; and &quot;network&quot;. The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the &quot;WannaCry worm&quot;, travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://www.anomali.com/files/ThreatStream_Case_Study_FSI.pdf","title":"Web-site of vendor"}},"comments":[],"referencesCount":0}],"vendorImplementations":[{"id":1271,"title":"Anomali ThreatStream for Bank of Hope","description":"<span style=\"font-weight: bold;\">CHALLENGE</span>\r\nBank of Hope needed a way to easily investigate potentially risky IPs without having to log in to multiple security product dashboards. The bank depends on its security information and event management (SIEM) tool as the heart of its incident response program, but when the SIEM flagged a potential problem IP address the analysts needed to spend up to a half hour confirming its reputation.<br /><span style=\"font-weight: bold;\"></span>\r\n<span style=\"font-weight: bold;\">SOLUTION</span><br />ThreatStream offered Bank of Hope a way to sync its actionable intelligence with the organization’s SIEM tool and provide analysis with minimal effort.<br /><span style=\"font-weight: bold;\"></span>\r\n<span style=\"font-weight: bold;\">RESULTS</span><br />• Reduced Mean-Time-To-Know<br />• SIEM Integration<br />• Headcount Savings<br /><span style=\"font-weight: bold;\"><br />BANK OF HOPE CHALLENGE</span>\r\nWhen the SIEM pointed to a threat indication, IT security analysts spent an inordinate amount of time looking up potential malicious IPs to confirm their current reputation. Bank of Hope had several systems in its IT environment that provided outside threat intelligence related to malicious IPs, but each of these had its own portal and its own dashboards. Each system provided threat intelligence, but none were intuitively embedded with the SIEM.<br />So analysts were left with a manual process that required them to look up information within each IT tool that had its own built-in threat information. With a lean staff, the bank could ill afford the kind of resource drain that looking up suspicious IPs was putting on its security operations. Staffers could take up to a half hour simply to determine whether the IP address had a known bad reputation, let alone to start acting on a potential incident once bad news was confirmed.<br /><span style=\"font-style: italic;\">“Doing the research was a strenuous process,”</span> said Arindam Bose, senior vice president and security officer for Bank of Hope. <span style=\"font-style: italic;\">“We had to go to multiple resources to understand the indication of relevance of that IP address to our environment.”</span><br />Bank of Hope needed a way to simplify the process so it could make better use of its analysts’ bandwidth to work deeper into the forensics and incident response process.<br /><br /><span style=\"font-weight: bold;\">OVERVIEW</span><br />Operating with $7.3 billion in assets Bank of Hope is the largest KoreanAmerican bank in the nation. As a major community financial institution with 50 branches across the U.S., Bank of Hope understandably must protect itself from a range of attacks against its IT systems. To keep tabs on the numerous security controls and monitoring systems it has in place, the bank depends on its security information and event management (SIEM) system to correlate events and help its analysts stay on top of trends. Unfortunately, until recently the bank’s IT security analysts were taxed by the amount of work needed to analyze and verify indicators of compromise (IOCs) related to outside IP addresses that surfaced from its SIEM correlation engine.<br /><br /><span style=\"font-weight: bold;\">THE THREATSTREAM SOLUTION</span><br />The bank turned to the power of ThreatStream to do exactly that. According to Bose, Bank of Hope chose ThreatStream for several reasons.<br />First and foremost, the ThreatStream Threat Intelligence Platform is able to tell analysts with just a few clicks what an IP address’ threat score is, along with the confidence level based on reputation ranking.<br />Not only is it able to utilize threat feeds already available to Bank of Hope, but it also provides other feeds that add value to Bank of Hope’s analyses. In addition to IP reputation analysis, the tool can also replay executables in its sandbox environment to give Bank of Hope analysts a leg up on early analysis of potential IOCs and threat indicators.<br />But most importantly, ThreatStream integrates into Bank of Hope’s SIEM, so staffers do not need to reroute their analysis process and can do early investigation from a single centralized platform.<br /><span style=\"font-style: italic;\">“The SIEM is a critical component of our environment and the heart of our program. It pulls in logs from a variety of different systems and correlates those indications to determine whether an activity<br />is malicious or not,”</span> Bose says. <span style=\"font-style: italic;\">“Integrating ThreatStream in our SIEM portal means we don’t have to go into five different systems, but can look at the validity of an IP or executable from a single place. The solution has minimized much of the team’s overhead.”</span><br />In addition, the bank needed a tool that could work with the FS-ISAC threat intelligence feed for information specific to the financial industry.<br />ThreatStream worked with the bank to develop that capability natively. It was this last point that truly tipped the scale in favor of ThreatStream for Bank of Hope.<br />Deployment was relatively painless for Bank of Hope, only requiring about an hour a week for the first month. The institution credits ThreatStream’s team with offering lots of guidance to get off the<br />ground running.<br /><br /><span style=\"font-weight: bold;\">THE THREATSTREAM IMPACT</span><br />Now that the tool is in place, Bose reports the value of ThreatStream to Bank of Hope is in the time it saves analysts and the opportunity they have to address more threats than they once could.<br />The time it takes to analyze a threat has gone down from 30 minutes to just a few minutes, time that adds up over the course of investigating many malicious IPs every week. <span style=\"font-style: italic;\">“There has been a substantial decrease in terms of meantime-toknow,”</span> Bose says.<br />These efficiencies have enabled Bank of Hope to save on headcount. Because the tool automatically handles a large analytical workload, Bank of Hope was able to increase capacity without having to hire one or two additional analysts. What’s more, the false positive rates have been very low, meaning analysts spend very little time chasing non-existent problems.<br />Overall, the ThreatStream implementation has been a huge success for the Bank of Hope team, so much so that it is now looking at integrating the tool into its IDS/IPS, giving it the potential to automatically block threats with very high malicious confidence ratings.","alias":"anomali-threatstream-for-bank-of-hope","roi":0,"seo":{"title":"Anomali ThreatStream for Bank of Hope","keywords":"","description":"<span style=\"font-weight: bold;\">CHALLENGE</span>\r\nBank of Hope needed a way to easily investigate potentially risky IPs without having to log in to multiple security product dashboards. The bank depends on its security information and event management (SIEM) ","og:title":"Anomali ThreatStream for Bank of Hope","og:description":"<span style=\"font-weight: bold;\">CHALLENGE</span>\r\nBank of Hope needed a way to easily investigate potentially risky IPs without having to log in to multiple security product dashboards. The bank depends on its security information and event management (SIEM) "},"deal_info":"","user":{"id":9169,"title":"Bank of Hope","logoURL":"https://old.roi4cio.com/uploads/roi/company/Bank-of-hope-bank.jpg","alias":"bank-of-hope","address":"3200 Wilshire Boulevard, Suite 1400, Los Angeles, CA 90010, US","roles":[],"description":" Bank of Hope is the largest Korean American bank. It is based in Los Angeles. It is owned by Hope Bancorp, Inc., a bank holding company. It offers commercial banking loan and deposit products through 58 branches in California, Washington, Texas, Illinois, New York, New Jersey, Virginia, Georgia, and Alabama. It also operates Small Business Administration loan production offices in Seattle, Denver, Dallas, Atlanta, Portland and Annandale, Virginia; a commercial loan production office in Fremont, California; residential mortgage loan production offices in California; and a representative office in Seoul, Korea.<br />It is on the list of largest banks in the United States.<br />Source: https://en.wikipedia.org/wiki/Bank_of_Hope","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://www.bankofhope.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Bank of Hope","keywords":"","description":" Bank of Hope is the largest Korean American bank. It is based in Los Angeles. It is owned by Hope Bancorp, Inc., a bank holding company. It offers commercial banking loan and deposit products through 58 branches in California, Washington, Texas, Illinois, New","og:title":"Bank of Hope","og:description":" Bank of Hope is the largest Korean American bank. It is based in Los Angeles. It is owned by Hope Bancorp, Inc., a bank holding company. It offers commercial banking loan and deposit products through 58 branches in California, Washington, Texas, Illinois, New","og:image":"https://old.roi4cio.com/uploads/roi/company/Bank-of-hope-bank.jpg"},"eventUrl":""},"supplier":{"id":5298,"title":"Anomali","logoURL":"https://old.roi4cio.com/uploads/roi/company/Anomali.png","alias":"anomali","address":"","roles":[],"description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect threats, understand adversaries, and respond effectively.&nbsp; The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide.<br />Source: https://www.linkedin.com/company/anomali/about/","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":3,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.anomali.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Anomali","keywords":"","description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:title":"Anomali","og:description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:image":"https://old.roi4cio.com/uploads/roi/company/Anomali.png"},"eventUrl":""},"vendors":[{"id":5298,"title":"Anomali","logoURL":"https://old.roi4cio.com/uploads/roi/company/Anomali.png","alias":"anomali","address":"","roles":[],"description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect threats, understand adversaries, and respond effectively.&nbsp; The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide.<br />Source: https://www.linkedin.com/company/anomali/about/","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":3,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.anomali.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Anomali","keywords":"","description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:title":"Anomali","og:description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:image":"https://old.roi4cio.com/uploads/roi/company/Anomali.png"},"eventUrl":""}],"products":[{"id":5889,"logo":false,"scheme":false,"title":"Anomali ThreatStream","vendorVerified":0,"rating":"1.00","implementationsCount":3,"suppliersCount":0,"alias":"anomali-threatstream","companyTypes":[],"description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also showed that 70% are overwhelmed with threat data. Anomali ThreatStream® makes it easier for security teams to achieve the full promise of threat intelligence. ThreatStream automates all the processes for collecting, managing and integrating threat intelligence, and gives security analysts the tools and resources to respond quickly to active threats.<br /><span style=\"font-weight: bold; \">Collect</span><br />ThreatStream manages ingesting intelligence from many disparate sources, including:\r\n<ul><li>STIX/TAXII feeds</li></ul>\r\n<ul><li>Open source threat feeds</li></ul>\r\n<ul><li>Commercial threat intelligence providers</li></ul>\r\n<ul><li>Unstructured intelligence: PDFs, CSVs, emails</li></ul>\r\n<ul><li>ISAC/ISAO shared threat intelligence</li></ul>\r\n<span style=\"font-weight: bold; \">Manage</span><br />ThreatStream takes raw threat data and turns it into rich, usable intelligence:\r\n<ul><li>Normalizes feeds into a common taxonomy</li></ul>\r\n<ul><li>De-duplicates data across feeds</li></ul>\r\n<ul><li>Removes false positives</li></ul>\r\n<ul><li>Enriches data with actor, campaign, and TTP</li></ul>\r\n<ul><li>Associates related threat indicators</li></ul>\r\n<span style=\"font-weight: bold; \">Integrate</span><br />ThreatStream integrates with internal security systems to make threat intelligence actionable.\r\n<ul><li>Deep integration with SIEM, FW, IPS, and EDR</li></ul>\r\n<ul><li>Scales to process millions of indicators</li></ul>\r\n<ul><li>Risk ranks threats via machine learning</li></ul>\r\n<ul><li>Includes Threat Bulletins from Anomali Labs</li></ul>\r\n<ul><li>Secure, 2-way sharing with Trusted Circles</li></ul>","shortDescription":"ThreatStream operationalizes threat intelligence and unites all the tools in your security infrastructure, speeding the detection of threats and enabling proactive defense measures.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Anomali ThreatStream","keywords":"","description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also ","og:title":"Anomali ThreatStream","og:description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also "},"eventUrl":"","translationId":5889,"dealDetails":{"avgPartnerDiscount":15,"dealProtection":1,"avgDealSize":150000,"dealSizeCurrency":"","avgDealClosing":9},"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"https://www.anomali.com/request-a-demo","categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&amp;C) software. The word &quot;botnet&quot; is a portmanteau of the words &quot;robot&quot; and &quot;network&quot;. The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the &quot;WannaCry worm&quot;, travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":5,"title":"Enhance Staff Productivity"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":177,"title":"Decentralized IT systems"},{"id":336,"title":"Risk or Leaks of confidential information"},{"id":382,"title":"High costs of IT personnel"},{"id":385,"title":"Risk of data loss or damage"},{"id":384,"title":"Risk of attacks by hackers"}]}},"categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&amp;C) software. The word &quot;botnet&quot; is a portmanteau of the words &quot;robot&quot; and &quot;network&quot;. The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the &quot;WannaCry worm&quot;, travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://www.anomali.com/resources/case-studies/bank-of-hope-case-study","title":"Supplier's web site"}},"comments":[],"referencesCount":0},{"id":1269,"title":"Anomali ThreatStream for Blackhawk Network Holdings","description":"<span style=\"font-weight: bold;\">CHALLENGE</span>\r\nBlackhawk Network Holdings threat intelligence was the result of a combination of tools pieced together, none of which were integrated with their SIEM implementation, or provided enough context around IOCs to understand their potential impact.<br />Blackhawk Network Holdings needed a way to easily investigate potentially risky alerts without having to log in to multiple security product dashboards, reduce their manual overhead requirements, and maximize their resources so their analysts could better focus on critical issues.\r\n<span style=\"font-weight: bold;\">SOLUTION</span><br />Anomali® ThreatStream® offered Blackhawk Network Holdings a way to sync actionable threat intelligence with their SIEM alerts, integrate disparate threat feeds into one single-view dashboard, and<br />provide the context around IOCs necessary to understand their true importance.\r\n<span style=\"font-weight: bold;\">RESULTS</span><br />• Single dashboard and consolidation of all threat intelligence feeds<br />• Seamless SIEM integration<br />• Sandboxed testing environment to detonate payloads<br />• Improved threat analysis and response times<br />• More efficient and effective workflow<br />• Reduced false positives by over 95%<br /><br />Before Anomali, Blackhawk Network Holdings relied on a variety of different security tools to manage their threat intelligence—a task they found extremely challenging. Like many organizations, they leveraged their security information and event management (SIEM) system to correlate events and help their analysts stay on top of trends. The problem was they had several systems in their IT environment that provided outside threat intelligence, each with its own portal and own dashboards. None of the systems integrated directly with their SIEM or communicated with each other. And the information was often duplicated or even worse, in disagreement. That meant whenever their SIEM pointed to a threat indication, their security analysts had to spend an inordinate amount of time analyzing and verifying indicators of compromise (IOCs) related to outside IP addresses. Thousands of alerts a day were more than the team could manage, let alone respond to.<br />Blackhawk Network Holdings wanted to simplify their threat intelligence processes so their analysts could focus more on forensics and remediation and less on research, management, and manual correlation. And they wanted to understand not just the type of attacks they were seeing, but the context of who their attackers were. They wanted a tool that could move their security forward but could also integrate with their current processes.<br /><br /><span style=\"font-weight: bold;\">THE ANOMALI SOLUTION</span>\r\nBlackhawk Network Holdings deployed Anomali ThreatStream, giving them an immediate threat intelligence solution via four key benefits:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">1. Consolidation:</span></span><br />ThreatStream consolidated all of Blackhawk Network Holdings’ sources of threat information into one dashboard view within their SIEM, reducing duplicated information and false positives. In turn, they were able to minimize much of their security team’s manual overhead, allowing them to focus on resolution and not research.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">2. Integration:</span></span><br />ThreatStream integrates directly into Blackhawk Network Holdings’ SIEM, so analysts do not need to reroute their analysis process and can do their early investigation from there.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">3. Correlation:</span></span>\r\nThreatStream gave Blackhawk Network Holdings a way to correlate actionable threat intelligence SIEM alerts within their SIEM. ThreatStream tells analysts the threat score for each IP address, along with the confidence level based on a reputation ranking of its maliciousness.<br /><br /><span style=\"font-style: italic;\">&quot;Unless we know who is after us, alerts lack context without Anomali&quot;</span> – Devin Ertel, CISO, Blackhawk Network Holdings.<br /><br /><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">4. Detonation:</span></span><br />ThreatStream enables analysts to replay executables in a sandboxed environment, giving them a safe place to test and a way to perform early analysis of potential IOCs and threat indicators.<br /><br /><span style=\"font-style: italic;\">&quot;When a suspicious email comes in, we can detonate it in a sandboxed environment to see if it’s a threat. We couldn’t do that before&quot;.</span> – Pablo Vega, Principal Security Engineer, Blackhawk Network Holdings<br /><br /><span style=\"font-style: italic;\">“Before Anomali, we had tons of information without context. We had to look through thousands of alerts quickly just to see what stood out and then react to those.”</span> – Devin Ertel, CISO, Blackhawk Network Holdings<br /><br /><span style=\"font-weight: bold;\">THE ANOMALI IMPACT</span>\r\nThreatStream gave Blackhawk Network Holdings the key capabilities and threat intelligence context that allowed their analysts to shift from searching through emails and dashboards to verify alerts to focusing on critical threats and issues.\r\nWith ThreatStream, Blackhawk Network Holdings has higher confidence that critical alerts are malicious and not false positives. ThreatStream has provided them with greater visibility into what threats they confront. And since false positives have been very low in both number and criticality, analysts have been spending less time chasing non-existent problems and more time focusing on solutions.\r\nThe value of ThreatStream is in the time it saves analysts and the opportunity they have to address more threats than they once could. Because the tool automatically handles a large analytical workload, Blackhawk Network Holdings was able to increase capacity without having to hire additional staff.\r\nThreatStream has been an incredible solution for Blackhawk Network Holdings, allowing them to maximize resources and focus on the threats that matter most. ThreatStream gives Blackhawk Network Holding the ability to curate and filter the information they need from all of their sources of threat intel. And they’ve been able to apply ThreatStream security context around their alerts, helping to separate the high priority threat intel from low priority alerts to improve their overall security posture.<br /><br />\r\n<span style=\"font-weight: bold;\">LONG TERM SUCCESS</span>\r\nBlackhawk Network Holdings is now looking at integrating Anomali ThreatStream intelligence context into more internal security tooling, giving them the potential to automatically respond to threats with very high malicious confidence ratings. Blackhawk Network Holdings is interested in expanding their capabilities with Anomali Match™ and Anomali Lens™.<br /><br />","alias":"anomali-threatstream-for-blackhawk-network-holdings","roi":0,"seo":{"title":"Anomali ThreatStream for Blackhawk Network Holdings","keywords":"","description":"<span style=\"font-weight: bold;\">CHALLENGE</span>\r\nBlackhawk Network Holdings threat intelligence was the result of a combination of tools pieced together, none of which were integrated with their SIEM implementation, or provided enough context around IOCs to ","og:title":"Anomali ThreatStream for Blackhawk Network Holdings","og:description":"<span style=\"font-weight: bold;\">CHALLENGE</span>\r\nBlackhawk Network Holdings threat intelligence was the result of a combination of tools pieced together, none of which were integrated with their SIEM implementation, or provided enough context around IOCs to "},"deal_info":"","user":{"id":9168,"title":"Blackhawk Network Holdings Inc.","logoURL":"https://old.roi4cio.com/uploads/roi/company/blackhawk-network.jpg","alias":"blackhawk-network-holdings-inc","address":"","roles":[],"description":" Blackhawk Network Holdings Inc. is a privately held company that operates in the prepaid, gift card and payments industries. It supports solutions, technology, management and distribution of branded value such as gift cards, telecom and financial service products. Blackhawk's network reaches people through a number of different channels including in-store, online, mobile, and incentive. Blackhawk is headquartered in Pleasanton, California and was incorporated in 2006.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://blackhawknetwork.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Blackhawk Network Holdings Inc.","keywords":"","description":" Blackhawk Network Holdings Inc. is a privately held company that operates in the prepaid, gift card and payments industries. It supports solutions, technology, management and distribution of branded value such as gift cards, telecom and financial service prod","og:title":"Blackhawk Network Holdings Inc.","og:description":" Blackhawk Network Holdings Inc. is a privately held company that operates in the prepaid, gift card and payments industries. It supports solutions, technology, management and distribution of branded value such as gift cards, telecom and financial service prod","og:image":"https://old.roi4cio.com/uploads/roi/company/blackhawk-network.jpg"},"eventUrl":""},"supplier":{"id":5298,"title":"Anomali","logoURL":"https://old.roi4cio.com/uploads/roi/company/Anomali.png","alias":"anomali","address":"","roles":[],"description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect threats, understand adversaries, and respond effectively.&nbsp; The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide.<br />Source: https://www.linkedin.com/company/anomali/about/","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":3,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.anomali.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Anomali","keywords":"","description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:title":"Anomali","og:description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:image":"https://old.roi4cio.com/uploads/roi/company/Anomali.png"},"eventUrl":""},"vendors":[{"id":5298,"title":"Anomali","logoURL":"https://old.roi4cio.com/uploads/roi/company/Anomali.png","alias":"anomali","address":"","roles":[],"description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect threats, understand adversaries, and respond effectively.&nbsp; The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide.<br />Source: https://www.linkedin.com/company/anomali/about/","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":3,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.anomali.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Anomali","keywords":"","description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:title":"Anomali","og:description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:image":"https://old.roi4cio.com/uploads/roi/company/Anomali.png"},"eventUrl":""}],"products":[{"id":5889,"logo":false,"scheme":false,"title":"Anomali ThreatStream","vendorVerified":0,"rating":"1.00","implementationsCount":3,"suppliersCount":0,"alias":"anomali-threatstream","companyTypes":[],"description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also showed that 70% are overwhelmed with threat data. Anomali ThreatStream® makes it easier for security teams to achieve the full promise of threat intelligence. ThreatStream automates all the processes for collecting, managing and integrating threat intelligence, and gives security analysts the tools and resources to respond quickly to active threats.<br /><span style=\"font-weight: bold; \">Collect</span><br />ThreatStream manages ingesting intelligence from many disparate sources, including:\r\n<ul><li>STIX/TAXII feeds</li></ul>\r\n<ul><li>Open source threat feeds</li></ul>\r\n<ul><li>Commercial threat intelligence providers</li></ul>\r\n<ul><li>Unstructured intelligence: PDFs, CSVs, emails</li></ul>\r\n<ul><li>ISAC/ISAO shared threat intelligence</li></ul>\r\n<span style=\"font-weight: bold; \">Manage</span><br />ThreatStream takes raw threat data and turns it into rich, usable intelligence:\r\n<ul><li>Normalizes feeds into a common taxonomy</li></ul>\r\n<ul><li>De-duplicates data across feeds</li></ul>\r\n<ul><li>Removes false positives</li></ul>\r\n<ul><li>Enriches data with actor, campaign, and TTP</li></ul>\r\n<ul><li>Associates related threat indicators</li></ul>\r\n<span style=\"font-weight: bold; \">Integrate</span><br />ThreatStream integrates with internal security systems to make threat intelligence actionable.\r\n<ul><li>Deep integration with SIEM, FW, IPS, and EDR</li></ul>\r\n<ul><li>Scales to process millions of indicators</li></ul>\r\n<ul><li>Risk ranks threats via machine learning</li></ul>\r\n<ul><li>Includes Threat Bulletins from Anomali Labs</li></ul>\r\n<ul><li>Secure, 2-way sharing with Trusted Circles</li></ul>","shortDescription":"ThreatStream operationalizes threat intelligence and unites all the tools in your security infrastructure, speeding the detection of threats and enabling proactive defense measures.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Anomali ThreatStream","keywords":"","description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also ","og:title":"Anomali ThreatStream","og:description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also "},"eventUrl":"","translationId":5889,"dealDetails":{"avgPartnerDiscount":15,"dealProtection":1,"avgDealSize":150000,"dealSizeCurrency":"","avgDealClosing":9},"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"https://www.anomali.com/request-a-demo","categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&amp;C) software. The word &quot;botnet&quot; is a portmanteau of the words &quot;robot&quot; and &quot;network&quot;. The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the &quot;WannaCry worm&quot;, travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":5,"title":"Enhance Staff Productivity"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":177,"title":"Decentralized IT systems"},{"id":336,"title":"Risk or Leaks of confidential information"},{"id":384,"title":"Risk of attacks by hackers"},{"id":385,"title":"Risk of data loss or damage"},{"id":382,"title":"High costs of IT personnel"}]}},"categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&amp;C) software. The word &quot;botnet&quot; is a portmanteau of the words &quot;robot&quot; and &quot;network&quot;. The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the &quot;WannaCry worm&quot;, travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://www.anomali.com/resources/case-studies/blackhawk-network-customer-case-study","title":"Supplier's web site"}},"comments":[],"referencesCount":0},{"id":1273,"title":"Anomali ThreatStream for Federal System Integrator","description":"<span style=\"font-weight: bold;\">ABOUT FEDERAL SYSTEMS INTEGRATOR</span>\r\nThis Federal Systems Integrator (FSI) is a proven provider of information solutions, engineering and analytics for the U.S. Intelligence Community, U.S. Department of Defense and other federal agencies. With more than 40 years of experience, this FSI designs, develops and delivers high impact, mission-critical services and solutions to overcome it’s customers’ most complex problems.<br />\r\n\r\n<span style=\"font-weight: bold;\">THE PROBLEM</span><br />\r\nWorking primarily as a systems integrator with clients in sensitive intelligence and security communities, this FSI’s intellectual property (IP) contains critical high-value information. This IP, essential to the U.S. government, must remain protected and secure.<br />\r\nOn a daily basis, this FSI receives hundreds of Indicators of Compromise (IOCs) from multiple sources, and each IOC requires evaluation of the level of confidence behind the intelligence. Analysis of the data must:\r\n<ul><li>Consolidate important threat intel data</li></ul>\r\n<ul><li>Put the intel into context</li></ul>\r\n<ul><li>Decide if intel is pertinent and reliable</li></ul>\r\n<ul><li>Show where to focus and take action</li></ul>\r\nThe volume of IOCs combined with the need for accurate assessment created a significant challenge for this FSI—threat data management is time consuming and crucial, and yet is not the core mission of the company. This FSI needed to scale operations and use manpower resources more efficiently.<br />This FSI needed a way to speed threat intelligence validation and integration, and to do it without compromising information security. The company sought an automated threat intelligence solution that would work with this FSI’s existing security information event management (SIEM) tools while reducing the time spent analyzing and operationalizing threat intelligence data.<br />\r\n\r\n<span style=\"font-weight: bold;\">THE THREATSTREAM SOLUTION</span><br />\r\nThis FSI turned to ThreatStream for an automated cyber threat intelligence solution. The ThreatStream Optic™ platform counters adversaries by fusing actionable intelligence with existing security infrastructure by:\r\n<ul><li>Consolidating and curating multiple threat intelligence sources while eliminating redundancies</li></ul>\r\n<ul><li>Providing cross-validated analysis</li></ul>\r\n<ul><li>Rapidly operationalizing intelligence with high confidence</li></ul>\r\n<span style=\"font-style: italic;\">“ThreatStream comes with a valuable reputation for providing quality intelligence in a timely manner, and their automated capability works seamlessly with the various cybersecurity tools you already have in your environment.”</span><br />\r\nBefore ThreatStream, this FSI staff spent thousands of hours annually to collect intelligence, sift through IOCs, validate intelligence and then operationalize that data by writing rules and actions into security infrastructure.<br />This FSI deployed ThreatStream Optic and immediately reduced the amount of time it took to not only identify valid threat intelligence, but also operationalize that threat intel by injecting it directly into this FSI’s existing security tools. ThreatStream Optic connects with this FSI’s SIEM through a single, cloud-based portal, consolidating, normalizing and validating intelligence.<br />\r\nThis seamless integration also eliminates the time and resource-intensive process of manually de-duplicating information from multiple feeds.<br />\r\nThis FSI chose ThreatStream because the ThreatStream Optic platform, unlike other threat feeds, provides the additional benefit of cross-validation analysis. This FSI is able to take the threat intel received from ThreatStream and other sources and use ThreatStream Optic to determine with a high degree of probability what is valid intelligence, and act accordingly. ThreatStream allows this FSI to act on threat intel with a high degree of confidence.<br />\r\nThe efficiencies created by ThreatStream Optic also allow this FSI to redeploy valuable human resources, which saves this FSI countless hours and thousands of dollars per year.<br />\r\n<span style=\"font-style: italic;\">“Rather than taking us days to implement threat intelligence into our cybersecurity tools, with Optic, we can do it in minutes.”</span><br /><br />\r\n<span style=\"font-weight: bold;\">IMPLEMENTATION</span><br />\r\nThreatStream provided this FSI integrations for multiple sets of technology architecture, ensuring a smooth implementation. This FSI’s SIEM tools easily connect with ThreatStream’s server to pull down and inject data directly into this FSI’s security architecture stack. The threat intelligence provided by ThreatStream is viewed and used at this FSI’s highest levels.<br />\r\n<span style=\"font-style: italic;\">“The reliability of the data and depth of information the ThreatStream solution provides is top-notch. ThreatStream only delivers data that’s been fully vetted, rich with context and insights, allowing us to take immediate action.”</span><br /><br />\r\n<span style=\"font-weight: bold;\">A PARTNERSHIP</span><br />\r\n<span style=\"font-style: italic;\">“Working with ThreatStream is really a partnership. We have regularly scheduled discussions, and if we need anything, it’s only a phone call away. It’s easy to communicate with our ThreatStream team, and they are very receptive of what we ask of them.”</span><br />\r\nThreatStream Optic is the first threat intelligence platform that manages the entire life cycle of threat intelligence from multi-source acquisition to operational integration across the entire ecosystem of existing security devices. ThreatStream Optic enables enterprise and government organizations to seamlessly aggregate and analyze threat intelligence and automatically inject the information into their security infrastructure.","alias":"anomali-threatstream-for-federal-system-integrator","roi":0,"seo":{"title":"Anomali ThreatStream for Federal System Integrator","keywords":"","description":"<span style=\"font-weight: bold;\">ABOUT FEDERAL SYSTEMS INTEGRATOR</span>\r\nThis Federal Systems Integrator (FSI) is a proven provider of information solutions, engineering and analytics for the U.S. Intelligence Community, U.S. Department of Defense and other f","og:title":"Anomali ThreatStream for Federal System Integrator","og:description":"<span style=\"font-weight: bold;\">ABOUT FEDERAL SYSTEMS INTEGRATOR</span>\r\nThis Federal Systems Integrator (FSI) is a proven provider of information solutions, engineering and analytics for the U.S. Intelligence Community, U.S. Department of Defense and other f"},"deal_info":"","user":{"id":4195,"title":"Hidden user","logoURL":"https://old.roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[],"description":"User Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":98,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden user","keywords":"Hidden, user, User, Information, confidential","description":"User Information is confidential ","og:title":"Hidden user","og:description":"User Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/hidden_user.jpg"},"eventUrl":""},"supplier":{"id":5298,"title":"Anomali","logoURL":"https://old.roi4cio.com/uploads/roi/company/Anomali.png","alias":"anomali","address":"","roles":[],"description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect threats, understand adversaries, and respond effectively.&nbsp; The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide.<br />Source: https://www.linkedin.com/company/anomali/about/","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":3,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.anomali.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Anomali","keywords":"","description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:title":"Anomali","og:description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:image":"https://old.roi4cio.com/uploads/roi/company/Anomali.png"},"eventUrl":""},"vendors":[{"id":5298,"title":"Anomali","logoURL":"https://old.roi4cio.com/uploads/roi/company/Anomali.png","alias":"anomali","address":"","roles":[],"description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect threats, understand adversaries, and respond effectively.&nbsp; The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide.<br />Source: https://www.linkedin.com/company/anomali/about/","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":3,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.anomali.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Anomali","keywords":"","description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:title":"Anomali","og:description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:image":"https://old.roi4cio.com/uploads/roi/company/Anomali.png"},"eventUrl":""}],"products":[{"id":5889,"logo":false,"scheme":false,"title":"Anomali ThreatStream","vendorVerified":0,"rating":"1.00","implementationsCount":3,"suppliersCount":0,"alias":"anomali-threatstream","companyTypes":[],"description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also showed that 70% are overwhelmed with threat data. Anomali ThreatStream® makes it easier for security teams to achieve the full promise of threat intelligence. ThreatStream automates all the processes for collecting, managing and integrating threat intelligence, and gives security analysts the tools and resources to respond quickly to active threats.<br /><span style=\"font-weight: bold; \">Collect</span><br />ThreatStream manages ingesting intelligence from many disparate sources, including:\r\n<ul><li>STIX/TAXII feeds</li></ul>\r\n<ul><li>Open source threat feeds</li></ul>\r\n<ul><li>Commercial threat intelligence providers</li></ul>\r\n<ul><li>Unstructured intelligence: PDFs, CSVs, emails</li></ul>\r\n<ul><li>ISAC/ISAO shared threat intelligence</li></ul>\r\n<span style=\"font-weight: bold; \">Manage</span><br />ThreatStream takes raw threat data and turns it into rich, usable intelligence:\r\n<ul><li>Normalizes feeds into a common taxonomy</li></ul>\r\n<ul><li>De-duplicates data across feeds</li></ul>\r\n<ul><li>Removes false positives</li></ul>\r\n<ul><li>Enriches data with actor, campaign, and TTP</li></ul>\r\n<ul><li>Associates related threat indicators</li></ul>\r\n<span style=\"font-weight: bold; \">Integrate</span><br />ThreatStream integrates with internal security systems to make threat intelligence actionable.\r\n<ul><li>Deep integration with SIEM, FW, IPS, and EDR</li></ul>\r\n<ul><li>Scales to process millions of indicators</li></ul>\r\n<ul><li>Risk ranks threats via machine learning</li></ul>\r\n<ul><li>Includes Threat Bulletins from Anomali Labs</li></ul>\r\n<ul><li>Secure, 2-way sharing with Trusted Circles</li></ul>","shortDescription":"ThreatStream operationalizes threat intelligence and unites all the tools in your security infrastructure, speeding the detection of threats and enabling proactive defense measures.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Anomali ThreatStream","keywords":"","description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also ","og:title":"Anomali ThreatStream","og:description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also "},"eventUrl":"","translationId":5889,"dealDetails":{"avgPartnerDiscount":15,"dealProtection":1,"avgDealSize":150000,"dealSizeCurrency":"","avgDealClosing":9},"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"https://www.anomali.com/request-a-demo","categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&amp;C) software. The word &quot;botnet&quot; is a portmanteau of the words &quot;robot&quot; and &quot;network&quot;. The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the &quot;WannaCry worm&quot;, travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":6,"title":"Ensure Security and Business Continuity"},{"id":5,"title":"Enhance Staff Productivity"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":177,"title":"Decentralized IT systems"},{"id":336,"title":"Risk or Leaks of confidential information"},{"id":385,"title":"Risk of data loss or damage"},{"id":384,"title":"Risk of attacks by hackers"},{"id":382,"title":"High costs of IT personnel"}]}},"categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&amp;C) software. The word &quot;botnet&quot; is a portmanteau of the words &quot;robot&quot; and &quot;network&quot;. The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the &quot;WannaCry worm&quot;, travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://www.anomali.com/files/ThreatStream_Case_Study_FSI.pdf","title":"Web-site of vendor"}},"comments":[],"referencesCount":0}],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":3,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{"5":{"id":5,"title":"Security Software","description":" Computer security software or cybersecurity software is any computer program designed to enhance information security. Security software is a broad term that encompasses a suite of different types of software that deliver data and computer and network security in various forms. \r\nSecurity software can protect a computer from viruses, malware, unauthorized users and other security exploits originating from the Internet. Different types of security software include anti-virus software, firewall software, network security software, Internet security software, malware/spamware removal and protection software, cryptographic software, and more.\r\nIn end-user computing environments, anti-spam and anti-virus security software is the most common type of software used, whereas enterprise users add a firewall and intrusion detection system on top of it. \r\nSecurity soft may be focused on preventing attacks from reaching their target, on limiting the damage attacks can cause if they reach their target and on tracking the damage that has been caused so that it can be repaired. As the nature of malicious code evolves, security software also evolves.<span style=\"font-weight: bold; \"></span>\r\n<span style=\"font-weight: bold; \">Firewall. </span>Firewall security software prevents unauthorized users from accessing a computer or network without restricting those who are authorized. Firewalls can be implemented with hardware or software. Some computer operating systems include software firewalls in the operating system itself. For example, Microsoft Windows has a built-in firewall. Routers and servers can include firewalls. There are also dedicated hardware firewalls that have no other function other than protecting a network from unauthorized access.\r\n<span style=\"font-weight: bold; \">Antivirus.</span> Antivirus solutions work to prevent malicious code from attacking a computer by recognizing the attack before it begins. But it is also designed to stop an attack in progress that could not be prevented, and to repair damage done by the attack once the attack abates. Antivirus software is useful because it addresses security issues in cases where attacks have made it past a firewall. New computer viruses appear daily, so antivirus and security software must be continuously updated to remain effective.\r\n<span style=\"font-weight: bold; \">Antispyware.</span> While antivirus software is designed to prevent malicious software from attacking, the goal of antispyware software is to prevent unauthorized software from stealing information that is on a computer or being processed through the computer. Since spyware does not need to attempt to damage data files or the operating system, it does not trigger antivirus software into action. However, antispyware software can recognize the particular actions spyware is taking by monitoring the communications between a computer and external message recipients. When communications occur that the user has not authorized, antispyware can notify the user and block further communications.\r\n<span style=\"font-weight: bold; \">Home Computers.</span> Home computers and some small businesses usually implement&nbsp; security software at the desktop level - meaning on the PC itself. This category of computer security and protection, sometimes referred to as end-point security, remains resident, or continuously operating, on the desktop. Because the software is running, it uses system resources, and can slow the computer's performance. However, because it operates in real time, it can react rapidly to attacks and seek to shut them down when they occur.\r\n<span style=\"font-weight: bold; \">Network Security.</span> When several computers are all on the same network, it's more cost-effective to implement security at the network level. Antivirus software can be installed on a server and then loaded automatically to each desktop. However firewalls are usually installed on a server or purchased as an independent device that is inserted into the network where the Internet connection comes in. All of the computers inside the network communicate unimpeded, but any data going in or out of the network over the Internet is filtered trough the firewall.<br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"> <span style=\"font-weight: normal; \">What is IT security software?</span></h1>\r\nIT security software provides protection to businesses’ computer or network. It serves as a defense against unauthorized access and intrusion in such a system. It comes in various types, with many businesses and individuals already using some of them in one form or another.\r\nWith the emergence of more advanced technology, cybercriminals have also found more ways to get into the system of many organizations. Since more and more businesses are now relying their crucial operations on software products, the importance of security system software assurance must be taken seriously – now more than ever. Having reliable protection such as a security software programs is crucial to safeguard your computing environments and data. \r\n<p class=\"align-left\">It is not just the government or big corporations that become victims of cyber threats. In fact, small and medium-sized businesses have increasingly become targets of cybercrime over the past years. </p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal; \">What are the features of IT security software?</span></h1>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Automatic updates. </span>This ensures you don’t miss any update and your system is the most up-to-date version to respond to the constantly emerging new cyber threats.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Real-time scanning.</span> Dynamic scanning features make it easier to detect and infiltrate malicious entities promptly. Without this feature, you’ll risk not being able to prevent damage to your system before it happens.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Auto-clean.</span> A feature that rids itself of viruses even without the user manually removing it from its quarantine zone upon detection. Unless you want the option to review the malware, there is no reason to keep the malicious software on your computer which makes this feature essential.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Multiple app protection.</span> This feature ensures all your apps and services are protected, whether they’re in email, instant messenger, and internet browsers, among others.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application level security.</span> This enables you to control access to the application on a per-user role or per-user basis to guarantee only the right individuals can enter the appropriate applications.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Role-based menu.</span> This displays menu options showing different users according to their roles for easier assigning of access and control.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Row-level (multi-tenant) security.</span> This gives you control over data access at a row-level for a single application. This means you can allow multiple users to access the same application but you can control the data they are authorized to view.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Single sign-on.</span> A session or user authentication process that allows users to access multiple related applications as long as they are authorized in a single session by only logging in their name and password in a single place.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">User privilege parameters.</span> These are customizable features and security as per individual user or role that can be accessed in their profile throughout every application.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application activity auditing.</span> Vital for IT departments to quickly view when a user logged in and off and which application they accessed. Developers can log end-user activity using their sign-on/signoff activities.</li></ul>\r\n<p class=\"align-left\"><br /><br /><br /><br /></p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Security_Software.png","alias":"security-software"},"45":{"id":45,"title":"SIEM - Security Information and Event Management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span>&nbsp; Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span>&nbsp; Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span>&nbsp; Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png","alias":"siem-security-information-and-event-management"},"52":{"id":52,"title":"SaaS - software as a service","description":"<span style=\"font-weight: bold;\">Software as a service (SaaS)</span> is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as &quot;on-demand software&quot;, and was formerly referred to as &quot;software plus services&quot; by Microsoft.\r\n SaaS services is typically accessed by users using a thin client, e.g. via a web browser. SaaS software solutions has become a common delivery model for many business applications, including office software, messaging software, payroll processing software, DBMS software, management software, CAD software, development software, gamification, virtualization, accounting, collaboration, customer relationship management (CRM), Management Information Systems (MIS), enterprise resource planning (ERP), invoicing, human resource management (HRM), talent acquisition, learning management systems, content management (CM), Geographic Information Systems (GIS), and service desk management. SaaS has been incorporated into the strategy of nearly all leading enterprise software companies.\r\nSaaS applications are also known as <span style=\"font-weight: bold;\">Web-based software</span>, <span style=\"font-weight: bold;\">on-demand software</span> and<span style=\"font-weight: bold;\"> hosted software</span>.\r\nThe term &quot;Software as a Service&quot; (SaaS) is considered to be part of the nomenclature of cloud computing, along with Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Desktop as a Service (DaaS),managed software as a service (MSaaS), mobile backend as a service (MBaaS), and information technology management as a service (ITMaaS).\r\nBecause SaaS is based on cloud computing it saves organizations from installing and running applications on their own systems. That eliminates or at least reduces the associated costs of hardware purchases and maintenance and of software and support. The initial setup cost for a SaaS application is also generally lower than it for equivalent enterprise software purchased via a site license.\r\nSometimes, the use of SaaS cloud software can also reduce the long-term costs of software licensing, though that depends on the pricing model for the individual SaaS offering and the enterprise’s usage patterns. In fact, it’s possible for SaaS to cost more than traditional software licenses. This is an area IT organizations should explore carefully.<br />SaaS also provides enterprises the flexibility inherent with cloud services: they can subscribe to a SaaS offering as needed rather than having to buy software licenses and install the software on a variety of computers. The savings can be substantial in the case of applications that require new hardware purchases to support the software.<br /><br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Who uses SaaS?</span></h1>\r\nIndustry analyst Forrester Research notes that SaaS adoption has so far been concentrated mostly in human resource management (HRM), customer relationship management (CRM), collaboration software (e.g., email), and procurement solutions, but is poised to widen. Today it’s possible to have a data warehouse in the cloud that you can access with business intelligence software running as a service and connect to your cloud-based ERP like NetSuite or Microsoft Dynamics.The dollar savings can run into the millions. And SaaS installations are often installed and working in a fraction of the time of on-premises deployments—some can be ready in hours. \r\nSales and marketing people are likely familiar with Salesforce.com, the leading SaaS CRM software, with millions of users across more than 100,000 customers. Sales is going SaaS too, with apps available to support sales in order management, compensation, quote production and configure, price, quoting, electronic signatures, contract management and more.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Why SaaS? Benefits of software as a service</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">Lower cost of entry</span>. With SaaS solution, you pay for what you need, without having to buy hardware to host your new applications. Instead of provisioning internal resources to install the software, the vendor provides APIs and performs much of the work to get their software working for you. The time to a working solution can drop from months in the traditional model to weeks, days or hours with the SaaS model. In some businesses, IT wants nothing to do with installing and running a sales app. In the case of funding software and its implementation, this can be a make-or-break issue for the sales and marketing budget, so the lower cost really makes the difference.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Reduced time to benefit/rapid prototyping</span>. In the SaaS model, the software application is already installed and configured. Users can provision the server for the cloud and quickly have the application ready for use. This cuts the time to benefit and allows for rapid demonstrations and prototyping. With many SaaS companies offering free trials, this means a painless proof of concept and discovery phase to prove the benefit to the organization. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Pay as you go</span>. SaaS business software gives you the benefit of predictable costs both for the subscription and to some extent, the administration. Even as you scale, you can have a clear idea of what your costs will be. This allows for much more accurate budgeting, especially as compared to the costs of internal IT to manage upgrades and address issues for an owned instance.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">The SaaS vendor is responsible for upgrades, uptime and security</span>. Under the SaaS model, since the software is hosted by the vendor, they take on the responsibility for maintaining the software and upgrading it, ensuring that it is reliable and meeting agreed-upon service level agreements, and keeping the application and its data secure.&nbsp; While some IT people worry about Software as a Service security outside of the enterprise walls, the likely truth is that the vendor has a much higher level of security than the enterprise itself would provide. Many will have redundant instances in very secure data centers in multiple geographies.&nbsp; Also, the data is being automatically backed up by the vendor, providing additional security and peace of mind. Because of the data center hosting, you’re getting the added benefit of at least some disaster recovery. Lastly, the vendor manages these issues as part of their core competencies—let them.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Integration and scalability.</span> Most SaaS apps are designed to support some amount of customization for the way you do business. SaaS vendors create APIs to allow connections not only to internal applications like ERPs or CRMs but also to other SaaS providers. One of the terrific aspects of integration is that orders written in the field can be automatically sent to the ERP. Now a salesperson in the field can check inventory through the catalog, write the order in front of the customer for approval, send it and receive confirmation, all in minutes. And as you scale with a SaaS vendor, there’s no need to invest in server capacity and software licenses. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Work anywhere</span>. Since the software is hosted in the cloud and accessible over the internet, users can access it via mobile devices wherever they are connected. This includes checking customer order histories prior to a sales call, as well as having access to real time data and real time order taking with the customer.</li></ul>\r\n<p class=\"align-left\">&nbsp;</p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SaaS__1_.png","alias":"saas-software-as-a-service"},"204":{"id":204,"title":"Managed Detection and Response","description":" MDR, which stands for Managed Detection &amp; Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png","alias":"managed-detection-and-response"},"457":{"id":457,"title":"DDoS Protection","description":" A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.\r\nIn a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.\r\nA DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.\r\nCriminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks. ","materialsDescription":" <span style=\"font-weight: bold;\">What are the Different Types of DDoS Attacks?</span>\r\nDistributed Denial of Service attacks vary significantly, and there are thousands of different ways an attack can be carried out (attack vectors), but an attack vector will generally fall into one of three broad categories:\r\n<span style=\"font-weight: bold;\">Volumetric Attacks:</span>\r\nVolumetric attacks attempt to consume the bandwidth either within the target network/service or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.\r\n<span style=\"font-weight: bold;\">TCP State-Exhaustion Attacks:</span>\r\nTCP State-Exhaustion attacks attempt to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks.\r\n<span style=\"font-weight: bold;\">Application Layer Attacks:</span>\r\nApplication Layer attacks target some aspect of an application or service at Layer-7. These are the deadliest kind of attacks as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). Application layer attacks have come to prevalence over the past three or four years and simple application layer flood attacks (HTTP GET flood etc.) have been some of the most common denials of service attacks seen in the wild.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DDoS_Protection.png","alias":"ddos-protection"},"834":{"id":834,"title":"IoT - Internet of Things Security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each &quot;thing&quot; is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png","alias":"iot-internet-of-things-security"},"874":{"id":874,"title":"Threat Intelligence Platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&amp;C) software. The word &quot;botnet&quot; is a portmanteau of the words &quot;robot&quot; and &quot;network&quot;. The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the &quot;WannaCry worm&quot;, travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png","alias":"threat-intelligence-platforms"}},"branches":"Information Technology","companySizes":"101 to 500 Employees","companyUrl":"http://www.anomali.com","countryCodes":["ARE","GBR","JPN","SGP","USA"],"certifications":[],"isSeller":true,"isSupplier":true,"isVendor":true,"presenterCodeLng":"","seo":{"title":"Anomali","keywords":"","description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:title":"Anomali","og:description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:image":"https://old.roi4cio.com/uploads/roi/company/Anomali.png"},"eventUrl":"","vendorPartners":[],"supplierPartners":[],"vendoredProducts":[{"id":5889,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/anomali_logo.png","logo":true,"scheme":false,"title":"Anomali ThreatStream","vendorVerified":0,"rating":"1.00","implementationsCount":3,"suppliersCount":0,"supplierPartnersCount":0,"alias":"anomali-threatstream","companyTitle":"Anomali","companyTypes":["supplier","vendor"],"companyId":5298,"companyAlias":"anomali","description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also showed that 70% are overwhelmed with threat data. Anomali ThreatStream® makes it easier for security teams to achieve the full promise of threat intelligence. ThreatStream automates all the processes for collecting, managing and integrating threat intelligence, and gives security analysts the tools and resources to respond quickly to active threats.<br /><span style=\"font-weight: bold; \">Collect</span><br />ThreatStream manages ingesting intelligence from many disparate sources, including:\r\n<ul><li>STIX/TAXII feeds</li></ul>\r\n<ul><li>Open source threat feeds</li></ul>\r\n<ul><li>Commercial threat intelligence providers</li></ul>\r\n<ul><li>Unstructured intelligence: PDFs, CSVs, emails</li></ul>\r\n<ul><li>ISAC/ISAO shared threat intelligence</li></ul>\r\n<span style=\"font-weight: bold; \">Manage</span><br />ThreatStream takes raw threat data and turns it into rich, usable intelligence:\r\n<ul><li>Normalizes feeds into a common taxonomy</li></ul>\r\n<ul><li>De-duplicates data across feeds</li></ul>\r\n<ul><li>Removes false positives</li></ul>\r\n<ul><li>Enriches data with actor, campaign, and TTP</li></ul>\r\n<ul><li>Associates related threat indicators</li></ul>\r\n<span style=\"font-weight: bold; \">Integrate</span><br />ThreatStream integrates with internal security systems to make threat intelligence actionable.\r\n<ul><li>Deep integration with SIEM, FW, IPS, and EDR</li></ul>\r\n<ul><li>Scales to process millions of indicators</li></ul>\r\n<ul><li>Risk ranks threats via machine learning</li></ul>\r\n<ul><li>Includes Threat Bulletins from Anomali Labs</li></ul>\r\n<ul><li>Secure, 2-way sharing with Trusted Circles</li></ul>","shortDescription":"ThreatStream operationalizes threat intelligence and unites all the tools in your security infrastructure, speeding the detection of threats and enabling proactive defense measures.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Anomali ThreatStream","keywords":"","description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also ","og:title":"Anomali ThreatStream","og:description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also ","og:image":"https://old.roi4cio.com/fileadmin/user_upload/anomali_logo.png"},"eventUrl":"","translationId":5889,"dealDetails":{"avgPartnerDiscount":15,"dealProtection":1,"avgDealSize":150000,"dealSizeCurrency":"","avgDealClosing":9},"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":128,"title":"Threat Intelligence Platforms"}],"testingArea":"https://www.anomali.com/request-a-demo","categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&amp;C) software. The word &quot;botnet&quot; is a portmanteau of the words &quot;robot&quot; and &quot;network&quot;. The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the &quot;WannaCry worm&quot;, travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"suppliedProducts":[{"id":5889,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/anomali_logo.png","logo":true,"scheme":false,"title":"Anomali ThreatStream","vendorVerified":0,"rating":"1.00","implementationsCount":3,"suppliersCount":0,"supplierPartnersCount":0,"alias":"anomali-threatstream","companyTitle":"Anomali","companyTypes":["supplier","vendor"],"companyId":5298,"companyAlias":"anomali","description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also showed that 70% are overwhelmed with threat data. Anomali ThreatStream® makes it easier for security teams to achieve the full promise of threat intelligence. ThreatStream automates all the processes for collecting, managing and integrating threat intelligence, and gives security analysts the tools and resources to respond quickly to active threats.<br /><span style=\"font-weight: bold; \">Collect</span><br />ThreatStream manages ingesting intelligence from many disparate sources, including:\r\n<ul><li>STIX/TAXII feeds</li></ul>\r\n<ul><li>Open source threat feeds</li></ul>\r\n<ul><li>Commercial threat intelligence providers</li></ul>\r\n<ul><li>Unstructured intelligence: PDFs, CSVs, emails</li></ul>\r\n<ul><li>ISAC/ISAO shared threat intelligence</li></ul>\r\n<span style=\"font-weight: bold; \">Manage</span><br />ThreatStream takes raw threat data and turns it into rich, usable intelligence:\r\n<ul><li>Normalizes feeds into a common taxonomy</li></ul>\r\n<ul><li>De-duplicates data across feeds</li></ul>\r\n<ul><li>Removes false positives</li></ul>\r\n<ul><li>Enriches data with actor, campaign, and TTP</li></ul>\r\n<ul><li>Associates related threat indicators</li></ul>\r\n<span style=\"font-weight: bold; \">Integrate</span><br />ThreatStream integrates with internal security systems to make threat intelligence actionable.\r\n<ul><li>Deep integration with SIEM, FW, IPS, and EDR</li></ul>\r\n<ul><li>Scales to process millions of indicators</li></ul>\r\n<ul><li>Risk ranks threats via machine learning</li></ul>\r\n<ul><li>Includes Threat Bulletins from Anomali Labs</li></ul>\r\n<ul><li>Secure, 2-way sharing with Trusted Circles</li></ul>","shortDescription":"ThreatStream operationalizes threat intelligence and unites all the tools in your security infrastructure, speeding the detection of threats and enabling proactive defense measures.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Anomali ThreatStream","keywords":"","description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also ","og:title":"Anomali ThreatStream","og:description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also ","og:image":"https://old.roi4cio.com/fileadmin/user_upload/anomali_logo.png"},"eventUrl":"","translationId":5889,"dealDetails":{"avgPartnerDiscount":15,"dealProtection":1,"avgDealSize":150000,"dealSizeCurrency":"","avgDealClosing":9},"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":128,"title":"Threat Intelligence Platforms"}],"testingArea":"https://www.anomali.com/request-a-demo","categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&amp;C) software. The word &quot;botnet&quot; is a portmanteau of the words &quot;robot&quot; and &quot;network&quot;. The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the &quot;WannaCry worm&quot;, travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"partnershipProgramme":null}},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"implementations":{"implementationsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"agreements":{"agreementById":{},"ids":{},"links":{},"meta":{},"loading":false,"error":null},"comparison":{"loading":false,"error":false,"templatesById":{},"comparisonByTemplateId":{},"products":[],"selectedTemplateId":null},"presentation":{"type":null,"company":{},"products":[],"partners":[],"formData":{},"dataLoading":false,"dataError":false,"loading":false,"error":false},"catalogsGlobal":{"subMenuItemTitle":""}}