Anomali Inc. is an American cybersecurity company that develops and provides threat intelligence products. In 2023, the company moved into providing security analytics powered by artificial intelligence (AI).

Anomali Inc.
FormerlyThreatStream (2013–2016)
Company typePrivate
IndustryCybersecurity
Founded2013; 11 years ago (2013)[1]
Founders
Headquarters,
United States
Area served
Worldwide
Key people
  • Ahmed Rubaie (CEO)
  • Hugh Njemanze (President)
ProductsAnomali ThreatStream, Anomali Match, Anomali Lens, Security Analytics
Number of employees
201-500
Websiteanomali.com

History

edit

Anomali was founded in 2013[2] under the name ThreatStream, by Greg Martin and Colby DeRodeff. At that time, the company's products provided filtering and customization options to give companies visibility into indicators of compromise (IOCs).[3] In 2013, the company launched the first version of ThreatStream, a threat intelligence platform (TIP),[4] uses different sources to track known threats, monitor and detect security breaches.[5]

In 2016, company rebranded as Anomali and introduced new products and a new approach to threat intelligence.[6][7] This included providing SaaS and on-premise platforms that customers could use to upload their logs. It launched its second product, Anomali, which later became Anomali Match, an enterprise threat detection service that matched data against threat intelligence for existing IOCs.[8][9] [10]

By 2018, Anomali had received $96.3 million in funding from 11 investors, including Paladin Capital Group, Institutional Venture Partners (IVP), GV (formerly Google Ventures), General Catalyst, Telstra Ventures, and Lumina Capital.[11][12] The company works with government and business organizations such as the Bank of England, Citigroup, and Alaska Airlines.[13]

In 2019, Anomali introduced Anomali Lens,[14] a web-browser extension that highlights and collects relevant threat data from web pages. The data is added to ThreatStream and matched with internal network events using Anomali’s Match platform.[15] Since being founded, Anomali has collaborated with partners spanning channel resellers, managed security services providers (MSSPs), systems integrators, and Commercial Threat Intelligence Feed providers to build out the Anomali Preferred Partner Store (Anomali APP Store).[16] Anomali has established a collaborative relationship with Microsoft[17][18] to integrate threat intelligence from ThreatStream with security insights from Microsoft Graph security API.[19] This allowed companies to correlate cloud service and network activity with adversary threat information.[20] The company also partnered with the National Health Information Sharing and Analysis Center (NH-ISAC) to bring cybersecurity tools and threat intelligence to the healthcare community.[21]

In March 2021, the company signed a partnership with Netpoleon, a network security distributor.[22] This was the company’s first partnership in Australia and New Zealand.[23] In January 2022, a distribution agreement was signed with ACA Pacific to reach markets in Singapore, Malaysia, Indonesia, and Thailand.[24]

In 2021, Anomali joined MITRE Engenuity’s Center for Threat-Informed Defense to collaborate on the Attack Flow Project to better understand adversary behavior and improve defensive capabilities.[25] This partnership culminated with the public release of the project in March 2022.[26]

In March 2022, the company released its Cloud-Native XDR (eXtended Detection and Response) solution.[27][28] It works with Anomali’s threat intelligence and IOC repositories to help companies improve existing security infrastructure.[29] It can be integrated with the MITRE ATT&CK framework and other security frameworks.[30]

That same month, Anomali started its Resilience Partner Program for Global Systems Integrators (GSIs), Value Added Resellers (VARs), Distributors, and service providers.[31] The program gives partners simplified access to the Anomali Platform and Cloud-Native XDR.[32]

Investigations / Anomali Threat Research (ATR) Team

edit

In January 2019, Anomali uncovered a phishing scam targeting Australian businesses.[33] Hackers would email companies, claim that they had been selected by the Department of Infrastructure and Regional Development to submit a tender for a commercial project, and then require companies to register in the tender portal to continue. The link in the email took businesses to a replica site of the government's AusTender website. The ATR team alerted the government to the scam.[34]

In July 2019, the ATR observed a new ransomware targeting QNAP Network Attached Storage (NAS) devices and named it eCh0raix.[35] A decryptor was released in August.

In December 2019, Anomali published research that said that Gamaredon, a hacking group, had launched attacks targeting Ukrainian military and government agencies, including the Ministry of Foreign Affairs, journalists, law enforcement, and nongovernmental organizations (NGOs).[36] The attacks started in mid-September.

In June 2020, the company identified twelve apps posing as coronavirus contact tracing apps that were designed to steal personal and financial information from Android users.[37][38] Four of the apps used either the Anubis banking malware or the SpyNote Trojan.[39] The apps targeted people in Armenia, Brazil, Colombia, India, Indonesia, Iran, Italy, Kyrgyzstan, Russia and Singapore.[40]

in February 2021, ATR identified a cyberespionage campaign targeting UAE and Kuwait government agencies.[41] The work was attributed to Static Kitten (aka MERCURY and MuddyWater) and the objective was to install the remote management tool ScreenConnect with "unique launch parameters that have custom properties with malware samples and URLs masquerading as the Ministry of Foreign Affairs of Kuwait and the UAE National Council".[42] Static Kitten is a state-sponsored hacking group believed to be working for Iran's Islamic Republic Guard Corps.[43]

In May 2021, the team identified threat actors who were using Microsoft Build Engine (MSBuild) to filelessly deliver remote access trojans and password-stealing malware on targeted Windows systems.[44] The campaign had been active since April, with the attackers using the Microsoft application to load the attack code, thereby avoiding any traces of infection.[45][46] The samples analyzed by Anomali delivered Remcos RAT, Quasar RAT, and RedLine Stealer.[47][48]

In September, ATR identified action from the FIN7 financial cybercrime gang.[49] The gang was delivering JavaScript backdoors using Word documents to steal payment-card data.[49]

Products and services

edit
  • ThreatStream - a threat intelligence platform that automates threat detection, investigation, and response; collects intelligence from different sources[50][51]
  • Match - a breach detection platform that will match external threat intelligence to internal events[52]
  • Lens - a web browser-based plugin that uses natural language processing (NLP) to scan structured and unstructured internet content to automate the identification of adversaries, malware, and cyber threats that are present in the users' network, actively attacking the user's network, or newly detected[52]
  • Anomali Preferred Partner (APP) Store - companies can use APP to purchase additional intelligence; the store was created by collaborating with channel resellers, Managed Security Services Providers (MSSPs), Systems Integrators, and Commercial Threat Intelligence Feed providers.[53]
  • Cloud-Native XDR - helps companies monitor and improve their existing security telemetry infrastructure[54]

See also

edit

References

edit
  1. ^ "Cyber-security firm to create 120 jobs". BBC News. 18 May 2017.
  2. ^ Mishra, Pankaj (20 February 2014). "ThreatStream Raises $4M From Google Ventures To Add Realtime Cybersecurity Intelligence". TechCrunch.
  3. ^ Kerner, Sean Michael (2016-03-01). "ThreatStream Renames and Refocuses Itself as Anomali". eWEEK. Retrieved 2022-07-14.
  4. ^ Lawson, Craig (28 July 2020). "Market Guide for Security Threat Intelligence Products and Services". Gartner. Archived from the original on 2021-06-25.
  5. ^ "Anomali secures $40 million Series D led by Lumia Capital to scale threat detection solution". TechCrunch. 17 January 2018. Retrieved 2022-07-08.
  6. ^ Panettieri, Joe. "Managed Security Services Provider (MSSP) News: 26 August 2020". MSSP Alert.
  7. ^ Kerner, Sean Michael (2016-03-01). "ThreatStream Renames and Refocuses Itself as Anomali". eWEEK. Retrieved 2022-07-21.
  8. ^ "Anomali secures $40 million Series D led by Lumia Capital to scale threat detection solution". TechCrunch. 17 January 2018. Retrieved 2022-07-29.
  9. ^ "Anomali Altitude automates detection, analysis, and threat response". Help Net Security. 2019-10-01. Retrieved 2022-07-29.
  10. ^ Kerner, Sean Michael (2016-03-01). "ThreatStream Renames and Refocuses Itself as Anomali". eWEEK. Retrieved 2022-07-21.
  11. ^ Maheshwary, Saket; Misra, Hemant (2018). "Matching Resumes to Jobs via Deep Siamese Network". Companion of the Web Conference 2018 on the Web Conference 2018 - WWW '18. New York, New York, USA: ACM Press. pp. 87–88. doi:10.1145/3184558.3186942. ISBN 9781450356404.
  12. ^ "Anomali secures $40 million Series D led by Lumia Capital to scale threat detection solution". TechCrunch. 17 January 2018. Retrieved 2022-09-02.
  13. ^ Miller, Ron (2018-01-17). "Anomali secures $40 million Series D led by Lumia Capital to scale threat detection solution". TechCrunch. Retrieved 2022-09-08.
  14. ^ Kovaks, Eduard (30 September 2019). "New Anomali Tool Finds Threat Data in News, Blogs, Social Networks". SecurityWeek.
  15. ^ "New Anomali Tool Finds Threat Data in News, Blogs, Social Networks | SecurityWeek.Com". www.securityweek.com. 30 September 2019. Retrieved 2022-11-21.
  16. ^ Martins, Andrew. "What Is Cyberthreat Intelligence, and Why Do You Need It?". Business News Daily.
  17. ^ "Microsoft brings fresh intelligence to its security products". 16 April 2018.
  18. ^ "Anomali collaborates with Microsoft to integrate threat data - Help Net Security". 17 April 2018.
  19. ^ "Anomali collaborates with Microsoft to integrate threat data". Help Net Security. 2018-04-17. Retrieved 2022-11-08.
  20. ^ "Anomali collaborates with Microsoft to integrate threat data". Help Net Security. 2018-04-17. Retrieved 2022-11-08.
  21. ^ "NH-ISAC, Anomali Partner to Improve Secure Healthcare Data Sharing". HealthITSecurity. 2018-03-19. Retrieved 2022-11-08.
  22. ^ "Anomali signs first A/NZ distie deal with Netpoleon". www.arnnet.com.au. Retrieved 2022-11-21.
  23. ^ "Anomali signs first A/NZ distie deal with Netpoleon". www.arnnet.com.au. Retrieved 2022-11-21.
  24. ^ "Anomali builds out ASEAN threat intelligence presence with ACA Pacific". channelasia.tech. Retrieved 2022-11-21.
  25. ^ "Top 10 cyber threat intelligence tools". cybermagazine.com. 2022-03-29. Retrieved 2022-10-01.
  26. ^ Baker, Jon (2022-03-02). "Attack Flow — Beyond Atomic Behaviors". MITRE-Engenuity. Retrieved 2022-10-01.
  27. ^ Kobialka, Dan (2022-03-01). "Anomali Unveils Cloud XDR Solution: Here's What MSSPs Need to Know". MSSP Alert. Retrieved 2022-08-15.
  28. ^ "New Anomali Match Features Provide Extended Detection and Response (XDR) Capabilities that Help Customers Stop Breaches and Attackers". www.businesswire.com. 2021-07-01. Retrieved 2022-08-15.
  29. ^ "Anomali XDR solution helps enterprises against advanced cyber threats". Help Net Security. 2022-03-03. Retrieved 2022-08-15.
  30. ^ Kobialka, Dan (2022-03-01). "Anomali Unveils Cloud XDR Solution: Here's What MSSPs Need to Know". MSSP Alert. Retrieved 2022-11-21.
  31. ^ "Anomali releases Resilience Partner Program to meet growing demand for cybersecurity services". March 17, 2022.
  32. ^ "Anomali releases Resilience Partner Program to meet growing demand for cybersecurity services". March 17, 2022.
  33. ^ Powell, Dominic (2019-01-16). "Government warns SMEs of new scam luring businesses into applying for fake tender contracts". SmartCompany. Retrieved 2022-08-17.
  34. ^ Powell, Dominic (2019-01-16). "Government warns SMEs of new scam luring businesses into applying for fake tender contracts". SmartCompany. Retrieved 2022-08-17.
  35. ^ "New eCh0raix Ransomware Brute-Forces QNAP NAS Devices". BleepingComputer. Retrieved 2022-08-26.
  36. ^ "Possible APT attacks against Ukraine expand to target journalists, researchers say". CyberScoop. 2019-12-09. Retrieved 2022-09-01.
  37. ^ "Fake contact-tracing apps delivering banking trojans". ComputerWeekly.com. Retrieved 2022-09-08.
  38. ^ "Hackers use fake contact tracing apps in attempt to install banking malware on Android phones". CyberScoop. 2020-06-10. Retrieved 2022-09-08.
  39. ^ "Hackers use fake contact tracing apps in attempt to install banking malware on Android phones". CyberScoop. 2020-06-10. Retrieved 2022-09-15.
  40. ^ "Fake contact-tracing apps delivering banking trojans". ComputerWeekly.com. Retrieved 2022-09-15.
  41. ^ "Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies". The Hacker News. Retrieved 2022-11-14.
  42. ^ "Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies". The Hacker News. Retrieved 2022-11-14.
  43. ^ "Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies". The Hacker News. Retrieved 2022-11-14.
  44. ^ "Hackers Using Microsoft Build Engine to Deliver Malware Filelessly". The Hacker News. Retrieved 2022-11-23.
  45. ^ "Hackers Using Microsoft Build Engine to Deliver Malware Filelessly". The Hacker News. Retrieved 2022-11-23.
  46. ^ "Microsoft build tool abused to deliver password-stealing malware". BleepingComputer. Retrieved 2022-11-23.
  47. ^ "Hackers Using Microsoft Build Engine to Deliver Malware Filelessly". The Hacker News. Retrieved 2022-11-23.
  48. ^ "Microsoft build tool abused to deliver password-stealing malware". BleepingComputer. Retrieved 2022-11-23.
  49. ^ a b "FIN7 Capitalizes on Windows 11 Release in Latest Gambit". threatpost.com. 3 September 2021. Retrieved 2022-11-23.
  50. ^ Zurier, Steve (2020-10-31). "Anomali". SC Media. Retrieved 2022-10-06.
  51. ^ "Shore Up Your Defenses With Cyber Threat Intelligence - businessnewsdaily.com". Business News Daily. Retrieved 2022-10-06.
  52. ^ a b "New Anomali Tool Finds Threat Data in News, Blogs, Social Networks | SecurityWeek.Com". www.securityweek.com. 30 September 2019. Retrieved 2022-10-06.
  53. ^ "Shore Up Your Defenses With Cyber Threat Intelligence - businessnewsdaily.com". Business News Daily. Retrieved 2022-10-25.
  54. ^ Kobialka, Dan (2022-03-01). "Anomali Unveils Cloud XDR Solution: Here's What MSSPs Need to Know". MSSP Alert. Retrieved 2022-10-25.
edit