Threat Intelligence Solutions: A SANS Review of Anomali ThreatStream

  • Wednesday, 04 Nov 2020 2:00PM EST (04 Nov 2020 19:00 UTC)
  • Speakers: TJ Banasik, AJ Nash

Cyber threat data from multiple sources overwhelm today's Security Operations Centers (SOCs) without a centralized method to aggregate it. Many organizations have immature threat intelligence programs that rely on select external threat feeds, which users struggle to analyze. A cyber threat intelligence program requires people, processes, and technology to process, exploit, and disseminate threat data. Threat intelligence is 'evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets informing decisions regarding the subject's response to that menace or hazard '[1]. Threat Intelligence Platforms (TIPs) address these challenges by providing a unified solution to consolidate actionable data, automate analyst research, and integrate with security controls.

SANS had the opportunity to review the Anomali ThreatStream ' product, a threat intelligence platform providing a unified solution for collecting, curating, and disseminating threat intelligence. ThreatStream rationalizes multiple threat data sources into a single high-fidelity repository by automatically normalizing, de-duplicating, removing false positives, and enriching the threat data, then associating all related threat indicators. ThreatStream applies a highly accurate machine learning algorithm for scoring indicators of compromise (IOCs). In this SANS webcast, SANS expert TJ Banasik and AJ Nash, Sr. Director of Cyber Intelligence Strategy for Anomali, review ThreatStream's key benefits, highlight complimentary Anomali products and provide a use-case performance review.

Register today to be among the first to receive the associated product review written by security expert TJ Banasik.

[1] Gartner Research. (2013, May 16). Threat Intelligence. Retrieved March 30, 2020, from