Anomali ThreatStream

SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also showed that 70% are overwhelmed with threat data. Anomali ThreatStream® makes it easier for security teams to achieve the full promise of threat intelligence. ThreatStream automates all the processes for collecting, managing and integrating threat intelligence, and gives security analysts the tools and resources to respond quickly to active threats.
Collect
ThreatStream manages ingesting intelligence from many disparate sources, including:

• STIX/TAXII feeds

• Open source threat feeds

• Commercial threat intelligence providers

• Unstructured intelligence: PDFs, CSVs, emails

• ISAC/ISAO shared threat intelligence

Manage
ThreatStream takes raw threat data and turns it into rich, usable intelligence:

• Normalizes feeds into a common taxonomy

• De-duplicates data across feeds

• Removes false positives

• Enriches data with actor, campaign, and TTP

• Associates related threat indicators

Integrate
ThreatStream integrates with internal security systems to make threat intelligence actionable.

• Deep integration with SIEM, FW, IPS, and EDR

• Scales to process millions of indicators

• Risk ranks threats via machine learning

• Includes Threat Bulletins from Anomali Labs

• Secure, 2-way sharing with Trusted Circles