Recent attacks related to the Apache Log4j vulnerabilities, Solar Winds, and the Emotet ransomware resurgence require global visibility, big data correlation and a comprehensive response to get ahead of the attack chain. Anomali’s platform, including ThreatStream, Lens, and Match accelerates response by leveraging the largest global intelligence repository to pinpoint threats in seconds, giving security professionals the tools they need to respond both to the attack, and the attacker.
Here is how Defenders using Anomali got ahead of Log4j by effectively detecting the threat and prioritizing the response.
Threat Investigation. To start, Defenders had Anomali’s machine learning curated intelligence on Log4j within hours of global discovery. This included all known attack indicators and impacted vulnerabilities displayed on a dashboard that visualized the potential risk, allowing them to either further investigate, or to immediately respond.
Threat Research. Defenders that chose to continue their research used Anomali’s Investigation capability to enrich the Log4j data with context on observed vulnerabilities, geolocation of attackers, and other intelligence that further increased fidelity. Additionally, using Anomali Lens, Defenders researched public, private, and security monitoring intel sources to collect new attack information to be used for detection.
Threat Detection. Defenders used the high-fidelity signals collected through the investigation and research process to quickly detect Log4j attacks using Match Forensic and Retrospective search. Able to correlate a massive amount of security telemetry together with global intelligence, Match determined whether the organization was a victim of a Log4j attack within seconds. And because most advanced attacks leverage techniques that have existed for years, Match’s big data approach was able to detect other breaches going back as far as five years.
Threat Response. Finally, using Anomali’s MITRE ATT&CK das ..
Support the originator by clicking the read the rest link below.
