FeatureThe Middle East represents one of the most vibrant economies in the world while promising to be a cradle of innovation for decades to come. This is not lost on cybercriminals, who continue to hammer the region’s businesses with ongoing attacks. With the emergence of bold initiatives such as NEOM in Saudi Arabia and other expansive plans, comes the threat of even more adversaries. To combat threats, organisations are rapidly adopting advanced technologies such as threat intelligence to help stay ahead of the assaults.
The threats in the Middle East are not unlike those that are active in other regions and countries. They are topped by nation state actors, rounded out by more common incidents such as financial cybercrimes, that take advantage of the transient nature of regional populations in most of these countries. The political climate in the Middle East also generates its own threat landscape as various countries compete with each other for an economic advantage.
The current pandemic situation is also an opportunity for attackers to take advantage of, leading to an unprecedented number of cyber campaigns globally. In this region for example, lures in Arabic will get more attention than something in English.
What is threat intelligence?
“Threat intelligence is not just about detecting external threats. A key requirement is also situational awareness, by taking external data and marrying it with internal telemetry to find correlations between the two data sets,” explains Khaled Chatila, Regional Sales Director, Middle East, Turkey and Africa, Anomali.
Top level executives like to see a return on any of their investments and a threat intelligence programme is no different. In the early stages, the value of a threat intelligence programme is not clearly visible as it takes time to ramp up. With the lack of available and experienced threat intelligence analysts, it may be quick to pass judgement on the programme not providing value back to the business. On the other hand, security operation teams understand and appreciate the value a threat intelligence programme provides.
Organisations with mature IT and security policies have started seeing returns from threat intelligence. A recently published ESG report describes how Anomali can provide as much as 233% return in certain circumstances. One organisation reported 70% drop in analyst’s time spent on collecting, managing and curating intelligence indicators, giving back valuable time for more critical tasks. A good threat intelligence programme could provide feedback to business on which intelligence data products should be purchased.
“With Anomali’s technology being an enabler, the organisation’s ability to analyse massive amounts of data and contextualise it for the business, gets enhanced,” says Chatila. The organization can run retrospective searches, detecting unknown threats, and reduce the dwell times of attackers within networks. The average time to discover a threat can range from 120 to 200+ days before being discovered.
To help C-level executives understand the possible return on investment, Anomali has created tools such as Anomali Lens+, giving direct access to business leaders on how a threat may impact the business. This enables threat intelligence analysts to build reports for an organisation’s stakeholders.
Core product strength
Anomali’s core strength is its ability to combine global threat intelligence data with a customer’s unique internal network telemetry to produce a threat match. The internal SIEM is not entirely capable of matching threats, since the SIEM has to deal with an impediment to its operation, the number of IOCs that it can reliably process against the potential Terabytes of data stored within.
This is a gap that Anomali’s Match was built to address from the ground up, as it collects only metadata from the SIEM. Anomali Match can rapidly process the metadata of full event logs in a fraction of the time, and compare it to many millions of indicators to detect matches. The metadata occupies roughly 8% of the full event storage requirements boosting the speed and search capabilities of Anomali’s Match.
With every subscription, Anomali provides a middleware component named Anomali Integrator. This component provides the capabilities to perform integrations with third party security solutions at a granular level. Should a customer have a technology not supported, they can use an integration option such as by CSV or JSON, or similar technologies, along with an SDK for which customers may code their own custom integrations.
Opportunities for channel
Anomali has a wide channel network leveraging its distribution partner in the Middle East. This gives access to a range of channel partners for many of whom, threat intelligence may not be an in-house skillset. However, for those channel partners with good cyber security skills, they can be enabled to qualify and approach threat intelligence opportunities. The professional services for such opportunities will be delivered by Anomali including deployment and enablement of end users.
Most cyber security channel partners are a good fit for Anomali’s partner programme. Not many channel partners have cyber threat intelligence analysts, since it is highly specialized role. Anomali has a team that assists channel partners in guiding the end user towards a suitable combination of product plus services to achieve desired results.
Channel partners experienced in threat intelligence can ask the right questions and collect the required information from an end user. This information includes size of operations, specific needs, active markets, brand exposure, geographical regions, industry verticals, amongst others. Using Anomali’s software and services, channel partners can fill the gaps in existing programmes or build an effective programme.
Strengths of Anomali’s threat intelligence solution
- Anomali’s core strength is ability to combine global threat intelligence with a customer’s network telemetry.
- An ESG report describes how Anomali can provide as much as 233% return.
- Using Anomali an organisation’s ability to analyse massive amounts of data gets enhanced.
- Anomali Match can process the metadata of full event logs and compare it to many millions of indicators to detect matches.
- Anomali Lens+ gives business direct access on how a threat may impact it.
- Anomali Integrator provides integrations with third party security solutions at a granular level.
- Most cyber security channel partners are a good fit for Anomali’s partner programme.
