Anomali collaborates with Microsoft to integrate threat data
Threat management solutions provider Anomali announced a collaboration with Microsoft to integrate threat intelligence from the Anomali ThreatStream platform with the security insights customers can obtain from the new Microsoft Graph security API.
The collaboration provides Microsoft and Anomali customers with the ability to correlate cloud service and network activity with adversary threat information. As the work progresses, the integration will provide a complete view of asset and user information from Graph providers allowing for increased time to detection and more relevant and actionable results.
With contextual and historical threat information provided by Anomali, users have access to not only a detailed background, but also logs of current activity of known IoCs and the malicious actors associated with them.
“Historically, it has been a challenge to have consistent visibility into which user was logged into a specific machine at a particular time, and tie this activity to a specific IP address,” said Colby DeRodeff, co-founder and chief strategy officer of Anomali.
“As a result, organizations have struggled to connect the dots between malicious cyber activity, users and systems. Microsoft technologies are at the heart of virtually every organization, providing unique visibility into the user and asset infrastructure. Our integration with the Microsoft Graph security API saves analysts time by simplifying access to security alerts and enhancing these alerts with relevant asset and user information without having to access multiple systems or consoles.”
Sarah Fender, principal group program manager of Microsoft said, “By enabling integration partners like Anomali, Microsoft helps organizations connect security insights from multiple solutions for improved cyber defense. We worked closely with Anomali during private preview of the security API, and the resulting integration showcases the power of enriching security alerts provided by the Security API with threat intelligence and context. Together, we can help organizations stay ahead of adversaries.”
The Anomali and Microsoft teams will be providing demonstrations of the Graph integration at booth N3501 at RSA Conference 2018.