Anomali

Anomali was founded in 2013{{Cite news|last=Mishra|first=Pankaj|date=20 February 2014|title=ThreatStream Raises $4M From Google Ventures To Add Realtime Cybersecurity Intelligence|work=TechCrunch|url=https://techcrunch.com/2014/02/20/threatstream-raises-4m-from-google-ventures-to-add-realtime-cybersecurity-intelligence/}} under the name ThreatStream, by Greg Martin and Colby DeRodeff. At that time, the company's products provided filtering and customization options to give companies visibility into indicators of compromise (IOCs).{{Cite web |last=Kerner |first=Sean Michael |date=2016-03-01 |title=ThreatStream Renames and Refocuses Itself as Anomali |url=https://www.eweek.com/servers/threatstream-renames-and-refocuses-itself-as-anomali/ |access-date=2022-07-14 |website=eWEEK |language=en-US}} In 2013, the company launched the first version of ThreatStream, a threat intelligence platform (TIP),{{Cite web|last=Lawson|first=Craig|date=28 July 2020|title=Market Guide for Security Threat Intelligence Products and Services|url=https://www.gartner.com/en/documents/3988089-summary-translation-market-guide-for-security-threat-int|url-status=live|website=Gartner|archive-url=https://web.archive.org/web/20210625040225/https://www.gartner.com/en/documents/3988089-summary-translation-market-guide-for-security-threat-int |archive-date=2021-06-25 }} uses different sources to track known threats, monitor and detect security breaches.{{Cite web |title=Anomali secures $40 million Series D led by Lumia Capital to scale threat detection solution |url=https://techcrunch.com/2018/01/17/anomali-secures-40-million-series-d-led-by-lumia-capital-to-scale-threat-detection-solution/ |access-date=2022-07-08 |website=TechCrunch |date=17 January 2018 |language=en-US}}

In 2016, company rebranded as Anomali and introduced new products and a new approach to threat intelligence.{{Cite news |last=Panettieri |first=Joe |title=Managed Security Services Provider (MSSP) News: 26 August 2020 |url=https://www.msspalert.com/cybersecurity-news/updates-26-august-2020/ |work=MSSP Alert}}{{Cite web |last=Kerner |first=Sean Michael |date=2016-03-01 |title=ThreatStream Renames and Refocuses Itself as Anomali |url=https://www.eweek.com/servers/threatstream-renames-and-refocuses-itself-as-anomali/ |access-date=2022-07-21 |website=eWEEK |language=en-US}} This included providing SaaS and on-premise platforms that customers could use to upload their logs. It launched its second product, Anomali, which later became Anomali Match, an enterprise threat detection service that matched data against threat intelligence for existing IOCs.{{Cite web |date=17 January 2018 |title=Anomali secures $40 million Series D led by Lumia Capital to scale threat detection solution |url=https://techcrunch.com/2018/01/17/anomali-secures-40-million-series-d-led-by-lumia-capital-to-scale-threat-detection-solution/ |access-date=2022-07-29 |website=TechCrunch |language=en-US}}{{Cite web |date=2019-10-01 |title=Anomali Altitude automates detection, analysis, and threat response |url=https://www.helpnetsecurity.com/2019/10/01/anomali-altitude/ |access-date=2022-07-29 |website=Help Net Security |language=en-US}} {{Cite web |last=Kerner |first=Sean Michael |date=2016-03-01 |title=ThreatStream Renames and Refocuses Itself as Anomali |url=https://www.eweek.com/servers/threatstream-renames-and-refocuses-itself-as-anomali/ |access-date=2022-07-21 |website=eWEEK |language=en-US}}

By 2018, Anomali had received $96.3 million in funding from 11 investors, including Paladin Capital Group, Institutional Venture Partners (IVP), GV (formerly Google Ventures), General Catalyst, Telstra Ventures, and Lumina Capital.{{Cite book |last1=Maheshwary |first1=Saket |last2=Misra |first2=Hemant |title=Companion of the Web Conference 2018 on the Web Conference 2018 - WWW '18 |chapter=Matching Resumes to Jobs via Deep Siamese Network |date=2018 |pages=87–88 |location=New York, New York, USA |publisher=ACM Press |doi=10.1145/3184558.3186942|isbn=9781450356404 |doi-access=free }}{{Cite web |title=Anomali secures $40 million Series D led by Lumia Capital to scale threat detection solution |url=https://techcrunch.com/2018/01/17/anomali-secures-40-million-series-d-led-by-lumia-capital-to-scale-threat-detection-solution/ |access-date=2022-09-02 |website=TechCrunch |date=17 January 2018 |language=en-US}} The company works with government and business organizations such as the Bank of England, Citigroup, and Alaska Airlines.{{Cite web |last=Miller |first=Ron |date=2018-01-17 |title=Anomali secures $40 million Series D led by Lumia Capital to scale threat detection solution |url=https://techcrunch.com/2018/01/17/anomali-secures-40-million-series-d-led-by-lumia-capital-to-scale-threat-detection-solution/ |access-date=2022-09-08 |website=TechCrunch |language=en-US}}

In 2019, Anomali introduced Anomali Lens,{{Cite news|last=Kovaks|first=Eduard|date=30 September 2019|title=New Anomali Tool Finds Threat Data in News, Blogs, Social Networks|work=SecurityWeek|url=https://www.securityweek.com/new-anomali-tool-finds-threat-data-news-blogs-social-networks}} a web-browser extension that highlights and collects relevant threat data from web pages. The data is added to ThreatStream and matched with internal network events using Anomali’s Match platform.{{Cite web |title=New Anomali Tool Finds Threat Data in News, Blogs, Social Networks {{!}} SecurityWeek.Com |url=https://www.securityweek.com/new-anomali-tool-finds-threat-data-news-blogs-social-networks |access-date=2022-11-21 |website=www.securityweek.com|date=30 September 2019 }} Since being founded, Anomali has collaborated with partners spanning channel resellers, managed security services providers (MSSPs), systems integrators, and Commercial Threat Intelligence Feed providers to build out the Anomali Preferred Partner Store (Anomali APP Store).{{Cite news|last=Martins|first=Andrew|title=What Is Cyberthreat Intelligence, and Why Do You Need It?|work=Business News Daily|url=https://www.businessnewsdaily.com/11141-cyber-threat-intelligence.html}} Anomali has established a collaborative relationship with Microsoft{{cite web|url=https://venturebeat.com/2018/04/16/microsoft-brings-fresh-intelligence-to-its-security-products/|title=Microsoft brings fresh intelligence to its security products|date=16 April 2018|publisher=}}{{cite web|url=https://www.helpnetsecurity.com/2018/04/17/anomali-microsoft-threat-data/|title=Anomali collaborates with Microsoft to integrate threat data - Help Net Security|date=17 April 2018|publisher=}} to integrate threat intelligence from ThreatStream with security insights from Microsoft Graph security API.{{Cite web |date=2018-04-17 |title=Anomali collaborates with Microsoft to integrate threat data |url=https://www.helpnetsecurity.com/2018/04/17/anomali-microsoft-threat-data/ |access-date=2022-11-08 |website=Help Net Security |language=en-US}} This allowed companies to correlate cloud service and network activity with adversary threat information.{{Cite web |date=2018-04-17 |title=Anomali collaborates with Microsoft to integrate threat data |url=https://www.helpnetsecurity.com/2018/04/17/anomali-microsoft-threat-data/ |access-date=2022-11-08 |website=Help Net Security |language=en-US}} The company also partnered with the National Health Information Sharing and Analysis Center (NH-ISAC) to bring cybersecurity tools and threat intelligence to the healthcare community.{{Cite web |date=2018-03-19 |title=NH-ISAC, Anomali Partner to Improve Secure Healthcare Data Sharing |url=https://healthitsecurity.com/news/nh-isac-anomali-partner-to-improve-secure-healthcare-data-sharing |access-date=2022-11-08 |website=HealthITSecurity |language=en-US}}

In March 2021, the company signed a partnership with Netpoleon, a network security distributor.{{Cite web |title=Anomali signs first A/NZ distie deal with Netpoleon |url=https://www.arnnet.com.au/article/687218/anomali-signs-first-nz-distie-deal-netpoleon/ |access-date=2022-11-21 |website=www.arnnet.com.au}} This was the company’s first partnership in Australia and New Zealand.{{Cite web |title=Anomali signs first A/NZ distie deal with Netpoleon |url=https://www.arnnet.com.au/article/687218/anomali-signs-first-nz-distie-deal-netpoleon/ |access-date=2022-11-21 |website=www.arnnet.com.au}} In January 2022, a distribution agreement was signed with ACA Pacific to reach markets in Singapore, Malaysia, Indonesia, and Thailand.{{Cite web |title=Anomali builds out ASEAN threat intelligence presence with ACA Pacific |url=https://channelasia.tech/article/694648/anomali-builds-asean-threat-intelligence-presence-aca-pacific/ |access-date=2022-11-21 |website=channelasia.tech}}

In 2021, Anomali joined MITRE Engenuity’s Center for Threat-Informed Defense to collaborate on the Attack Flow Project to better understand adversary behavior and improve defensive capabilities.{{Cite web |date=2022-03-29 |title=Top 10 cyber threat intelligence tools |url=https://cybermagazine.com/operational-security/top-10-cyber-threat-intelligence-tools |access-date=2022-10-01 |website=cybermagazine.com |language=en}} This partnership culminated with the public release of the project in March 2022.{{Cite web |last=Baker |first=Jon |date=2022-03-02 |title=Attack Flow — Beyond Atomic Behaviors |url=https://medium.com/mitre-engenuity/attack-flow-beyond-atomic-behaviors-c646675cc793 |access-date=2022-10-01 |website=MITRE-Engenuity |language=en}}

In March 2022, the company released its Cloud-Native XDR (eXtended Detection and Response) solution.{{Cite web |first=Dan |last=Kobialka |date=2022-03-01 |title=Anomali Unveils Cloud XDR Solution: Here's What MSSPs Need to Know |url=https://www.msspalert.com/cybersecurity-services-and-products/xdr/anomali-unveils-cloud-xdr-solution-heres-what-mssps-need-to-know/ |access-date=2022-08-15 |website=MSSP Alert |language=en-US}}{{Cite web |date=2021-07-01 |title=New Anomali Match Features Provide Extended Detection and Response (XDR) Capabilities that Help Customers Stop Breaches and Attackers |url=https://www.businesswire.com/news/home/20210701005813/en/New-Anomali-Match-Features-Provide-Extended-Detection-and-Response-XDR-Capabilities-that-Help-Customers-Stop-Breaches-and-Attackers |access-date=2022-08-15 |website=www.businesswire.com |language=en}} It works with Anomali’s threat intelligence and IOC repositories to help companies improve existing security infrastructure.{{Cite web |date=2022-03-03 |title=Anomali XDR solution helps enterprises against advanced cyber threats |url=https://www.helpnetsecurity.com/2022/03/03/anomali-xdr/ |access-date=2022-08-15 |website=Help Net Security |language=en-US}} It can be integrated with the MITRE ATT&CK framework and other security frameworks.{{Cite web |first=Dan |last=Kobialka |date=2022-03-01 |title=Anomali Unveils Cloud XDR Solution: Here's What MSSPs Need to Know |url=https://www.msspalert.com/cybersecurity-services-and-products/xdr/anomali-unveils-cloud-xdr-solution-heres-what-mssps-need-to-know/ |access-date=2022-11-21 |website=MSSP Alert |language=en-US}}

That same month, Anomali started its Resilience Partner Program for Global Systems Integrators (GSIs), Value Added Resellers (VARs), Distributors, and service providers.{{Cite web |date=March 17, 2022 |title=Anomali releases Resilience Partner Program to meet growing demand for cybersecurity services |url=https://www.helpnetsecurity.com/2022/03/17/anomali-resilience-partner-program/}} The program gives partners simplified access to the Anomali Platform and Cloud-Native XDR.{{Cite web |date=March 17, 2022 |title=Anomali releases Resilience Partner Program to meet growing demand for cybersecurity services |url=https://www.helpnetsecurity.com/2022/03/17/anomali-resilience-partner-program/}}

In January 2019, Anomali uncovered a phishing scam targeting Australian businesses.{{Cite web |last=Powell |first=Dominic |date=2019-01-16 |title=Government warns SMEs of new scam luring businesses into applying for fake tender contracts |url=https://www.smartcompany.com.au/technology/austender-scam-fake-tender-contracts/ |access-date=2022-08-17 |website=SmartCompany |language=en-US}} Hackers would email companies, claim that they had been selected by the Department of Infrastructure and Regional Development to submit a tender for a commercial project, and then require companies to register in the tender portal to continue. The link in the email took businesses to a replica site of the government's AusTender website. The ATR team alerted the government to the scam.{{Cite web |last=Powell |first=Dominic |date=2019-01-16 |title=Government warns SMEs of new scam luring businesses into applying for fake tender contracts |url=https://www.smartcompany.com.au/technology/austender-scam-fake-tender-contracts/ |access-date=2022-08-17 |website=SmartCompany |language=en-US}}

In July 2019, the ATR observed a new ransomware targeting QNAP Network Attached Storage (NAS) devices and named it eCh0raix.{{Cite web |title=New eCh0raix Ransomware Brute-Forces QNAP NAS Devices |url=https://www.bleepingcomputer.com/news/security/new-ech0raix-ransomware-brute-forces-qnap-nas-devices/ |access-date=2022-08-26 |website=BleepingComputer |language=en-us}} A decryptor was released in August.

In December 2019, Anomali published research that said that Gamaredon, a hacking group, had launched attacks targeting Ukrainian military and government agencies, including the Ministry of Foreign Affairs, journalists, law enforcement, and nongovernmental organizations (NGOs).{{Cite web |date=2019-12-09 |title=Possible APT attacks against Ukraine expand to target journalists, researchers say |url=https://www.cyberscoop.com/gamaredon-apt-ukraine-anomali-foritnet/ |access-date=2022-09-01 |website=CyberScoop |language=en}} The attacks started in mid-September.

In June 2020, the company identified twelve apps posing as coronavirus contact tracing apps that were designed to steal personal and financial information from Android users.{{Cite web |title=Fake contact-tracing apps delivering banking trojans |url=https://www.computerweekly.com/news/252484584/Fake-contact-tracing-apps-delivering-banking-trojans |access-date=2022-09-08 |website=ComputerWeekly.com |language=en}}{{Cite web |date=2020-06-10 |title=Hackers use fake contact tracing apps in attempt to install banking malware on Android phones |url=https://www.cyberscoop.com/contact-tracing-hacking-security-anomali/ |access-date=2022-09-08 |website=CyberScoop |language=en}} Four of the apps used either the Anubis banking malware or the SpyNote Trojan.{{Cite web |date=2020-06-10 |title=Hackers use fake contact tracing apps in attempt to install banking malware on Android phones |url=https://www.cyberscoop.com/contact-tracing-hacking-security-anomali/ |access-date=2022-09-15 |website=CyberScoop |language=en}} The apps targeted people in Armenia, Brazil, Colombia, India, Indonesia, Iran, Italy, Kyrgyzstan, Russia and Singapore.{{Cite web |title=Fake contact-tracing apps delivering banking trojans |url=https://www.computerweekly.com/news/252484584/Fake-contact-tracing-apps-delivering-banking-trojans |access-date=2022-09-15 |website=ComputerWeekly.com |language=en}}

in February 2021, ATR identified a cyberespionage campaign targeting UAE and Kuwait government agencies.{{Cite web |title=Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies |url=https://thehackernews.com/2021/02/iranian-hackers-utilize-screenconnect.html |access-date=2022-11-14 |website=The Hacker News |language=en}} The work was attributed to Static Kitten (aka MERCURY and MuddyWater) and the objective was to install the remote management tool ScreenConnect with "unique launch parameters that have custom properties with malware samples and URLs masquerading as the Ministry of Foreign Affairs of Kuwait and the UAE National Council".{{Cite web |title=Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies |url=https://thehackernews.com/2021/02/iranian-hackers-utilize-screenconnect.html |access-date=2022-11-14 |website=The Hacker News |language=en}} Static Kitten is a state-sponsored hacking group believed to be working for Iran's Islamic Republic Guard Corps.{{Cite web |title=Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies |url=https://thehackernews.com/2021/02/iranian-hackers-utilize-screenconnect.html |access-date=2022-11-14 |website=The Hacker News |language=en}}

In May 2021, the team identified threat actors who were using Microsoft Build Engine (MSBuild) to filelessly deliver remote access trojans and password-stealing malware on targeted Windows systems.{{Cite web |title=Hackers Using Microsoft Build Engine to Deliver Malware Filelessly |url=https://thehackernews.com/2021/05/hackers-using-microsoft-build-engine-to.html |access-date=2022-11-23 |website=The Hacker News |language=en}} The campaign had been active since April, with the attackers using the Microsoft application to load the attack code, thereby avoiding any traces of infection.{{Cite web |title=Hackers Using Microsoft Build Engine to Deliver Malware Filelessly |url=https://thehackernews.com/2021/05/hackers-using-microsoft-build-engine-to.html |access-date=2022-11-23 |website=The Hacker News |language=en}}{{Cite web |title=Microsoft build tool abused to deliver password-stealing malware |url=https://www.bleepingcomputer.com/news/security/microsoft-build-tool-abused-to-deliver-password-stealing-malware/ |access-date=2022-11-23 |website=BleepingComputer |language=en-us}} The samples analyzed by Anomali delivered Remcos RAT, Quasar RAT, and RedLine Stealer.{{Cite web |title=Hackers Using Microsoft Build Engine to Deliver Malware Filelessly |url=https://thehackernews.com/2021/05/hackers-using-microsoft-build-engine-to.html |access-date=2022-11-23 |website=The Hacker News |language=en}}{{Cite web |title=Microsoft build tool abused to deliver password-stealing malware |url=https://www.bleepingcomputer.com/news/security/microsoft-build-tool-abused-to-deliver-password-stealing-malware/ |access-date=2022-11-23 |website=BleepingComputer |language=en-us}}

In September, ATR identified action from the FIN7 financial cybercrime gang.{{Cite web |title=FIN7 Capitalizes on Windows 11 Release in Latest Gambit |url=https://threatpost.com/fin7-windows-11-release/169206/ |access-date=2022-11-23 |website=threatpost.com |date=3 September 2021 |language=en}} The gang was delivering JavaScript backdoors using Word documents to steal payment-card data.

• ThreatStream - a threat intelligence platform that automates threat detection, investigation, and response; collects intelligence from different sources{{Cite web |last=Zurier |first=Steve |date=2020-10-31 |title=Anomali |url=https://www.scmagazine.com/product-test/content/anomali-platform |access-date=2022-10-06 |website=SC Media |language=en}}{{Cite web |title=Shore Up Your Defenses With Cyber Threat Intelligence - businessnewsdaily.com |url=https://www.businessnewsdaily.com/11141-cyber-threat-intelligence.html |access-date=2022-10-06 |website=Business News Daily |language=en}}
• Match - a breach detection platform that will match external threat intelligence to internal events{{Cite web |title=New Anomali Tool Finds Threat Data in News, Blogs, Social Networks {{!}} SecurityWeek.Com |url=https://www.securityweek.com/new-anomali-tool-finds-threat-data-news-blogs-social-networks |access-date=2022-10-06 |website=www.securityweek.com|date=30 September 2019 }}
• Lens - a web browser-based plugin that uses natural language processing (NLP) to scan structured and unstructured internet content to automate the identification of adversaries, malware, and cyber threats that are present in the users' network, actively attacking the user's network, or newly detected
• Anomali Preferred Partner (APP) Store - companies can use APP to purchase additional intelligence; the store was created by collaborating with channel resellers, Managed Security Services Providers (MSSPs), Systems Integrators, and Commercial Threat Intelligence Feed providers.{{Cite web |title=Shore Up Your Defenses With Cyber Threat Intelligence - businessnewsdaily.com |url=https://www.businessnewsdaily.com/11141-cyber-threat-intelligence.html |access-date=2022-10-25 |website=Business News Daily |language=en}}
• Cloud-Native XDR - helps companies monitor and improve their existing security telemetry infrastructure{{Cite web |first=Dan |last=Kobialka |date=2022-03-01 |title=Anomali Unveils Cloud XDR Solution: Here's What MSSPs Need to Know |url=https://www.msspalert.com/cybersecurity-services-and-products/xdr/anomali-unveils-cloud-xdr-solution-heres-what-mssps-need-to-know/ |access-date=2022-10-25 |website=MSSP Alert |language=en-US}}

• AT&T Cybersecurity
• Cyber threat intelligence
• Vulnerability management

{{reflist}}

• {{Official website}}

Category:Companies based in Redwood City, California

Category:Software companies established in 2013

Category:Security companies of the United States

Category:Computer security software companies

Category:Privately held companies based in California