May 21, 2021
What is Threat Intelligence?
Cyber threat intelligence is a subset of intelligence focused on information security. This curated information is intended to help make better decisions about how to defend an organization from cyber-based threats. Some of the questions threat intelligence can answer includes:
- Who are the adversaries in our vertical, and how might they attack me?
- How are attack vectors detected in the tools used in our company?
- What should my security operations teams be prepared to detect?
- How can I ascertain the severity or risk of a cyber attack?
Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications, and actionable advice, about an existing or emerging menace or hazard to assets.
Castra can use this to make informed decisions regarding the detection and/or response to that menace or hazard.
How does Castra use Anomali?
The Anomali platform enables Castra to instantly identify what matters most to our customers and empowers them to quickly distill that data into actionable intelligence.
The Anomali platform consists of the following three products:
- Anomali ThreatStream improves efficiency when handling large volume and/ or multiple threat intelligence feeds with full integration with top cybersecurity tools.
- Anomali Match accelerates forensics activities with a powerful engine to compare that threat data with information throughout an environment—not just today, but in previous periods to see whether a newly discovered threat has already been present.
- Anomali Lens puts threat intelligence directly into the hands of analysts, with an innovative, easy-to-use color-coded indicator of whether that threat is relevant to a customer organization.
Castra utilizes Anomali and solutions like Exabeam in unison to better detect threats for our clients and strengthen their security posture with industry-specific data.