The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

PolySwarm and Anomali integration: malware intelligence and enrichment APIs for ThreatStream

Feb 28, 2020 4:00:00 AM / by PolySwarm Team

Anomali_Twitter

As the volume and complexity of cyber threats increase, contextualizing and prioritizing incidents becomes critical. In addition to the well reported security shortage of talent in this industry, enterprise SOC teams are required to deal with an ever-growing queue of alerts. 

Anomali ThreatStream aggregates and organizes feeds from multiple trusted partners, providing diverse threat intelligence within their platform. PolySwarm seamlessly integrates via API and allows Anomali’s users to obtain file and URL reputation services with a single click, in real-time, from a network of independent malware detection engines. PolySwarm enriches samples with diverse threat indicators and allows threat hunters and SOC analysts to search for and identify relationships between diverse malware families and threat indicators.

PolySwarm uniquely addresses emergent malware by using a network of research-driven engines that compete in real-time to detect threats. These engines are economically rewarded for early and accurate detection.  Enterprises benefit from deeper coverage of the malware landscape and unique threat intelligence. 

POLYSWARM SOLUTION HIGHLIGHTS:

  • Early detection of threats, powered by niche,  research-driven malware engines, with a technology edge within their field; and a strong focus on 0-day threats. 
  • Improved accuracy: Unlike  any other multiscanner, PolySwarm provides economic incentives to engines for early and accurate detection, improving the signal-to-noise ratio and reducing false positives by over 40%.  
  • Faster access to new malware:  At any point in time, over 30% of Polyswarm’s malware samples are not yet in VirusTotal or other third-party malware solutions
  • Sample stream enrichment  Samples enriched at scale with filetype, malware family, cryptographic &  fuzzy hashes, and our Machine Learning driven PolyScore™.
  • Greater Analyst productivity: PolySwarm’s rich metadata allows analysts to easily explore relationships between samples, malware families and other indicators. 
  • Equitable financial model: Polyswarm’s economic model gives niche technologies access to a vast market,  and funds the R&D required to stay on the cutting edge. 

Here’s a look inside Anomali’s ThreatSteam and how PolySwarm looks through their dashboard: 

  • Display file reputation and hash enrichment to understand malware at a glance. Pivot from PolySwarm extracted features to other security tools with just a click. 

Asset 3@4x

 

  •  View detections from a growing list of antivirus companies, security experts, and malware researchers. 

Asset 4@4x

  • Enrich samples with metadata produced by Polyswarm and its partners. 

Asset 2@4x

 

PolySwarm Feature List

  • File Reputation: Query PolySwarm’s cloud service for information on a file with just its SHA1, SHA256 or MD5 hash. 
  • File, URL, IP, Domain Detection: Upload a file, URL, IP, or Domain to PolySwarm (with just a click in Anomali) to have a community of antivirus companies, malware researchers, and security experts provide their analysis.  
  • Enrich sample with Metadata: PolySwarm enriches sample streams with metadata derived from our data asset and our security experts across the globe

How to get started

PolySwarm offers APIs for malware threat intelligence directly on Anomali ThreatStream. 

Evaluate and purchase from the Anomali APP Store:

  • Login to the Anomali Threat Platform
  • Go to the Anomali APP Store and request a trial version of Polyswarmier APIs and Feeds to try it out for yourself. 

Contact your local Anomali salesperson or contact PolySwarm at sales@polyswarm.io

###

About Anomali 

Anomali® detects adversaries and tells you who they are. Organizations rely on the Anomali Threat Platform to detect threats, understand adversaries, and respond effectively. Anomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments. The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide. For more information, visit us at www.anomali.com

About PolySwarm  

PolySwarm is a threat intelligence, enrichment and detection marketplace powered by a global community of security experts & anti-virus companies competing and rewarded to detect threats. Enterprises benefit from deep coverage of the malware landscape delivered by niche, research-driven detection engines focused on emergent and 0-day threats. High performing members are recognized for excellence in their area of security expertise.

Topics: PolySwarm, Product, Partner

PolySwarm Team

Written by PolySwarm Team