Threat management firm Anomali announced on Jan. 17 that it has raised $40 million in a Series D round of funding. The new funding will be used to help the company advance its security platform that enables organizations to identify and collaborate on cyber-threats.
The new round of funding was led by Lumia Capital and brings total funding to date for Anomali up to $96 million. Anomali’s last round of funding was announced in April 2016 when the company brought in $30 million as part of its Series C round. Anomali was originally known as ThreatStream, and rebranded in February 2016 as the company expanded its focus.
“This is a growth stage investment, with investors taking hard metrics from the company and determining if it’s a viable investment,” Hugh Njemanze, CEO of Anomali, told eWEEK. “At the end fo the day, this is a very good vote of confidence that this is a strong business.”
Part of Anomali’s growth over the past year has been fuelled by adoption of the company’s free STAXX tool for consuming STIX (Structured Threat Information Expression) and TAXII (Trusted Automated eXchange of Indicator Information) data feeds. STAXX debuted in November 2016 as a way to help organizations make use of threat intelligence feeds.
Njemanze explained that what he has seen over the past year is organizations starting out with STAXX and then migrating over to Anomali’s commercial platforms including ThreatStream and Anomali Enterprise, to get additional capabilities.
“STAXX has enabled us to build strong relationships with a lot of the ISACs (Information Sharing and Analysis Center),” Njemanze said.
Anomali has made STAXX available to ISACs around the world to serve as a hubs for information sharing. Njemanze added that in addition to working with domestic ISACs in the U.S., Anomali has helped other countries to build their own ISAC groups. One such group is an ISAC for the United Arab Emirates (UAE) Banks Federation (UBF) which represents 48 member banks.
Real-Time Forensics
When Anomali got started as ThreatStream, a core goal of the company was to provide expanded analysis for Security Information and Event Management (SIEM) systems like ArcSight and qRadar. Njemanze was previously a co-founder and former CEO of ArcSight, which HP acquired for $1.5 billion in 2010. What has occurred over the last few years is that Anomali has recognized new use-cases for its software platforms, including the ability to deliver real-time forensics.
“When there is a highly publicized attack like WannaCry for example, the first thing people want to know is not just how to block the threat, but whether or not they have already been breached,” Njemanze said. “One of the unique capabilities of Anomali Enterprise is to actually answer that question immediately.”
Njemanze explained that with Anomali Enterprise, the Indicators of Compromise (IOCs) for a given attack can be input into the system to help determine if an organization has been impacted. He added that Anomali has been working to improve the real-time forensics including a real-time notification feature for any new threats that are reported.
“So now organizations can get real-time notifications for any inbound indicators,” Njemanze said.
Looking forward, Anomali is working on new products for 2018, including offerings that will bring the company to the mid-market. To date, Njemanze said that Anomali has been largely catering to large enterprises, though he’s confident there is an opportunity to bring some of the capabilities from Anomali Enterprise to smaller organizations, at a lower price point.
“We’re very excited to be able to expand our footprint and make our technology available to a broader market,” Njemanze said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.