Anomali ThreatStream: Threat Intelligence Product Overview and Insight

See the complete list of top threat intelligence companies.

Company Description

Anomali was created in 2013 and has since grown to 200+ employees. It is privately held with several venture capital investors. It has offices in Redwood City, Belfast, Boston, London and Germany. Anomali’s series C funding raised $30 million in 2016, raising the total funding to more than $56 million since launching in 2013.

Product Description

The Anomali suite of threat intelligence solutions is said to empower organizations to detect, investigate and respond to active cybersecurity threats. Its ThreatStream threat intelligence platform aggregates and optimizes millions of threat indicators, creating a “cyber no-fly list.” Anomali integrates with internal infrastructure to identify new attacks, searches forensically over the past year to discover existing breaches, and enables security teams to quickly understand and contain threats. Anomali also offers STAXX, a free tool to collect and share threat intelligence, and provides a free, out of the box intelligence feed, Anomali Limo.

Features include:

  • data collection from multiple sources and formats
  • normalization, enrichment, de-duplication of data, and removal of false positives
  • integration with security tools such as SIEMs, firewalls, IPS, endpoints, etc.
  • workflows and functionalities to analyze and share data
  • brand monitoring (automatic search for typosquatted domains & compromised credentials)
  • sandboxing (research malicious indicators directly within the ThreatStream platform)
  • extracting data from suspected phishing emails for immediate blocking

“Anomali ThreatStream is a central platform for collecting, managing, and sharing threat intelligence,” said Payton Bush, Product Marketing Manager at Anomali. “Integration with common security solutions ensures that organizations can identify and respond to the threats relevant to their environment.”


Anomali ThreatStream does not use agents.

Markets and Use Cases

Bush said Anomali provides value for any organization across any industry vertical that is looking to leverage threat intelligence. Anomali’s ThreatStream Platform is used by 30% of the Fortune 100. Current customers also include 4 out of 5 major U.S. banks, as well as the Bank of England.

Applicable Metrics

ThreatStream consumes both structured and unstructured data from hundreds of threat intelligence feeds, processing millions of Indicators of Compromise (IOCs).

Security Qualifications

Anomali has a SOC2 Type I certification.


Anomali’s ThreatStream platform utilizes MACULA, a machine learning algorithm, to score and weight indicators and remove false positives. The ThreatStream platform automates traditionally manual data curation tasks. It also integrates with other security products, including SIEMs, firewalls, endpoint products and more.


ThreatStream is available as a SaaS, on-premises, or hybrid solution. With the hybrid solution, customers can pull information down from the cloud without any of the data that they personally manage leaving their network.


Pricing for the ThreatStream Platform varies based on the customer environment.

Drew Robb
Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including ServerWatch and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

Latest articles

Top Cybersecurity Companies

Related articles


Please enter your comment!
Please enter your name here