TrustRadius: an HG Insights company

Anomali ThreatStream

Score6.4 out of 10

12 Reviews and Ratings

Get a Demo

What is Anomali ThreatStream?

A solution to operationalize actionable data and insights to secure any organization. Anomali ThreatStream provides curated access to the a global repository of threat intelligence, delivering enrichment, contextualization, and detection of known and emerging threats.

Categories & Use Cases

Reviews

What users are saying about Anomali ThreatStream.
View all reviews

Anomali ThreatStream - Review from an MSSP user

Incentivized
Verified User
Team Lead in Information Technology (501-1000 employees employees)

Use Cases and Deployment Scope

We are one of the largest MSSPs in the region, and threat intelligence requirements are very critical for us to provide the best-in-class services to our esteemed customers. We are living in an era where the security threat landscape changes each second, and it becomes imperative that we keep up to terms with the latest developing threats. Anomali ThreatStream provides us a platform that we can leverage to stay updated about the latest happenings in Cybersecurity.

Pros

  • Provides high confident IOCs that can be used to sweep across logs.
  • Provides an excellent platform to research about security content.
  • Helps support our internal content development program by providing information about the latest campaigns, threat actors, malware, etc.

Cons

  • The user interface, perhaps there is some room for improvement although it is good already.
  • Confidence assigning process for IOCs needs to be more robust and transparent.
  • While integration with SIEM solutions is a cakewalk, there is definitely added value if SIGMA rule conversion and YARA rule creation are provided from the platform.

Most Important Features

  • The platform itself offers a great place to research the current threat landscape.
  • IOC ingestion directly in to SIEM for advanced correlation using rules created in SIEM.
  • Threat Bulletins delivered periodically that cater to security know-how requirements.

Return on Investment

  • We have seen a positive ROI as the security monitoring is taken to the next level when it is augmented with threat intel data that Anomali provides.
  • Our customers are very satisfied with the periodic threat reports that we send, which are created using Anomali ThreatStream.
  • The overall business objectives are met as Threat Intel is one of the most important pillars when it comes to providing security services, and we use Anomali ThreatStream extensively for that.

Alternatives Considered

Recorded Future

Other Software Used

Arcsight Enterprise Security Manager (formerly HP Arcsight), Splunk Enterprise Security (ES), Palo Alto Networks Next-Generation Firewalls - PA Series

Fundamentally built threat intelligence

Incentivized
Verified User
Analyst in Information Technology (10,001+ employees employees)

Pros

  • Indicators of Compromise
  • Signatures
  • Community Sharing

Cons

  • Platform Features
  • Integration
  • Additional IOCs

Most Important Features

  • Sandboxing features via JoeSSandbox
  • Threat Intelligence
  • Community platform

Return on Investment

  • Threat intelligence
  • Security posture
  • Compliance

Other Software Used

VMware Carbon Black App Control (formerly Cb Protection), ReliaQuest, Cofense Vision