What is our primary use case?
The main use cases for Anvilogic are around detections and detection engineering, trying to accomplish everything from identifying, prioritizing threats, baselining current capabilities, and, based on the threat prioritization, identifying the gaps and recommended use cases that we will have to deploy to bridge those gaps. These are the use cases that we have deployed.
How has it helped my organization?
We enjoy a good partnership with the Anvilogic product and engineering teams. We could put many features that were not available in their pipeline, and they are quick to deliver key features for us. Deploying Anvilogic required training our team to adopt it, but during the evaluation, we planned our success criteria, which included training. The Anvilogic team has been with us since the beginning of the evaluation until now, maintaining the same cadence of meetings to review progress and areas for improvement, which is very helpful as a customer because we know they are not just after the next sale.
We were one of the first customers of Anvilogic, so many of its features were still under development when we began our journey with them. During the first 90 days, our primary focus was on migrating our detection content from the previous platform to Anvilogic. We concentrated on ensuring that this migration was done correctly. As we got more familiar with the platform, we discovered that Anvilogic has a highly robust detection library, with over 3,000 detections available. Their research team plays a crucial role in building these detections. Initially, we only deployed our custom detections that we had migrated, but over time, we began utilizing the detections from the library as well.
With each new feature that was released, we found our experience improved significantly. For instance, we appreciated the option to automatically deploy recommended detections. The insights capability was particularly impactful for us, as it automatically identified recommendations for tuning our use cases and fixing issues that needed attention. It also helped us discover areas we weren't actively monitoring. These differentiating features made a significant difference in our operations. Although it took us nearly a year to fully adopt Anvilogic, we are now at a point where all key stakeholders on the security operations team love the product and the user experience. Most importantly, we value the level of support we receive from Anvilogic.
From a maturity perspective, it has been very easy to measure our detection maturity over time. By using this detection engineering platform, we can manage the entire detection engineering lifecycle. Therefore, it’s simple to show executives our progress: where we started, where we currently are, and what remains to be done. We can also demonstrate how our maturity is evolving as new threats are identified and how we respond to them. All of this information is easy to justify thanks to the maturity dashboards available within the platform.
What is most valuable?
The features of Anvilogic that I prefer the most include having a holistic approach, from identifying the concept of analyzing maturity, doing it similarly to how we were doing it, looking at data maturity, data timeliness, data availability, and then into our detection maturity, and not only looking at prioritized detections needed for our specific area or domain, which was very important for us. From that point, deploying any recommended content is very simple.
Another important feature is the concept of a multistage threat scenario. After we started subscribing to Anvilogic, in future releases, they built out new features around automated threat detections and insights, such as health insights, hunt insights, and tuning insights, which are all neat features that allow my team to be more efficient.
What needs improvement?
I believe the future is very exciting, especially regarding the agentic approaches that have gained popularity following the rise of generative AI and large language models. We fully expect that within a year, Anvilogic will incorporate some level of agentic workflow capabilities. We might adopt these features solely within Anvilogic, or we may choose to integrate them with our own homegrown agentic workflows. This is the direction I see for Anvilogic's adoption moving forward.
Anvilogic can be improved by focusing on the agentic way of doing things, similar to what we saw with Monte Copilot, which still needs work. The team is currently doing that work as seen in the roadmap, including having an agent for search, a detection agent, and a hunt agent, making those concepts come to fruition.
For how long have I used the solution?
We started looking at Anvilogic in late 2021, and then we started evaluating them in early 2022. By late 2022, we were already subscribed to Anvilogic.
What do I think about the stability of the solution?
Other than scheduled downtimes, I have not experienced any outages.
What do I think about the scalability of the solution?
Anvilogic scales effectively with the growing needs of our organization, and we don't have issues when onboarding our primary stakeholders into the platform. They can use it and receive necessary training and coaching, while the most important part is that we can meet with the Anvilogic customer success team almost weekly to review our adoption and share feedback.
How are customer service and support?
They are top-notch. They are always available. The customer service team is always available to us. The product management and the product engineering team are available to us if we need to review something with them.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
Like many companies in this field, we utilize the MITRE ATT&CK framework to benchmark our current capabilities and build detections. Each year, at the beginning of the year, we download the latest version of the MITRE ATT&CK framework and assess our current detections. We tag and benchmark them, prioritize threats, and identify which use cases require new detection capabilities. Previously, this process took my team about two to three weeks, and we only performed it annually. However, around 2021, MITRE introduced the concept of sub-techniques. Initially, we were analyzing around 300 techniques, but now we have to analyze over 600. This effectively doubled the time that my team needed to complete the analysis. The work became repetitive and monotonous. As a result, I began searching for a solution that could streamline this process.
When Anvilogic reached out, we discussed our detection processes, and they explained the capabilities of their platform. It felt like a meeting of the minds because what we were doing manually, they could automate. We realized this solution could save us a significant amount of time and make us more agile. By automating the processes of prioritization, identifying gaps, and deploying recommended detections, we could conduct threat prioritization exercises whenever necessary. Given that the threat landscape evolves almost daily, completing these exercises only once a year would put us at a disadvantage. When we recognized Anvilogic’s capabilities, we knew we had to consider their solution.
In early to mid-2021, Anvilogic was the only one doing it this way. We were doing it manually while they were building it, and now there are many similar companies emerging, but we are happy with the success we have had with Anvilogic, choosing to partner with them and providing feedback and feature requests they can incorporate into subsequent releases.
How was the initial setup?
Since Anvilogic was a new concept and product, we needed to invest a lot of time in training our team to adopt it. Fortunately, during the evaluation phase, we established clear success criteria, one of which was training on Anvilogic. The Anvilogic team has been with us from the very beginning of this process and continues to support us today.
We have detections in multiple places. Most of our detections are on-prem, but there are some that are in the cloud. We use their integration pipelines to bring all of them together.
What's my experience with pricing, setup cost, and licensing?
It was fair. All of us like to deal with vendors who have a certain level of integrity, and the people who run Anvilogic have the highest level of integrity, which makes those sorts of negotiations much easier.
Which other solutions did I evaluate?
During our evaluation, we encountered many products making various promises. However, when it came to Anvilogic, they were able to identify key aspects of our processes during the evaluation period, which was impressive. This demonstrated that the Anvilogic product was engineered effectively and was functioning as intended. As a result, we started to trust both the team and the platform more.
Since then, we have enjoyed a strong partnership with the Anvilogic product and engineering teams. There were times when features we needed were not initially available, but we were able to communicate our requests, and they were quick to prioritize and deliver those key features for us.
What other advice do I have?
If Anvilogic were to disappear tomorrow, my heart would break. My advice to Anvilogic is to prioritize my request.
I would rate Anvilogic a nine out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.