Try our new research platform with insights from 80,000+ expert users
Anomali Logo

Anomali Reviews

Vendor: Anomali
3.9 out of 5
Leave a review

What is Anomali?

Anomali delivers advanced threat intelligence solutions designed to enhance security operations by providing comprehensive visibility into threats and enabling real-time threat detection and management.

Get the Threat Intelligence Platforms Buyer's Guide and find out what your peers are saying about Anomali, CrowdStrike Falcon, Wazuh and more!
Anomali is the #8 ranked solution in top Threat Intelligence Platforms, #18 ranked solution in top User Entity Behavior Analytics (UEBA) solutions, #22 ranked solution in top Advanced Threat Protection (ATP) solutions, #27 ranked solution in XDR Security products, and #33 ranked solution in top Security Information and Event Management (SIEM) solutions. PeerSpot users give Anomali an average rating of 7.8 out of 10. Anomali is most commonly compared to CrowdStrike Falcon: Anomali vs CrowdStrike Falcon. Anomali is popular among the large enterprise segment, accounting for 59% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 18% of all views.
Buyer's Guide
Threat Intelligence Platforms
August 2025
Get the category report
Helped 866,300 peers since 2012

Featured Anomali reviews

Read more reviews

Anomali mindshare

Product category:
Threat Intelligence Platforms
As of August 2025, the mindshare of Anomali in the Threat Intelligence Platforms category stands at 4.9%, down from 6.8% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Threat Intelligence Platforms Market Share Distribution
ProductMarket Share (%)
Anomali4.9%
Recorded Future15.6%
CrowdStrike Falcon8.5%
Other71.0%
Threat Intelligence Platforms
 
 
Key learnings from peers

Valuable Features

Cyber threat intelligence is concise. Credential monitoring is valuable, easy, and quick. Threat modeling capability allows tailoring and prioritizing intelligence requirements. The API supports automation and handling data programmatically at scale. This leads to a robust collection of intelligence. Adaptability makes it powerful and versatile. Data set may be smaller, yet value remains significant.
  • "We now have a very robust collection of threat intelligence based on the capabilities that Anomali provides."
  • "The most valuable aspect of Anomali is the threat modeling capability."
  • "The feature I have found most valuable is credential monitoring. This feature is easy and quick."

Room for Improvement

Anomali could enhance integration capabilities by moving towards a no-code approach, allowing smoother building processes. Users suggest combining all tool features into one unified offering to increase efficiency. Improvements in intelligence sharing within the Anomali community are necessary, with a focus on consistent tagging systems. The existing AI functionalities within Anomali need further development and refinement. Overall refinement in these areas would support user demands for more comprehensive and cohesive functionality.
  • "Support in the past has been top-notch, but recent trends indicate that it has taken a back seat, as we often don't get answers for days."
  • "An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsistent, as any company can use any tags for their reporting."
  • "Less code in integration would be nice when building blocks."

Pricing

  • "When comparing the price of Anomali Enterprise to other solutions it is in the medium to high range. However, I am satisfied with the price."

Popular Use Cases

Anomali is primarily used as a threat intelligence platform. Organizations stream various threat feeds into Anomali, correlating data for advanced security analysis. They utilize it for threat hunting, threat collection, and operationalizing intelligence like indicators of compromise. Anomali serves as a central repository for various threat feeds, enabling correlation and investigation of indicators. It facilitates a proactive approach by allowing analysts to explore and connect related threats not initially visible.

Stability

Anomali experiences minimal stability issues, maintaining seamless operation without downtime. Most users have not encountered problems, noting good scalability. However, recent platform changes have raised concerns as they receive insufficient adaptation time. Anomali needs improved consideration of user adaptability during updates. Unlike Microsoft, which allows ample time for deprecated features, Anomali's short notice period of three weeks challenges user transition, indicating a need for better alignment with customer needs.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Threat Intelligence Platforms Buyer's Guide for additional reliable information.

Top industries

By visitors reading reviews
Financial Services Firm
18%
Computer Software Company
12%
Government
7%
Healthcare Company
6%
Educational Organization
6%
Insurance Company
6%
Manufacturing Company
6%
Comms Service Provider
4%
Construction Company
4%
University
3%
Retailer
3%
Real Estate/Law Firm
3%
Outsourcing Company
2%
Performing Arts
2%
Legal Firm
2%
Energy/Utilities Company
2%
Pharma/Biotech Company
1%
Marketing Services Firm
1%
Media Company
1%
Security Firm
1%
Hospitality Company
1%
Consumer Goods Company
1%
Wholesaler/Distributor
1%
Logistics Company
1%
Aerospace/Defense Firm
1%
Non Profit
1%
Engineering Company
1%

Compare Anomali with alternative products

Go!

Learn more about Anomali

Anomali stands out in threat intelligence, offering an innovative platform that integrates data to identify and analyze threats effectively. It enables teams to streamline threat detection processes and respond to incidents with increased agility. With a focus on accuracy and efficiency, Anomali supports cybersecurity professionals in making informed decisions to safeguard their networks consistently.

What are Anomali's core features?
  • ThreatStream: A platform that aggregates threat intelligence feeds to enhance threat assessment.
  • Match: An automated detection feature that matches internal log data against threat intelligence insights.
  • Link: Provides graphical visualization for threat analysis, helping to understand threat vectors better.
  • STAXX: A lightweight tool for collecting and analyzing open-source threat intelligence.
What are the key benefits and ROI of using Anomali?
  • Improved Threat Detection: Streamlined processes lead to faster identification and response to threats.
  • Resource Efficiency: Automation reduces manual tasks, allowing security teams to focus on strategic activities.
  • Better Decision Making: Provides actionable insights that enable more informed security strategies.

In industries like finance and healthcare, Anomali is implemented to address specific challenges like compliance and data protection. By using this platform, organizations gain the ability to adapt to evolving threats, ensuring robust and adaptable security postures tailored to industry demands.

Anomali was previously known as Match, Lens, ThreatStream, STAXX, Anomali Security Analytics.

Anomali customers

Bank of England, First Energy, UBISOFT, Bank of Hope, Blackhawk Network

Related questions

  • 89
Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
  • 49
How inadvisable is it to use a single vulnerability analysis tool?
  • 21
Threat intelligence tools for large organization
  • 132
What is your recommended cost-effective solution to detect and prevent APT attacks?
  • 70
Compromise Assessment vs Threat Hunting
  • 26
When evaluating Threat Intelligence Platforms (TIP), what aspect do you think is the most important to look for?
  • 7
What are some of the biggest mistakes that businesses make when it comes to monitoring cyber threats?
  • 116
What is the difference between internal and external threat intelligence?
  • 15
Which enterprise threat modeling tool do you recommend?
  • 22
Can someone provide any independent comparison of threat modeling solutions?

Product Categories

Product Categories
Threat Intelligence Platforms
Security Information and Event Management (SIEM)
User Entity Behavior Analytics (UEBA)
Advanced Threat Protection (ATP)
Extended Detection and Response (XDR)

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Anomali Logo
CrowdStrike Falcon vs Anomali
Wazuh vs Anomali Logo
Wazuh vs Anomali
Splunk Enterprise Security vs Anomali Logo
Splunk Enterprise Security vs Anomali
IBM Security QRadar vs Anomali Logo
IBM Security QRadar vs Anomali
Palo Alto Networks WildFire vs Anomali Logo
Palo Alto Networks WildFire vs Anomali
Recorded Future vs Anomali Logo
Recorded Future vs Anomali
Rapid7 InsightIDR vs Anomali Logo
Rapid7 InsightIDR vs Anomali
VirusTotal vs Anomali Logo
VirusTotal vs Anomali
ThreatConnect Threat Intelligence Platform (TIP) vs Anomali Logo
ThreatConnect Threat Intelligence Platform (TIP) vs Anomali
Mandiant Advantage vs Anomali Logo
Mandiant Advantage vs Anomali
USM Anywhere vs Anomali Logo
USM Anywhere vs Anomali
Trellix Network Detection and Response vs Anomali Logo
Trellix Network Detection and Response vs Anomali
Logpoint vs Anomali Logo
Logpoint vs Anomali
ReliaQuest GreyMatter vs Anomali Logo
ReliaQuest GreyMatter vs Anomali
Microsoft Defender Threat Intelligence vs Anomali Logo
Microsoft Defender Threat Intelligence vs Anomali
See all alternatives
 
Anomali Reviews Summary
Author infoRatingReview Summary
Enterprise Security Architect V at FirstEnergy4.0We use Anomali as our central threat intelligence platform to store and correlate various feeds, enabling proactive threat hunting. Its powerful API supports our automation needs. While promising, the AI features still need improvement as technology advances.
Senior Cyber Threat Hunter at a financial services firm with 10,001+ employees4.5I use Anomali for threat hunting and intelligence operationalization, valuing its threat modeling capabilities. Improvements are needed in its community intelligence sharing and tagging system. I've evaluated alternatives like Recorded Future and Mandiant Advantage but still use Anomali.
Managing Member at a tech vendor with self employed3.5We use Anomali as a threat intelligence platform to stream and correlate threat feeds. Its credential monitoring feature is highly valuable despite a limited data set. However, integration improvements are needed. We switched from MISP due to its high maintenance needs.
IT Cyber Security Senior Analyst at a consultancy with 10,001+ employees3.5No summary available