What is our primary use case?
We use
Anomali as our threat intelligence platform for a variety of threat intelligence feeds that we subscribe to, needing a more central place to store everything so we can correlate which feeds have seen this indicator before and which haven't. This was the biggest use case for us to solve, which is why we went after it. It is definitely more than just a threat intel platform where we store all these indicators; it's almost very much a threat hunting tool that allows analysts to do investigations on those indicators and make connections, looking for other related things that we didn't necessarily see. It allows us to take a more proactive kind of approach.
What is most valuable?
The API is our most important feature. We are very much into automation, so being able to handle things programmatically at scale has been immensely powerful for us. We've evolved beyond just the two use cases I mentioned. One of the things we decided to do is utilize the
Anomali API to push everything into that platform after sorting and normalizing everything. We now have a very robust collection of threat intelligence based on the capabilities that Anomali provides. It's very adaptable; you can do a lot with it, making it a very powerful tool.
What needs improvement?
There is always room for improvement, as there are always new ideas. They have been dabbling with some AI functionality built into the platform, which is still very new, so there's a lot of improvement that could happen there, especially as the technology enhances.
For how long have I used the solution?
I have been using Anomali for about 7 or 8 years.
What was my experience with deployment of the solution?
The initial setup depends on which kind of deployment you choose; they offer both an on-prem solution and a Cloud deployment. If you choose the Cloud deployment, there's nothing you have to do; you just log in and start using it. It's pretty seamless. If you're using an on-prem setup, they provide an appliance for enterprise customers, and after subscribing, they ship you a device that you can set up by following their setup guide, which provides all the details and instructions.
What do I think about the stability of the solution?
Stability has been pretty seamless so far, but we've run into some issues more recently due to changes in how some platform functions operate. It doesn't seem they're considering enough how customers use those functions as they change them, and they don't give us enough time to adapt to those changes. For example, while Microsoft allows ample time for users to adapt to deprecated features, Anomali only gave us three weeks before switching, so they need to be more cognizant of customer use cases from their engineering side.
What do I think about the scalability of the solution?
The scalability is massive, allowing us to store millions of indicators. Unless you have a threat intelligence platform, you can't scale to the level Anomali offers, especially compared to trying to do it in a
SIEM tool such as Splunk or
Sentinel. It seems almost unlimited; I'm sure there's a limit, but they do a good job of never allowing us to hit that limit.
How are customer service and support?
Support in the past has been top-notch, but recent trends indicate that it has taken a back seat, as we often don't get answers for days. We'll receive excuses such as "I was out of the office" or "I forgot to follow up on this, I apologize." While they apologize, it doesn't seem very professional how they're handling support anymore.
How would you rate customer service and support?
What other advice do I have?
You have to have at least a threat intelligence background or a SOC analyst background to use it, as that's the information you'll dig around with in there. If you don't have that kind of knowledge, it probably can be a little hard to use, but they do provide training. They offer training not only for how to use the platform but also some basic threat intelligence training to explain what these things are and what these terms mean.
My company is a customer of Anomali.
I would recommend it to other people.
I would advise making sure you don't pick it without testing other products and have your use cases well thought out and documented before testing, so you know it will solve the problems you're trying to address. Keep an open mind with it and realize that whatever you can dream of, you can probably do with the platform.
Overall, I would rate Anomali an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
