List of Anomali ThreatStream Customers
Anomali
808 Winslow Street,
Redwood City, 94063, CA,
United States
Redwood City, 94063, CA,
United States
1 844-484-7328
Professional Services
300
$50M
Since 2010, our global team of researchers has been studying Anomali ThreatStream customers around the world, aggregating massive amounts of data points that form the basis of our forecast assumptions and perhaps the rise and fall of certain vendors and their products on a quarterly basis.
Each quarter our research team identifies companies that have purchased Anomali ThreatStream for Threat Modeling from public (Press Releases, Customer References, Testimonials, Case Studies and Success Stories) and proprietary sources, including the customer size, industry, location, implementation status, partner involvement, LOB Key Stakeholders and related IT decision-makers contact details.
Companies using Anomali ThreatStream for Threat Modeling include: ExxonMobil, a United States based Oil, Gas and Chemicals organisation with 57900 employees and revenues of $323.91 billion, Occidental Petroleum Corporation, a United States based Oil, Gas and Chemicals organisation with 10412 employees and revenues of $21.59 billion, M&T Bank, a United States based Banking and Financial Services organisation with 22080 employees and revenues of $9.23 billion, Merkle, a United States based Professional Services organisation with 16000 employees and revenues of $2.20 billion, Optiv, a United States based Professional Services organisation with 2400 employees and revenues of $1.00 billion and many others.
Contact us if you need a completed and verified list of companies using Anomali ThreatStream, including the breakdown by industry (21 Verticals), Geography (Region, Country, State, City), Company Size (Revenue, Employees, Asset) and related IT Decision Makers, Key Stakeholders, business and technology executives responsible for the IaaS software purchases.
The Anomali ThreatStream customer wins are being incorporated in our Enterprise Applications Buyer Insight and Technographics Customer Database which has over 100 data fields that detail company usage of IaaS software systems and their digital transformation initiatives. Apps Run The World wants to become your No. 1 technographic data source!
Apply Filters For Customers
| Logo | Customer | Industry | Empl. | Revenue | Country | Vendor | Application | Category | When | SI | Insight |
|---|---|---|---|---|---|---|---|---|---|---|---|
 |
Entrust Datacard | Professional Services | 2500 | $800M | United States | Anomali | Anomali ThreatStream | Threat Modeling | 2015 | n/a |
In 2015 Entrust Datacard implemented Anomali ThreatStream as an enterprise threat intelligence management platform to scale ingestion and operationalization of cyber threat intelligence. Entrust Datacard deployed Anomali ThreatStream to serve as a Threat Intelligence and Analysis Platform supporting defensive cyber operations across its security operations center and enterprise security teams.
The deployment configured Anomali ThreatStream Enterprise for core threat intelligence lifecycle capabilities, including high volume feed ingestion, normalization and enrichment, threat scoring and contextualization, centralized dashboards, and automated alerting. Configurations emphasized automation of indicator triage, tagging schemas and analyst workflow orchestration to surface highly contextualized intelligence for operational use.
Operationalization focused on embedding intelligence into security operations and incident response processes, establishing analyst queues and playbook driven workflows to accelerate movement of indicators into investigation and defense tasks. The platform was operationalized to provide actionable and highly contextualized intelligence in support of defensive cyber operations, enabling Entrust Datacard to scale CTI handling as volumes grew.
|
 |
ExxonMobil | Oil, Gas and Chemicals | 57900 | $323.9B | United States | Anomali | Anomali ThreatStream | Threat Modeling | 2021 | n/a |
In 2021 ExxonMobil integrated Anomali ThreatStream as a core element of its Threat Modeling capability to operationalize cyber threat intelligence across SOC and incident response workflows. The deployment focused on ingesting multiple CTI feeds into Anomali ThreatStream and Splunk SIEM to improve detection capabilities and supply actionable threat context to analysts.
Anomali ThreatStream served as the primary Threat Intelligence Platform, collecting, normalizing, and scoring indicators of compromise, and aligning outputs with Priority Intelligence Requirements to guide threat hunting. Analysts configured threat actor and TTP mappings consistent with the MITRE ATT&CK framework, and developed detection rules and automated playbooks in Splunk Phantom SOAR, using Python and PowerShell to integrate ThreatStream data into alerting and response pipelines.
The implementation integrated Anomali ThreatStream with SentinelOne for endpoint telemetry, Recorded Future and Maltego for enrichment and OSINT investigations, iBoss Proxy for web monitoring, Nexpose and InsightVM for vulnerability context, Palo Alto Prisma Cloud for cloud posture signals, and Nozomi Networks for ICS and OT visibility. Operational coverage spanned SOC operations, incident response teams, cloud environments including Azure and AWS, and critical ICS/OT asset monitoring, enabling cross-domain correlation of threat indicators.
Governance and process changes included formalizing Priority Intelligence Requirements, authoring threat intelligence reports after red team and incident response activities, and creating custom Splunk dashboards to visualize ThreatStream-derived indicators. The program operationalized threat detection workflows and periodic ISO 27001 aligned assessments, and it explicitly improved detection capabilities, streamlined SOC operations, and supplied actionable intelligence for remediation and response as part of ExxonMobil security operations.
|
 |
M&T Bank | Banking and Financial Services | 22080 | $9.2B | United States | Anomali | Anomali ThreatStream | Threat Modeling | 2018 | n/a |
In 2018, M&T Bank implemented Anomali ThreatStream as a Threat Intelligence and Analysis Platform. The deployment centralized threat research and analysis by ingesting and correlating telemetry and indicator data from multiple sources, explicitly including Anomali ThreatStream, Spamhaus, DNSLytics, Cisco Talos, VirusTotal and other commercial and open source intelligence feeds, to identify cyber threats and anomalies for the bank's security teams.
Anomali ThreatStream was used to operationalize standard threat intelligence workflows, including indicator of compromise ingestion, enrichment, correlation and analyst investigation. The implementation emphasized feed orchestration, threat scoring and tagging, and structured analyst workflows for research and hunting, supporting enterprise security operations and the bank's threat intelligence function. Governance activities focused on feed curation and the intelligence lifecycle, with analysts using the platform to consolidate external threat data and surface actionable anomalies for detection and response.
|
 |
Merkle | Professional Services | 16000 | $2.2B | United States | Anomali | Anomali ThreatStream | Threat Modeling | 2022 | n/a |
In 2022, Merkle implemented Anomali ThreatStream to bolster Threat Modeling capabilities within its Security Operations Center. The deployment was positioned to support a global SOC operating 24x7, with primary business functions including threat intelligence enrichment, alert triage, incident detection, and threat hunting across the enterprise.
The Anomali ThreatStream configuration emphasized indicator ingestion, IOC lifecycle management, automated enrichment, and mapping of intelligence to the MITRE ATT&CK framework for classification. Functional modules and capabilities instrumented included automated alert enrichment workflows, threat actor and TTP profiling, and support for playbook-driven investigations, aligning Threat Modeling outputs with existing SOC workflows and Standard Operating Procedures.
Integrations were implemented with Splunk and QRadar SIEM platforms for event enrichment and signal correlation, and with external intelligence sources such as VirusTotal and IBM X-Force Exchange for contextual enrichment. The environment also incorporated MISP for sharing, Palo Alto Cortex XSOAR for orchestration, EDR telemetry from CrowdStrike Falcon and SentinelOne for endpoint context, and Nessus and OpenVAS vulnerability scan results to link vulnerability intelligence to observed indicators.
Operational governance included updating more than 80 SOPs and formalizing triage processes to standardize incident response and escalation. Reported operational outcomes tied to the deployment included a 30% reduction in false positives through alert tuning, a 40% reduction in threat investigation time due to enrichment workflows, containment of 15 plus high-severity incidents with zero data loss, and coordination with IT infrastructure to remediate 95% of critical vulnerabilities within SLA timelines. Anomali ThreatStream was used as the central Threat Modeling platform to unify threat intelligence, accelerate SOC response, and support ongoing threat-hunting and compliance activities.
|
 |
Occidental Petroleum Corporation | Oil, Gas and Chemicals | 10412 | $21.6B | United States | Anomali | Anomali ThreatStream | Threat Modeling | 2022 | n/a |
In 2022, Occidental Petroleum Corporation implemented Anomali ThreatStream to establish a centralized Threat Modeling capability across its security operations. The deployment positioned Anomali ThreatStream as the primary threat intelligence platform for IOC ingestion and enrichment, with explicit assignment to SOC workflows and incident response processes.
Configuration work focused on automated threat intelligence ingestion, indicator lifecycle management, and enrichment for operational use. Anomali ThreatStream was configured to ingest external feeds, normalize indicators, apply scoring and tagging, and publish actionable intelligence into downstream tooling, enabling analysts to operationalize indicators for hunting and response.
Integrations included a direct integration of Anomali ThreatStream with IBM QRadar SIEM to enable real-time threat intelligence ingestion and automated correlation for advanced threat detection, and Python based API integrations to pull and push intelligence with Splunk and QRadar SIEM. The intelligence outputs were used to fine tune QRadar detection rules and to inform SOC playbooks that also consumed telemetry from endpoint and OT tooling such as SentinelOne, Carbon Black Application Security, Nozomi Networks, and other monitoring stacks, supporting coverage across IT, ICS and OT environments.
Governance and process changes accompanied the technical implementation, with creation of curated detection rules in QRadar, automated alert workflows in the SOC, and alignment to compliance activities including ISO 27001 assessments and Microsoft Purview DLP policy enforcement. The configuration work supported improved SOC operations by streamlining incident detection and response, enhancing threat hunting workflows, and enabling forensic and remediation teams to act on enriched indicators from Anomali ThreatStream.
|
 |
|
Government | 1108 | $301M | United States | Anomali | Anomali ThreatStream | Threat Modeling | 2022 | n/a |
|
|
|
|
Professional Services | 2400 | $1.0B | United States | Anomali | Anomali ThreatStream | Threat Modeling | 2017 | n/a |
|
Showing 1 to 7 of 7 entries
Buyer Intent: Companies Evaluating Anomali ThreatStream
ARTW Buyer Intent uncovers actionable customer signals, identifying software buyers actively evaluating Anomali ThreatStream. Gain ongoing access to real-time prospects and uncover hidden opportunities. Companies Actively Evaluating Anomali ThreatStream for Threat Modeling include:
- Cyware Labs, a United States based Professional Services organization with 250 Employees
- British Society of Interventional Radiology (BSIR), a United Kingdom based Non Profit company with 10 Employees
Discover Software Buyers actively Evaluating Enterprise Applications
| Logo | Company | Industry | Employees | Revenue | Country | Evaluated |
|---|---|---|---|---|---|---|
 |
Cyware Labs | Professional Services | 250 | $35M | United States | 2026-03-09 |
 |
British Society of Interventional Radiology (BSIR) | Non Profit | 10 | $1M | United Kingdom | 2024-12-05 |
FAQ - APPS RUN THE WORLD Anomali ThreatStream Coverage
Anomali ThreatStream is a Threat Modeling solution from Anomali.
Companies worldwide use Anomali ThreatStream, from small firms to large enterprises across 21+ industries.
Organizations such as ExxonMobil, Occidental Petroleum Corporation, M&T Bank, Merkle and Optiv are recorded users of
Anomali ThreatStream for Threat Modeling.
Companies using Anomali ThreatStream are most concentrated in Oil, Gas and Chemicals, Banking and Financial Services and Professional Services, with adoption spanning over 21 industries.
Companies using Anomali ThreatStream are most concentrated in United States, with adoption tracked across 195 countries worldwide. This global distribution highlights the popularity of Anomali ThreatStream across Americas, EMEA, and APAC.
Companies using Anomali ThreatStream range from small businesses with 0-100 employees - 0%, to mid-sized firms with 101-1,000 employees - 0%, large organizations with 1,001-10,000 employees - 42.86%, and global enterprises with 10,000+ employees - 57.14%.
Customers of Anomali ThreatStream include firms across all revenue levels — from $0-100M, to $101M-$1B, $1B-$10B, and $10B+ global corporations.
Contact APPS RUN THE WORLD to access the full verified Anomali ThreatStream customer database with detailed Firmographics such as industry, geography, revenue, and employee breakdowns as well as key decision makers in charge of Threat Modeling.