// Trust & Security Report
Anomali Inc.
Agentic SOC Platform - unified security data lake with threat intelligence (ThreatStream Next-Gen), AI-driven agents for investigation/response, and SOC capabilities (SIEM, SOAR, XDR, threat hunting, compliance). Deployable as SaaS, on-premises, or airgapped.
Certifications held
1
Maturity
Enterprise
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on anomali.com“Privacy policy states: 'If you are a resident of the European Union (EU), United Kingdom, Lichtenstein, Norway, or Iceland, you may have additional rights under the EU General Data Protection Regulation.' Policy details compliance with EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. Data Privacy Framework with Standard Contractual Clauses for data transfers.”
> Show 5 unconfirmed / not-held certifications
source: anomali.comOnly 2016 SOC 2 examination completion found (https://www.anomali.com/press/anomali-successfully-completes-soc-2-examination-for-2016). No current SOC 2 Type II documentation or announcement on Anomali's public website or recent announcements. Current certification status unknown.
source: anomali.comNo public evidence of ISO 27001 certification found in Anomali documentation, trust resources, or press materials.
source: anomali.comAnomali's platform can help organizations meet HIPAA requirements, but no evidence that Anomali itself holds HIPAA BAA or certification. No HIPAA certification claim found on security or compliance pages.
source: anomali.comAnomali achieved FedRAMP 'In Process' status (not fully authorized) at Moderate Impact level on August 19, 2025. Press release states: 'Anomali is actively collaborating with its sponsoring agency, the Centers for Medicare & Medicaid Services (CMS), and third-party assessors to finalize the steps for full FedRAMP Moderate authorization.' This is authorization-in-progress, not a held certification.
source: anomali.comNo public evidence of PCI DSS certification on Anomali's security, compliance, or press pages.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
United States
Privacy policy explicitly states: 'None of your personal data is used, or will ever be used, to train any generative artificial intelligence model without your explicit written permission.' However, Terms of Service grants Anomali a broad license to 'reproduce, distribute, publicly display, publicly perform, modify, and adapt your Customer Data for the purpose of providing the Service.' The privacy policy's explicit AI training prohibition is more protective and appears to control interpretation.
// Security controls
Responsible Disclosure
Anomali maintains a responsible disclosure process for vulnerabilities and product security advisories
anomali.comData Hosting
Services hosted and operated in the United States through Anomali and its service providers; data transfers to U.S. servers
anomali.comEncryption in Transit
Standard for HTTPS-delivered services, but specific encryption protocols and TLS versions not detailed on public security page
anomali.comData Sublicensing
ToS allows sublicensing of customer data to third-party service providers (e.g., Amazon) for service delivery
anomali.com// Products & data scope
data: Security telemetry (cloud, endpoint, network, identity) and threat intelligence
Core platform combining unified security data lake, threat intelligence, and AI-driven agents. Supports SIEM, SOAR, threat hunting, compliance, detection, investigation, response workflows.
data: Threat intelligence feeds, adversary data, campaigns, TTPs, infrastructure
Curated threat intelligence enrichment; operationalizes intelligence across detection, investigation, response. Can be integrated as standalone or within Agentic SOC Platform.
data: All security telemetry (logs, events, alerts)
High-performance centralized data lake designed to eliminate SIEM bottlenecks and retention tradeoffs; enables search and correlation of years of data.
data: Analysis over security data lake and threat intelligence context
AI-driven agents guide investigations, recommend actions, automate response workflows. Reasoning is transparent to analysts; does not replace human control.
// What to watch
- No current SOC 2 Type II documentation found; only 2016 SOC 2 completion mentioned. Enterprise buyers typically require current Type II certification—recommend confirming current status with vendor.
- Terms of Service grants Anomali broad rights to 'modify and adapt' customer data, which could theoretically cover AI training. Privacy policy explicitly prohibits AI training without consent and appears to be the controlling interpretation, but this tension should be clarified.
- FedRAMP status is 'In Process' (not authorized); do not represent as 'FedRAMP certified' or 'FedRAMP Authorized.' Moderate authorization is actively being pursued with CMS as sponsoring agency.
- No dedicated trust center or comprehensive public compliance documentation. Compliance details scattered across privacy policy, terms, and security page. Recommend requesting comprehensive security/compliance datasheet from vendor.
- ISO 27001 and HIPAA not publicly documented as held certifications.
// At a glance
Pricing model
Enterprise/Custom (no public pricing listed)
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Anomali Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
anomali.com