// Trust & Security Report

    Anomali Inc. logo

    Anomali Inc.

    Agentic SOC Platform - unified security data lake with threat intelligence (ThreatStream Next-Gen), AI-driven agents for investigation/response, and SOC capabilities (SIEM, SOAR, XDR, threat hunting, compliance). Deployable as SaaS, on-premises, or airgapped.

    Certifications held

    1

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR Compliance
    HELD

    Privacy policy states: 'If you are a resident of the European Union (EU), United Kingdom, Lichtenstein, Norway, or Iceland, you may have additional rights under the EU General Data Protection Regulation.' Policy details compliance with EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. Data Privacy Framework with Standard Contractual Clauses for data transfers.

    Verify on anomali.com
    > Show 5 unconfirmed / not-held certifications
    SOC 2 Type II
    NOT CONFIRMED

    Only 2016 SOC 2 examination completion found (https://www.anomali.com/press/anomali-successfully-completes-soc-2-examination-for-2016). No current SOC 2 Type II documentation or announcement on Anomali's public website or recent announcements. Current certification status unknown.

    source: anomali.com
    ISO 27001
    NOT CONFIRMED

    No public evidence of ISO 27001 certification found in Anomali documentation, trust resources, or press materials.

    source: anomali.com
    HIPAA
    NOT CONFIRMED

    Anomali's platform can help organizations meet HIPAA requirements, but no evidence that Anomali itself holds HIPAA BAA or certification. No HIPAA certification claim found on security or compliance pages.

    source: anomali.com
    FedRAMP Moderate
    NOT CONFIRMED

    Anomali achieved FedRAMP 'In Process' status (not fully authorized) at Moderate Impact level on August 19, 2025. Press release states: 'Anomali is actively collaborating with its sponsoring agency, the Centers for Medicare & Medicaid Services (CMS), and third-party assessors to finalize the steps for full FedRAMP Moderate authorization.' This is authorization-in-progress, not a held certification.

    source: anomali.com
    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification on Anomali's security, compliance, or press pages.

    source: anomali.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    United States

    Privacy policy explicitly states: 'None of your personal data is used, or will ever be used, to train any generative artificial intelligence model without your explicit written permission.' However, Terms of Service grants Anomali a broad license to 'reproduce, distribute, publicly display, publicly perform, modify, and adapt your Customer Data for the purpose of providing the Service.' The privacy policy's explicit AI training prohibition is more protective and appears to control interpretation.

    // Security controls

    Responsible Disclosure

    Anomali maintains a responsible disclosure process for vulnerabilities and product security advisories

    anomali.com

    Data Hosting

    Services hosted and operated in the United States through Anomali and its service providers; data transfers to U.S. servers

    anomali.com

    Encryption in Transit

    Standard for HTTPS-delivered services, but specific encryption protocols and TLS versions not detailed on public security page

    anomali.com

    Data Sublicensing

    ToS allows sublicensing of customer data to third-party service providers (e.g., Amazon) for service delivery

    anomali.com

    // Products & data scope

    Anomali Agentic SOC PlatformSecurity Operations Center / XDR

    data: Security telemetry (cloud, endpoint, network, identity) and threat intelligence

    Core platform combining unified security data lake, threat intelligence, and AI-driven agents. Supports SIEM, SOAR, threat hunting, compliance, detection, investigation, response workflows.

    ThreatStream Next-GenThreat Intelligence Platform

    data: Threat intelligence feeds, adversary data, campaigns, TTPs, infrastructure

    Curated threat intelligence enrichment; operationalizes intelligence across detection, investigation, response. Can be integrated as standalone or within Agentic SOC Platform.

    Unified Security Data LakeData Platform

    data: All security telemetry (logs, events, alerts)

    High-performance centralized data lake designed to eliminate SIEM bottlenecks and retention tradeoffs; enables search and correlation of years of data.

    Agentic AIAI/ML Automation

    data: Analysis over security data lake and threat intelligence context

    AI-driven agents guide investigations, recommend actions, automate response workflows. Reasoning is transparent to analysts; does not replace human control.

    // What to watch

    • No current SOC 2 Type II documentation found; only 2016 SOC 2 completion mentioned. Enterprise buyers typically require current Type II certification—recommend confirming current status with vendor.
    • Terms of Service grants Anomali broad rights to 'modify and adapt' customer data, which could theoretically cover AI training. Privacy policy explicitly prohibits AI training without consent and appears to be the controlling interpretation, but this tension should be clarified.
    • FedRAMP status is 'In Process' (not authorized); do not represent as 'FedRAMP certified' or 'FedRAMP Authorized.' Moderate authorization is actively being pursued with CMS as sponsoring agency.
    • No dedicated trust center or comprehensive public compliance documentation. Compliance details scattered across privacy policy, terms, and security page. Recommend requesting comprehensive security/compliance datasheet from vendor.
    • ISO 27001 and HIPAA not publicly documented as held certifications.

    // At a glance

    Pricing model

    Enterprise/Custom (no public pricing listed)

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Anomali Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    anomali.com

    > Browse all vendor trust reports