Somewhere right now, a security analyst is triaging alerts at two in the morning — not because there are more threats, but because there is no system helping them decide which ones matter. Anomali, whose intelligence solution has been trusted by global enterprises and government organizations for over a decade, recently announced Anomali ThreatStream Next-Gen to change that. Available both as a standalone intelligence solution and embedded within the Anomali Unified Security Data Lake, ThreatStream Next-Gen makes threat intelligence the active, decisioning layer inside every security workflow — validated at 300 times faster than traditional investigation workflows across 50 enterprise deployments.
Most security platforms were built to detect. Anomali was built to decide. Where others treat intelligence as a feed to be consumed, Anomali has spent years making it structural — the connective tissue between raw security data, analyst judgment, and response action. ThreatStream Next-Gen is the culmination of that work: an intelligence layer that doesn’t just inform decisions, but drives them, with context on attackers and campaigns, AI-generated prioritization, and recommended next actions delivered when they’re needed. Anomali built the answer before anyone knew how urgent the question would become.
“Attackers move fast, targeting identity and exploiting behavior — often closing windows in hours. We close them faster. ThreatStream Next-Gen is the intelligence layer that competitors can’t replicate, because it’s not a bolt-on — it’s the core of everything we build, including our current innovation in agentic AI. By owning the decisioning layer between intelligence and action, we give security teams something they’ve never had before: the ability to respond at the speed of threats.” — Ahmed Rubaie, CEO, Anomali
ONE INTELLIGENCE LAYER. TWO DEPLOYMENT MODES.
| FOR THREATSTREAM CUSTOMERSThreatStream Next-Gen standaloneThe world’s most trusted CTI platform, now with AI-driven prioritization, case management, and intelligent search built in. Connects to your existing security stack and operationalizes intelligence where analysts already work. | FOR ANOMALI DATA LAKE CUSTOMERSThreatStream Next-Gen embeddedIntelligence is natively embedded in the data lake — enriching every event at ingest, connecting the dots across your full security dataset, and surfacing recommended actions without analysts switching context. |
| MEETS YOU WHERE YOU AREThreatStream Next-Gen works with the infrastructure security teams already have — augmenting an existing SIEM, replacing it, or unlocking telemetry that lives in platforms like Databricks or Snowflake. Under every scenario, the mission is the same: find the needle in the haystack across your security controls, and act on it with confidence. | |
| AGENTIC AI — EMBEDDED IN BOTH DEPLOYMENTSOperational intelligence is what makes Anomali’s agentic AI work — in both deployments, AI acts on a foundation of real threat context, not raw data alone. ThreatStream Next-Gen ships today with autonomous triage, scoring, and investigation steps (agentic levels 1 and 2), available across ThreatStream Next-Gen and the Anomali Data Lake. Autonomous response capabilities — levels 3 through 5 — are in active development, with ThreatStream Next-Gen reaching full agentic autonomy by August 2026 and the Data Lake following in 2027. The architecture is already in place. The autonomy is being released deliberately, with configurable analyst oversight at every stage.In short: an intelligence foundation designed to make agentic AI work. |
In most security operations, the bottleneck is not data — it is deciding what matters and what to do next. CTI analysts spend hours curating and contextualizing intelligence; SOC analysts spend hours stitching that context across tools to validate alerts and determine response. ThreatStream Next-Gen closes that gap: five new capabilities that carry intelligence all the way from production to action, without losing fidelity at the handoff.
Priority Intelligence Requirements (PIRs) automate recurring intelligence questions, ensuring consistent monitoring of the threats that matter most to your organization — without analyst intervention on every cycle.
Command Center provides a live, prioritized view of relevant threats, so analysts spend less time triaging noise and more time acting on signal.
Intelligence Search connects indicators, threat models, and campaigns with AI-generated context — compressing multi-hour investigations to minutes.
Case Management keeps investigations and response workflows synchronized, preserving full context from first signal to final resolution. Reporting translates technical findings into clear stakeholder outputs — no manual reformatting, no context lost in translation.
For similar news on Next-Gen, please read: Yokogawa Launches Next-Generation of CENTUM VP Control System
