Anomali Launches ThreatStream Next-Gen to Speed Up Cyber Threat Investigations

TechInsyte Team By · 4 min read
Anomali Launches ThreatStream Next-Gen to Speed Up Cyber Threat Investigations

Anomali Launches ThreatStream Next-Gen to Make Threat Intelligence More Actionable

Anomali has launched ThreatStream Next-Gen, a new version of its threat intelligence platform designed to help security teams move faster from threat data to investigation and response.

The company says the release is built for both cyber threat intelligence teams and security operations center teams. It is available as a standalone intelligence solution and as an embedded layer inside the Anomali Unified Security Data Lake. According to Anomali, ThreatStream Next-Gen has been validated at 300 times faster than traditional investigation workflows across 50 enterprise deployments.

For enterprise security leaders, the announcement points to a larger shift in cybersecurity operations. Security teams are not only trying to detect more threats. They are trying to decide which alerts matter, understand the context behind them, and take the right action without losing time across disconnected tools.

Why Anomali Is Focusing on the Decision Layer

Most security platforms are built around detection. Anomali is positioning ThreatStream Next-Gen as something different: an intelligence-driven decisioning layer that connects threat context, analyst judgment, and response action.

The goal is to reduce the gap between cyber threat intelligence and day-to-day SOC operations. In many organizations, CTI teams spend time producing and curating intelligence, while SOC analysts still need to manually connect that context to alerts, events, and incidents.

ThreatStream Next-Gen is designed to bring that intelligence directly into security workflows. It adds context on attackers and campaigns, AI-generated prioritization, and recommended next actions at the point where analysts need to make decisions.

Ahmed Rubaie, CEO of Anomali, said attackers are moving quickly, especially by targeting identity and exploiting behavior. He described ThreatStream Next-Gen as the intelligence layer that helps teams respond at the speed of threats.

Two Deployment Models for Different Security Environments

Anomali is offering ThreatStream Next-Gen in two deployment modes.

For existing ThreatStream customers, the platform is available as a standalone CTI solution with AI-driven prioritization, case management, and intelligent search. It is designed to connect with the customer’s existing security stack and operationalize intelligence where analysts already work.

For Anomali Data Lake customers, ThreatStream Next-Gen is embedded directly into the data lake. In this model, intelligence enriches events at ingest, connects activity across the broader security dataset, and surfaces recommended actions without requiring analysts to switch between systems.

This flexibility matters because enterprise security environments are rarely uniform. Some teams want to augment their SIEM. Others are consolidating around a data lake. Some may be working with telemetry stored in platforms such as Databricks or Snowflake. Anomali says ThreatStream Next-Gen is designed to work across these scenarios.

Agentic AI Is Built Into the Platform

A major part of the release is Anomali’s agentic AI roadmap.

ThreatStream Next-Gen ships with autonomous triage, scoring, and investigation steps, which Anomali describes as agentic levels 1 and 2. These capabilities are available across both ThreatStream Next-Gen and the Anomali Data Lake.

The company says more autonomous response capabilities, levels 3 through 5, are in active development. ThreatStream Next-Gen is expected to reach full agentic autonomy by August 2026, with the Data Lake following in 2027. Anomali also said configurable analyst oversight will remain part of the rollout at every stage.

That controlled approach is important in cybersecurity. Fully autonomous response can create risk if it is not governed properly. By releasing autonomy in stages, Anomali is signaling that it wants AI to accelerate security work without removing oversight too early from high-impact decisions.

Five Capabilities Built for CTI and SOC Workflows

ThreatStream Next-Gen introduces five main capabilities that connect intelligence production with operational action.

Priority Intelligence Requirements automate recurring intelligence questions, helping teams monitor the threats most relevant to their organization without requiring manual analyst intervention on every cycle.

Command Center gives analysts a live, prioritized view of relevant threats, helping them focus on signal rather than triage noise.

Intelligence Search connects indicators, threat models, and campaigns with AI-generated context, with the goal of compressing investigations from hours to minutes.

Case Management keeps investigations and response workflows aligned, preserving context from the first signal through final resolution.

Reporting converts technical findings into stakeholder-ready outputs, reducing the need for manual reformatting and helping teams communicate security findings more clearly.

Together, these features show that Anomali is not treating threat intelligence as a static feed. It is trying to make intelligence operational across investigation, prioritization, case handling, and reporting.

Why This Matters for Security Teams

The pressure on security teams is not just alert volume. It is decision fatigue.

A SOC can have plenty of data and still struggle if analysts cannot quickly identify which threats matter, why they matter, and what should happen next. CTI teams can produce useful intelligence, but that value is limited if it does not reach operational workflows at the right time.

ThreatStream Next-Gen is aimed directly at that problem. It gives CTI teams deeper investigative tools while giving SOC teams a decisioning layer that can turn intelligence into action.

For CISOs and security operations leaders, the bigger value is workflow compression. Faster triage, better prioritization, integrated case management, and AI-assisted context can help teams reduce manual work and improve response consistency.

Availability

ThreatStream Next-Gen is available now for both standalone ThreatStream deployments and Anomali Data Lake deployments.

The product launch also strengthens Anomali’s positioning around operational intelligence and agentic AI for cybersecurity. As enterprise security teams look for ways to reduce tool fragmentation and improve response speed, platforms that combine data, intelligence, and AI-driven decisioning are becoming more relevant.

Anomali’s challenge will be proving that these capabilities can scale across different enterprise environments while maintaining analyst trust, oversight, and operational accuracy.

Key Source / Reference

Official source: Business Wire — Anomali Launches ThreatStream Next-Gen to Turn Intelligence Into Action — at the Speed Threats Demand

FAQ Section

What did Anomali launch?

Anomali launched ThreatStream Next-Gen, a cyber threat intelligence solution designed to help CTI and SOC teams turn threat intelligence into faster investigation and response decisions.

Is ThreatStream Next-Gen available as a standalone product?

Yes. ThreatStream Next-Gen is available as a standalone intelligence solution for ThreatStream customers.

Can ThreatStream Next-Gen be used with the Anomali Data Lake?

Yes. It can also be embedded inside the Anomali Unified Security Data Lake, where intelligence enriches events and supports investigation workflows.

What agentic AI capabilities are included?

ThreatStream Next-Gen includes autonomous triage, scoring, and investigation steps, described by Anomali as agentic levels 1 and 2.

When does Anomali expect full agentic autonomy?

Anomali says ThreatStream Next-Gen is expected to reach full agentic autonomy by August 2026, with the Data Lake following in 2027.

Why does this matter for cybersecurity teams?

It matters because many security teams struggle to move from alerts and threat data to clear decisions. ThreatStream Next-Gen is designed to connect intelligence, context, prioritization, investigation, and response in one workflow.

TechInsyte technology intelligence workspace

About TechInsyte

TechInsyte is a B2B technology news and intelligence platform covering major developments across AI, cloud, cybersecurity, enterprise software, semiconductors, startups, policy, and markets. We focus on the signals that matter for decision-makers.

The idea behind TechInsyte is simple. Technology moves fast, and professionals need clear information without unnecessary noise. New platforms emerge, security risks evolve, enterprise software changes, and the AI shift continues to reshape how companies operate. We help readers understand those developments in a practical and business-focused way.

Our coverage focuses on meaningful technology updates, product launches, enterprise strategy, funding activity, regulatory change, infrastructure trends, and the broader forces shaping the technology industry. The goal is to keep every article clear, relevant, and useful for professionals who need to know what happened, why it matters, and what it could mean next.

TechInsyte is built for readers who want sharper context, cleaner coverage, and a more focused view of technology without the clutter.