Samer Jadallah, Vice President, Sales – Middle East and Africa, Anomali, spoke to Tahawultech.com about how AI-native threat intelligence, unified analytics, and cloud-ready architectures are transforming cyber defence in Saudi Arabia and beyond.
Black Hat MEA 2025 arrives at a pivotal moment for the region’s cybersecurity landscape, where AI-driven threats, hybrid-cloud expansion, and large-scale national digital programmes are reshaping security priorities across Saudi Arabia. Organisations are demanding deeper visibility, faster response capabilities, and intelligence-driven operations that can keep pace with both the scale and sophistication of modern adversaries.
Anomali is preparing to showcase its vision for the future of threat intelligence—one built on agentic AI, unified analytics, and cloud-native security architectures designed for the Kingdom’s rapidly evolving digital infrastructure. The company’s leadership sees Saudi Arabia not only as a major hub for innovation but as a global benchmark for how nations can build cyber resilience at scale.
During a conversation with Tahawultech.com, Samer Jadallah, Vice President – Middle East and Africa, Anomali, shared insights into how Anomali is enabling faster decision-making, proactive threat hunting, and seamless visibility across complex environments. Jadallah also reflected on Black Hat MEA’s transformation into a global cybersecurity powerhouse and what the industry can expect from the 2025 edition.
What is your perspective on Black Hat MEA’s evolution and what do you expect from the 2025 edition?
I’ve attended Black Hat MEA from the very first edition, and it exceeded global expectations from day one. Every year, it becomes bigger, more sophisticated, and more influential. Last year’s event surprised the global industry—not just in scale, but in the quality of insights and the depth of discussions. Today, Black Hat MEA is no longer a regional event. It attracts audiences from the US, Europe, and Asia—everyone wants to understand what Saudi Arabia is doing and how they can be part of this success story. I expect 2025 to bring even more surprises, strategic topics, and global participation.
How can Anomali help organisations maximise their existing security resources and reduce investigation and remediation times?
At Anomali, everything we do centres on shortening the time to detect and the time to respond. Our platform gives organisations deep visibility across their entire environment and allows them to instantly understand whether they are under attack, exposed, or safe. Unlike legacy technologies that offer a limited search window—often 60 or 90 days—we provide access to years of historical security data within seconds. This eliminates panic during incidents. Even small teams can operate at the scale of much larger SOCs because our platform automates correlation, analysis, and prioritisation. With this level of visibility and automation, organisations can confidently trust every critical alert and act much faster.
How can organisations shift from reactive detection to proactive threat hunting with real-time threat intelligence?
Proactive defence requires speed. When an attack happens anywhere in the world—whether in aviation, oil and gas, or government—security teams need actionable intelligence in real time. Anomali integrates intelligence from more than 150 trusted global feeds, removes false positives and irrelevant noise, and presents only high-fidelity alerts that matter to the organisation. Our threat-hunting workflow is powered by agentic AI combined with human expertise. We always say: “It’s not AI versus AI; it’s AI plus the human.” This combination allows organisations to identify whether a global threat is relevant to them, determine exposure instantly, and act before attackers gain a foothold.
With AI accelerating both attacks and defences, how is Anomali using AI to improve correlation, attribution, and analyst decision-making?
AI has completely changed the rules of the game, both for attackers and defenders. A traditional investigation into a major global cyberattack could take days or weeks—and often happens during weekends or critical business hours. With Anomali, that entire process is reduced to under 15 seconds. Our AI engine analyses the attacker’s TTPs, behaviours, and DNA of the attack, and compares it with up to 10–15 years of security telemetry. We support more than 25 languages, including Arabic, so analysts can simply ask questions in natural language:
“Am I exposed to this threat?” or “Show me the steps to protect my environment.” This transforms decision-making and removes the need for complex queries or specialist skills.
As workloads move to the cloud, how is Anomali’s cloud-native platform enabling unified visibility across hybrid and multi-cloud environments?
Cloud adoption is accelerating everywhere—and Saudi Arabia is no exception. Anomali was built cloud-native from day one on AWS, giving customers high availability, lower operational cost, and real-time updates.
For the Middle East, we have aligned closely with local cloud strategies.
- We launched support for AWS UAE cloud during GITEX.
- For Saudi Arabia, we are fully aligned with AWS Saudi, which will go live locally in 2026.
- For highly restricted environments such as defence, we offer a fully air-gapped deployment.
“Customers can choose fully cloud, hybrid, or on-prem—whatever meets their regulatory obligations. Our flexibility ensures every organisation can secure distributed environments without compromising data residency.”
During large-scale events like Black Hat MEA, SOC teams face high alert volumes. What threat-intelligence capabilities are critical to maintain visibility and reduce false positives?
This is where our AI engine, Macula, becomes crucial. SOC teams are often flooded with alerts during peak periods, making it impossible to manually inspect everything. Macula sits at the core of our threat intelligence engine, collecting feeds from 150+ sources, eliminating false positives, deduplicating data, and surfacing only what is relevant. Instead of searching for “one grain of rice in a 10-kg sack,” analysts receive a clean, prioritised, high-quality set of alerts. Nothing is missed, and analysts no longer rely on random sampling, which is the unfortunate reality in overloaded SOC environments.
How does Anomali’s unified threat-intelligence platform consolidate detection, investigation, and response for multi-vector cyberattacks?
Most organisations use fragmented solutions—TIPs, SIEMs, SOARs, AI tools, each working in silos. Anomali unifies all of these capabilities into one security analytics platform. We ingest global threat intelligence, correlate it with the customer’s environment using AI and natural-language processing, and then provide detection, investigation, and response capabilities from a single interface. There’s no switching between tools or disconnected workflows. It becomes the organisation’s single “moment of truth” for its entire security posture.
What indicators and intelligence signals does Anomali provide to help organisations quickly determine whether they are currently under attack?
Our platform delivers precise, high-confidence signals such as:
- Emerging risks relevant to the customer’s industry
- Early indicators of compromise
- Behavioural patterns associated with known threat actors
- Exposure to new global breaches
- Validation of whether an active campaign affects the organisation
We help close the gaps between technologies and between teams—CTI, SOC, incident response, and business leaders. Instead of each working in isolation, Anomali ensures everyone shares the same intelligence and can act in a coordinated manner.
How is Anomali supporting Saudi Arabia’s cybersecurity vision and strengthening national resilience against AI-driven threats?
Saudi Arabia is now one of the most strategically important cybersecurity markets in the world. Its digital transformation is extraordinary—and rapid digitalisation always attracts attackers. We work very closely with government entities, regulators, and decision-makers to support Vision 2030’s cybersecurity priorities.
Our approach focuses on:
- Empowering organisations with AI-driven threat hunting
- Providing cloud-ready solutions aligned with local data residency requirements
- Strengthening national cyber resilience through real-time visibility
- Helping teams do “10× more” with the same resources, given the global cybersecurity talent shortage
We have a local office and a growing team in Riyadh because we believe deeply in the Kingdom’s vision and want to support it long-term.
