We performed a comparison between Anomali Match and Microsoft Defender for Identity based on real PeerSpot user reviews.
Find out what your peers are saying about SentinelOne, CrowdStrike, Palo Alto Networks and others in Extended Detection and Response (XDR)."Having a single pane of glass for all Microsoft security services makes everything much easier. A security analyst can go to a single portal and see everything in one view. The integration of everything into one portal is a huge benefit."
"It has great stability."
"I like Defender XDR's automation capabilities. XDR isn't automated by default, but you can automate it to respond. If an attack is performed anywhere within the organization, you can isolate that instance from the network. This is what I can figure out for it. When integrated with Sentinel, you can set up playbooks to automate all the alerts gathered on Sentinel from different Microsoft solutions. Sentinel has a wider range of capabilities than XDR."
"Many people don't realize that Microsoft Azure, Exchange Online, and the security and compliance portal all sync together. For instance, within the Azure portal you can set security restrictions and policies to help secure your tenants... The good part of it is that these products have already been integrated. When you sign on as an admin you have global admin rights and that gives you access to all these features."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"The attack simulation is excellent; initially, this feature wasn't very robust, but Microsoft improved what we could achieve with it. We can now customize our practice phishing emails and include our company logo, for example. Attack simulation also helps integrate with third-party solutions where applicable and provides an overview of our security architecture through testing. The summary includes areas for improvement in our protection and what steps we need to take to get there."
"The common and advanced security policies for threat hunting and blocking attacks are valuable."
"The integration, visibility, vulnerability management, and device identification are valuable."
"I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use."
"It automates routine testing and helps automate the finding of high-value alerts."
"The most valuable aspect is its connection to Microsoft Sentinel and Defender for Endpoint, and giving exact timelines for incidents and when certain events occured during an incident."
"The best feature is security monitoring, which detects and investigates suspicious user activities. It can easily detect advanced attacks based on the behavior. The credentials are securely stored, so it reduces the risk of compromise. It will monitor user behavior based on artificial intelligence to protect the identities in your organization. It will even help secure the on-premise Active Directory. It syncs from the cloud to on-premise, and on-premise modifications will be reflected in the cloud."
"Defender for Identity has not affected the end-user experience."
"Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence."
"This solution has advanced a lot over the last few years."
"One of our users had the same password for every personal and company account. That was a problem because she started receiving phishing emails that could compromise all of her accounts. Defender told us that the user was not changing their password."
"The basic security monitoring at its core feature is the most valuable aspect. But also the investigative parts, the historical logging of events over the network are extremely interesting because it gives an in-depth insight into the history of account activity that is really easy to read, easy to follow, and easy to export."
"In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things."
"The capability to not only thwart attacks but also to adapt to evolving threats is crucial."
"Microsoft Defender XDR is not a full-fledged EDR or XDR."
"There are still some components, such as vulnerability management within the vendor product, where improved integration would be beneficial."
"I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises."
"The licensing is a nightmare and has room for improvement."
"The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"A lot of tools can give you many features, such as CTI intelligence and a tax service reduction. However, many people are combining different tools together to have more capabilities. It is up to the consumer whether they want to have multiple tools or have one tool that serves the purpose. Anomali Enterprise could improve by combining all the other tools' features into one solution."
"An area for improvement is the administrative interface. It's basic compared to other administrative centers. They could make it more user-friendly and easier to navigate."
"There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further."
"And when you are working in a priority IP address, Identity is not able to know that those IPs are from the company. It sees that the IPs are from Taiwan or from Hong Kong or from India, even though they are internal IPs, resulting in a lot of false positives."
"One potential area for improvement could be exploring flexibility in the installation of Microsoft Defender for Identity agents."
"Microsoft should look at what competing vendors like CrowdStrike and Broadcom are doing and incorporate those features into Sentinel and Defender. At the same time, I think the intelligence inside the product is improving fast. They should incorporate more zero-trust and hybrid trust approaches. They need to build up threat intelligence based on threats and methods used in attacks on other companies."
"We observe a lot of false positives. Sometimes, when we go for a coffee break, we lock our screens. Locking the screen has a separate Windows event ID and sometimes I see it is detected as a failed login."
"When the data leaves the cloud, there are security issues."
"The technical support needs significant improvement. Documentation for more minor issues in the form of guides or walkthroughs could help to resolve this issue. The number of tickets raised would decrease, removing some pressure from the support team and making it easier to clear the remaining tickets."
More Microsoft Defender for Identity Pricing and Cost Advice →
Earn 20 points
Anomali Match is ranked 36th in Extended Detection and Response (XDR) while Microsoft Defender for Identity is ranked 1st in Identity Threat Detection and Response (ITDR) with 13 reviews. Anomali Match is rated 7.0, while Microsoft Defender for Identity is rated 9.0. The top reviewer of Anomali Match writes "Scalable, easy to use, but more features needed". On the other hand, the top reviewer of Microsoft Defender for Identity writes "Offers robust protection from insider threats, but the customer support is poor". Anomali Match is most compared with ThreatConnect Threat Intelligence Platform (TIP), EclecticIQ, Microsoft Defender for Office 365 and STAXX, whereas Microsoft Defender for Identity is most compared with Microsoft Entra ID Protection, Microsoft Defender for Office 365, Microsoft Entra Verified ID, Splunk User Behavior Analytics and Microsoft Sentinel.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.