• Home
  • Anomali Match vs. NetWitness Platform

Anomali Match vs NetWitness Platform comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo

Microsoft Defender XDR

Read 76 Microsoft Defender XDR reviews
5,744 views|4,276 comparisons
98% willing to recommend
Anomali Logo

Anomali Match

Read 1 Anomali Match review
175 views|74 comparisons
50% willing to recommend
NetWitness Logo

NetWitness Platform

Read 36 NetWitness Platform reviews
1,183 views|721 comparisons
74% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Extended Detection and Response (XDR)
April 2024
Executive Summary

We performed a comparison between Anomali Match and NetWitness Platform based on real PeerSpot user reviews.

Find out what your peers are saying about SentinelOne, CrowdStrike, Palo Alto Networks and others in Extended Detection and Response (XDR).
To learn more, read our detailed Extended Detection and Response (XDR) Report (Updated: April 2024).
Download the complete report
768,886 professionals have used our research since 2012.
Featured Review
Eyad Abounada.
The solution's timeline feature helps you track and investigate incidents
Defender XDR has helped a lot in terms of capturing all kinds of activities happening on the endpoints where it is. If you want to know what... Read more →
Anonymous User
Scalable, easy to use, but more features needed
Salah Sabouni
Provides comprehensive network visibility, and has available helpful support
Prior to implementing the solution, the customers had no visibility of their assets. However, after adopting the solution, they have gained... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there.""There is also one dashboard that shows us the status of many controls at once and the details I can get... It gives a great overview of many areas, such as files, emails, chats, and links. Even with the apps, it gives you a great overview. In one place you can see where you should look into things more deeply...""The visibility into threats is also very impressive because Microsoft helps you predict things and provides analytics to help you really improve your security. And all of this technology works across the domain, so it is pretty helpful in terms of threat analytics.""I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications.""The incident threat response and its ability to facilitate effective remediation against threats are the standout features.""The most valuable aspect is undoubtedly the exploration capability""The most valuable feature is the network security.""In Microsoft 365 vendor products, monitoring and connectivity across all Microsoft and third-party connectors enable viewing of all activity within those environments."

More Microsoft Defender XDR Pros →

"I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use."

More Anomali Match Pros →

"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it.""The most valuable feature is the hunting ability to work in a CERT.""The product has a user-friendly interface and a valuable feature for threat intelligence integration.""Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements.""The most valuable feature is the correlation. It can report in real-time and monitor the management.""Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports.""The solution is really scalable for the high-end power, enterprise customer.""Incident management is its most valuable feature."

More NetWitness Platform Pros →

Cons
"Since all of our databases are updated and located in the cloud, I would like additional support for this.""In the Microsoft Azure Portal, in Active Directory, if there is anything on the user it will provide you with the information, but you still have to go through it a bit. And sometimes, I have experienced difficulties in understanding the information, especially because the synchronization between Microsoft Intune and the devices that are connected to the user in Azure Active Directory takes a lot of time.""The support team is not competent or responsive.""The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense.""The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again.""Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation.""The price could be better. It'll also help if they can continuously update and upgrade the solution. Every day there's a new virus uploaded into the network, and we have to keep updating it to identify all these things.""The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."

More Microsoft Defender XDR Cons →

"A lot of tools can give you many features, such as CTI intelligence and a tax service reduction. However, many people are combining different tools together to have more capabilities. It is up to the consumer whether they want to have multiple tools or have one tool that serves the purpose. Anomali Enterprise could improve by combining all the other tools' features into one solution."

More Anomali Match Cons →

"An area for improvement would be better automation and more inbuilt use cases.""It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform.""The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too.""Its technical support could be better.""The tool's integration capability isn't so great.""More customizability is required, which is something that they need to improve on.""The user interface is a little bit difficult for new users and it needs to be improved.""I believe that integrating the solution with other products such as Oracle would be beneficial."

More NetWitness Platform Cons →

Pricing and Cost Advice
  • "The solutions price is fair for what they offer."
  • "The price could be better. Normally, the costs depend on the country you're located in for the license. When we were in the initial stage, we went with the E5 license they call premium standard. It cost us around $5.20 per month for four users."
  • "The price of the solution is high compared to others and we have lost some customers because of it."
  • "Microsoft is not competitive with the pricing of the solution. The competitors are able to offer lower discounts. The price of the solution is higher."
  • "We have a lot of problems in Latin America regarding the price of Microsoft 365 Defender, because the relationship between dollars and the money of the different countries, it's is a lot. Many customers that have small businesses say that they would like the solution but it is too expensive. However, large companies do not find the cost an issue."
  • "The most valuable licensing option is expensive, so pricing could be improved. Licensing options for this solution also need to be consolidated, because they frequently change."
  • "Microsoft should provide lower-level licensing options. They should do it in such a way that even an individual could purchase a license, and it should be entirely flexible."
  • "They have moved from a licensing model to pay-per-use... The question is: What happens if, for any reason, there's not enough budget to accept this model? That could be a great problem."

    • More Microsoft Defender XDR Pricing and Cost Advice →

  • "When comparing the price of Anomali Enterprise to other solutions it is in the medium to high range. However, I am satisfied with the price."

    • More Anomali Match Pricing and Cost Advice →

  • "It’s cheaper to run virtual machines in a VMware environment."
  • "The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."
  • "It is cheap."
  • "The licenses are good but the cost is very expensive."
  • "This is a pricey solution; it's not cheap."
  • "We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."
  • "Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
  • "Our license is for one year."

    • More NetWitness Platform Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
    See Recommendations
    768,886 professionals have used our research since 2012.
    Comparison Review
    Vinod Shankar
    HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
    We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are based on Gartner Magic Q which is what Organizations typically use to select SIEM vendors. The Vendors mentioned here in the deck are : 1. HP ArcSight 2. McAfee Nitro 3. IBM QRadar 4. Splunk SIEM 5. RSA Security Analytic 6. LogRhythm. SIEM Technology Space SIEM market analysis of the last 3 years suggest: Market consolidation of SIEM players (25 vendors in 2011 to 16 vendors in 2013)Only products with technology maturity and a strong road map have featured in leaders quadrant.HP ArcSight & IBM Q1 Labs have maintained leadership in SIEM industry with continued technology upgradeMcAfee Nitro has strong product features & road map to challenge HP & IBM for leadershipHPArcSight The ArcSight Enterprise Threat and Risk Management (ETRM) Platform is an integrated set of products for collecting, analysing, and managing enterprise Security Event information ArcSight Enterprise Security Manager (ESM): Correlation and analysis engine used to identify security threat in real-time& virtual environments ArcSight Logger: Log storage and Search solution ArcSight IdentityView: User Identity tracking/User activity monitoring ArcSight Connectors: For data collection from a variety of data… Read more →
    Questions from the Community
    What do you like most about Microsoft 365 Defender?
    Top Answer:I like Defender XDR's automation capabilities. XDR isn't automated by default, but you can automate it to respond. If an… more »
    Read all 38 answers   →
    What is your experience regarding pricing and costs for Microsoft 365 Def...
    Top Answer:While Microsoft Defender XDR carries a higher cost, its ease of use compared to Defender may justify the investment.
    Read all 29 answers   →
    What needs improvement with Microsoft 365 Defender?
    Top Answer:Defender XDR has good threat visibility, but it could be better in some areas, like when we are hunting for a specific… more »
    Read all 37 answers   →
    Ask a question

    Earn 20 points

    What do you like most about NetWitness Platform?
    Top Answer:The product's initial setup phase was not at all difficult.
    Read all 26 answers   →
    What is your experience regarding pricing and costs for NetWitness Platform?
    Top Answer:The product price was reasonable for my region and the market.
    Read all 16 answers   →
    What needs improvement with NetWitness Platform?
    Top Answer:From an improvement perspective, the NetWitness Platform needs to release new features and improve in areas like log… more »
    Read all 25 answers   →
    Comparisons
    Also Known As
    Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender
    RSA Security Analytics
    Learn More
    Microsoft
    Anomali
    NetWitness
    Video Not Available
    Overview

    Microsoft Defender XDR is a comprehensive security solution designed to protect against threats in the Microsoft 365 environment. 

    It offers robust security measures, comprehensive threat detection capabilities, and an efficient incident response system. With seamless integration with other Microsoft products and a user-friendly interface, it simplifies security management tasks. 

    Users have found it effective in detecting and preventing various types of attacks, such as phishing attempts, malware infections, and data breaches.

    Watch the Microsoft demo video here: Microsoft Defender XDR demo video.

    Anomali Match is an intelligence-driven extended detection and response solution that helps organizations quickly identify and respond to threats in real time. Anomali Match boosts organizational efficiency and productivity by automating detection actions that quickly profile a danger and its impact on the organization, allowing for an effective response.

    Anomali Match gathers security telemetry from your entire organization, including SIEM, EDR, Messaging, and Network, and integrates layered threat detection to identify pertinent threats and give analysts the actionable intelligence they need to look into the root causes or to clearly confirm an attack so that they can respond immediately.

    Anomali Match assists organizations in achieving cyber resilience by providing essential characteristics, such as:

    • Relevant intelligence at scale
    • Precision attack detection
    • Optimized response across security ecosystems

    Anomali Match Features

    Anomali Match has many valuable key features. Some of the most useful ones include:

    • Match is offered as a cloud-native or on-premises solution.

      • High performance indicator correlation at a rate of 190 trillion EPS is one of the additional cloud match capabilities.

      • Appliance and cloud-based ingestion of any telemetry related to security control.
    • Automated collection of current and historical event logs, asset data, and active threat data
    • Comprehensive visibility into historic security telemetry logs, millions of IOCs, and asset and vulnerability scan data
    • Continuous, real-time comparison of millions of indicators of compromise (IOCs) with all relevant security telemetry and log data
    • Automated retrospective inquiry and correlation of historical event logs with newly identified threat intelligence
    • Predictive protection against malicious C2 domains created by attacker domain generation algorithms
    • TTP-based hunting by actor, threat bulletin, or vulnerability employing advanced search analytics

    • Contextual threat intelligence in the form of actors, TTPs, campaigns, threat bulletins, and vulnerabilities, including MITRE ATT&CK details on the TTPs for a specific actor
    • Predictive DGA analysis to find bots connecting to C&C servers in your network

    Anomali Match Benefits

    There are many benefits to implementing Anomali Match. Some of the biggest advantages the solution offers include:

    • Quickly identify the impact in order to assess the criticality and prioritize the response.
    • Shorten the time it takes for active threats to be detected and for a response to be made.
    • Use automation, machine learning, and accessible intelligence to automatically detect and respond to potential threats.
    • Gain access to more than 5 years of security telemetry, millions of IOCs, and asset and vulnerability scan data.
    • Respond to difficult questions promptly and confidently to increase C-Level visibility.
    • Lower incident costs related to security, allowing for more effective security operations.

    Reviews from Real Users

    Anomali Match stands out among its competitors for a number of reasons. Two major ones are its concise CTI and its scalability.

    One PeerSpot reviewer, an IT Cyber Security Senior Analyst, notes of the solution, “I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use.” He adds, “Anomali Enterprise is scalable. We have approximately 15 people using the solution in my company.”

    NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

    Sample Customers
    Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.
    Bank of England, First Energy, UBISOFT, Bank of Hope, Blackhawk Network
    Los Angeles World Airports, Reply
    Top Industries
    REVIEWERS
    Manufacturing Company19%
    Computer Software Company14%
    Government11%
    Financial Services Firm11%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm10%
    Government8%
    Manufacturing Company8%
    VISITORS READING REVIEWS
    Financial Services Firm17%
    Computer Software Company15%
    Government8%
    Manufacturing Company7%
    REVIEWERS
    Financial Services Firm24%
    Computer Software Company24%
    Comms Service Provider24%
    Manufacturing Company10%
    VISITORS READING REVIEWS
    Financial Services Firm15%
    Computer Software Company15%
    Government10%
    Insurance Company6%
    Company Size
    REVIEWERS
    Small Business44%
    Midsize Enterprise23%
    Large Enterprise33%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise17%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise15%
    Large Enterprise63%
    REVIEWERS
    Small Business26%
    Midsize Enterprise17%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise10%
    Large Enterprise68%
    Buyer's Guide
    Extended Detection and Response (XDR)
    April 2024
    Download Free Report
    Find out what your peers are saying about SentinelOne, CrowdStrike, Palo Alto Networks and others in Extended Detection and Response (XDR). Updated: April 2024.
    DOWNLOAD NOW
    768,886 professionals have used our research since 2012.

    Anomali Match is ranked 36th in Extended Detection and Response (XDR) while NetWitness Platform is ranked 20th in Log Management with 36 reviews. Anomali Match is rated 7.0, while NetWitness Platform is rated 7.4. The top reviewer of Anomali Match writes "Scalable, easy to use, but more features needed". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". Anomali Match is most compared with ThreatConnect Threat Intelligence Platform (TIP), EclecticIQ, Microsoft Defender for Office 365 and STAXX, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Microsoft Sentinel and Cisco Secure Network Analytics.

    We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.