We performed a comparison between Anomali Match and Symantec Advanced Threat Protection based on real PeerSpot user reviews.
Find out what your peers are saying about CrowdStrike, SentinelOne, Wazuh and others in Extended Detection and Response (XDR)."I like how Microsoft XDR and the other Microsoft products are integrated into a single unified security stack covering identity access management, endpoint protection, email, cloud applications, etc."
"The summarization of emails is a valuable feature."
"Scanning, vulnerability reporting, and the dashboard are the most valuable features."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"The most valuable feature is the network security."
"The common and advanced security policies for threat hunting and blocking attacks are valuable."
"Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability."
"I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use."
"The great advantage in using this product is it creates multiple services."
"Currently we have 800-plus nodes connected with this solution, without any issues. The solution is scalable."
"Endpoint to network protects the line."
"The most valuable feature is Click-time URL protection."
"It has certainly helped out our audit efforts because we each stay compliant in terms of various security standards."
"Symantec Endpoint Protection provides end-to-end protection. Along with antivirus protection, it has a lot of key areas, including intrusive prevention, firewall features, and application and device control."
"The Application Control code and the easy integration are valuable features."
"What I like most about Symantec Advanced Threat Protection is its notification capability."
"While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience."
"This solution could be improved if it included features such as those offered by Malwarebytes."
"Advanced attacks could use an improvement."
"The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year."
"Customers say they want absolutely seamless integration between other Microsoft solutions and Defender XDR, including the ability to change device settings within the Defender portal. They need to contact the IT team responsible for the device management tools to change some settings. They would prefer that those changes be initiated directly from the Defender portal or applied from Intune without involving the IT operations team."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"A lot of tools can give you many features, such as CTI intelligence and a tax service reduction. However, many people are combining different tools together to have more capabilities. It is up to the consumer whether they want to have multiple tools or have one tool that serves the purpose. Anomali Enterprise could improve by combining all the other tools' features into one solution."
"Symantec appliances need improvement. The whole appliance environment is a robust system and it needs a massive amount of storage space. If you have to increase or speed up the background storage it's a pretty complicated process. The scalability and sizing is critical, and if you do it wrong you run into issues pretty quickly."
"It's a strange situation where the infrastructure of the consumer or customer is behind some kind of firewall and they have always used some kind of customized proxy. In this situation, the ATP has a very tough time to pass the information to the cloud and back. To fix, it requires a more elaborate and complex configuration for that particular case."
"There are some features that would add value to this product. One of them would be a graphical presentation of threats that the system has encountered."
"It also needs network-based threat protection for shared folders and files."
"Entire threat protection is not available for the advanced features."
"The support has dropped down to a five out of ten."
"Scalability could be better."
"It should be able to collect information if the agent is disabled."
More Symantec Advanced Threat Protection Pricing and Cost Advice →
Earn 20 points
Anomali Match is ranked 36th in Extended Detection and Response (XDR) while Symantec Advanced Threat Protection is ranked 20th in Advanced Threat Protection (ATP) with 14 reviews. Anomali Match is rated 7.0, while Symantec Advanced Threat Protection is rated 7.8. The top reviewer of Anomali Match writes "Scalable, easy to use, but more features needed". On the other hand, the top reviewer of Symantec Advanced Threat Protection writes "Provides end-to-end antivirus protection and has good stability ". Anomali Match is most compared with ThreatConnect Threat Intelligence Platform (TIP) and EclecticIQ, whereas Symantec Advanced Threat Protection is most compared with Palo Alto Networks WildFire, Microsoft Defender for Office 365, Check Point SandBlast Network, Fortinet FortiSandbox and Trellix Network Detection and Response.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.