Coming October 25: PeerSpot Awards will be announced! Learn more

Anomali Match vs ThreatConnect Threat Intelligence Platform (TIP) comparison

You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Anomali Match and ThreatConnect Threat Intelligence Platform (TIP) based on real PeerSpot user reviews.

Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Anomali Match vs. ThreatConnect Threat Intelligence Platform (TIP) report (Updated: September 2022).
632,779 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"It helps you to identify the gaps in your solution and remediate them. It produces a compliance checklist against known standards such as ISO 27001, HIPAA, iTrust, etc.""Most importantly, it's an integrated solution. We not only have Defender for Cloud, but we also have Defender for Endpoint, Defender for Office 365, and Defender for Identity. It's an integrated, holistic solution.""We can create alerts that trigger if there is any malicious activity happening in the workflow and these alerts can be retrieved using the query language.""Using Security Center, you have a full view, at any given time, of what's deployed, and that is something that is very useful.""The solution is very easy to deploy.""One important security feature is the incident alerts. Now, with all these cyberattacks, there are a lot of incident alerts that get triggered. It is very difficult to keep monitoring everything automatically, instead our organization is utilizing the automated use case that we get from Microsoft. That has helped bring down the manual work for a lot of things.""It is very intuitive when it comes to policy administration, alerts and notifications, and ease of setting up roles at different hierarchies. It has also been good in terms of the network technology maps. It provides a good overview, but it also depends on the complexity of your network.""It works seamlessly on the Azure platform because it's a Microsoft app. Its setup is similar, so if you already have a Microsoft account, it just flows into it."

More Microsoft Defender for Cloud Pros →

"I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use."

More Anomali Match Pros →

"It's a solid platform and is stable enough. It is not complicated and is easy to use.""ThreatConnect has a highly user-friendly interface.""The most valuable features are ease of use and the ability to customize it."

More ThreatConnect Threat Intelligence Platform (TIP) Pros →

"Sometimes, it's very difficult to determine when I need Microsoft Defender for Cloud for a special resource group or certain kinds of products. That's not an issue directly with the product, though.""Most of the time, when we log into the support, we don't get a chance to interact with Microsoft employees directly, except having it go to outsource employees of Microsoft. The initial interaction has not been that great because outsourced companies cannot provide the kind of quality or technical expertise that we look for. We have a technical manager from Microsoft, but they are kind of average unless we make noise and ask them to escalate. We then can get the right people and the right solution, but it definitely takes time.""I would suggest building a single product that addresses endpoint server protection, attack surface, and everything else in one solution. That is the main disadvantage with the product. If we are incorporating some features, we end up in a situation where this solution is for the server, and that one is for the client, or this is for identity, and that is for our application. They're not bundling it. Commercially, we can charge for different licenses, but on the implementation side, it's tough to help our end-customer understand which product they're getting.""Azure Security Center takes a long time to update, compared to the on-premises version of Microsoft Defender.""Microsoft sources most of their threat intelligence internally, but I think they should open themselves up to bodies that provide feel intelligence to build a better engine. There may be threats out there that they don't report because their team is not doing anything on that and they don't have arrangements with another party that is involved in that research.""Azure is a complex solution. You have so many moving parts.""The product was a bit complex to set up earlier, however, it is a bit streamlined now.""As an analyst, there is no way to configure or create a playbook to automate the process of flagging suspicious domains."

More Microsoft Defender for Cloud Cons →

"A lot of tools can give you many features, such as CTI intelligence and a tax service reduction. However, many people are combining different tools together to have more capabilities. It is up to the consumer whether they want to have multiple tools or have one tool that serves the purpose. Anomali Enterprise could improve by combining all the other tools' features into one solution."

More Anomali Match Cons →

"They should make it a little bit easier to generate events and share them with the community""Integration is an area that could use some improvement.""It would be good to have more feeds and more integrated sources for enrichment."

More ThreatConnect Threat Intelligence Platform (TIP) Cons →

Pricing and Cost Advice
  • "I'm not privy to that information, but I know it's probably close to a million dollars a year."
  • "We are using the free version of the Azure Security Center."
  • "Azure Defender is a bit pricey. The price could be lower."
  • "This is a worldwide service and depending on the country, there will be different prices."
  • "Security Center charges $15 per resource for any workload that you onboard into it. They charge per VM or per data-base server or per application. It's not like Microsoft 365 licensing, where there are levels like E3 and E5. Security Center is pretty straightforward."
  • "There is a helpful cost-reducing option that allows you to integrate production subscriptions with non-production subscriptions."
  • "Its pricing is a little bit high in terms of Azure Security Center, but the good thing is that we don't need to maintain and deploy it. So, while the pricing is high, it is native to Azure which is why we prefer using this tool."
  • "I am not involved in this area. However, I believe its price is okay because even small customers are using Azure Security Center. I don't think it is very expensive."
  • More Microsoft Defender for Cloud Pricing and Cost Advice →

  • "When comparing the price of Anomali Enterprise to other solutions it is in the medium to high range. However, I am satisfied with the price."
  • More Anomali Match Pricing and Cost Advice →

  • "The price of this product is in the mid-range, not too expensive, nor inexpensive."
  • "The price could be better."
  • More ThreatConnect Threat Intelligence Platform (TIP) Pricing and Cost Advice →

    Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
    632,779 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Azure Security Center is very easy to use, integrates well, and gives very good visibility on what is happening across… more »
    Top Answer:The integration with Logic Apps allows for automated responses to incidents.
    Top Answer:This is a worldwide service and depending on the country, there will be different prices. There is a price calculator… more »
    Top Answer:I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use.
    Top Answer:When comparing the price of Anomali Enterprise to other solutions it is in the medium to high range. However, I am… more »
    Top Answer:A lot of tools can give you many features, such as CTI intelligence and a tax service reduction. However, many people… more »
    Top Answer:ThreatConnect has a highly user-friendly interface.
    Top Answer:The price could be better. ThreatConnect is very expensive for a single user, but it maybe affordable for companies.
    Top Answer:They should make it a little bit easier to generate events and share them with the community. Right now, it's a little… more »
    Also Known As
    Microsoft Azure Security Center, Azure Security Center, Microsoft ASC, Azure Defender
    Learn More

    Microsoft Defender for Cloud protects your Azure and hybrid resources. Microsoft uses a wide variety of physical, infrastructure, and operational controls to help secure Azure—but there are additional actions you need to take to help safeguard your workloads. Turn on Azure Security Center to strengthen your cloud security posture. Within Azure Security Center, use Azure Defender to protect your hybrid cloud workloads. With Azure Security Center, you can:

    - Assess and visualize the security state of your resources in Azure, on-premises, and in other clouds with Azure Secure Score

    - Simplify enterprise compliance and view your compliance against regulatory requirements

    - Protect all your hybrid cloud workloads with Azure Defender, which is integrated with Security Center

    - Use AI and automation to cut through false alarms, quickly identify threats, and streamline threat investigation

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Anomali Match is an intelligence-driven extended detection and response solution that helps organizations quickly identify and respond to threats in real time. Anomali Match boosts organizational efficiency and productivity by automating detection actions that quickly profile a danger and its impact on the organization, allowing for an effective response.

    Anomali Match gathers security telemetry from your entire organization, including SIEM, EDR, Messaging, and Network, and integrates layered threat detection to identify pertinent threats and give analysts the actionable intelligence they need to look into the root causes or to clearly confirm an attack so that they can respond immediately.

    Anomali Match assists organizations in achieving cyber resilience by providing essential characteristics, such as:

    • Relevant intelligence at scale
    • Precision attack detection
    • Optimized response across security ecosystems

    Anomali Match Features

    Anomali Match has many valuable key features. Some of the most useful ones include:

    • Match is offered as a cloud-native or on-premises solution.

      • High performance indicator correlation at a rate of 190 trillion EPS is one of the additional cloud match capabilities.

      • Appliance and cloud-based ingestion of any telemetry related to security control.
    • Automated collection of current and historical event logs, asset data, and active threat data
    • Comprehensive visibility into historic security telemetry logs, millions of IOCs, and asset and vulnerability scan data
    • Continuous, real-time comparison of millions of indicators of compromise (IOCs) with all relevant security telemetry and log data
    • Automated retrospective inquiry and correlation of historical event logs with newly identified threat intelligence
    • Predictive protection against malicious C2 domains created by attacker domain generation algorithms
    • TTP-based hunting by actor, threat bulletin, or vulnerability employing advanced search analytics

    • Contextual threat intelligence in the form of actors, TTPs, campaigns, threat bulletins, and vulnerabilities, including MITRE ATT&CK details on the TTPs for a specific actor
    • Predictive DGA analysis to find bots connecting to C&C servers in your network

    Anomali Match Benefits

    There are many benefits to implementing Anomali Match. Some of the biggest advantages the solution offers include:

    • Quickly identify the impact in order to assess the criticality and prioritize the response.
    • Shorten the time it takes for active threats to be detected and for a response to be made.
    • Use automation, machine learning, and accessible intelligence to automatically detect and respond to potential threats.
    • Gain access to more than 5 years of security telemetry, millions of IOCs, and asset and vulnerability scan data.
    • Respond to difficult questions promptly and confidently to increase C-Level visibility.
    • Lower incident costs related to security, allowing for more effective security operations.

    Reviews from Real Users

    Anomali Match stands out among its competitors for a number of reasons. Two major ones are its concise CTI and its scalability.

    One PeerSpot reviewer, an IT Cyber Security Senior Analyst, notes of the solution, “I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use.” He adds, “Anomali Enterprise is scalable. We have approximately 15 people using the solution in my company.”

    The ThreatConnect Platform allows security teams to go beyond managing threat intel to operationalizing and making threat intel actionable. The Platform is built on a market-leading threat intelligence platform that includes a modern analytics engine leveraging machine learning, orchestration and automation, case management, and an extensible API along with a marketplace of apps to seamlessly connect tools into the platform.

    Threat Intelligence Data Model, Library and Scoring - Native threat intelligence management built into the Platform that ingests dozens of commercial and open source threat feeds, as well as intel shared via STIX and TAXII, then normalizes and scores the intelligence making it ready for action.

    Analytics Engine - A key differentiator in the ThreatConnect Platform is our analytics engine – CAL – that leverages machine learning and provides multiple capabilities such as: Community-powered insights on threats and indicators across ThreatConnect users, a “Rosetta Stone” that automatically translates the aliases of threat actor groups used across the threat intel landscape, a series of intelligence feeds that marry our massive dataset with our cutting edge tradecraft and analytics to bring novel datasets that nobody else is talking about, and Report Cards that allow you to track how open source TI feeds are performing in the real world.

    Threat Graph - ThreatConnect’s Threat Graph visualization is a game changer that provides an environment where analysts can quickly explore, pivot, and gain insight into the connection between seemingly disparate intelligence and data points to get a comprehensive picture of a threat to the organization.

    Low-Code Automation and Workflow - Low-code security automation and workflows are core capabilities of our Platform, enabling CTI and SecOps teams to gain efficiencies, improve consistency, and increase their efficacy by standardizing on specific processes and workflows, and automating repetitive tasks, processes, and playbooks, generating significant ROI for security teams by reducing the manual burden on analysts.

    Browser Extension - Allows analysts to instantaneously scan and identify relevant pieces of information from any web-based resource with a simple click of a button. It allows analysts to quickly understand what is currently known about an indicator and to add it to the Threat Library to aid in future analysis and investigation efforts, as well as translate threat actor aliases in real-time.

    Learn more about Microsoft Defender for Cloud
    Learn more about Anomali Match
    Learn more about ThreatConnect Threat Intelligence Platform (TIP)
    Sample Customers
    Microsoft Defender for Cloud is trusted by companies such as ASOS, Vatenfall, SWC Technology Partners, and more.
    Bank of England, First Energy, UBISOFT, Bank of Hope, Blackhawk Network
    Information Not Available
    Top Industries
    Computer Software Company20%
    Consumer Goods Company13%
    Insurance Company7%
    Computer Software Company21%
    Comms Service Provider10%
    Financial Services Firm10%
    Financial Services Firm15%
    Computer Software Company14%
    Comms Service Provider10%
    Energy/Utilities Company8%
    Computer Software Company19%
    Financial Services Firm15%
    Comms Service Provider11%
    Company Size
    Small Business28%
    Midsize Enterprise9%
    Large Enterprise63%
    Small Business18%
    Midsize Enterprise13%
    Large Enterprise69%
    Small Business20%
    Midsize Enterprise14%
    Large Enterprise66%
    Small Business16%
    Midsize Enterprise13%
    Large Enterprise71%
    Buyer's Guide
    Extended Detection and Response (XDR)
    September 2022
    Find out what your peers are saying about Palo Alto Networks, Microsoft, Trellix and others in Extended Detection and Response (XDR). Updated: September 2022.
    632,779 professionals have used our research since 2012.

    Anomali Match is ranked 11th in Extended Detection and Response (XDR) with 1 review while ThreatConnect Threat Intelligence Platform (TIP) is ranked 10th in Threat Intelligence Platforms with 3 reviews. Anomali Match is rated 7.0, while ThreatConnect Threat Intelligence Platform (TIP) is rated 8.4. The top reviewer of Anomali Match writes "Scalable, easy to use, but more features needed". On the other hand, the top reviewer of ThreatConnect Threat Intelligence Platform (TIP) writes "Ease to use, customizable, and they have responsive and knowledgeable support". Anomali Match is most compared with STAXX, Proofpoint Email Protection, Palo Alto Networks WildFire, Microsoft Defender for Office 365 and Microsoft Defender for Identity, whereas ThreatConnect Threat Intelligence Platform (TIP) is most compared with Palo Alto Networks Cortex XSOAR, Palo Alto Networks WildFire, Recorded Future, ThreatQ and Anomali ThreatStream.

    We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.