Anomali Match vs ThreatConnect Threat Intelligence Platform (TIP) comparison

You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Anomali Match and ThreatConnect Threat Intelligence Platform (TIP) based on real PeerSpot user reviews.

Find out what your peers are saying about Palo Alto Networks, Microsoft, Trellix and others in Extended Detection and Response (XDR).
To learn more, read our detailed Extended Detection and Response (XDR) Report (Updated: November 2022).
657,849 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"The most valuable features of the solution are the insights, meaning the remediation suggestions, as well as the incident alerts.""Defender lets you orchestrate the roll-out from a single pane. Using the Azure portal, you can roll it out over all the servers covered by the entire subscription.""Using Security Center, you have a full view, at any given time, of what's deployed, and that is something that is very useful.""When you have commissioned Defender, you have these things visible already on your dashboard. This gives the efficiency to the people to do their actual work rather than bothering about the email, sorting out the email, or looking at it through an ITSM solution, whey they have to look at the description and use cases. Efficiency increases with this optimized, ready-made solution since you don't need to invest in something externally. You can start using the dashboard and auditing capability provided from day one. Thus, you have fewer costs with a more optimized, easier-to-use solution, providing operational efficiency for your team.""It works seamlessly on the Azure platform because it's a Microsoft app. Its setup is similar, so if you already have a Microsoft account, it just flows into it.""We saw improvement from a regulatory compliance perspective due to having a single dashboard.""When we started out, our secure score was pretty low. We adopted some of the recommendations that Security Center set out and we were able to make good progress on improving it. It had been in the low thirties and is now in the upper eighties.""One of the features that I like about the solution is it is both a hybrid cloud and also multi-cloud. We never know what company we're going to buy, and therefore we are ready to go. If they have GCP or AWS, we have support for that as well. It offers a single-panel blast across multiple clouds."

More Microsoft Defender for Cloud Pros →

"I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use."

More Anomali Match Pros →

"The most valuable features are ease of use and the ability to customize it.""It's a solid platform and is stable enough. It is not complicated and is easy to use.""ThreatConnect has a highly user-friendly interface."

More ThreatConnect Threat Intelligence Platform (TIP) Pros →

"After getting a recommendation, it takes time for the solution to refresh properly to show that the problem has been eliminated.""Azure Security Center takes a long time to update, compared to the on-premises version of Microsoft Defender.""We would like to have better transparency as to how the security score is calculated because as it is now, it is difficult to understand.""Customizing some of the compliance requirements based on individual needs seems like the biggest area of improvement. There should be an option to turn specific controls on and off based on how your solution is configured.""The overview provides you with good information, but if you want more details, there is a lot more customization to do, which requires knowledge of the other supporting solutions.""The product was a bit complex to set up earlier, however, it is a bit streamlined now.""Defender is occasionally unreliable. It isn't 100% efficient in terms of antivirus detection, but it isn't an issue most of the time. It's also somewhat difficult to train new security analysts to use Defender.""Most of the time, when we log into the support, we don't get a chance to interact with Microsoft employees directly, except having it go to outsource employees of Microsoft. The initial interaction has not been that great because outsourced companies cannot provide the kind of quality or technical expertise that we look for. We have a technical manager from Microsoft, but they are kind of average unless we make noise and ask them to escalate. We then can get the right people and the right solution, but it definitely takes time."

More Microsoft Defender for Cloud Cons →

"A lot of tools can give you many features, such as CTI intelligence and a tax service reduction. However, many people are combining different tools together to have more capabilities. It is up to the consumer whether they want to have multiple tools or have one tool that serves the purpose. Anomali Enterprise could improve by combining all the other tools' features into one solution."

More Anomali Match Cons →

"Integration is an area that could use some improvement.""They should make it a little bit easier to generate events and share them with the community""It would be good to have more feeds and more integrated sources for enrichment."

More ThreatConnect Threat Intelligence Platform (TIP) Cons →

Pricing and Cost Advice
  • "Azure Defender is a bit pricey. The price could be lower."
  • "This is a worldwide service and depending on the country, there will be different prices."
  • "Security Center charges $15 per resource for any workload that you onboard into it. They charge per VM or per data-base server or per application. It's not like Microsoft 365 licensing, where there are levels like E3 and E5. Security Center is pretty straightforward."
  • "There is a helpful cost-reducing option that allows you to integrate production subscriptions with non-production subscriptions."
  • "Its pricing is a little bit high in terms of Azure Security Center, but the good thing is that we don't need to maintain and deploy it. So, while the pricing is high, it is native to Azure which is why we prefer using this tool."
  • "I am not involved in this area. However, I believe its price is okay because even small customers are using Azure Security Center. I don't think it is very expensive."
  • "The cost of the license is based on the subscriptions that you have."
  • "Although I am outside of the discussion on budget and costing, I can say that the importance of security provided by this solution is of such importance that whatever the cost is, it is not a factor."
  • More Microsoft Defender for Cloud Pricing and Cost Advice →

  • "When comparing the price of Anomali Enterprise to other solutions it is in the medium to high range. However, I am satisfied with the price."
  • More Anomali Match Pricing and Cost Advice →

  • "The price of this product is in the mid-range, not too expensive, nor inexpensive."
  • "The price could be better."
  • More ThreatConnect Threat Intelligence Platform (TIP) Pricing and Cost Advice →

    Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
    657,849 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Azure Security Center is very easy to use, integrates well, and gives very good visibility on what is happening across… more »
    Top Answer:The integration with Logic Apps allows for automated responses to incidents.
    Top Answer:This is a worldwide service and depending on the country, there will be different prices. There is a price calculator… more »
    Top Answer:I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use.
    Top Answer:When comparing the price of Anomali Enterprise to other solutions it is in the medium to high range. However, I am… more »
    Top Answer:A lot of tools can give you many features, such as CTI intelligence and a tax service reduction. However, many people… more »
    Top Answer:ThreatConnect has a highly user-friendly interface.
    Top Answer:The price could be better. ThreatConnect is very expensive for a single user, but it maybe affordable for companies.
    Top Answer:They should make it a little bit easier to generate events and share them with the community. Right now, it's a little… more »
    Also Known As
    Microsoft Azure Security Center, Azure Security Center, Microsoft ASC, Azure Defender
    Learn More

    Microsoft Defender for Cloud protects your Azure and hybrid resources. Microsoft uses a wide variety of physical, infrastructure, and operational controls to help secure Azure—but there are additional actions you need to take to help safeguard your workloads. Turn on Azure Security Center to strengthen your cloud security posture. Within Azure Security Center, use Azure Defender to protect your hybrid cloud workloads. With Azure Security Center, you can:

    - Assess and visualize the security state of your resources in Azure, on-premises, and in other clouds with Azure Secure Score

    - Simplify enterprise compliance and view your compliance against regulatory requirements

    - Protect all your hybrid cloud workloads with Azure Defender, which is integrated with Security Center

    - Use AI and automation to cut through false alarms, quickly identify threats, and streamline threat investigation

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Anomali Match is an intelligence-driven extended detection and response solution that helps organizations quickly identify and respond to threats in real time. Anomali Match boosts organizational efficiency and productivity by automating detection actions that quickly profile a danger and its impact on the organization, allowing for an effective response.

    Anomali Match gathers security telemetry from your entire organization, including SIEM, EDR, Messaging, and Network, and integrates layered threat detection to identify pertinent threats and give analysts the actionable intelligence they need to look into the root causes or to clearly confirm an attack so that they can respond immediately.

    Anomali Match assists organizations in achieving cyber resilience by providing essential characteristics, such as:

    • Relevant intelligence at scale
    • Precision attack detection
    • Optimized response across security ecosystems

    Anomali Match Features

    Anomali Match has many valuable key features. Some of the most useful ones include:

    • Match is offered as a cloud-native or on-premises solution.

      • High performance indicator correlation at a rate of 190 trillion EPS is one of the additional cloud match capabilities.

      • Appliance and cloud-based ingestion of any telemetry related to security control.
    • Automated collection of current and historical event logs, asset data, and active threat data
    • Comprehensive visibility into historic security telemetry logs, millions of IOCs, and asset and vulnerability scan data
    • Continuous, real-time comparison of millions of indicators of compromise (IOCs) with all relevant security telemetry and log data
    • Automated retrospective inquiry and correlation of historical event logs with newly identified threat intelligence
    • Predictive protection against malicious C2 domains created by attacker domain generation algorithms
    • TTP-based hunting by actor, threat bulletin, or vulnerability employing advanced search analytics

    • Contextual threat intelligence in the form of actors, TTPs, campaigns, threat bulletins, and vulnerabilities, including MITRE ATT&CK details on the TTPs for a specific actor
    • Predictive DGA analysis to find bots connecting to C&C servers in your network

    Anomali Match Benefits

    There are many benefits to implementing Anomali Match. Some of the biggest advantages the solution offers include:

    • Quickly identify the impact in order to assess the criticality and prioritize the response.
    • Shorten the time it takes for active threats to be detected and for a response to be made.
    • Use automation, machine learning, and accessible intelligence to automatically detect and respond to potential threats.
    • Gain access to more than 5 years of security telemetry, millions of IOCs, and asset and vulnerability scan data.
    • Respond to difficult questions promptly and confidently to increase C-Level visibility.
    • Lower incident costs related to security, allowing for more effective security operations.

    Reviews from Real Users

    Anomali Match stands out among its competitors for a number of reasons. Two major ones are its concise CTI and its scalability.

    One PeerSpot reviewer, an IT Cyber Security Senior Analyst, notes of the solution, “I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use.” He adds, “Anomali Enterprise is scalable. We have approximately 15 people using the solution in my company.”

    The ThreatConnect Platform allows security teams to go beyond managing threat intel to operationalizing and making threat intel actionable. The Platform is built on a market-leading threat intelligence platform that includes a modern analytics engine leveraging machine learning, orchestration and automation, case management, and an extensible API along with a marketplace of apps to seamlessly connect tools into the platform.

    Threat Intelligence Data Model, Library and Scoring - Native threat intelligence management built into the Platform that ingests dozens of commercial and open source threat feeds, as well as intel shared via STIX and TAXII, then normalizes and scores the intelligence making it ready for action.

    Analytics Engine - A key differentiator in the ThreatConnect Platform is our analytics engine – CAL – that leverages machine learning and provides multiple capabilities such as: Community-powered insights on threats and indicators across ThreatConnect users, a “Rosetta Stone” that automatically translates the aliases of threat actor groups used across the threat intel landscape, a series of intelligence feeds that marry our massive dataset with our cutting edge tradecraft and analytics to bring novel datasets that nobody else is talking about, and Report Cards that allow you to track how open source TI feeds are performing in the real world.

    Threat Graph - ThreatConnect’s Threat Graph visualization is a game changer that provides an environment where analysts can quickly explore, pivot, and gain insight into the connection between seemingly disparate intelligence and data points to get a comprehensive picture of a threat to the organization.

    Low-Code Automation and Workflow - Low-code security automation and workflows are core capabilities of our Platform, enabling CTI and SecOps teams to gain efficiencies, improve consistency, and increase their efficacy by standardizing on specific processes and workflows, and automating repetitive tasks, processes, and playbooks, generating significant ROI for security teams by reducing the manual burden on analysts.

    Browser Extension - Allows analysts to instantaneously scan and identify relevant pieces of information from any web-based resource with a simple click of a button. It allows analysts to quickly understand what is currently known about an indicator and to add it to the Threat Library to aid in future analysis and investigation efforts, as well as translate threat actor aliases in real-time.

    Learn more about Microsoft Defender for Cloud
    Learn more about Anomali Match
    Learn more about ThreatConnect Threat Intelligence Platform (TIP)
    Sample Customers
    Microsoft Defender for Cloud is trusted by companies such as ASOS, Vatenfall, SWC Technology Partners, and more.
    Bank of England, First Energy, UBISOFT, Bank of Hope, Blackhawk Network
    Information Not Available
    Top Industries
    Computer Software Company18%
    Consumer Goods Company12%
    Computer Software Company21%
    Financial Services Firm11%
    Comms Service Provider8%
    Computer Software Company15%
    Financial Services Firm15%
    Comms Service Provider9%
    Computer Software Company17%
    Financial Services Firm14%
    Manufacturing Company8%
    Company Size
    Small Business26%
    Midsize Enterprise11%
    Large Enterprise63%
    Small Business19%
    Midsize Enterprise13%
    Large Enterprise68%
    Small Business21%
    Midsize Enterprise13%
    Large Enterprise66%
    Small Business16%
    Midsize Enterprise11%
    Large Enterprise72%
    Buyer's Guide
    Extended Detection and Response (XDR)
    November 2022
    Find out what your peers are saying about Palo Alto Networks, Microsoft, Trellix and others in Extended Detection and Response (XDR). Updated: November 2022.
    657,849 professionals have used our research since 2012.

    Anomali Match is ranked 15th in Extended Detection and Response (XDR) with 1 review while ThreatConnect Threat Intelligence Platform (TIP) is ranked 13th in Threat Intelligence Platforms with 3 reviews. Anomali Match is rated 7.0, while ThreatConnect Threat Intelligence Platform (TIP) is rated 8.4. The top reviewer of Anomali Match writes "Scalable, easy to use, but more features needed". On the other hand, the top reviewer of ThreatConnect Threat Intelligence Platform (TIP) writes "Ease to use, customizable, and they have responsive and knowledgeable support". Anomali Match is most compared with STAXX, Proofpoint Email Protection, Palo Alto Networks WildFire and Microsoft Defender for Office 365, whereas ThreatConnect Threat Intelligence Platform (TIP) is most compared with Palo Alto Networks WildFire, Palo Alto Networks Cortex XSOAR, Mandiant Advantage, Anomali ThreatStream and Recorded Future.

    We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.