No more typing reviews! Try our Samantha, our new voice AI agent.

Anomali vs Bitdefender GravityZone XDR comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 18, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Extended Detection and Response (XDR)
4th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
113
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Endpoint Detection and Response (EDR) (6th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Anomali
Ranking in Extended Detection and Response (XDR)
11th
Average Rating
8.0
Reviews Sentiment
6.2
Number of Reviews
13
Ranking in other categories
Security Information and Event Management (SIEM) (10th), User Entity Behavior Analytics (UEBA) (5th), Advanced Threat Protection (ATP) (11th), Threat Intelligence Platforms (TIP) (3rd)
Bitdefender GravityZone XDR
Ranking in Extended Detection and Response (XDR)
30th
Average Rating
9.0
Reviews Sentiment
7.2
Number of Reviews
6
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Extended Detection and Response (XDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 4.6%, down from 5.1% compared to the previous year. The mindshare of Anomali is 2.5%, up from 0.3% compared to the previous year. The mindshare of Bitdefender GravityZone XDR is 1.0%, up from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks4.6%
Anomali2.5%
Bitdefender GravityZone XDR1.0%
Other91.9%
Extended Detection and Response (XDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
TarunKumar11 - PeerSpot reviewer
Global Leadership Council at a tech company with 10,001+ employees
Strategic threat intelligence has improved detection speed and consistently reduces analyst workload
Anomali can be improved in various aspects. Its AI-driven automation can further advance, and AI-powered investigation summaries can improve. User experience could be enhanced through simplification of workflows. Better board-level cyber risk dashboards could provide easier visualization. Additionally, Anomali could work on simplifying the pricing structure. Although it excels in threat intelligence aggregation and operationalization, stronger GenAI capability, improved executive reporting, and a more intuitive workflow for analysts would further increase SOC efficiency and add more business value. Regarding Anomali's AI capabilities, governance and security are quite good. Anomali has incorporated AI and machine learning primarily to improve correlation and prioritization. These capabilities are valuable but could be more mature. The platform could achieve better threat correlation, prioritization, more anomaly detection, and allow AI to accelerate intelligence analysis while further improving quality and relevance. The accuracy and reliability of Anomali's AI output are fairly reasonable and good. The AI engine works well, but this capability could be improved. Better threat correlation with threat actors, certain indicators of compromise, malware, and campaigns is possible. Threat prioritization could increase, and alert noise could be reduced through further de-duplication. While reasonable, this is not the best available, and other products possibly have more AI maturity, such as Recorded Future and CrowdStrike Falcon.
Jörg Köhler - PeerSpot reviewer
Owner at AvalisNT AG
Setup is smooth and management is seamless, while improvements in email filtering transparency enhance efficiency
For data correlation, we just haven't worked long enough with it to assess its impact on our overall threat response strategy. We prefer a system that simply informs us when there is a problem; we don't want to engage too much in threat hunting. Therefore, we're not looking to create a SOC from this, which is also why we moved from XDR to MDR. There are areas for improvement, including the difficulty in getting the right handles on the applied email filters. It's sometimes unclear why one email is treated as spam and another is not, even if they contain similar content. Making the process of how emails are treated a bit more transparent would be beneficial.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"They did what they said, and this solution could apply to any scenario."
"This software helps us understand any issues that may arise when someone is not at work."
"The anti-exploit is impenetrable. We chose Traps because it is the only product that we were not able to get anything past."
"Implementing Cortex XDR by Palo Alto Networks has had a significant impact on my security analyst workload because it becomes much easier."
"The product is very good, it has caught a lot of exploits that most products would not."
"I recommend this solution to others because it is easy to manage, reliable, and overall good to use."
"The behavior-based detection feature is valuable."
"Previously, we had to install endpoint protection per machine and then scan and update, but Cortex XDR basically does that centrally and predictably, so we have more time to do day-to-day work rather than spend time chasing those endpoints."
"Anomali is a very versatile platform, quite effective, and very fast when it comes to downloading and maintaining the information of the indicators of compromise."
"Anomali has positively impacted my organization and my clients by helping them improve threat visibility, accelerate incident response, and make better use of their resources."
"I have seen a return on investment with Anomali, as it improves analyst investigation time, enhances threat visibility, and supports fast incident responses."
"Anomali has impacted my organization positively because our SOC team, which is actively monitoring all the tools—either SIM, SOAR, or threat intelligence platform—operates in multiple shifts."
"The feature I have found most valuable is credential monitoring. This feature is easy and quick."
"We now have a very robust collection of threat intelligence based on the capabilities that Anomali provides."
"I think it's one of the awesome tools I've worked with to date."
"With Anomali, we benefit by obtaining threat information prior to incidents, making our threat hunts proactive and having incident response plans ready, which saves almost 40% of the time from the traditional model."
"It provides an in-depth analysis and gives recommendations, along with a historical search capability."
"Since then, we are working with it, and so far, we have no problems; it's working smoothly with email security."
"The solution has an automatic patch management capability."
"I appreciate the overall utilization of AI to enhance security posture."
"I would rate GravityZone XDR more than nine out of ten."
"The HyperDetect feature in GravityZone XDR is effective."
"I find that the auto-response capability is most valuable."
"Scalability is pretty easy. It's easy to increase the capacity. You can just add on licenses to the existing license, and the duration of the license can be adjusted. For example, you've already bought a license for a year, and you want to add some more users. We can just add on licenses for the remaining period so that the entire organization can have the same expiry date. That makes renewal easier."
 

Cons

"In terms of areas of improvement, we have not completed our review of the product. We're also looking at other products. So, it's a little bit hard to tell what could be different because we have not completed the review of this product, but based on our experience so far, its implementation is quite complex."
"Limited remote connection."
"In the next release, I would like to see more UI improvements. Their UI is a bit basic. When we are speaking about Palo Alto Networks they are the big company, so they can improve the UI a little bit. The UI, the reports, the log system can all be improved."
"Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth."
"It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue."
"It is not easy to sell Cortex XDR, not because it isn't a good tool. Its marketing needs to be improved."
"It's not an ideal choice for smaller businesses, as you need a minimum of 200 endpoints to even use the solution at all."
"There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, is not user-friendly."
"An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsistent, as any company can use any tags for their reporting."
"Support in the past has been top-notch, but recent trends indicate that it has taken a back seat, as we often don't get answers for days."
"Anomali Enterprise could improve by combining all the other tools' features into one solution."
"I can mention one point regarding improvements for Anomali, which is more enhanced reporting flexibility."
"My experience with Anomali's customer support has not gone so well for us."
"I believe Anomali could be improved by making the user interface more user-friendly."
"Less code in integration would be nice when building blocks."
"Anomali can be improved, specifically the Security Analytics feature, because I feel there is a slight lag in that."
"The product could be improved by offering a single panel for the management of all Bitdefender products. Additionally, there might be a need to simplify the interface in the future."
"It's not very mature, and additional costs are involved."
"There are areas for improvement, including the difficulty in getting the right handles on the applied email filters."
"The resource consumption is high for Bitdefender GravityZone XDR, nearly using one gigabyte of RAM, especially on Windows 10 and 11."
"The solution’s pricing could be improved."
"Another area of improvement is CPU utilization. CPU utilization could be improved."
 

Pricing and Cost Advice

"Traps pays for itself within the first 16 months of a three-year subscription. This is attributed to OPEX savings, as security teams spent less time trying to identify and isolate malware for analysis as a result of a reduction in malware incidents, false positives, and breach avoidance."
"The solution has one subscription for endpoint protection and one subscription for detection and response. The two licenses combined give you the BRO version."
"When we first bought it, it was a bit expensive, but it was worth it. The licensing was straightforward."
"Very costly product."
"I am using the Community edition."
"Cortex XDR's pricing is ok."
"If one wishes to work with another team or large number of users at a future point, he must purchase a license for them."
"This is an expensive solution."
"When comparing the price of Anomali Enterprise to other solutions it is in the medium to high range. However, I am satisfied with the price."
"It's not the price of the software itself that makes it expensive. It's because you have to buy a VM; you have to buy additional hardware. All those things make it slightly costlier."
"On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a six out of ten."
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Financial Services Firm
13%
Manufacturing Company
9%
Construction Company
8%
Computer Software Company
6%
Computer Software Company
11%
Construction Company
11%
Comms Service Provider
11%
Outsourcing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise52
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise1
Large Enterprise14
No data available
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What is your experience regarding pricing and costs for Anomali Enterprise?
My experience with pricing involved a yearly, two-year contract; I can't specify the setup cost, but it was aligned w...
What needs improvement with Anomali ThreatStream?
I think that Anomali could be improved by addressing a major weakness, which is the issue of its integrators. The cap...
What is your primary use case for Anomali ThreatStream?
My main use case for Anomali in my organization is threat intelligence. We use threat intelligence with Anomali in my...
What needs improvement with Bitdefender GravityZone XDR?
For data correlation, we just haven't worked long enough with it to assess its impact on our overall threat response ...
What is your primary use case for Bitdefender GravityZone XDR?
I am using SentinelOne not for MDR, only for EDR/XDR, because we wanted to use it for MDR, but the threshold for the ...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Match, Lens, ThreatStream, STAXX, Anomali Security Analytics
No data available
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Bank of England, First Energy, UBISOFT, Bank of Hope, Blackhawk Network
Information Not Available
Find out what your peers are saying about Anomali vs. Bitdefender GravityZone XDR and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.