Anomali vs Cortex XDR by Palo Alto Networks comparison

Anomali and Palo Alto Networks are both solutions in the Extended Detection and Response (XDR) category. Anomali is ranked #27 with an average rating of 8.5, while Palo Alto Networks is ranked #7 with an average rating of 8.7. Anomali holds a 0.4% mindshare in XDR, compared to Palo Alto Networks’s 5.5% mindshare. Additionally, 80% of Anomali users are willing to recommend the solution, compared to 95% of Palo Alto Networks users who would recommend it.

Anomali

Read 4 Anomali reviews

2,282 Views
251 Comparison Views

80% willing to recommend

Cortex XDR by Palo Alto Net...

Read 91 Cortex XDR by Palo Alto Networks reviews

16,840 Views
6,399 Comparison Views

95% willing to recommend

Anomali

Cortex XDR by Palo Alto Net...

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jul 6, 2025

Anomali and Cortex XDR are rival cybersecurity solutions focused on threat detection and response. Cortex XDR has an advantage in endpoint security with its robust detection and response capabilities.

Features: Anomali is noted for its comprehensive threat intelligence data, useful for enhanced threat detection and research. Its threat modeling offers the ability to prioritize intelligence requirements. Support for automation via the Anomali API enables efficient processing of threat intelligence. Cortex XDR features strong endpoint protection, preventing fileless attacks and integrating well with other Palo Alto Networks products. Its behavior-based detection identifies zero-day threats and automatic event correlation aids in security management.

Room for Improvement: Anomali can improve its data set to compete with larger solutions and enhance its integration flexibility further. Enhancing credential monitoring and automation features could also be beneficial. Cortex XDR could refine its interface for greater simplicity and increase compatibility with third-party tools. Further development in endpoint management functionalities may provide an improved user experience. Streamlining its pricing plans might make it more accessible.

Ease of Deployment and Customer Service: Anomali's flexible deployment supports integration with diverse environments, although it may pose challenges for some complex settings. Its customer service has room for improvement in responsiveness. Cortex XDR's cloud-based approach offers simple deployment and integrates seamlessly with existing Palo Alto products, backed by comprehensive customer support, making the initial setup smoother for many organizations.

Pricing and ROI: Anomali provides competitive pricing with lower setup costs, ensuring a quick return on investment through its powerful threat intelligence capabilities. Conversely, Cortex XDR, with potentially higher initial costs, offers substantial ROI by delivering superior endpoint protection and integrated security solutions. Its cost is justified through the advanced features and comprehensive security it provides to organizations prioritizing endpoint security.

To learn more, read our detailed Anomali vs. Cortex XDR by Palo Alto Networks Report (Updated: July 2025).

Buyer's Guide

Anomali vs. Cortex XDR by Palo Alto Networks

July 2025

Download the complete report

Helped 865,384 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Anomali

Ranking in Extended Detection and Response (XDR)

27th

Average Rating

7.8

Reviews Sentiment

7.2

Number of Reviews

Ranking in other categories

Security Information and Event Management (SIEM) (33rd), User Entity Behavior Analytics (UEBA) (18th), Advanced Threat Protection (ATP) (22nd), Threat Intelligence Platforms (8th)

Cortex XDR by Palo Alto Net...

Ranking in Extended Detection and Response (XDR)

7th

Average Rating

8.4

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

Endpoint Protection Platform (EPP) (5th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (4th)

Mindshare comparison

As of August 2025, in the Extended Detection and Response (XDR) category, the mindshare of Anomali is 0.4%, up from 0.1% compared to the previous year. The mindshare of Cortex XDR by Palo Alto Networks is 5.5%, down from 5.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Extended Detection and Response (XDR)

Featured Reviews

ChrisCollins

Enterprise Security Architect V at FirstEnergy

Enables automated threat intelligence sorting and enhances proactive threat hunting capabilities

You have to have at least a threat intelligence background or a SOC analyst background to use it, as that's the information you'll dig around with in there. If you don't have that kind of knowledge, it probably can be a little hard to use, but they do provide training. They offer training not only for how to use the platform but also some basic threat intelligence training to explain what these things are and what these terms mean. My company is a customer of Anomali. I would recommend it to other people. I would advise making sure you don't pick it without testing other products and have your use cases well thought out and documented before testing, so you know it will solve the problems you're trying to address. Keep an open mind with it and realize that whatever you can dream of, you can probably do with the platform. Overall, I would rate Anomali an eight out of ten.

Read full review

NiteshSharma

Pre-Sales Architect at network techlab

Automated threat response and behavioral control improve security measures

I recommend adding a data loss prevention (DLP) solution to Cortex XDR by Palo Alto Networks. The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products. Additionally, multi-tenancy and multi-cloud features are not available and should be considered for inclusion.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use."

"The most valuable aspect of Anomali is the threat modeling capability."

"The feature I have found most valuable is credential monitoring. This feature is easy and quick."

"We now have a very robust collection of threat intelligence based on the capabilities that Anomali provides."

"It is an easy-to-use tool."

"The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical."

"If the user leaves our premises or network, Palo Alto Traps will still be on that endpoint and will still apply our policies."

"Best solution for avoiding security breaches, malware attacks, and other kinds of security issues."

"The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly. The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that."

"From a single pane of glass, you can easily manage all of your endpoints."

"I like the centralized console and the predictive analysis it does of malware. It is very stable and also scalable."

"The most valuable feature of Cortex XDR by Palo Alto Networks is the low consumption of system resources. The solution uses a lot of AI and machine learning."

More Cortex XDR by Palo Alto Networks pros

Cons

"Less code in integration would be nice when building blocks."

"A lot of tools can give you many features, such as CTI intelligence and a tax service reduction. However, many people are combining different tools together to have more capabilities. It is up to the consumer whether they want to have multiple tools or have one tool that serves the purpose. Anomali Enterprise could improve by combining all the other tools' features into one solution."

"Support in the past has been top-notch, but recent trends indicate that it has taken a back seat, as we often don't get answers for days."

"An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsistent, as any company can use any tags for their reporting."

"The setup is quite easy. We had appropriate support from the manager. One thing that was missing was the integration part."

"Cortex does not offer an on-premises solution. However, some customers would prefer not to be on the cloud. It would be ideal if it could offer something on-prem as well."

"It automatically detects security issues. It should be able to protect our network devices while operating autonomously."

"In reporting they should have a customizable dashboard due to the fact that C-level people don't like reporting to the IT department. They prefer to have a real-time dashboard. That kind of dashboard needs to have various customizations."

"They are charging for Network Traffic Analyzer (NTA) services, so if the per GB data could be provided at a certain level free of cost or at the same cost which the customer is taking for the entire bundle, that would be better."

"Cortex XDR by Palo Alto Networks can improve mobile integration to allow access to the console."

"Cortex XDR could improve its sales support team, including better commission structures and referral programs."

"Currently, we are monitoring all USB drives and ports but we would like to improve our device control capabilities."

More Cortex XDR by Palo Alto Networks cons

Pricing and Cost Advice

"When comparing the price of Anomali Enterprise to other solutions it is in the medium to high range. However, I am satisfied with the price."

"It's the most expensive solution, but features-wise, it's quite strong. It's very good for protection, so the results are very good in the case of protection. I would rate it a two out of ten in terms of pricing."

"Its pricing is kind of in line with its competitors and everybody else out there."

"It has a higher cost than other solutions, like CrowdStrike or Microsoft’s EDR tools, but it reduces the cost of our operations because it’s a new generation antivirus tool."

"Traps pays for itself within the first 16 months of a three-year subscription. This is attributed to OPEX savings, as security teams spent less time trying to identify and isolate malware for analysis as a result of a reduction in malware incidents, false positives, and breach avoidance."

"When we first bought it, it was a bit expensive, but it was worth it. The licensing was straightforward."

"It's way too expensive, but security is expensive. You pay for your licensing, and then you pay for someone to monitor the stuff."

"It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable."

"I am using the Community edition."

More Cortex XDR by Palo Alto Networks pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.

See recommendations

865,384 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

17%

Computer Software Company

13%

Government

Insurance Company

Computer Software Company

13%

Financial Services Firm

Manufacturing Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What needs improvement with Anomali ThreatStream?

An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsistent, as any company can use any tags for their reporting. Combining all aliases ...

See all answers

What is your primary use case for Anomali ThreatStream?

I use Anomali ( /products/anomali-reviews ) for threat hunting, threat collection, operationalization of intelligence, such as indicators of compromise (IOCs), and dissemination of reports for repo...

See all answers

What advice do you have for others considering Anomali ThreatStream?

For new users, I recommend taking the training provided by Anomali as it is very well articulated. I advise reading the user manual and taking the instructor-led training sessions from the customer...

See all answers

Cortex XDR by Palo Alto vs. Sentinel One

Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to...

See all answers

Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)

Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions that are very scalable, secure, and user-friendly. Cortex XDR by Palo Alto offers ...

See all answers

How is Cortex XDR compared with Microsoft Defender?

Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...

See all answers

Comparisons

ThreatConnect Threat Intelligence Platform (TIP) vs Anomali

Compared 20% of the time

Recorded Future vs Anomali

Compared 17% of the time

ThreatQ vs Anomali

Compared 13% of the time

Splunk Enterprise Security vs Anomali

Compared 11% of the time

SOCRadar Extended Threat Intelligence vs Anomali

Compared 6% of the time

More Anomali Competitors

Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks

Compared 10% of the time

CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks

Compared 6% of the time

SentinelOne Singularity Complete vs Cortex XDR by Palo Alto Networks

Compared 5% of the time

Cortex XSIAM vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

Wazuh vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

More Cortex XDR by Palo Alto Networks Competitors

Product Reports

Buyer's Guide

Threat Intelligence Platforms

July 2025

Download Anomali product report

Buyer's Guide

Cortex XDR by Palo Alto Networks

August 2025

Download Cortex XDR by Palo Alto Networks product report

Also Known As

Match, Lens, ThreatStream, STAXX, Anomali Security Analytics

Cyvera, Cortex XDR, Palo Alto Networks Traps

Overview

Anomali delivers advanced threat intelligence solutions designed to enhance security operations by providing comprehensive visibility into threats and enabling real-time threat detection and management.

Anomali stands out in threat intelligence, offering an innovative platform that integrates data to identify and analyze threats effectively. It enables teams to streamline threat detection processes and respond to incidents with increased agility. With a focus on accuracy and efficiency, Anomali supports cybersecurity professionals in making informed decisions to safeguard their networks consistently.

What are Anomali's core features?

ThreatStream: A platform that aggregates threat intelligence feeds to enhance threat assessment.
Match: An automated detection feature that matches internal log data against threat intelligence insights.
Link: Provides graphical visualization for threat analysis, helping to understand threat vectors better.
STAXX: A lightweight tool for collecting and analyzing open-source threat intelligence.

What are the key benefits and ROI of using Anomali?

Improved Threat Detection: Streamlined processes lead to faster identification and response to threats.
Resource Efficiency: Automation reduces manual tasks, allowing security teams to focus on strategic activities.
Better Decision Making: Provides actionable insights that enable more informed security strategies.

In industries like finance and healthcare, Anomali is implemented to address specific challenges like compliance and data protection. By using this platform, organizations gain the ability to adapt to evolving threats, ensuring robust and adaptable security postures tailored to industry demands.

Anomali

Cortex XDR by Palo Alto Networks delivers comprehensive endpoint security, integrating well with other systems to offer robust threat detection and real-time protection through AI-driven analytics.

Cortex XDR by Palo Alto Networks offers advanced endpoint protection and threat detection through AI and behavior-based analytics. Its user-friendly design simplifies integration with firewalls, delivering multi-layered protection with low resource consumption. Valued for policy management, USB control, and incident correlation, Cortex XDR enhances threat management and real-time threat hunting capabilities. However, users note challenges with third-party integration, reporting, and dashboard automation. Agent performance across operating systems and memory consumption are areas for improvement, alongside reducing false positives and simplifying endpoint management and setup.

What features does Cortex XDR offer?

Behavior-Based Detection: Analyzes user behavior to identify suspicious activities.
AI Analytics: Utilizes AI for accurate threat detection and response.
Real-Time Protection: Provides immediate defense against threats.
Policy Management: Allows customization of security policies across endpoints.
USB Control: Regulates USB device access for added security.
Incident Correlation: Connects and analyzes various security events for better response.
Firewall Integration: Seamlessly works with firewalls for enhanced security.
Machine Learning Capabilities: Continuously improves threat detection precision.

What benefits should be considered in reviews?

Low Resource Consumption: Efficient security functions without taxing system resources.
Multi-Layered Protection: Comprehensive security across multiple attack vectors.
User-Friendly Interface: Intuitive design for easier management.
Enhanced Threat Management: Identifies and mitigates threats effectively.
Real-Time Threat Hunting: Proactively searches for and mitigates potential threats.

Cortex XDR is crucial in industries requiring robust endpoint protection, such as finance, healthcare, and technology. It supports malware detection, behavioral analysis, and ransomware mitigation across endpoints, including remote work environments, providing comprehensive threat visibility and security policy management. The solution's integration with firewalls and specialized industry requirements enhances security posture in diverse operational settings.

Palo Alto Networks

Sample Customers

Bank of England, First Energy, UBISOFT, Bank of Hope, Blackhawk Network

CBI Health Group, University Honda, VakifBank

Buyer's Guide

Anomali vs. Cortex XDR by Palo Alto Networks

July 2025

Free Report: Anomali vs. Cortex XDR by Palo Alto Networks

Find out what your peers are saying about Anomali vs. Cortex XDR by Palo Alto Networks and other solutions. Updated: July 2025.

DOWNLOAD NOW

865,384 professionals have used our research since 2012.

See our Anomali vs. Cortex XDR by Palo Alto Networks report.

See our list of best Extended Detection and Response (XDR) vendors.

We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.