No more typing reviews! Try our Samantha, our new voice AI agent.

Anomali vs Cortex XDR by Palo Alto Networks comparison

Anomali and Palo Alto Networks are both solutions in the Extended Detection and Response (XDR) category. Anomali is ranked #22 with an average rating of 8.5, while Palo Alto Networks is ranked #5 with an average rating of 8.7. Anomali holds a 2.2% mindshare in XDR, compared to Palo Alto Networks’s 4.7% mindshare. Additionally, 80% of Anomali users are willing to recommend the solution, compared to 96% of Palo Alto Networks users who would recommend it.
Anomali
Read 4 Anomali reviews
  • 6,575 Views
  • 1,841 Comparison Views
80% willing to recommend
Cortex XDR by Palo Alto Net...
Read 110 Cortex XDR by Palo Alto Networks reviews
  • 18,655 Views
  • 7,462 Comparison Views
96% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Jan 18, 2026

Anomali and Cortex XDR by Palo Alto Networks compete in cybersecurity solutions. Cortex XDR is favored for its advanced features, providing superior security for businesses requiring comprehensive protection.

Features: Anomali provides real-time threat intelligence, seamless integration with existing tools, and enables organizations to tailor threat intel documents and IOCs according to their needs. Cortex XDR offers advanced endpoint protection, automated threat responses, advanced threat detection capabilities, and seamless integration with multiple data sources, leveraging machine learning for sophisticated threat prevention.

Room for Improvement: Anomali could benefit from reducing deployment timelines and expanding its data set for broader threat analysis. Enhancements in automation features could also boost its competitiveness. Cortex XDR might improve its custom rule functionalities for more granular control and develop its detail capturing capabilities. Also, expanding integration capabilities with third-party apps could enrich the user experience.

Ease of Deployment and Customer Service: Cortex XDR shines with its cloud-based deployment, ensuring quick setup and minimal maintenance, complemented by responsive customer service for efficient issue resolution. Anomali's deployment requires more on-premise planning, which can delay integration, though it compensates with strong customer support for complex integrations.

Pricing and ROI: Anomali offers competitive pricing, appealing to organizations focused on intelligence-driven security, with promising ROI. Cortex XDR has a higher initial cost but delivers substantial ROI through automation, which reduces manual security management and improves incident response, justifying its pricing for comprehensive security investments.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Anomali vs. Cortex XDR by Palo Alto Networks Report (Updated: April 2026).
Buyer's Guide
Anomali vs. Cortex XDR by Palo Alto Networks
April 2026
Download the complete report
Helped 893,438 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Anomali
Ranking in Extended Detection and Response (XDR)
22nd
Average Rating
7.8
Reviews Sentiment
7.2
Number of Reviews
4
Ranking in other categories
Security Information and Event Management (SIEM) (32nd), User Entity Behavior Analytics (UEBA) (12th), Advanced Threat Protection (ATP) (21st), Threat Intelligence Platforms (TIP) (8th)
Cortex XDR by Palo Alto Net...
Ranking in Extended Detection and Response (XDR)
5th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
110
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Endpoint Detection and Response (EDR) (6th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
 

Mindshare comparison

As of May 2026, in the Extended Detection and Response (XDR) category, the mindshare of Anomali is 2.2%, up from 0.2% compared to the previous year. The mindshare of Cortex XDR by Palo Alto Networks is 4.7%, down from 5.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks4.7%
Anomali2.2%
Other93.1%
Extended Detection and Response (XDR)
 

Featured Reviews

CC
ChrisCollins
Enterprise Security Architect V at FirstEnergy
Enables automated threat intelligence sorting and enhances proactive threat hunting capabilities
You have to have at least a threat intelligence background or a SOC analyst background to use it, as that's the information you'll dig around with in there. If you don't have that kind of knowledge, it probably can be a little hard to use, but they do provide training. They offer training not only for how to use the platform but also some basic threat intelligence training to explain what these things are and what these terms mean. My company is a customer of Anomali. I would recommend it to other people. I would advise making sure you don't pick it without testing other products and have your use cases well thought out and documented before testing, so you know it will solve the problems you're trying to address. Keep an open mind with it and realize that whatever you can dream of, you can probably do with the platform. Overall, I would rate Anomali an eight out of ten.
Read full review
ABHISHEK_SINGH - PeerSpot reviewer
ABHISHEK_SINGH
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable aspect of Anomali is the threat modeling capability."
"We now have a very robust collection of threat intelligence based on the capabilities that Anomali provides."
"I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use."
"I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use."
"The feature I have found most valuable is credential monitoring. This feature is easy and quick."
"Palo Alto is one of the tech vendors that always provides top-of-the-line products."
"One of the main benefits of the solution is its intelligence to correlate the events into an incident."
"Threat identification and detection are the most valuable features of this solution."
"The scalability of Cortex XDR by Palo Alto Networks is very good."
"But overall, when we speak about security and protection, they are one of the top providers."
"The positive impacts I see from Cortex XDR by Palo Alto Networks include a complete 360-degree view of our security posture altogether, being a uniform platform where we are ingesting logs from multiple resources."
"It collects and caches and the knowledge of machine learning from different customers to take to the cloud, it makes it better to use for everybody, it allows for quick learning and updates and can, therefore, offer zero-day malware security, and this sharing of metadata helps make the solution very safe."
"Best solution for avoiding security breaches, malware attacks, and other kinds of security issues."
More Cortex XDR by Palo Alto Networks pros
 

Cons

"Anomali Enterprise could improve by combining all the other tools' features into one solution."
"Less code in integration would be nice when building blocks."
"An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsistent, as any company can use any tags for their reporting."
"A lot of tools can give you many features, such as CTI intelligence and a tax service reduction. However, many people are combining different tools together to have more capabilities. It is up to the consumer whether they want to have multiple tools or have one tool that serves the purpose. Anomali Enterprise could improve by combining all the other tools' features into one solution."
"Support in the past has been top-notch, but recent trends indicate that it has taken a back seat, as we often don't get answers for days."
"Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms."
"For Cortex XDR by Palo Alto Networks, if I had to point out improvements, I would say the UI is still somewhat difficult for beginners."
"It would be better if they could educate the customers more. Some sort of seminars and roadshows will help educate the customers and show what the product can do. The price could be better. It would also help if they had a team for deployment and support."
"There is a severe gap in functionality between Windows, Linux, and Mac versions."
"The solution could improve by providing better integration with their own products and others."
"The installation should be easier and the Palo Alto pre-sales and sales teams should have more information on the product because they don't know what they are selling."
"In general, the price could be more competitive."
"The solution should force customers to integrate with network traffic to see the full benefits of XDR."
More Cortex XDR by Palo Alto Networks cons
 

Pricing and Cost Advice

"When comparing the price of Anomali Enterprise to other solutions it is in the medium to high range. However, I am satisfied with the price."
"It has a yearly renewal."
"Cortex XDR is a costly solution."
"The pricing is a little bit on the expensive side."
"I don't have any issues with the pricing. We are satisfied with the price."
"Cortex XDR by Palo Alto Networks is quite an expensive solution."
"Our license will require renewal in August, after which the maintenance will continue as usual."
"It has a higher cost than other solutions, like CrowdStrike or Microsoft’s EDR tools, but it reduces the cost of our operations because it’s a new generation antivirus tool."
"The pricing seems fair, and I do like the licensing model. You use wherever they are, and it is elastic."
More Cortex XDR by Palo Alto Networks pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
See recommendations
893,438 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
14%
Manufacturing Company
7%
Computer Software Company
7%
Construction Company
7%
Financial Services Firm
12%
Construction Company
12%
Comms Service Provider
9%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business2
Midsize Enterprise1
Large Enterprise5
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise20
Large Enterprise49
 

Questions from the Community

What needs improvement with Anomali ThreatStream?
An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsistent, as any company can use any tags for their reporting. Combining all aliases ...
See all answers
What is your primary use case for Anomali ThreatStream?
I use Anomali ( /products/anomali-reviews ) for threat hunting, threat collection, operationalization of intelligence, such as indicators of compromise (IOCs), and dissemination of reports for repo...
See all answers
What advice do you have for others considering Anomali ThreatStream?
For new users, I recommend taking the training provided by Anomali as it is very well articulated. I advise reading the user manual and taking the instructor-led training sessions from the customer...
See all answers
Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to...
See all answers
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions that are very scalable, secure, and user-friendly. Cortex XDR by Palo Alto offers ...
See all answers
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
See all answers
 

Comparisons

ThreatConnect Threat Intelligence Platform (TIP) vs Anomali Logo
ThreatConnect Threat Intelligence Platform (TIP) vs Anomali
Compared 5% of the time
Recorded Future vs Anomali Logo
Recorded Future vs Anomali
Compared 4% of the time
Splunk Enterprise Security vs Anomali Logo
Splunk Enterprise Security vs Anomali
Compared 3% of the time
Hunters vs Anomali Logo
Hunters vs Anomali
Compared 3% of the time
IBM Security QRadar vs Anomali Logo
IBM Security QRadar vs Anomali
Compared 3% of the time
More Anomali Competitors
Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks Logo
Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks
Compared 9% of the time
SentinelOne Singularity Endpoint vs Cortex XDR by Palo Alto Networks Logo
SentinelOne Singularity Endpoint vs Cortex XDR by Palo Alto Networks
Compared 5% of the time
CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks Logo
CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks
Compared 4% of the time
Cortex XSIAM vs Cortex XDR by Palo Alto Networks Logo
Cortex XSIAM vs Cortex XDR by Palo Alto Networks
Compared 3% of the time
Symantec Endpoint Security vs Cortex XDR by Palo Alto Networks Logo
Symantec Endpoint Security vs Cortex XDR by Palo Alto Networks
Compared 3% of the time
More Cortex XDR by Palo Alto Networks Competitors
 

Product Reports

Buyer's Guide
Threat Intelligence Platforms (TIP)
April 2026
Anomali reportDownload Anomali product report
Buyer's Guide
Cortex XDR by Palo Alto Networks
May 2026
Cortex XDR by Palo Alto Networks reportDownload Cortex XDR by Palo Alto Networks product report
 

Also Known As

Match, Lens, ThreatStream, STAXX, Anomali Security Analytics
Cyvera, Cortex XDR, Palo Alto Networks Traps
 

Overview

Anomali delivers user-friendly cyber threat intelligence, offering concise insights with robust capabilities for evolving scenarios.

Anomali offers a powerful platform for cyber threat intelligence, allowing organizations to efficiently stream and analyze threat feeds. It excels in threat modeling, prioritizing intelligence, and supporting large-scale automation through its API, fostering a proactive security approach.

What are Anomali's Key Features?
  • Threat Intelligence: Provides concise and user-friendly intelligence.
  • Threat Modeling: Enables prioritization and efficient organization of intelligence.
  • Credential Monitoring: Performs quickly with efficient dataset handling.
  • API Automation: Supports large-scale automation for robust intelligence management.
  • Adaptability: Offers capabilities to grow beyond initial use cases.
Which Benefits or ROI Should Users Consider?
  • Efficient Intelligence Collection: Quickly gathers and organizes data for use.
  • Enhanced Threat Analysis: Correlates data effectively for proactive security.
  • Automation Support: Saves time with extensive API capabilities.
  • Scalability: Adapts and scales with emerging security needs.

Anomali serves as a crucial tool for threat intelligence in industries ranging from finance to healthcare. Organizations stream threat feeds into Anomali to correlate and aggregate data, enhancing security measures and facilitating thorough threat investigations. Its adaptability makes it suitable across different sectors.

Anomali

Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.

Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall integration, and enhanced visibility in both cloud-based and on-premises environments.

What are the key features of Cortex XDR?
  • Advanced Threat Detection: Uses AI and machine learning for proactive threat identification.
  • Multi-layered Security: Combines various security measures for comprehensive protection.
  • Endpoint Protection: Safeguards against malware and exploits.
  • Behavioral Analysis: Monitors suspicious activity for early detection.
  • Automatic Threat Response: Automates responses to neutralize threats.
What benefits should users expect?
  • Ease of Use: Simplifies security management with intuitive design.
  • Resource Efficiency: Minimizes impact on system resources.
  • Integration Capabilities: Works well with existing security setups.
  • Reduced Analyst Workload: Automates processes to decrease manual intervention.

Organizations in diverse sectors deploy Cortex XDR to protect against malware, leveraging its advanced threat detection capabilities. Its integration with existing security infrastructures appeals to those seeking comprehensive protection in both cloud and on-premises environments, providing enhanced visibility and threat intelligence.

Palo Alto Networks
 

Sample Customers

Bank of England, First Energy, UBISOFT, Bank of Hope, Blackhawk Network
CBI Health Group, University Honda, VakifBank
Buyer's Guide
Anomali vs. Cortex XDR by Palo Alto Networks
April 2026
Free Report: Anomali vs. Cortex XDR by Palo Alto Networks
Find out what your peers are saying about Anomali vs. Cortex XDR by Palo Alto Networks and other solutions. Updated: April 2026.
DOWNLOAD NOW
893,438 professionals have used our research since 2012.
See our Anomali vs. Cortex XDR by Palo Alto Networks report.
See our list of best Extended Detection and Response (XDR) vendors.

We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.