Anomali vs Cortex XDR by Palo Alto Networks comparison

Anomali and Palo Alto Networks are both solutions in the Extended Detection and Response (XDR) category. Anomali is ranked #23 with an average rating of 8.5, while Palo Alto Networks is ranked #6 with an average rating of 8.6. Anomali holds a 1.8% mindshare in XDR, compared to Palo Alto Networks’s 4.9% mindshare. Additionally, 80% of Anomali users are willing to recommend the solution, compared to 96% of Palo Alto Networks users who would recommend it.

Anomali

Read 4 Anomali reviews

4,409 Views
1,102 Comparison Views

80% willing to recommend

Cortex XDR by Palo Alto Net...

Read 108 Cortex XDR by Palo Alto Networks reviews

14,649 Views
6,006 Comparison Views

96% willing to recommend

Anomali

Cortex XDR by Palo Alto Net...

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jan 18, 2026

Anomali and Cortex XDR by Palo Alto Networks compete in cybersecurity solutions. Cortex XDR is favored for its advanced features, providing superior security for businesses requiring comprehensive protection.

Features: Anomali provides real-time threat intelligence, seamless integration with existing tools, and enables organizations to tailor threat intel documents and IOCs according to their needs. Cortex XDR offers advanced endpoint protection, automated threat responses, advanced threat detection capabilities, and seamless integration with multiple data sources, leveraging machine learning for sophisticated threat prevention.

Room for Improvement: Anomali could benefit from reducing deployment timelines and expanding its data set for broader threat analysis. Enhancements in automation features could also boost its competitiveness. Cortex XDR might improve its custom rule functionalities for more granular control and develop its detail capturing capabilities. Also, expanding integration capabilities with third-party apps could enrich the user experience.

Ease of Deployment and Customer Service: Cortex XDR shines with its cloud-based deployment, ensuring quick setup and minimal maintenance, complemented by responsive customer service for efficient issue resolution. Anomali's deployment requires more on-premise planning, which can delay integration, though it compensates with strong customer support for complex integrations.

Pricing and ROI: Anomali offers competitive pricing, appealing to organizations focused on intelligence-driven security, with promising ROI. Cortex XDR has a higher initial cost but delivers substantial ROI through automation, which reduces manual security management and improves incident response, justifying its pricing for comprehensive security investments.

To learn more, read our detailed Anomali vs. Cortex XDR by Palo Alto Networks Report (Updated: February 2026).

Buyer's Guide

Anomali vs. Cortex XDR by Palo Alto Networks

February 2026

Download the complete report

Helped 885,264 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Anomali

Ranking in Extended Detection and Response (XDR)

23rd

Average Rating

7.8

Reviews Sentiment

7.2

Number of Reviews

Ranking in other categories

Security Information and Event Management (SIEM) (32nd), User Entity Behavior Analytics (UEBA) (12th), Advanced Threat Protection (ATP) (20th), Threat Intelligence Platforms (TIP) (7th)

Cortex XDR by Palo Alto Net...

Ranking in Extended Detection and Response (XDR)

6th

Average Rating

8.4

Reviews Sentiment

6.8

Number of Reviews

108

Ranking in other categories

Endpoint Protection Platform (EPP) (5th), Endpoint Detection and Response (EDR) (7th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (2nd)

Mindshare comparison

As of March 2026, in the Extended Detection and Response (XDR) category, the mindshare of Anomali is 1.8%, up from 0.2% compared to the previous year. The mindshare of Cortex XDR by Palo Alto Networks is 4.9%, down from 5.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Extended Detection and Response (XDR) Mindshare Distribution
Product	Mindshare (%)
Cortex XDR by Palo Alto Networks	4.9%
Anomali	1.8%
Other	93.3%

Extended Detection and Response (XDR)

Featured Reviews

ChrisCollins

Enterprise Security Architect V at FirstEnergy

Enables automated threat intelligence sorting and enhances proactive threat hunting capabilities

You have to have at least a threat intelligence background or a SOC analyst background to use it, as that's the information you'll dig around with in there. If you don't have that kind of knowledge, it probably can be a little hard to use, but they do provide training. They offer training not only for how to use the platform but also some basic threat intelligence training to explain what these things are and what these terms mean. My company is a customer of Anomali. I would recommend it to other people. I would advise making sure you don't pick it without testing other products and have your use cases well thought out and documented before testing, so you know it will solve the problems you're trying to address. Keep an open mind with it and realize that whatever you can dream of, you can probably do with the platform. Overall, I would rate Anomali an eight out of ten.

Read full review

ABHISHEK_SINGH

Senior Process Expert at A.P. Moller - Maersk

Gained full visibility and streamlined threat detection through behavior-based insights and AI integration

Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use."

"The feature I have found most valuable is credential monitoring. This feature is easy and quick."

"I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use."

"We now have a very robust collection of threat intelligence based on the capabilities that Anomali provides."

"The most valuable aspect of Anomali is the threat modeling capability."

"Best solution for avoiding security breaches, malware attacks, and other kinds of security issues."

"It's a perfect solution. It integrates well into the environment."

"The policy configuration is great, the granularity of policies that are available is very helpful, it is straightforward to set up, and it has pretty much everything we need and works well within the Palo Alto ecosystem."

"The positive impacts I see from Cortex XDR by Palo Alto Networks include a complete 360-degree view of our security posture altogether, being a uniform platform where we are ingesting logs from multiple resources."

"The most valuable feature of Cortex XDR by Palo Alto Networks is its machine-learning capabilities. Additionally, there is full integration with other solutions."

"The dashboard is customizable."

"The main benefit of using Cortex XDR by Palo Alto Networks while employing Palo Alto Firewall at the internet edge is that it improves security on our endpoint devices, integrating seamlessly with Palo Alto Firewalls to deliver comprehensive network, analyst, and security details all in a single dashboard, which allows us to manage everything from our network devices."

"Cortex is the best solution for avoiding security breaches, malware attacks, and other kinds of security issues."

More Cortex XDR by Palo Alto Networks pros

Cons

"Support in the past has been top-notch, but recent trends indicate that it has taken a back seat, as we often don't get answers for days."

"A lot of tools can give you many features, such as CTI intelligence and a tax service reduction. However, many people are combining different tools together to have more capabilities. It is up to the consumer whether they want to have multiple tools or have one tool that serves the purpose. Anomali Enterprise could improve by combining all the other tools' features into one solution."

"Anomali Enterprise could improve by combining all the other tools' features into one solution."

"Less code in integration would be nice when building blocks."

"An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsistent, as any company can use any tags for their reporting."

"If he is using a smaller company, he can depend on some other tools because Cortex XDR by Palo Alto Networks is a bit expensive."

"Basically, they don't provide customer support tools just to investigate the logs."

"A little bit more automation would be nice."

"Cortex XDR could improve its sales support team, including better commission structures and referral programs."

"The dashboard could use some significant improvement, just making it more useful with more information. It has a limited amount of information right now. It is customizable, but I'd love to see a better out-of-box dashboard."

"Cortex XDR could be improved with more GUI features."

"There are a large number of false positives."

"When it comes to core analysis and security analysis, Cortex needs to provide more information."

More Cortex XDR by Palo Alto Networks cons

Pricing and Cost Advice

"When comparing the price of Anomali Enterprise to other solutions it is in the medium to high range. However, I am satisfied with the price."

"The price of the solution is high for the license and in general."

"It's the most expensive solution, but features-wise, it's quite strong. It's very good for protection, so the results are very good in the case of protection. I would rate it a two out of ten in terms of pricing."

"Every customer has to pay for a license because it doesn't work with what you get from a managed services provider."

"It is "expensive" and flexible."

"The price was fine."

"I feel it is fairly priced."

"I did PoCs on products called Cylance and CrowdStrike. Although, I consider these products and they were also good, when it come to cost and budgetary factors, Traps has been proven to be better than the other two products. It is quite cost-effective and delivers all the entire solution which we require."

"It has reasonable pricing for the use cases it provides to the company."

More Cortex XDR by Palo Alto Networks pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.

See recommendations

885,264 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

16%

Manufacturing Company

Educational Organization

Computer Software Company

Manufacturing Company

Computer Software Company

Financial Services Firm

Comms Service Provider

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	2
Midsize Enterprise	1
Large Enterprise	5

By reviewers
Company Size	Count
Small Business	44
Midsize Enterprise	20
Large Enterprise	47

Questions from the Community

What needs improvement with Anomali ThreatStream?

An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsistent, as any company can use any tags for their reporting. Combining all aliases ...

See all answers

What is your primary use case for Anomali ThreatStream?

I use Anomali ( /products/anomali-reviews ) for threat hunting, threat collection, operationalization of intelligence, such as indicators of compromise (IOCs), and dissemination of reports for repo...

See all answers

What advice do you have for others considering Anomali ThreatStream?

For new users, I recommend taking the training provided by Anomali as it is very well articulated. I advise reading the user manual and taking the instructor-led training sessions from the customer...

See all answers

Cortex XDR by Palo Alto vs. Sentinel One

Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to...

See all answers

Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)

Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions that are very scalable, secure, and user-friendly. Cortex XDR by Palo Alto offers ...

See all answers

How is Cortex XDR compared with Microsoft Defender?

Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...

See all answers

Comparisons

Recorded Future vs Anomali

Compared 6% of the time

ThreatConnect Threat Intelligence Platform (TIP) vs Anomali

Compared 6% of the time

Splunk Enterprise Security vs Anomali

Compared 4% of the time

IBM Security QRadar vs Anomali

Compared 3% of the time

TrendAI Vision One – Network Security vs Anomali

Compared 3% of the time

More Anomali Competitors

Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks

Compared 9% of the time

SentinelOne Singularity Complete vs Cortex XDR by Palo Alto Networks

Compared 6% of the time

CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

Cortex XSIAM vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

Symantec Endpoint Security vs Cortex XDR by Palo Alto Networks

Compared 3% of the time

More Cortex XDR by Palo Alto Networks Competitors

Product Reports

Buyer's Guide

Threat Intelligence Platforms (TIP)

March 2026

Download Anomali product report

Buyer's Guide

Cortex XDR by Palo Alto Networks

March 2026

Download Cortex XDR by Palo Alto Networks product report

Also Known As

Match, Lens, ThreatStream, STAXX, Anomali Security Analytics

Cyvera, Cortex XDR, Palo Alto Networks Traps

Overview

Anomali delivers advanced threat intelligence solutions designed to enhance security operations by providing comprehensive visibility into threats and enabling real-time threat detection and management.

Anomali stands out in threat intelligence, offering an innovative platform that integrates data to identify and analyze threats effectively. It enables teams to streamline threat detection processes and respond to incidents with increased agility. With a focus on accuracy and efficiency, Anomali supports cybersecurity professionals in making informed decisions to safeguard their networks consistently.

What are Anomali's core features?

ThreatStream: A platform that aggregates threat intelligence feeds to enhance threat assessment.
Match: An automated detection feature that matches internal log data against threat intelligence insights.
Link: Provides graphical visualization for threat analysis, helping to understand threat vectors better.
STAXX: A lightweight tool for collecting and analyzing open-source threat intelligence.

What are the key benefits and ROI of using Anomali?

Improved Threat Detection: Streamlined processes lead to faster identification and response to threats.
Resource Efficiency: Automation reduces manual tasks, allowing security teams to focus on strategic activities.
Better Decision Making: Provides actionable insights that enable more informed security strategies.

In industries like finance and healthcare, Anomali is implemented to address specific challenges like compliance and data protection. By using this platform, organizations gain the ability to adapt to evolving threats, ensuring robust and adaptable security postures tailored to industry demands.

Anomali

Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.

Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall integration, and enhanced visibility in both cloud-based and on-premises environments.

What are the key features of Cortex XDR?

Advanced Threat Detection: Uses AI and machine learning for proactive threat identification.
Multi-layered Security: Combines various security measures for comprehensive protection.
Endpoint Protection: Safeguards against malware and exploits.
Behavioral Analysis: Monitors suspicious activity for early detection.
Automatic Threat Response: Automates responses to neutralize threats.

What benefits should users expect?

Ease of Use: Simplifies security management with intuitive design.
Resource Efficiency: Minimizes impact on system resources.
Integration Capabilities: Works well with existing security setups.
Reduced Analyst Workload: Automates processes to decrease manual intervention.

Organizations in diverse sectors deploy Cortex XDR to protect against malware, leveraging its advanced threat detection capabilities. Its integration with existing security infrastructures appeals to those seeking comprehensive protection in both cloud and on-premises environments, providing enhanced visibility and threat intelligence.

Palo Alto Networks

Sample Customers

Bank of England, First Energy, UBISOFT, Bank of Hope, Blackhawk Network

CBI Health Group, University Honda, VakifBank

Buyer's Guide

Anomali vs. Cortex XDR by Palo Alto Networks

February 2026

Free Report: Anomali vs. Cortex XDR by Palo Alto Networks

Find out what your peers are saying about Anomali vs. Cortex XDR by Palo Alto Networks and other solutions. Updated: February 2026.

DOWNLOAD NOW

885,264 professionals have used our research since 2012.

See our Anomali vs. Cortex XDR by Palo Alto Networks report.

See our list of best Extended Detection and Response (XDR) vendors.

We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.