


Anomali and Intercept X Endpoint compete in cybersecurity, focusing on threat intelligence and endpoint protection respectively. Intercept X Endpoint appears to have an advantage based on stronger security features, although Anomali offers better pricing and support satisfaction.
Features: Anomali's threat detection relies on strong data analytics, threat modeling, and API integration for automation, making it highly adaptable. Intercept X Endpoint features advanced endpoint protection, deep learning malware detection, anti-ransomware capabilities, and machine learning for threat detection, ensuring comprehensive safety.
Room for Improvement: Anomali could enhance its threat intelligence dataset and refine integration processes to improve speed and efficiency. Improving automation features and simplifying user interface navigation can also be considered. Intercept X Endpoint could reduce resource consumption to avoid slowing down machines, improve QUIC protocol web filtering, and refine automated threat response times for enhanced performance and usability.
Ease of Deployment and Customer Service: Anomali offers straightforward deployment backed by proactive customer service for timely technical issue resolution. Intercept X Endpoint also ensures an easy setup with efficient support, emphasizing helpful installation guidance and proactive assistance during configuration.
Pricing and ROI: Anomali attracts budget-conscious buyers with cost-effective pricing and satisfactory ROI. Intercept X Endpoint, priced higher, demonstrates substantial ROI through its superior security features, appealing to organizations prioritizing robust endpoint protection despite the cost.
They appreciate the rich telemetry data from the solution, as it provides in-depth threat identification.
Cortex XDR by Palo Alto Networks helps to reduce my total cost of ownership significantly.
In Cortex XDR by Palo Alto Networks, most of the remediation is automated and the accuracy is quite good.
Analyst productivity has improved significantly, with hours saved because of automation and AI-driven work that Anomali performs.
Anomali provides us with a very cost-effective value compared to the market, and I would rate it ten out of ten for return on investment metrics.
There is a return on investment concerning time and effort saved by 40% after implementing Anomali.
I have seen a return on investment with Intercept X Endpoint.
The technical support from Palo Alto deserves a mark of ten because they reach out within an hour whenever assistance is needed.
There is no back and forth, and they know what we are asking for and come up with the best resolution for a solution.
If any of these services are missed, it becomes a problem in terms of support tickets, follow-up, or special configuration that needs to be done in the system.
They have strong onboarding and deployment assistance, provide a dedicated technical account manager for large customers, and engage in regular product updates and customer interaction.
The technical support at Anomali is excellent.
It doesn't seem very professional how they're handling support anymore.
Technical support from Sophos is rated as nine out of ten, which represents high quality.
There are issues with onboarding technical engineers to resolve problems, which causes delays.
When you are in real deep trouble, you just want to get out of it; you don't need so many jargons.
You can onboard 10,000 endpoints in just hours, which demonstrates the excellent scalability of this product.
Activating the newly purchased licenses is instantaneous, allowing installations without adjustments since it's cloud-based.
Cortex XDR by Palo Alto Networks can be expanded anytime by purchasing another license without any issues related to scalability.
The scalability is massive, allowing us to store millions of indicators.
I believe Anomali's scalability is good; whether it is an organization for ten people or one hundred thousand people, the job a threat intel platform has to do will be the same.
Anomali's scalability is impressive as a mature platform capable of processing large amounts of threat intelligence and indicators of compromise data.
The customer support is scalable because if we take licenses for fifty machines and later purchase one hundred fifty more, we can increase our licensing with the support team.
The tool's scalability is good, and I would rate it an eight out of ten.
Intercept X Endpoint's scalability is good.
Cortex remains fast and responsive, even with increasing data and alerts.
The thresholds we've seen on our firewall boxes at some instances reached 80% to 85%, but even at that level of utilization, we don't observe any latency or any issues reported with respect to accessing the application.
Cortex XDR by Palo Alto Networks can be trusted completely.
From a reliability perspective, Anomali consistently injects threat feeds, works on automation, performs reliable API integrations, and supports enterprise scale globally.
For example, while Microsoft allows ample time for users to adapt to deprecated features, Anomali only gave us three weeks before switching, so they need to be more cognizant of customer use cases from their engineering side.
The good thing is that they have a health check page, and if any issues arise, they notify us.
In terms of stability, I would rate Intercept X Endpoint an eight out of ten.
To improve Intercept X Endpoint performance, upgrades in RAM and other system features are needed.
Improving reporting and dashboard customization, along with the addition of real-time and exportable reports, would help SOC teams greatly.
The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products.
If the per GB data could be provided at a certain level free of cost or at the same cost which the customer is taking for the entire bundle, that would be better.
Combining all aliases into a coherent solution would be beneficial, as we had to review each individual source ourselves.
Anomali should increase their capability to fetch details from various dark web solutions where threat actors post compromised credentials.
Anomali's ability to correlate and integrate different Threat Intel platforms, such as Mandiant and PolySwarm, is another valuable feature, removing duplicacy and enabling the application of specific IOCs across various security controls.
There should be a profile where I can see what files Sophos is scanning.
Intercept X Endpoint's anti-ransomware capabilities failed us during a bad attack, and just because of our own backup policies, we could restore our normal operations.
Intercept X Endpoint sometimes slows down machines due to high CPU utilization and significant RAM consumption during scanning.
The pricing on SentinelOne is far more reasonable and cheaper than Cortex XDR by Palo Alto Networks.
I would say it is definitely not a cheap product, considering how mature it is and how scalable all Palo Alto products are together.
Compared to CrowdStrike, which is very costly, and SentinelOne, which is also very costly, Cortex XDR by Palo Alto Networks is a medium cost-efficient solution.
Pricing and licensing are good, but the costs for purchasing threat feeds are somewhat complicated and a bit on the higher side.
My experience with Anomali's pricing is that it is higher compared to other open-source alternatives.
My experience with pricing, setup cost, and licensing is that there are not many follow-ups, but once we interacted with the product team or the leadership of Anomali, they managed a lot with us, and it all paid off to reach a conclusion that we would continue with this product.
It is quite costly when measuring Intercept X Endpoint's protective capabilities against zero-day attacks.
The setup costs and licensing for Sophos Intercept X Endpoint are good.
The pricing of Intercept X Endpoint is a bit high.
It incorporates AI for normal behavior detection, distinguishing unusual operations.
The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs.
It includes machine learning to easily analyze data and detect complex threats across endpoints, networks, or clouds.
Regarding integration, Anomali has capabilities to integrate with different downstream applications such as Palo Alto, allowing us to create playbooks to block domains, URLs, or IPs directly within the firewall.
Correlating IOCs with the telemetry data we are ingesting from our data sources allows us to pull monthly reports identifying how many assets and users interacted with malicious content, giving insight into whether communications failed or users accessed restricted content, providing complete visibility of the IOCs traveling throughout our environment.
It aggregates intelligence from hundreds of sources, automatically de-duplicates, applies risk scoring, applies context, and reduces much manual effort.
The stronger the AI/ML in an endpoint, the better the protection against unknown threats.
Intercept X Endpoint is the only endpoint security product I know that provides content filtering and application controls.
Intercept X Endpoint offers multiple features, including the Threat Analysis Center, remote run ransomware protection, and CryptoGuard.
| Product | Mindshare (%) |
|---|---|
| Cortex XDR by Palo Alto Networks | 4.6% |
| Anomali | 2.5% |
| Intercept X Endpoint | 1.3% |
| Other | 91.6% |


| Company Size | Count |
|---|---|
| Small Business | 46 |
| Midsize Enterprise | 21 |
| Large Enterprise | 53 |
| Company Size | Count |
|---|---|
| Small Business | 4 |
| Midsize Enterprise | 1 |
| Large Enterprise | 14 |
| Company Size | Count |
|---|---|
| Small Business | 76 |
| Midsize Enterprise | 21 |
| Large Enterprise | 22 |
Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.
Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall integration, and enhanced visibility in both cloud-based and on-premises environments.
What are the key features of Cortex XDR?Organizations in diverse sectors deploy Cortex XDR to protect against malware, leveraging its advanced threat detection capabilities. Its integration with existing security infrastructures appeals to those seeking comprehensive protection in both cloud and on-premises environments, providing enhanced visibility and threat intelligence.
Anomali delivers user-friendly cyber threat intelligence, offering concise insights with robust capabilities for evolving scenarios.
Anomali offers a powerful platform for cyber threat intelligence, allowing organizations to efficiently stream and analyze threat feeds. It excels in threat modeling, prioritizing intelligence, and supporting large-scale automation through its API, fostering a proactive security approach.
What are Anomali's Key Features?Anomali serves as a crucial tool for threat intelligence in industries ranging from finance to healthcare. Organizations stream threat feeds into Anomali to correlate and aggregate data, enhancing security measures and facilitating thorough threat investigations. Its adaptability makes it suitable across different sectors.
Intercept X Endpoint is known for its advanced threat detection, user-friendly interface, and centralized management, alongside powerful cloud-based capabilities that enhance security using AI and machine learning.
Intercept X Endpoint strengthens security posture through AI and machine learning, effectively countering unknown threats. It includes ransomware protection, server lockdown, application control, and synchronized security with Sophos Firewall. Appreciated for preventing data leaks, it ensures superior malware and web filtering, while offering a robust EDR component for managed detection. Highlighted for its scalability and cost-effectiveness, it serves well in endpoint protection, covering antivirus, ransomware, malware, and DLP services across PCs, servers, and mobile devices.
What are the key features of Intercept X Endpoint?Intercept X Endpoint finds usage across industries by protecting endpoints against cyber threats. Deployable through Sophos Central for remote management, it suits entities lacking extensive security expertise. AI algorithms deliver advanced threat protection, making it a smart choice for organizations across different sectors. Aligning with varied technological environments enhances its acceptability, while integration with existing systems is supported.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.