

Anomali and Logz.io compete in the cybersecurity and log management sectors. Logz.io has the upper hand due to its comprehensive features and advanced log analytics platform.
Features: Anomali specializes in threat intelligence with real-time threat feeds, credential monitoring, and an adaptable API for automation. Logz.io offers extensive log analytics, AI-powered insights for anomaly detection, and seamless integration with open-source tools for enhanced observability and metrics.
Room for Improvement: Anomali could benefit from expanding its data set and refining its credential monitoring feature for enhanced value. The Anomali API, while powerful, might be improved with more ease of use and documentation. Additionally, better integration with more diverse security infrastructures could be advantageous. Logz.io could enhance its performance scaling beyond Kubernetes and expand its AI capabilities for more specific use case applications. Improving cost management features would also be beneficial, particularly related to storage efficiency and usage forecasting.
Ease of Deployment and Customer Service: Anomali focuses on seamless integration within existing security infrastructures, while Logz.io provides adaptable cloud-based solutions that require minimal management. Both offer strong customer service, though Logz.io’s responsiveness is notable.
Pricing and ROI: Anomali offers competitive pricing targeting security ROI through enhanced threat awareness. Logz.io, although potentially costlier initially, delivers significant ROI with its advanced analytics and flexible billing similar to AWS, offering good value for log analysis-centric enterprises.
Analyst productivity has improved significantly, with hours saved because of automation and AI-driven work that Anomali performs.
Anomali provides us with a very cost-effective value compared to the market, and I would rate it ten out of ten for return on investment metrics.
There is a return on investment concerning time and effort saved by 40% after implementing Anomali.
The biggest ROI comes from the reduced troubleshooting effort, less time spent managing logging infrastructure, and faster issue resolution.
They have strong onboarding and deployment assistance, provide a dedicated technical account manager for large customers, and engage in regular product updates and customer interaction.
The technical support at Anomali is excellent.
It doesn't seem very professional how they're handling support anymore.
The team is very responsive and knowledgeable whenever we need their assistance.
The scalability is massive, allowing us to store millions of indicators.
I believe Anomali's scalability is good; whether it is an organization for ten people or one hundred thousand people, the job a threat intel platform has to do will be the same.
Anomali's scalability is impressive as a mature platform capable of processing large amounts of threat intelligence and indicators of compromise data.
Logz.io handles the growing log volumes and additional services very well without requiring major architectural changes from our side.
From a reliability perspective, Anomali consistently injects threat feeds, works on automation, performs reliable API integrations, and supports enterprise scale globally.
For example, while Microsoft allows ample time for users to adapt to deprecated features, Anomali only gave us three weeks before switching, so they need to be more cognizant of customer use cases from their engineering side.
The good thing is that they have a health check page, and if any issues arise, they notify us.
Combining all aliases into a coherent solution would be beneficial, as we had to review each individual source ourselves.
Anomali should increase their capability to fetch details from various dark web solutions where threat actors post compromised credentials.
Anomali's ability to correlate and integrate different Threat Intel platforms, such as Mandiant and PolySwarm, is another valuable feature, removing duplicacy and enabling the application of specific IOCs across various security controls.
Logz.io can be improved by adding more AI-assisted root cause analysis and by improving log retention flexibility.
Pricing and licensing are good, but the costs for purchasing threat feeds are somewhat complicated and a bit on the higher side.
My experience with Anomali's pricing is that it is higher compared to other open-source alternatives.
My experience with pricing, setup cost, and licensing is that there are not many follow-ups, but once we interacted with the product team or the leadership of Anomali, they managed a lot with us, and it all paid off to reach a conclusion that we would continue with this product.
Organizations that start with clear logging standards and retention policies can integrate applications, cloud resources, and Kubernetes workloads early to maximize the observability benefits.
Regarding integration, Anomali has capabilities to integrate with different downstream applications such as Palo Alto, allowing us to create playbooks to block domains, URLs, or IPs directly within the firewall.
Correlating IOCs with the telemetry data we are ingesting from our data sources allows us to pull monthly reports identifying how many assets and users interacted with malicious content, giving insight into whether communications failed or users accessed restricted content, providing complete visibility of the IOCs traveling throughout our environment.
It aggregates intelligence from hundreds of sources, automatically de-duplicates, applies risk scoring, applies context, and reduces much manual effort.
Having logs from all the services and infrastructure in one place reduces our troubleshooting time and also improves incident response.
| Product | Mindshare (%) |
|---|---|
| Anomali | 1.4% |
| Logz.io | 0.8% |
| Other | 97.8% |


| Company Size | Count |
|---|---|
| Small Business | 4 |
| Midsize Enterprise | 1 |
| Large Enterprise | 14 |
| Company Size | Count |
|---|---|
| Small Business | 4 |
| Midsize Enterprise | 1 |
| Large Enterprise | 7 |
Anomali delivers user-friendly cyber threat intelligence, offering concise insights with robust capabilities for evolving scenarios.
Anomali offers a powerful platform for cyber threat intelligence, allowing organizations to efficiently stream and analyze threat feeds. It excels in threat modeling, prioritizing intelligence, and supporting large-scale automation through its API, fostering a proactive security approach.
What are Anomali's Key Features?Anomali serves as a crucial tool for threat intelligence in industries ranging from finance to healthcare. Organizations stream threat feeds into Anomali to correlate and aggregate data, enhancing security measures and facilitating thorough threat investigations. Its adaptability makes it suitable across different sectors.
Logz.io provides a robust platform designed to streamline log monitoring, offering features like real-time dashboards and AI Insights. It ensures efficient management of environments such as Kubernetes, enhancing operational effectiveness and cost management.
Logz.io is built on an open-source foundation, facilitating quick setup and adaptability for users. Its real-time dashboards are accessible across multiple sub-accounts, allowing seamless scaling and integration into existing services. Log Patterns and Drop Filters improve log clarity by reducing noise, while Kibana visualizations enhance data analysis. Logz.io also supports simultaneous views of metrics and logs, optimizing Kubernetes management and improving logging efficiency. Continuous enhancements in access control, API performance, and documentation are areas for development. Improving AI capabilities and offering better data retention and update management are key focuses for future upgrades.
What are the key features of Logz.io?Logz.io is widely used in industries for log collection, monitoring, and aggregation in environments including cloud and AWS. It's leveraged for monitoring application health, security compliance, live game observability, and server performance. Organizations utilize archived logs for issue resolution and leverage dashboards to monitor microservices, ensuring system stability in development and production environments.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.