No more typing reviews! Try our Samantha, our new voice AI agent.

Anomali vs Netsurion comparison

Anomali and Netsurion are both solutions in the Security Information and Event Management (SIEM) category. Anomali is ranked #32 with an average rating of 8.5, while Netsurion is ranked #52. Additionally, 80% of Anomali users are willing to recommend the solution, compared to 92% of Netsurion users who would recommend it.
Sponsored
Cortex XDR by Palo Alto Net...
Read 110 Cortex XDR by Palo Alto Networks reviews
  • 18,655 Views
  • 7,462 Comparison Views
96% willing to recommend
Anomali
Read 4 Anomali reviews
  • 6,575 Views
  • 1,907 Comparison Views
80% willing to recommend
Netsurion
Read 24 Netsurion reviews
  • 3,574 Views
  • 1,823 Comparison Views
92% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Jan 18, 2026

Anomali and Netsurion are competing cybersecurity solutions in the field of threat intelligence and network security. Anomali has an upper hand in threat analysis due to its advanced capabilities, whereas Netsurion stands out as a more comprehensive security solution with a variety of services.

Features: Anomali provides advanced threat intelligence, robust analytics, and highly adaptable threat modeling capabilities. Netsurion offers comprehensive network protection, managed security services, and easy integration across various platforms, making it an all-in-one security solution.

Room for Improvement: Anomali could improve its user interface to make it more intuitive, reduce the steep learning curve, and lower the initial setup costs. Netsurion could enhance its incident response speed, expand its data set coverage, and improve user training resources for better self-serve capabilities.

Ease of Deployment and Customer Service: Anomali offers a scalable deployment model but faces challenges with a steep learning curve and the need for additional training. Netsurion offers simpler deployment with an intuitive setup and strong customer support service, aiding in ongoing user assistance and satisfaction.

Pricing and ROI: Anomali has higher setup costs, delivering a significant ROI for businesses focusing on threat intelligence. Netsurion, with its competitive pricing, offers an appealing ROI for businesses seeking a broad security solution, balancing cost-effectiveness with comprehensive service coverage.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Anomali vs. Netsurion Report (Updated: April 2026).
Buyer's Guide
Anomali vs. Netsurion
April 2026
Download the complete report
Helped 894,738 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Extended Detection and Response (XDR)
5th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
110
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Endpoint Detection and Response (EDR) (6th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Anomali
Ranking in Extended Detection and Response (XDR)
22nd
Average Rating
7.8
Reviews Sentiment
7.2
Number of Reviews
4
Ranking in other categories
Security Information and Event Management (SIEM) (32nd), User Entity Behavior Analytics (UEBA) (12th), Advanced Threat Protection (ATP) (21st), Threat Intelligence Platforms (TIP) (8th)
Netsurion
Ranking in Extended Detection and Response (XDR)
43rd
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
24
Ranking in other categories
Managed Security Services Providers (MSSP) (30th), Security Information and Event Management (SIEM) (52nd), SOC as a Service (14th), Managed Detection and Response (MDR) (36th)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
ABHISHEK_SINGH
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Read full review
CC
ChrisCollins
Enterprise Security Architect V at FirstEnergy
Enables automated threat intelligence sorting and enhances proactive threat hunting capabilities
You have to have at least a threat intelligence background or a SOC analyst background to use it, as that's the information you'll dig around with in there. If you don't have that kind of knowledge, it probably can be a little hard to use, but they do provide training. They offer training not only for how to use the platform but also some basic threat intelligence training to explain what these things are and what these terms mean. My company is a customer of Anomali. I would recommend it to other people. I would advise making sure you don't pick it without testing other products and have your use cases well thought out and documented before testing, so you know it will solve the problems you're trying to address. Keep an open mind with it and realize that whatever you can dream of, you can probably do with the platform. Overall, I would rate Anomali an eight out of ten.
Read full review
John-Berry - PeerSpot reviewer
John-Berry
Information Technology Manager at ProfitSolv
The SOC center monitors, hunts, and notifies us of threats around the clock
I know they are working to resolve this issue, but Netsurion is currently unable to retrieve logs from S3 buckets. We use WP Engine for a lot of web hosting as well as AWS, and both of these platforms use S3 buckets. I would like Netsurion to be able to pull logs from Linux devices. We have some of that capability, and I believe they can do it. However, the way it works with Amazon is strange and glitchy. Therefore, working something out with Amazon would be great. Netsurion's SOC can be a bit too aggressive at times. We have asked them to adjust their playbook because I am tired of being notified about the same issue multiple times a day. I am aware of the issue, and it is not a cause for concern. Let's only take action on this issue if we see an actual problem.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The live terminal is probably the best thing ever. It gives you the access to get straight onto any machine."
"Cortex XDR alerts us on the dashboard when there's a threat, which allows us to restrict that user and helps secure our infrastructure."
"Cortex XDR by Palo Alto Networks is easy to use and does not consume a lot of hardware resources."
"Once you become familiar with it, Cortex XDR by Palo Alto Networks is a more powerful tool and I would say that I prefer it over MDE because it is a stronger tool for me."
"It has a higher cost than other solutions, like CrowdStrike or Microsoft’s EDR tools, but it reduces the cost of our operations because it’s a new generation antivirus tool."
"The positive impacts I see from Cortex XDR by Palo Alto Networks include a complete 360-degree view of our security posture altogether, being a uniform platform where we are ingesting logs from multiple resources."
"The tool's use cases are relevant to security."
"The most valuable features of this product are the management capabilities, which allow an IT organization to get quite a good picture of attempted cyber attacks, and its out-of-the-box investigation capabilities."
More Cortex XDR by Palo Alto Networks pros
"The feature I have found most valuable is credential monitoring. This feature is easy and quick."
"I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use."
"The most valuable aspect of Anomali is the threat modeling capability."
"We now have a very robust collection of threat intelligence based on the capabilities that Anomali provides."
"I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use."
"It's a deny-all policy, so there's an access list on each machine, and it was effortless to tune it for our software because we have four pieces of intellectual property used in-house, and that was super easy to get up and running compared to some of the other solutions I've seen."
"The product satisfies our compliance, and thus, all of our auditors."
"They have what they call Elasticsearch which is very quick, although that's only available for the last seven days' worth of data. It used to be that, if I wanted to do a search from three days ago, it might take me 10 to 15 minutes because it had to actually unzip some archive files. So I really like that feature. It's almost instantaneous for anything within the last seven days."
"The most important feature is keeping track of when accounts are created and deleted, when permission groups are changed, and memberships are changed in groups; and overall, how many errors are occurring on the various systems that we're monitoring."
"Overall, we're really thrilled with them."
"The real-time alerting for things such as people getting dropped into a VPN group or the domain admin group — things like that which really shouldn't happen without proper change management, but we all know the reality, they do from time to time — gives me real-time visibility into what's going on."
"With the managed component, we get that personal attention and that consistent team to deal with, and to some extent, it's like they're part of our IT team."
"The product satisfies our compliance, and thus, all of our auditors. All of the data that we use and store for all security events is required by our auditors to be kept in a central storage location."
More Netsurion pros
 

Cons

"In terms of areas of improvement, we have not completed our review of the product. We're also looking at other products. So, it's a little bit hard to tell what could be different because we have not completed the review of this product, but based on our experience so far, its implementation is quite complex."
"It is not very strong in terms of endpoint management. It should have additional features like DLP, encryption, or advanced device control."
"The price could be a little lower."
"Based on our experience so far, its implementation is quite complex."
"While using Cortex, I noticed some aspects that could be improved, such as increasing the synchronization speed between XDR and Xnor."
"Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded."
"The encryption is not up to the mark."
"The solution could improve by providing better integration with their own products and others."
More Cortex XDR by Palo Alto Networks cons
"Support in the past has been top-notch, but recent trends indicate that it has taken a back seat, as we often don't get answers for days."
"A lot of tools can give you many features, such as CTI intelligence and a tax service reduction. However, many people are combining different tools together to have more capabilities. It is up to the consumer whether they want to have multiple tools or have one tool that serves the purpose. Anomali Enterprise could improve by combining all the other tools' features into one solution."
"Less code in integration would be nice when building blocks."
"An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsistent, as any company can use any tags for their reporting."
"Anomali Enterprise could improve by combining all the other tools' features into one solution."
"There are some issues with searches taking a long period of time, but they assured me that they have implemented a new search function that's available in version 9, but which requires a solid-state hard drive."
"The onboarding process was complex, there was quite a learning curve, and few of our technical staff knew what they were talking about on the Netsurion side, but we were expected to do all the work."
"With version 8, there are quite a few things. The query tool was one of the big ones, and the query speed was one of the big ones, but they've made some great strides between versions 8 and 9. There were also issues in version 8 around the ability to get the data back out. It's one thing to collect data, but it's a whole other thing to be able to present it or run it in a timely manner. The old tool, depending on how far back I was looking, might even time out and I would have to run it again."
"I'd like to see improvement in the ease of generating reports. It seems fairly cumbersome whenever you decide to start tracking new categories of events. It seems a little kludgy when trying to generate those reports."
"It would be great if they had a client for phones by which they could push a notification to us, as opposed to via email."
"With version 8, there are quite a few things; the query tool was one of the big ones, and the query speed was one of the big ones, but they've made some great strides between versions 8 and 9."
"I would like to see the dashboard come up more quickly."
"The system requirements are very, very high. So I need a pretty powerful server to run. If they could lighten that load so that the on-premise part of their product didn't impact my systems as much that would be ideal."
More Netsurion cons
 

Pricing and Cost Advice

"Cortex XDR by Palo Alto Networks is an expensive solution."
"In terms of the cost Cortex XDR by Palo Alto Networks is very expensive because we are a Mexican company and when you translate dollars to pesos the cost is very high. The solution is very expensive for Mexican companies. I understand that they have international prices, but I do not think it offsets the price enough for many companies in countries, such as Mexico. The amount it is reduced is not a massive percentage."
"I don't like that they have different types of licenses."
"It has a yearly renewal."
"This is an expensive solution."
"The solution has one subscription for endpoint protection and one subscription for detection and response. The two licenses combined give you the BRO version."
"Compared to CrowdStrike, Cortex XDR is an expensive solution."
"It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable."
More Cortex XDR by Palo Alto Networks pricing and cost advice
"When comparing the price of Anomali Enterprise to other solutions it is in the medium to high range. However, I am satisfied with the price."
"We put together the package of what we needed. It was based pretty much on the number of agents that we were deploying. If we needed to manage logging from certain specific applications, like Active Directory and SQL Server, there has been no additional cost for that. We had agents deployed for those specific servers and the applications were included, then there was just an additional installation that they had to do for us."
"You are paying for different levels, especially as far as the monitoring goes and how often you review it with the team. The other factor that figures in is how many nodes are on your network, such as clients, network equipment, servers, etc. There are some additional pieces on top of that, but it's laid out pretty simply, as far as how much you're going to pay for a node."
"Netsurion's pricing is extremely fair and flexible. The price of their SIEM product is reasonable, and you can pay for those services you want on top of that. It wasn't cheap, but it's competitive, and we intend to renew our contract."
"EventTracker's subscription-based model is interesting as far as yearly license type stuff. It's nice because you know what it's going to be next year. We haven't really looked at any other solutions. The pricing at the time compared to the other solutions was a lot less. A couple of years ago, we actually looked at Splunk. The amount in Splunk's licensing model is based on 20 gigs a day, or something like that. Based on our number of logs and stuff that we were already generating, the costs would be substantially more for the amount of logs that we would be getting."
"In the security space, it's hard to quantify your return on investment. So, I don't. We spend about $40,000 a year and so. It's hard to say if the SIEM saved that much money."
"When we first got the EventTracker product, we were using SIEM Simplified. At the time they didn't call it that, but it was more of a service thing. So, there was a bit more hand-holding and getting stuff set up, along with failure reports, that they did during the first one to two years. Then, we decided that the the additional money to have someone do these daily reports wasn't terribly useful, so we discontinued that service."
"Our budget follows the calendar year. We just started a new budget year at the beginning of the month. We did budget for an increase in our threat management system selection. Therefore, we have the budget to implement and accommodate a threat management system change, including an increase for the quoted actions that we received to improve EventTracker. We are just waiting on our council to approve that budget, which might not be for a little while. Hopefully, when they do, we will be able to jump on doing something."
"Our pricing for Netsurion last year was US $52,000 per year."
More Netsurion pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
894,738 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
12%
Construction Company
12%
Comms Service Provider
9%
Manufacturing Company
8%
Financial Services Firm
14%
Manufacturing Company
7%
Computer Software Company
7%
Construction Company
7%
Performing Arts
11%
Manufacturing Company
9%
Construction Company
9%
Outsourcing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise20
Large Enterprise49
By reviewers
Company SizeCount
Small Business2
Midsize Enterprise1
Large Enterprise5
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise7
Large Enterprise7
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
See all answers
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
See all answers
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
See all answers
What needs improvement with Anomali ThreatStream?
An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsist...
See all answers
What is your primary use case for Anomali ThreatStream?
I use Anomali ( /products/anomali-reviews ) for threat hunting, threat collection, operationalization of intelligence...
See all answers
What advice do you have for others considering Anomali ThreatStream?
For new users, I recommend taking the training provided by Anomali as it is very well articulated. I advise reading t...
See all answers
Ask a question
Earn 20 points
 

Comparisons

Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks Logo
Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks
Compared 9% of the time
SentinelOne Singularity Endpoint vs Cortex XDR by Palo Alto Networks Logo
SentinelOne Singularity Endpoint vs Cortex XDR by Palo Alto Networks
Compared 5% of the time
CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks Logo
CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks
Compared 4% of the time
Cortex XSIAM vs Cortex XDR by Palo Alto Networks Logo
Cortex XSIAM vs Cortex XDR by Palo Alto Networks
Compared 3% of the time
Symantec Endpoint Security vs Cortex XDR by Palo Alto Networks Logo
Symantec Endpoint Security vs Cortex XDR by Palo Alto Networks
Compared 3% of the time
More Cortex XDR by Palo Alto Networks Competitors
ThreatConnect Threat Intelligence Platform (TIP) vs Anomali Logo
ThreatConnect Threat Intelligence Platform (TIP) vs Anomali
Compared 5% of the time
Recorded Future vs Anomali Logo
Recorded Future vs Anomali
Compared 5% of the time
Splunk Enterprise Security vs Anomali Logo
Splunk Enterprise Security vs Anomali
Compared 3% of the time
Hunters vs Anomali Logo
Hunters vs Anomali
Compared 3% of the time
IBM Security QRadar vs Anomali Logo
IBM Security QRadar vs Anomali
Compared 3% of the time
More Anomali Competitors
IBM Security QRadar vs Netsurion Logo
IBM Security QRadar vs Netsurion
Compared 7% of the time
GoSecure Titan Platform vs Netsurion Logo
GoSecure Titan Platform vs Netsurion
Compared 6% of the time
Splunk Enterprise Security vs Netsurion Logo
Splunk Enterprise Security vs Netsurion
Compared 6% of the time
Rapid7 InsightIDR vs Netsurion Logo
Rapid7 InsightIDR vs Netsurion
Compared 6% of the time
Legato Security vs Netsurion Logo
Legato Security vs Netsurion
Compared 4% of the time
More Netsurion Competitors
 

Product Reports

Buyer's Guide
Cortex XDR by Palo Alto Networks
May 2026
Cortex XDR by Palo Alto Networks reportDownload Cortex XDR by Palo Alto Networks product report
Buyer's Guide
Threat Intelligence Platforms (TIP)
April 2026
Anomali reportDownload Anomali product report
Buyer's Guide
Netsurion
April 2026
Netsurion reportDownload Netsurion product report
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Match, Lens, ThreatStream, STAXX, Anomali Security Analytics
Netsurion Managed Threat Protection, Netsurion EventTracker
 

Overview

Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.

Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall integration, and enhanced visibility in both cloud-based and on-premises environments.

What are the key features of Cortex XDR?
  • Advanced Threat Detection: Uses AI and machine learning for proactive threat identification.
  • Multi-layered Security: Combines various security measures for comprehensive protection.
  • Endpoint Protection: Safeguards against malware and exploits.
  • Behavioral Analysis: Monitors suspicious activity for early detection.
  • Automatic Threat Response: Automates responses to neutralize threats.
What benefits should users expect?
  • Ease of Use: Simplifies security management with intuitive design.
  • Resource Efficiency: Minimizes impact on system resources.
  • Integration Capabilities: Works well with existing security setups.
  • Reduced Analyst Workload: Automates processes to decrease manual intervention.

Organizations in diverse sectors deploy Cortex XDR to protect against malware, leveraging its advanced threat detection capabilities. Its integration with existing security infrastructures appeals to those seeking comprehensive protection in both cloud and on-premises environments, providing enhanced visibility and threat intelligence.

Palo Alto Networks

Anomali delivers user-friendly cyber threat intelligence, offering concise insights with robust capabilities for evolving scenarios.

Anomali offers a powerful platform for cyber threat intelligence, allowing organizations to efficiently stream and analyze threat feeds. It excels in threat modeling, prioritizing intelligence, and supporting large-scale automation through its API, fostering a proactive security approach.

What are Anomali's Key Features?
  • Threat Intelligence: Provides concise and user-friendly intelligence.
  • Threat Modeling: Enables prioritization and efficient organization of intelligence.
  • Credential Monitoring: Performs quickly with efficient dataset handling.
  • API Automation: Supports large-scale automation for robust intelligence management.
  • Adaptability: Offers capabilities to grow beyond initial use cases.
Which Benefits or ROI Should Users Consider?
  • Efficient Intelligence Collection: Quickly gathers and organizes data for use.
  • Enhanced Threat Analysis: Correlates data effectively for proactive security.
  • Automation Support: Saves time with extensive API capabilities.
  • Scalability: Adapts and scales with emerging security needs.

Anomali serves as a crucial tool for threat intelligence in industries ranging from finance to healthcare. Organizations stream threat feeds into Anomali to correlate and aggregate data, enhancing security measures and facilitating thorough threat investigations. Its adaptability makes it suitable across different sectors.

Anomali

Netsurion offers robust SIEM capabilities enhanced by managed services, facilitating efficient threat identification and response with real-time alerts and comprehensive reporting.

Netsurion stands out for its integration of SIEM, IDS, and vulnerability management. Its real-time threat alerts and dashboards enhance user response capabilities. With centralized logging from Windows, Linux, Cisco devices, firewalls, and Active Directory, Netsurion enables effective compliance support for HIPAA and PCI standards. Managed Threat Protection with the embedded MITRE ATT&CK Framework enhances threat intelligence, while its evolving interface aims to improve user interactions. However, some users find deployment and searching challenging, pointing to areas for improvement.

What are Netsurion's key features?
  • SIEM Capabilities: Efficient threat identification using real-time alerts and dashboards.
  • Managed Services: Provides remote monitoring and advisory support.
  • Comprehensive Reporting: Assists in compliance and actionable insights.
  • MITRE ATT&CK Framework: Enhances threat intelligence and management.
  • Seamless Integration: Works with existing systems for streamlined operations.
What benefits should users consider in reviews?
  • Threat Response Tool: Rapid identification and response to security incidents.
  • Usability: Efforts to evolve and simplify user interactions.
  • Operational Efficiency: Streamlined processes through integration and managed services.
  • Compliance Support: Assistance with industry standards like HIPAA and PCI.

Netsurion is frequently implemented in industries requiring comprehensive security monitoring and compliance, such as healthcare and finance. It aids businesses in consolidating security efforts, offering insights into user activities and system changes, an asset for companies lacking substantial internal resources.

Netsurion
 

Sample Customers

CBI Health Group, University Honda, VakifBank
Bank of England, First Energy, UBISOFT, Bank of Hope, Blackhawk Network
The Salvation Army, The FRESH Market, Pacific Western Bank, NASA, American Academy of Orthopaedic Surgeons (AAOS), and Talbot’s Stores
Buyer's Guide
Anomali vs. Netsurion
April 2026
Free Report: Anomali vs. Netsurion
Find out what your peers are saying about Anomali vs. Netsurion and other solutions. Updated: April 2026.
DOWNLOAD NOW
894,738 professionals have used our research since 2012.
See our Anomali vs. Netsurion report.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.