Try our new research platform with insights from 80,000+ expert users

Anomali vs Netsurion comparison

Anomali and Netsurion are both solutions in the Security Information and Event Management (SIEM) category. Anomali is ranked #30 with an average rating of 8.5, while Netsurion is ranked #53. Anomali holds a 1.0% mindshare in SIEM, compared to Netsurion’s 0.7% mindshare. Additionally, 80% of Anomali users are willing to recommend the solution, compared to 92% of Netsurion users who would recommend it.
Anomali
Read 4 Anomali reviews
  • 3,503 Views
  • 841 Comparison Views
80% willing to recommend
Netsurion
Read 24 Netsurion reviews
  • 1,764 Views
  • 935 Comparison Views
92% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Jan 18, 2026

Anomali and Netsurion are competing cybersecurity solutions in the field of threat intelligence and network security. Anomali has an upper hand in threat analysis due to its advanced capabilities, whereas Netsurion stands out as a more comprehensive security solution with a variety of services.

Features: Anomali provides advanced threat intelligence, robust analytics, and highly adaptable threat modeling capabilities. Netsurion offers comprehensive network protection, managed security services, and easy integration across various platforms, making it an all-in-one security solution.

Room for Improvement: Anomali could improve its user interface to make it more intuitive, reduce the steep learning curve, and lower the initial setup costs. Netsurion could enhance its incident response speed, expand its data set coverage, and improve user training resources for better self-serve capabilities.

Ease of Deployment and Customer Service: Anomali offers a scalable deployment model but faces challenges with a steep learning curve and the need for additional training. Netsurion offers simpler deployment with an intuitive setup and strong customer support service, aiding in ongoing user assistance and satisfaction.

Pricing and ROI: Anomali has higher setup costs, delivering a significant ROI for businesses focusing on threat intelligence. Netsurion, with its competitive pricing, offers an appealing ROI for businesses seeking a broad security solution, balancing cost-effectiveness with comprehensive service coverage.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Anomali vs. Netsurion Report (Updated: January 2026).
Buyer's Guide
Anomali vs. Netsurion
January 2026
Download the complete report
Helped 881,114 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Anomali
Ranking in Security Information and Event Management (SIEM)
30th
Ranking in Extended Detection and Response (XDR)
25th
Average Rating
7.8
Reviews Sentiment
7.2
Number of Reviews
4
Ranking in other categories
User Entity Behavior Analytics (UEBA) (12th), Advanced Threat Protection (ATP) (20th), Threat Intelligence Platforms (TIP) (7th)
Netsurion
Ranking in Security Information and Event Management (SIEM)
53rd
Ranking in Extended Detection and Response (XDR)
47th
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
24
Ranking in other categories
Managed Security Services Providers (MSSP) (33rd), SOC as a Service (14th), Managed Detection and Response (MDR) (37th)
 

Mindshare comparison

As of January 2026, in the Security Information and Event Management (SIEM) category, the mindshare of Anomali is 1.0%, up from 0.2% compared to the previous year. The mindshare of Netsurion is 0.7%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Market Share Distribution
ProductMarket Share (%)
Anomali1.0%
Netsurion0.7%
Other98.3%
Security Information and Event Management (SIEM)
 

Featured Reviews

CC
ChrisCollins
Enterprise Security Architect V at FirstEnergy
Enables automated threat intelligence sorting and enhances proactive threat hunting capabilities
You have to have at least a threat intelligence background or a SOC analyst background to use it, as that's the information you'll dig around with in there. If you don't have that kind of knowledge, it probably can be a little hard to use, but they do provide training. They offer training not only for how to use the platform but also some basic threat intelligence training to explain what these things are and what these terms mean. My company is a customer of Anomali. I would recommend it to other people. I would advise making sure you don't pick it without testing other products and have your use cases well thought out and documented before testing, so you know it will solve the problems you're trying to address. Keep an open mind with it and realize that whatever you can dream of, you can probably do with the platform. Overall, I would rate Anomali an eight out of ten.
Read full review
John-Berry - PeerSpot reviewer
John-Berry
Information Technology Manager at ProfitSolv
The SOC center monitors, hunts, and notifies us of threats around the clock
I know they are working to resolve this issue, but Netsurion is currently unable to retrieve logs from S3 buckets. We use WP Engine for a lot of web hosting as well as AWS, and both of these platforms use S3 buckets. I would like Netsurion to be able to pull logs from Linux devices. We have some of that capability, and I believe they can do it. However, the way it works with Amazon is strange and glitchy. Therefore, working something out with Amazon would be great. Netsurion's SOC can be a bit too aggressive at times. We have asked them to adjust their playbook because I am tired of being notified about the same issue multiple times a day. I am aware of the issue, and it is not a cause for concern. Let's only take action on this issue if we see an actual problem.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The feature I have found most valuable is credential monitoring. This feature is easy and quick."
"We now have a very robust collection of threat intelligence based on the capabilities that Anomali provides."
"The most valuable aspect of Anomali is the threat modeling capability."
"I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use."
"If we need to do a search for user lockouts, we can go, search, and find locations where they have been locked out, then keep track of those events, historically."
"When it comes to threat detection and response, it does a very good job detecting and blocking on its own. And the SOC is a nice added value because they're doing analysis on things that aren't as obvious, on things that you can't just detect with a signature or behavior. Also, any SIEM will come with a lot of noise, so having them do a lot of the initial analysis to find out what's critical and what issues are false alarms is very good."
"The most important feature is keeping track of when accounts are created and deleted, when permission groups are changed, and memberships are changed in groups; and overall, how many errors are occurring on the various systems that we're monitoring."
"The product satisfies our compliance, and thus, all of our auditors. All of the data that we use and store for all security events is required by our auditors to be kept in a central storage location."
"The network alert is the most valuable feature. That way, we in the IT department are aware of user lockout and invalid password attempts way before a user ever even calls in."
"Expediting incident response is really great."
"I like the UI, overall. I like the main page and there are aspects of the search page that I like. When you bring it up on the left-hand side of the page, as you look at the events, the ability to simply hit and click the plus/minus to pull events in and out of the overall view is well done and is very effective from a threat-hunting and an analysis perspective. I like the detail it shows."
"If I were to look at logs manually, there's no way I could do that. As an example, they are 48 million logs processed a day. There is no way I could look at all 48 million of those. So, it gives me a good structure to be able to look at the different incidents which are created and do different searches."
More Netsurion pros
 

Cons

"Less code in integration would be nice when building blocks."
"Support in the past has been top-notch, but recent trends indicate that it has taken a back seat, as we often don't get answers for days."
"An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsistent, as any company can use any tags for their reporting."
"A lot of tools can give you many features, such as CTI intelligence and a tax service reduction. However, many people are combining different tools together to have more capabilities. It is up to the consumer whether they want to have multiple tools or have one tool that serves the purpose. Anomali Enterprise could improve by combining all the other tools' features into one solution."
"The weekly reporting could use some improvement. For example, when we handed them our landscape document, it took longer than I would have liked for those details to become noticeable within the reports."
"I'd like to see improvement in the ease of generating reports. It seems fairly cumbersome whenever you decide to start tracking new categories of events. It seems a little kludgy when trying to generate those reports."
"The threat detection and response is passive. We have asked if there were options for taking action, and we have not gotten any feedback on that, which would be useful to know. Depending on the situation and threat, some actions may not be possible, but we haven't gotten any feedback on what options could be directed and actionable with the understanding that it may have an extra cost. It would be nice to know or find out if it is actually possible to take actions by a SIEM service or a SIEM agent."
"Probably the biggest thing is just: Can I search for this and what's the best way to do it? If I'm looking for two events versus a singular event, I just throw it back at them. They're the experts on it."
"Everything that I've wanted has been added in. EDR was added, and MITRE was added. Those were two big ones that we didn't even have to push for."
"The MITRE ATT&CK framework could be faster when identifying and understanding sophisticated threats. Whenever something happens, we usually get notified a couple hours later."
"They have their programs and tools that you have to put into your own environment. We basically ingest all the log data and then push it out to them. I wish it was a little bit different than that where we just push directly towards them. I do not know if that is a function that they thought would be better in terms of security, but I wish that instead of doing that, it should go from the device to them and not from the device to another system and then out to them. There seem to be some drawbacks to doing that."
"The biggest problem is that we have too many domain controllers. So, we have to keep all the clients and main system updated with the latest versions along with making sure all the firewalls are open."
More Netsurion cons
 

Pricing and Cost Advice

"When comparing the price of Anomali Enterprise to other solutions it is in the medium to high range. However, I am satisfied with the price."
"The pricing and licensing seem very reasonable. The managed service part of it feels like it gives me the equivalent of a full-time engineer for a lot less money. So, I feel it's a good value."
"It is a bit expensive as compared to some of the other products that have come out in recent years. Expense-wise, the only downside is that it is not cheap."
"The solution is fairly expensive, but in my experience, all of the SIEM applications that I've evaluated or looked at cost about the same."
"I don't know if the pricing is by the seat but we're paying about $20,000 to 25,000 a year. On top of that, we pay for the managed support services. That runs us about another $35,000 or $40,000 a year."
"We put together the package of what we needed. It was based pretty much on the number of agents that we were deploying. If we needed to manage logging from certain specific applications, like Active Directory and SQL Server, there has been no additional cost for that. We had agents deployed for those specific servers and the applications were included, then there was just an additional installation that they had to do for us."
"Netsurion's pricing is extremely fair and flexible. The price of their SIEM product is reasonable, and you can pay for those services you want on top of that. It wasn't cheap, but it's competitive, and we intend to renew our contract."
"You are paying for different levels, especially as far as the monitoring goes and how often you review it with the team. The other factor that figures in is how many nodes are on your network, such as clients, network equipment, servers, etc. There are some additional pieces on top of that, but it's laid out pretty simply, as far as how much you're going to pay for a node."
"The upfront costs have increased, and we have been locked into this contract. The cost of changing over from it is way too high."
More Netsurion pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
881,114 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
18%
Manufacturing Company
7%
Computer Software Company
7%
Educational Organization
7%
Performing Arts
16%
Manufacturing Company
9%
Outsourcing Company
9%
Retailer
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business1
Midsize Enterprise1
Large Enterprise5
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise7
Large Enterprise7
 

Questions from the Community

What needs improvement with Anomali ThreatStream?
An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsistent, as any company can use any tags for their reporting. Combining all aliases ...
See all answers
What is your primary use case for Anomali ThreatStream?
I use Anomali ( /products/anomali-reviews ) for threat hunting, threat collection, operationalization of intelligence, such as indicators of compromise (IOCs), and dissemination of reports for repo...
See all answers
What advice do you have for others considering Anomali ThreatStream?
For new users, I recommend taking the training provided by Anomali as it is very well articulated. I advise reading the user manual and taking the instructor-led training sessions from the customer...
See all answers
Ask a question
Earn 20 points
 

Comparisons

Recorded Future vs Anomali Logo
Recorded Future vs Anomali
Compared 8% of the time
ThreatConnect Threat Intelligence Platform (TIP) vs Anomali Logo
ThreatConnect Threat Intelligence Platform (TIP) vs Anomali
Compared 7% of the time
Splunk Enterprise Security vs Anomali Logo
Splunk Enterprise Security vs Anomali
Compared 6% of the time
ThreatQ vs Anomali Logo
ThreatQ vs Anomali
Compared 4% of the time
IBM Security QRadar vs Anomali Logo
IBM Security QRadar vs Anomali
Compared 3% of the time
More Anomali Competitors
Legato Security vs Netsurion Logo
Legato Security vs Netsurion
Compared 8% of the time
Devo vs Netsurion Logo
Devo vs Netsurion
Compared 8% of the time
IBM Security QRadar vs Netsurion Logo
IBM Security QRadar vs Netsurion
Compared 8% of the time
Trellix Helix Connect vs Netsurion Logo
Trellix Helix Connect vs Netsurion
Compared 7% of the time
Rapid7 InsightIDR vs Netsurion Logo
Rapid7 InsightIDR vs Netsurion
Compared 7% of the time
More Netsurion Competitors
 

Product Reports

Buyer's Guide
Threat Intelligence Platforms (TIP)
December 2025
Anomali reportDownload Anomali product report
Buyer's Guide
Netsurion
January 2026
Netsurion reportDownload Netsurion product report
 

Also Known As

Match, Lens, ThreatStream, STAXX, Anomali Security Analytics
Netsurion Managed Threat Protection, Netsurion EventTracker
 

Overview

Anomali delivers advanced threat intelligence solutions designed to enhance security operations by providing comprehensive visibility into threats and enabling real-time threat detection and management.

Anomali stands out in threat intelligence, offering an innovative platform that integrates data to identify and analyze threats effectively. It enables teams to streamline threat detection processes and respond to incidents with increased agility. With a focus on accuracy and efficiency, Anomali supports cybersecurity professionals in making informed decisions to safeguard their networks consistently.

What are Anomali's core features?
  • ThreatStream: A platform that aggregates threat intelligence feeds to enhance threat assessment.
  • Match: An automated detection feature that matches internal log data against threat intelligence insights.
  • Link: Provides graphical visualization for threat analysis, helping to understand threat vectors better.
  • STAXX: A lightweight tool for collecting and analyzing open-source threat intelligence.
What are the key benefits and ROI of using Anomali?
  • Improved Threat Detection: Streamlined processes lead to faster identification and response to threats.
  • Resource Efficiency: Automation reduces manual tasks, allowing security teams to focus on strategic activities.
  • Better Decision Making: Provides actionable insights that enable more informed security strategies.

In industries like finance and healthcare, Anomali is implemented to address specific challenges like compliance and data protection. By using this platform, organizations gain the ability to adapt to evolving threats, ensuring robust and adaptable security postures tailored to industry demands.

Anomali

Netsurion offers robust SIEM capabilities enhanced by managed services, facilitating efficient threat identification and response with real-time alerts and comprehensive reporting.

Netsurion stands out for its integration of SIEM, IDS, and vulnerability management. Its real-time threat alerts and dashboards enhance user response capabilities. With centralized logging from Windows, Linux, Cisco devices, firewalls, and Active Directory, Netsurion enables effective compliance support for HIPAA and PCI standards. Managed Threat Protection with the embedded MITRE ATT&CK Framework enhances threat intelligence, while its evolving interface aims to improve user interactions. However, some users find deployment and searching challenging, pointing to areas for improvement.

What are Netsurion's key features?
  • SIEM Capabilities: Efficient threat identification using real-time alerts and dashboards.
  • Managed Services: Provides remote monitoring and advisory support.
  • Comprehensive Reporting: Assists in compliance and actionable insights.
  • MITRE ATT&CK Framework: Enhances threat intelligence and management.
  • Seamless Integration: Works with existing systems for streamlined operations.
What benefits should users consider in reviews?
  • Threat Response Tool: Rapid identification and response to security incidents.
  • Usability: Efforts to evolve and simplify user interactions.
  • Operational Efficiency: Streamlined processes through integration and managed services.
  • Compliance Support: Assistance with industry standards like HIPAA and PCI.

Netsurion is frequently implemented in industries requiring comprehensive security monitoring and compliance, such as healthcare and finance. It aids businesses in consolidating security efforts, offering insights into user activities and system changes, an asset for companies lacking substantial internal resources.

Netsurion
 

Sample Customers

Bank of England, First Energy, UBISOFT, Bank of Hope, Blackhawk Network
The Salvation Army, The FRESH Market, Pacific Western Bank, NASA, American Academy of Orthopaedic Surgeons (AAOS), and Talbot’s Stores
Buyer's Guide
Anomali vs. Netsurion
January 2026
Free Report: Anomali vs. Netsurion
Find out what your peers are saying about Anomali vs. Netsurion and other solutions. Updated: January 2026.
DOWNLOAD NOW
881,114 professionals have used our research since 2012.
See our Anomali vs. Netsurion report.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.