No more typing reviews! Try our Samantha, our new voice AI agent.

Anomali vs NetWitness Platform comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Anomali
Ranking in Security Information and Event Management (SIEM)
10th
Average Rating
8.0
Reviews Sentiment
6.2
Number of Reviews
13
Ranking in other categories
User Entity Behavior Analytics (UEBA) (5th), Advanced Threat Protection (ATP) (11th), Threat Intelligence Platforms (TIP) (3rd), Extended Detection and Response (XDR) (11th)
NetWitness Platform
Ranking in Security Information and Event Management (SIEM)
36th
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
36
Ranking in other categories
Log Management (38th)
 

Mindshare comparison

As of July 2026, in the Security Information and Event Management (SIEM) category, the mindshare of Anomali is 1.4%, up from 0.3% compared to the previous year. The mindshare of NetWitness Platform is 1.0%, up from 0.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Anomali1.4%
NetWitness Platform1.0%
Other97.6%
Security Information and Event Management (SIEM)
 

Featured Reviews

TarunKumar11 - PeerSpot reviewer
Global Leadership Council at a tech company with 10,001+ employees
Strategic threat intelligence has improved detection speed and consistently reduces analyst workload
Anomali can be improved in various aspects. Its AI-driven automation can further advance, and AI-powered investigation summaries can improve. User experience could be enhanced through simplification of workflows. Better board-level cyber risk dashboards could provide easier visualization. Additionally, Anomali could work on simplifying the pricing structure. Although it excels in threat intelligence aggregation and operationalization, stronger GenAI capability, improved executive reporting, and a more intuitive workflow for analysts would further increase SOC efficiency and add more business value. Regarding Anomali's AI capabilities, governance and security are quite good. Anomali has incorporated AI and machine learning primarily to improve correlation and prioritization. These capabilities are valuable but could be more mature. The platform could achieve better threat correlation, prioritization, more anomaly detection, and allow AI to accelerate intelligence analysis while further improving quality and relevance. The accuracy and reliability of Anomali's AI output are fairly reasonable and good. The AI engine works well, but this capability could be improved. Better threat correlation with threat actors, certain indicators of compromise, malware, and campaigns is possible. Threat prioritization could increase, and alert noise could be reduced through further de-duplication. While reasonable, this is not the best available, and other products possibly have more AI maturity, such as Recorded Future and CrowdStrike Falcon.
reviewer2256927 - PeerSpot reviewer
Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees
A solid SIEM solution that should improve technical support and online resources to be easier to use
A big problem with the product is that we don't have much professional experience in Israel installing, implementing, and integrating this product. There is not enough of a knowledge base. There is no support for this product in this country, so problems have to be resolved through global technical teams. We like to work locally because of the language, and when the product is only supported outside the country, it's a little difficult to implement and use this product. Moreover, AI is something that must be added immediately. Artificial intelligence is a part of the competitors' products, and it's not been implemented for us.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Anomali has impacted my organization positively because our SOC team, which is actively monitoring all the tools—either SIM, SOAR, or threat intelligence platform—operates in multiple shifts."
"The feature I have found most valuable is credential monitoring. This feature is easy and quick."
"Anomali has positively impacted my organization because earlier we were not using any TIP format and were just dependent on open source, which gave us tons of irrelevant alerts, but with Anomali, we now get very specific and targeted alerts, allowing us to navigate through a handful of alerts that are applicable to us and saving a ton of working hours."
"Anomali has positively impacted our organization with many improvements since we started using it, as we receive many block hits from them, and we can say that our coverage has been extended to 90% because we do MITRE mapping."
"I think it's one of the awesome tools I've worked with to date."
"With Anomali, we benefit by obtaining threat information prior to incidents, making our threat hunts proactive and having incident response plans ready, which saves almost 40% of the time from the traditional model."
"We now have a very robust collection of threat intelligence based on the capabilities that Anomali provides."
"I have seen a return on investment with Anomali, as it improves analyst investigation time, enhances threat visibility, and supports fast incident responses."
"The solution is reliable."
"The most valuable features are the packet inspection and the automated incident response."
"The product's initial setup phase was not at all difficult."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"It's quite economical compared to other solutions in the market."
"Stability has not been an issue with this product."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
 

Cons

"Less code in integration would be nice when building blocks."
"Anomali Enterprise could improve by combining all the other tools' features into one solution."
"Anomali can be improved by expanding its capability to capture a broader range of threats because it currently has limitations and may not catch everything occurring in the world, especially from the dark web."
"An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsistent, as any company can use any tags for their reporting."
"Anomali can be improved, specifically the Security Analytics feature, because I feel there is a slight lag in that."
"Support in the past has been top-notch, but recent trends indicate that it has taken a back seat, as we often don't get answers for days."
"My experience with Anomali's customer support has not gone so well for us."
"One more improvement I would mention is regarding compromised credential monitoring. Anomali should increase their capability to fetch details from various dark web solutions where threat actors post compromised credentials."
"Cross Platform Integration could be improved."
"It is overly complicated. It has taken years to implement and the return on investment just isn't there."
"Security needs improvement."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"The tool's integration capability isn't so great."
"We have encountered issues with unresolved crashes."
"The initial setup is complex. There are other solutions that are easier to implement."
 

Pricing and Cost Advice

"When comparing the price of Anomali Enterprise to other solutions it is in the medium to high range. However, I am satisfied with the price."
"The licenses are good but the cost is very expensive."
"It provides tools to assist in selecting the appropriate license and usage scenarios."
"The product is expensive."
"We are on an annual license for the use of the solution."
"Compared to the competition, the is price is not that high."
"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."
"It is cheap."
"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Manufacturing Company
9%
Construction Company
8%
Computer Software Company
6%
Financial Services Firm
12%
Construction Company
11%
Comms Service Provider
9%
Outsourcing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise1
Large Enterprise14
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise7
Large Enterprise20
 

Questions from the Community

What is your experience regarding pricing and costs for Anomali Enterprise?
My experience with pricing involved a yearly, two-year contract; I can't specify the setup cost, but it was aligned with our budget, so I consider it good.
What needs improvement with Anomali ThreatStream?
I can mention one point regarding improvements for Anomali, which is more enhanced reporting flexibility. The reporting provided to us is not too detailed and could be more enhanced. Better filteri...
What is your primary use case for Anomali ThreatStream?
I was using Anomali primarily for threat intelligence operations, security monitoring, and threat detection initiatives. I was part of the SOC team, and my role and responsibilities involved workin...
What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
What is your primary use case for NetWitness Platform?
I use NetWitness Platform ( /products/netwitness-platform-reviews ) in the financial industry as a good product with excellent capabilities and integration with various devices.
 

Also Known As

Match, Lens, ThreatStream, STAXX, Anomali Security Analytics
RSA Security Analytics
 

Overview

 

Sample Customers

Bank of England, First Energy, UBISOFT, Bank of Hope, Blackhawk Network
Los Angeles World Airports, Reply
Find out what your peers are saying about Anomali vs. NetWitness Platform and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.