Try our new research platform with insights from 80,000+ expert users

Anomali vs ThreatLocker Zero Trust Endpoint Protection Platform comparison

Anomali and ThreatLocker are both solutions in the Advanced Threat Protection (ATP) category. Anomali is ranked #22 with an average rating of 8.5, while ThreatLocker is ranked #6 with an average rating of 9.2. Anomali holds a 1.3% mindshare in ATP, compared to ThreatLocker’s 2.9% mindshare. Additionally, 80% of Anomali users are willing to recommend the solution, compared to 97% of ThreatLocker users who would recommend it.
Anomali
Read 4 Anomali reviews
  • 247 Views
  • 127 Comparison Views
80% willing to recommend
ThreatLocker Zero Trust End...
Read 39 ThreatLocker Zero Trust Endpoint Protection Platform reviews
  • 501 Views
  • 44 Comparison Views
97% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Apr 1, 2025

Anomali and ThreatLocker are competing products in the cybersecurity domain. ThreatLocker may be considered superior due to its comprehensive security features that justify its price point.

Features: Anomali offers threat intelligence capabilities, seamless integration into existing security operations, and aids in threat detection. ThreatLocker provides robust security through a zero-trust framework, application whitelisting, and control over executables.

Ease of Deployment and Customer Service: ThreatLocker offers straightforward cloud-based deployment and effective customer service support, simplifying implementation. Anomali is user-friendly but may require a more detailed setup process and has supportive but less adaptable customer service compared to ThreatLocker.

Pricing and ROI: Anomali is cost-efficient, providing a good return on investment for organizations focused on threat intelligence. ThreatLocker's pricing, although higher, is perceived as delivering significant ROI due to the breadth of protection provided, with initial setup costs reflecting its premium positioning.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Anomali vs. ThreatLocker Zero Trust Endpoint Protection Platform Report (Updated: June 2025).
Buyer's Guide
Anomali vs. ThreatLocker Zero Trust Endpoint Protection Platform
June 2025
Download the complete report
Helped 860,168 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Anomali
Ranking in Advanced Threat Protection (ATP)
22nd
Average Rating
7.8
Reviews Sentiment
7.2
Number of Reviews
4
Ranking in other categories
Security Information and Event Management (SIEM) (34th), User Entity Behavior Analytics (UEBA) (19th), Threat Intelligence Platforms (7th), Extended Detection and Response (XDR) (27th)
ThreatLocker Zero Trust End...
Ranking in Advanced Threat Protection (ATP)
6th
Average Rating
9.2
Reviews Sentiment
7.5
Number of Reviews
39
Ranking in other categories
Network Access Control (NAC) (5th), Endpoint Protection Platform (EPP) (7th), Application Control (1st), ZTNA (3rd), Ransomware Protection (1st)
 

Mindshare comparison

As of July 2025, in the Advanced Threat Protection (ATP) category, the mindshare of Anomali is 1.3%, up from 1.1% compared to the previous year. The mindshare of ThreatLocker Zero Trust Endpoint Protection Platform is 2.9%, up from 1.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Advanced Threat Protection (ATP)
 

Featured Reviews

CC
Enables automated threat intelligence sorting and enhances proactive threat hunting capabilities
You have to have at least a threat intelligence background or a SOC analyst background to use it, as that's the information you'll dig around with in there. If you don't have that kind of knowledge, it probably can be a little hard to use, but they do provide training. They offer training not only for how to use the platform but also some basic threat intelligence training to explain what these things are and what these terms mean. My company is a customer of Anomali. I would recommend it to other people. I would advise making sure you don't pick it without testing other products and have your use cases well thought out and documented before testing, so you know it will solve the problems you're trying to address. Keep an open mind with it and realize that whatever you can dream of, you can probably do with the platform. Overall, I would rate Anomali an eight out of ten.
Read full review
Johnathan Bodily - PeerSpot reviewer
Ensures ransomware protection and reduces phishing chaos
The application control has been great so far, and while I am still exploring the network access controls, I unfortunately don't have access to one module I would love to have due to licensing restrictions. It's easy to use in regard to reducing attack surfaces. For me, it's a piece of cake. We can have something approved within 30 seconds, thanks to the mobile app. We haven't eliminated security solutions. We just add to it, and ThreatLocker has been a great addition. We also have Kaseya and ThreatLocker as a supplement to that. It's useful. They have overlap, and we look at the overlap as a good thing. It's helped your organization save on operational costs or expenses by ensuring that many fewer hours are spent dealing with ransomware nonsense. I cannot count the amount of hours that I personally have not had to put in to recovering an environment from a ransomware event. The last big one took us about three weeks to completely recover from. Since we've grouped ThreatLocker in, the management of that whole setup has gone down to just daily help desk tasks and general server maintenance instead of having the whole system on fire. There are probably thousands of hours of saved time between our teams. It's been great so far. ThreatLocker Zero Trust Endpoint Protection Platform's ability to block access to unauthorized applications is great. It's my biggest protection, the blocked applications. In a lot of cases, you go to install something yourself that you need for management, and it comes in and says, nope. And then I have to log into the portal and approve it. I get our other guys saying, hey, why are you trying to approve something? Any of the tools that I'm using on a day-to-day basis that haven't been in the environment during the whole learning mode initially, I could go through and set extensions and all that. So, while it's a headache on that end, the amount of saved time I can't even count. It is a little frustrating on my end since I like to go as quickly as I possibly can, and it slows me down. However, that's a really good thing. Depending on the site, it can save a lot of time and cut down headaches. It's likely saved a week's worth of time. It's cut down the amount of sever help desk tickets. Those have become minimal.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable aspect of Anomali is the threat modeling capability."
"I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use."
"We now have a very robust collection of threat intelligence based on the capabilities that Anomali provides."
"The feature I have found most valuable is credential monitoring. This feature is easy and quick."
"Overall, everything is excellent, and everything is well-prepared, from the laptops provided to the overall setup."
"ThreatLocker provides visibility into user activity and application usage, empowering organizations to define acceptable applications and web browsers."
"The customer service is excellent, ten out of ten."
"The Zero Trust factor is valuable because it blocks everything. That helps us to stay ahead of bad actors. We do not have to be in recovery mode."
"The solution has made knowing and managing what is running on our clients' devices much easier for us. We know they cannot run what they are not supposed to run."
"The biggest one that we focus on is the application control with ringfencing. That combination is very beneficial."
"ThreatLocker Zero Trust Endpoint Protection Platform's ability to block access to unauthorized applications has been excellent."
"ThreatLocker Zero Trust Endpoint Protection Platform has helped us protect our environments and have more meaningful requests for access as well as meaningful logging for response."
More ThreatLocker Zero Trust Endpoint Protection Platform pros
 

Cons

"A lot of tools can give you many features, such as CTI intelligence and a tax service reduction. However, many people are combining different tools together to have more capabilities. It is up to the consumer whether they want to have multiple tools or have one tool that serves the purpose. Anomali Enterprise could improve by combining all the other tools' features into one solution."
"Less code in integration would be nice when building blocks."
"Support in the past has been top-notch, but recent trends indicate that it has taken a back seat, as we often don't get answers for days."
"An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsistent, as any company can use any tags for their reporting."
"ThreatLocker could offer more flexible training, like online or offline classes after hours. The fact that they even provide weekly training makes it seem silly to suggest, but some people can't do it during the day, so they want to train after work. They could also start a podcast about issues they see frequently and what requires attention. A podcast would be helpful to keep us all apprised about what's going on and/or offline training for those people who can't train during the week."
"It has not helped reduce our help desk tickets. We are still in learning mode, and after we are fully knowledgeable, we will be able to see some ticket reductions."
"I cannot suggest anything that they are not already doing. They should keep adding features as they have been."
"From my point of view, logging could be improved. Logging should be easier."
"The company should strive to stay ahead of all the developments happening externally. If their progress accelerates more rapidly than the ongoing changes outside, it would prove advantageous."
"From my point of view, logging could be improved. Logging should be easier."
"The user experience could be improved."
"If you have a thousand computers with ThreatLocker agents on them, when you approve or create a new policy saying that Adobe Reader that matches this hashtag and meets certain criteria is allowed to be installed, it applies at the top level or the organization level. It applies to every computer in the company. When you make that new policy and push it out and it goes out and updates all of the clients. Unfortunately, at this time, it does not look like they stagger the push-out."
More ThreatLocker Zero Trust Endpoint Protection Platform cons
 

Pricing and Cost Advice

"When comparing the price of Anomali Enterprise to other solutions it is in the medium to high range. However, I am satisfied with the price."
"I believe ThreatLocker's pricing model is fair and flexible, allowing account managers to offer customized deals based on our specific needs."
"The pricing works fine for me. It's very reasonably priced."
"I can't complain. Cheaper would always be nice, but I think it's reasonable compared to other software in the cybersecurity market."
"Its price is fair. They have added some additional things to it beyond allowlisting. They are up-charging for them, but in terms of the value we get and the way it impacts us, we get a bang for our buck with ThreatLocker than a lot of our other security tools."
"ThreatLocker's pricing seems justifiable."
"Others say ThreatLocker is too expensive, and I tell them they're dreaming. It's well-priced for what it does."
"Considering what this product does, ThreatLocker is very well-priced, if not too nicely priced for the customer."
"We have encountered a few challenges regarding pricing, contract renewals, and additions. As we explored adding features like Cyber Hero, it proved to be an increased expense for our clients. This was primarily a mistake on our part due to how we initially priced it to clients."
More ThreatLocker Zero Trust Endpoint Protection Platform pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.
See recommendations
860,168 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
17%
Computer Software Company
12%
Government
8%
Manufacturing Company
7%
Computer Software Company
35%
Retailer
8%
Manufacturing Company
5%
Financial Services Firm
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What needs improvement with Anomali ThreatStream?
An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsistent, as any company can use any tags for their reporting. Combining all aliases ...
See all answers
What is your primary use case for Anomali ThreatStream?
I use Anomali ( /products/anomali-reviews ) for threat hunting, threat collection, operationalization of intelligence, such as indicators of compromise (IOCs), and dissemination of reports for repo...
See all answers
What advice do you have for others considering Anomali ThreatStream?
For new users, I recommend taking the training provided by Anomali as it is very well articulated. I advise reading the user manual and taking the instructor-led training sessions from the customer...
See all answers
What do you like most about ThreatLocker Allowlisting?
The interface is clean and well-organized, making it simple to navigate and find what we need.
See all answers
What is your experience regarding pricing and costs for ThreatLocker Allowlisting?
Pricing, setup costs, and licensing have been pretty accessible and manageable. It was not too expensive to get started, especially at a small scale for a smaller MSP. It is very accessible, easy t...
See all answers
What needs improvement with ThreatLocker Allowlisting?
For the space that it's in, it's already there. I don't know of another product that compares to its level. Even recently, with the addition of the detect module is a very nice add-on to the packet...
See all answers
 

Comparisons

ThreatConnect Threat Intelligence Platform (TIP) vs Anomali Logo
ThreatConnect Threat Intelligence Platform (TIP) vs Anomali
Compared 24% of the time
ThreatQ vs Anomali Logo
ThreatQ vs Anomali
Compared 17% of the time
Recorded Future vs Anomali Logo
Recorded Future vs Anomali
Compared 16% of the time
Microsoft Defender Threat Intelligence vs Anomali Logo
Microsoft Defender Threat Intelligence vs Anomali
Compared 7% of the time
Splunk Enterprise Security vs Anomali Logo
Splunk Enterprise Security vs Anomali
Compared 6% of the time
More Anomali Competitors
CrowdStrike Falcon vs ThreatLocker Zero Trust Endpoint Protection Platform Logo
CrowdStrike Falcon vs ThreatLocker Zero Trust Endpoint Protection Platform
Compared 16% of the time
SentinelOne Singularity Complete vs ThreatLocker Zero Trust Endpoint Protection Platform Logo
SentinelOne Singularity Complete vs ThreatLocker Zero Trust Endpoint Protection Platform
Compared 15% of the time
Microsoft Defender for Endpoint vs ThreatLocker Zero Trust Endpoint Protection Platform Logo
Microsoft Defender for Endpoint vs ThreatLocker Zero Trust Endpoint Protection Platform
Compared 15% of the time
Ivanti Application Control vs ThreatLocker Zero Trust Endpoint Protection Platform Logo
Ivanti Application Control vs ThreatLocker Zero Trust Endpoint Protection Platform
Compared 7% of the time
Huntress Managed EDR vs ThreatLocker Zero Trust Endpoint Protection Platform Logo
Huntress Managed EDR vs ThreatLocker Zero Trust Endpoint Protection Platform
Compared 5% of the time
More ThreatLocker Zero Trust Endpoint Protection Platform Competitors
 

Product Reports

Buyer's Guide
Threat Intelligence Platforms
June 2025
Anomali reportDownload Anomali product report
Buyer's Guide
ThreatLocker Zero Trust Endpoint Protection Platform
June 2025
ThreatLocker Zero Trust Endpoint Protection Platform reportDownload ThreatLocker Zero Trust Endpoint Protection Platform product report
 

Also Known As

Match, Lens, ThreatStream, STAXX, Anomali Security Analytics
Protect, Allowlisting, Network Control, Ringfencing
 

Overview

Anomali delivers advanced threat intelligence solutions designed to enhance security operations by providing comprehensive visibility into threats and enabling real-time threat detection and management.

Anomali stands out in threat intelligence, offering an innovative platform that integrates data to identify and analyze threats effectively. It enables teams to streamline threat detection processes and respond to incidents with increased agility. With a focus on accuracy and efficiency, Anomali supports cybersecurity professionals in making informed decisions to safeguard their networks consistently.

What are Anomali's core features?
  • ThreatStream: A platform that aggregates threat intelligence feeds to enhance threat assessment.
  • Match: An automated detection feature that matches internal log data against threat intelligence insights.
  • Link: Provides graphical visualization for threat analysis, helping to understand threat vectors better.
  • STAXX: A lightweight tool for collecting and analyzing open-source threat intelligence.
What are the key benefits and ROI of using Anomali?
  • Improved Threat Detection: Streamlined processes lead to faster identification and response to threats.
  • Resource Efficiency: Automation reduces manual tasks, allowing security teams to focus on strategic activities.
  • Better Decision Making: Provides actionable insights that enable more informed security strategies.

In industries like finance and healthcare, Anomali is implemented to address specific challenges like compliance and data protection. By using this platform, organizations gain the ability to adapt to evolving threats, ensuring robust and adaptable security postures tailored to industry demands.

Anomali

ThreatLocker Zero Trust Endpoint Protection Platform offers robust endpoint security through application control and allowlisting, safeguarding servers and workstations from unauthorized software execution.

ThreatLocker Zero Trust Endpoint Protection Platform provides extensive application control with features like ring-fencing and selective elevation, ensuring meticulous execution management. Offering learning mode and extensive support, it integrates threat detection and activity monitoring to enhance compliance, reduce costs, and bolster cybersecurity through alerts and approvals. Despite its strengths, there are areas for improvement in training flexibility, policy updates, and interface enhancements, along with challenges in handling non-digitally signed software. Deployed across environments, it works well with existing cybersecurity instruments for real-time threat prevention.

What are the top features of ThreatLocker?
  • Intuitive Interface: User-friendly design simplifies endpoint protection management.
  • Application Blocking: Prevents unauthorized applications from running.
  • Selective Elevation: Grants control over application permissions.
  • Ring-Fencing: Isolates applications to limit interactions.
  • Allowlisting: Ensures only trusted software can execute.
  • Learning Mode: Facilitates configuration by observing user behavior.
  • Real-Time Support: Access to assistance and training resources.
What benefits should reviewers seek?
  • Compliance: Meets regulatory standards.
  • Operational Cost Reduction: Consolidated alerts and approvals.
  • Enhanced Cybersecurity: Prevention of unauthorized applications.
  • Regulatory Alignment: Helps ensure adherence to legal requirements.

ThreatLocker Zero Trust Endpoint Protection Platform is widely implemented to safeguard IT infrastructures against unauthorized access and application use. In sectors where data security is paramount, this platform enables users to prevent unauthorized software installations and control device applications, ensuring real-time threat prevention and compliance with industry regulations.

ThreatLocker
 

Sample Customers

Bank of England, First Energy, UBISOFT, Bank of Hope, Blackhawk Network
Information Not Available
Buyer's Guide
Anomali vs. ThreatLocker Zero Trust Endpoint Protection Platform
June 2025
Free Report: Anomali vs. ThreatLocker Zero Trust Endpoint Protection Platform
Find out what your peers are saying about Anomali vs. ThreatLocker Zero Trust Endpoint Protection Platform and other solutions. Updated: June 2025.
DOWNLOAD NOW
860,168 professionals have used our research since 2012.
See our Anomali vs. ThreatLocker Zero Trust Endpoint Protection Platform report.
See our list of best Advanced Threat Protection (ATP) vendors.

We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.