Try our new research platform with insights from 80,000+ expert users

Anomali vs ThreatLocker Zero Trust Endpoint Protection Platform comparison

Anomali and ThreatLocker are both solutions in the Advanced Threat Protection (ATP) category. Anomali is ranked #22 with an average rating of 8.5, while ThreatLocker is ranked #5 with an average rating of 9.2. Anomali holds a 1.3% mindshare in ATP, compared to ThreatLocker’s 3.0% mindshare. Additionally, 80% of Anomali users are willing to recommend the solution, compared to 97% of ThreatLocker users who would recommend it.
Anomali
Read 4 Anomali reviews
  • 2,282 Views
  • 251 Comparison Views
80% willing to recommend
ThreatLocker Zero Trust End...
Read 39 ThreatLocker Zero Trust Endpoint Protection Platform reviews
  • 3,098 Views
  • 527 Comparison Views
97% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Jul 6, 2025

Anomali and ThreatLocker are competitors in the cybersecurity sector. ThreatLocker is typically preferred due to its feature-rich endpoint protection and application whitelisting capabilities, while Anomali excels in threat intelligence, enabling more effective threat identification and response.

Features: Anomali offers threat intelligence, threat modeling, and API integration to manage and prioritize intelligence, enhancing proactive defense strategies. ThreatLocker supports strong endpoint protection with features like application whitelisting, default-deny policies, and ring-fencing, allowing for robust security management.

Room for Improvement: Anomali could improve its setup complexity and make the integration process smoother. Enhancing the limited data set would also be beneficial. ThreatLocker might work on more granular control options in ring-fencing and alleviate potential administrative burdens associated with default-deny settings.

Ease of Deployment and Customer Service: ThreatLocker is known for easy deployment and outstanding customer support, including ongoing training until users feel self-sufficient. Anomali, while having a sophisticated setup, compensates with highly responsive customer service that supports users through any challenges encountered.

Pricing and ROI: ThreatLocker is competitively priced with a strong ROI due to cost-effective security management and endpoint protection. Anomali incurs higher initial costs associated with its advanced threat intelligence features but can offer significant ROI through enhanced threat detection and intelligence prioritization.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Anomali vs. ThreatLocker Zero Trust Endpoint Protection Platform Report (Updated: July 2025).
Buyer's Guide
Anomali vs. ThreatLocker Zero Trust Endpoint Protection Platform
July 2025
Download the complete report
Helped 865,384 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Anomali
Ranking in Advanced Threat Protection (ATP)
22nd
Average Rating
7.8
Reviews Sentiment
7.2
Number of Reviews
4
Ranking in other categories
Security Information and Event Management (SIEM) (33rd), User Entity Behavior Analytics (UEBA) (18th), Threat Intelligence Platforms (8th), Extended Detection and Response (XDR) (27th)
ThreatLocker Zero Trust End...
Ranking in Advanced Threat Protection (ATP)
5th
Average Rating
9.2
Reviews Sentiment
7.5
Number of Reviews
39
Ranking in other categories
Network Access Control (NAC) (5th), Endpoint Protection Platform (EPP) (7th), Application Control (1st), ZTNA (3rd), Ransomware Protection (1st)
 

Mindshare comparison

As of August 2025, in the Advanced Threat Protection (ATP) category, the mindshare of Anomali is 1.3%, up from 1.1% compared to the previous year. The mindshare of ThreatLocker Zero Trust Endpoint Protection Platform is 3.0%, up from 2.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Advanced Threat Protection (ATP)
 

Featured Reviews

CC
Enables automated threat intelligence sorting and enhances proactive threat hunting capabilities
You have to have at least a threat intelligence background or a SOC analyst background to use it, as that's the information you'll dig around with in there. If you don't have that kind of knowledge, it probably can be a little hard to use, but they do provide training. They offer training not only for how to use the platform but also some basic threat intelligence training to explain what these things are and what these terms mean. My company is a customer of Anomali. I would recommend it to other people. I would advise making sure you don't pick it without testing other products and have your use cases well thought out and documented before testing, so you know it will solve the problems you're trying to address. Keep an open mind with it and realize that whatever you can dream of, you can probably do with the platform. Overall, I would rate Anomali an eight out of ten.
Read full review
Johnathan Bodily - PeerSpot reviewer
Ensures ransomware protection and reduces phishing chaos
The application control has been great so far, and while I am still exploring the network access controls, I unfortunately don't have access to one module I would love to have due to licensing restrictions. It's easy to use in regard to reducing attack surfaces. For me, it's a piece of cake. We can have something approved within 30 seconds, thanks to the mobile app. We haven't eliminated security solutions. We just add to it, and ThreatLocker has been a great addition. We also have Kaseya and ThreatLocker as a supplement to that. It's useful. They have overlap, and we look at the overlap as a good thing. It's helped your organization save on operational costs or expenses by ensuring that many fewer hours are spent dealing with ransomware nonsense. I cannot count the amount of hours that I personally have not had to put in to recovering an environment from a ransomware event. The last big one took us about three weeks to completely recover from. Since we've grouped ThreatLocker in, the management of that whole setup has gone down to just daily help desk tasks and general server maintenance instead of having the whole system on fire. There are probably thousands of hours of saved time between our teams. It's been great so far. ThreatLocker Zero Trust Endpoint Protection Platform's ability to block access to unauthorized applications is great. It's my biggest protection, the blocked applications. In a lot of cases, you go to install something yourself that you need for management, and it comes in and says, nope. And then I have to log into the portal and approve it. I get our other guys saying, hey, why are you trying to approve something? Any of the tools that I'm using on a day-to-day basis that haven't been in the environment during the whole learning mode initially, I could go through and set extensions and all that. So, while it's a headache on that end, the amount of saved time I can't even count. It is a little frustrating on my end since I like to go as quickly as I possibly can, and it slows me down. However, that's a really good thing. Depending on the site, it can save a lot of time and cut down headaches. It's likely saved a week's worth of time. It's cut down the amount of sever help desk tickets. Those have become minimal.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable aspect of Anomali is the threat modeling capability."
"We now have a very robust collection of threat intelligence based on the capabilities that Anomali provides."
"The feature I have found most valuable is credential monitoring. This feature is easy and quick."
"I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use."
"Unified Audit is excellent for identifying our denies and using those to dynamically create rules, as opposed to manually observing the logs and creating them. It saves so much time."
"The Zero Trust factor is valuable because it blocks everything. That helps us to stay ahead of bad actors. We do not have to be in recovery mode."
"ThreatLocker Zero Trust Endpoint Protection Platform has helped us protect our environments and have more meaningful requests for access as well as meaningful logging for response."
"Every single feature has been invaluable."
"Ringfencing is a valuable feature."
"The customer service is excellent, ten out of ten."
"The application management on any workstation with the solution is valuable. I find it valuable that it indicates whether the software is part of our pre-approved list, adding a nice layer of protection. It works great because people cannot just install or download any app from the web."
"ThreatLocker Zero Trust Endpoint Protection Platform provides no-sweat security that we can easily deploy."
More ThreatLocker Zero Trust Endpoint Protection Platform pros
 

Cons

"Less code in integration would be nice when building blocks."
"An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsistent, as any company can use any tags for their reporting."
"A lot of tools can give you many features, such as CTI intelligence and a tax service reduction. However, many people are combining different tools together to have more capabilities. It is up to the consumer whether they want to have multiple tools or have one tool that serves the purpose. Anomali Enterprise could improve by combining all the other tools' features into one solution."
"Support in the past has been top-notch, but recent trends indicate that it has taken a back seat, as we often don't get answers for days."
"The portal can be a little overwhelming at times from an administration point of view. It displays a lot of information, and it's all useful. However, sometimes there is too much on the screen to sift through, especially if you're trying to diagnose a client's problem with a piece of software. Maybe something has stopped working since they updated it, and we need to see if ThreatLocker is blocking a component of that software."
"A valuable addition to ThreatLocker would be a column in the audit page displaying a VirusTotal score for each file."
"ThreatLocker Allowlisting needs to improve its user interface and overall workflow."
"Adding applications to the allowlist can sometimes feel overwhelming."
"It has not reduced helpdesk tickets. It has probably increased them by blocking applications and doing its job, resulting in people raising more tickets to know why they cannot use certain things."
"Initially, the learning curve was slightly high for me, however, that has been resolved now."
"I find that the learning mode is too accessible. Technicians sometimes default to it instead of manually building policy controls. I would prefer the learning mode to be harder to access, ideally hidden behind a layer that requires creating at least one policy first before using the learning mode as a supplement."
"ThreatLocker could offer more flexible training, like online or offline classes after hours. The fact that they even provide weekly training makes it seem silly to suggest, but some people can't do it during the day, so they want to train after work. They could also start a podcast about issues they see frequently and what requires attention. A podcast would be helpful to keep us all apprised about what's going on and/or offline training for those people who can't train during the week."
More ThreatLocker Zero Trust Endpoint Protection Platform cons
 

Pricing and Cost Advice

"When comparing the price of Anomali Enterprise to other solutions it is in the medium to high range. However, I am satisfied with the price."
"The pricing is pretty fair, considering other solutions. Licensing-wise, it did not take long."
"The price is very reasonable, and we have been able to integrate ThreatLocker with all of our clients."
"We have not had any real issues with the pricing. As they have added more features, due to the way our contracts are structured with our customers, we have had to hold off on adopting the new features because they do add costs."
"I find ThreatLocker's pricing to be reasonable for the services it provides."
"So far, it has been great. I have no complaints. Of course, everybody wishes it was cheaper."
"ThreatLocker's pricing seems justifiable."
"The pricing works fine for me. It's very reasonably priced."
"The pricing is fair and there is no hard sell."
More ThreatLocker Zero Trust Endpoint Protection Platform pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.
See recommendations
865,384 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
17%
Computer Software Company
13%
Government
7%
Insurance Company
6%
Computer Software Company
31%
Retailer
8%
Manufacturing Company
6%
Financial Services Firm
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What needs improvement with Anomali ThreatStream?
An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsistent, as any company can use any tags for their reporting. Combining all aliases ...
See all answers
What is your primary use case for Anomali ThreatStream?
I use Anomali ( /products/anomali-reviews ) for threat hunting, threat collection, operationalization of intelligence, such as indicators of compromise (IOCs), and dissemination of reports for repo...
See all answers
What advice do you have for others considering Anomali ThreatStream?
For new users, I recommend taking the training provided by Anomali as it is very well articulated. I advise reading the user manual and taking the instructor-led training sessions from the customer...
See all answers
What do you like most about ThreatLocker Allowlisting?
The interface is clean and well-organized, making it simple to navigate and find what we need.
See all answers
What is your experience regarding pricing and costs for ThreatLocker Allowlisting?
Pricing, setup costs, and licensing have been pretty accessible and manageable. It was not too expensive to get started, especially at a small scale for a smaller MSP. It is very accessible, easy t...
See all answers
What needs improvement with ThreatLocker Allowlisting?
For the space that it's in, it's already there. I don't know of another product that compares to its level. Even recently, with the addition of the detect module is a very nice add-on to the packet...
See all answers
 

Comparisons

ThreatConnect Threat Intelligence Platform (TIP) vs Anomali Logo
ThreatConnect Threat Intelligence Platform (TIP) vs Anomali
Compared 20% of the time
Recorded Future vs Anomali Logo
Recorded Future vs Anomali
Compared 17% of the time
ThreatQ vs Anomali Logo
ThreatQ vs Anomali
Compared 13% of the time
Splunk Enterprise Security vs Anomali Logo
Splunk Enterprise Security vs Anomali
Compared 11% of the time
SOCRadar Extended Threat Intelligence vs Anomali Logo
SOCRadar Extended Threat Intelligence vs Anomali
Compared 6% of the time
More Anomali Competitors
CrowdStrike Falcon vs ThreatLocker Zero Trust Endpoint Protection Platform Logo
CrowdStrike Falcon vs ThreatLocker Zero Trust Endpoint Protection Platform
Compared 14% of the time
Microsoft Defender for Endpoint vs ThreatLocker Zero Trust Endpoint Protection Platform Logo
Microsoft Defender for Endpoint vs ThreatLocker Zero Trust Endpoint Protection Platform
Compared 11% of the time
SentinelOne Singularity Complete vs ThreatLocker Zero Trust Endpoint Protection Platform Logo
SentinelOne Singularity Complete vs ThreatLocker Zero Trust Endpoint Protection Platform
Compared 11% of the time
ManageEngine Application Control Plus vs ThreatLocker Zero Trust Endpoint Protection Platform Logo
ManageEngine Application Control Plus vs ThreatLocker Zero Trust Endpoint Protection Platform
Compared 5% of the time
Ivanti Application Control vs ThreatLocker Zero Trust Endpoint Protection Platform Logo
Ivanti Application Control vs ThreatLocker Zero Trust Endpoint Protection Platform
Compared 5% of the time
More ThreatLocker Zero Trust Endpoint Protection Platform Competitors
 

Product Reports

Buyer's Guide
Threat Intelligence Platforms
July 2025
Anomali reportDownload Anomali product report
Buyer's Guide
ThreatLocker Zero Trust Endpoint Protection Platform
July 2025
ThreatLocker Zero Trust Endpoint Protection Platform reportDownload ThreatLocker Zero Trust Endpoint Protection Platform product report
 

Also Known As

Match, Lens, ThreatStream, STAXX, Anomali Security Analytics
Protect, Allowlisting, Network Control, Ringfencing
 

Overview

Anomali delivers advanced threat intelligence solutions designed to enhance security operations by providing comprehensive visibility into threats and enabling real-time threat detection and management.

Anomali stands out in threat intelligence, offering an innovative platform that integrates data to identify and analyze threats effectively. It enables teams to streamline threat detection processes and respond to incidents with increased agility. With a focus on accuracy and efficiency, Anomali supports cybersecurity professionals in making informed decisions to safeguard their networks consistently.

What are Anomali's core features?
  • ThreatStream: A platform that aggregates threat intelligence feeds to enhance threat assessment.
  • Match: An automated detection feature that matches internal log data against threat intelligence insights.
  • Link: Provides graphical visualization for threat analysis, helping to understand threat vectors better.
  • STAXX: A lightweight tool for collecting and analyzing open-source threat intelligence.
What are the key benefits and ROI of using Anomali?
  • Improved Threat Detection: Streamlined processes lead to faster identification and response to threats.
  • Resource Efficiency: Automation reduces manual tasks, allowing security teams to focus on strategic activities.
  • Better Decision Making: Provides actionable insights that enable more informed security strategies.

In industries like finance and healthcare, Anomali is implemented to address specific challenges like compliance and data protection. By using this platform, organizations gain the ability to adapt to evolving threats, ensuring robust and adaptable security postures tailored to industry demands.

Anomali

ThreatLocker Zero Trust Endpoint Protection Platform offers robust endpoint security through application control and allowlisting, safeguarding servers and workstations from unauthorized software execution.

ThreatLocker Zero Trust Endpoint Protection Platform provides extensive application control with features like ring-fencing and selective elevation, ensuring meticulous execution management. Offering learning mode and extensive support, it integrates threat detection and activity monitoring to enhance compliance, reduce costs, and bolster cybersecurity through alerts and approvals. Despite its strengths, there are areas for improvement in training flexibility, policy updates, and interface enhancements, along with challenges in handling non-digitally signed software. Deployed across environments, it works well with existing cybersecurity instruments for real-time threat prevention.

What are the top features of ThreatLocker?
  • Intuitive Interface: User-friendly design simplifies endpoint protection management.
  • Application Blocking: Prevents unauthorized applications from running.
  • Selective Elevation: Grants control over application permissions.
  • Ring-Fencing: Isolates applications to limit interactions.
  • Allowlisting: Ensures only trusted software can execute.
  • Learning Mode: Facilitates configuration by observing user behavior.
  • Real-Time Support: Access to assistance and training resources.
What benefits should reviewers seek?
  • Compliance: Meets regulatory standards.
  • Operational Cost Reduction: Consolidated alerts and approvals.
  • Enhanced Cybersecurity: Prevention of unauthorized applications.
  • Regulatory Alignment: Helps ensure adherence to legal requirements.

ThreatLocker Zero Trust Endpoint Protection Platform is widely implemented to safeguard IT infrastructures against unauthorized access and application use. In sectors where data security is paramount, this platform enables users to prevent unauthorized software installations and control device applications, ensuring real-time threat prevention and compliance with industry regulations.

ThreatLocker
 

Sample Customers

Bank of England, First Energy, UBISOFT, Bank of Hope, Blackhawk Network
Information Not Available
Buyer's Guide
Anomali vs. ThreatLocker Zero Trust Endpoint Protection Platform
July 2025
Free Report: Anomali vs. ThreatLocker Zero Trust Endpoint Protection Platform
Find out what your peers are saying about Anomali vs. ThreatLocker Zero Trust Endpoint Protection Platform and other solutions. Updated: July 2025.
DOWNLOAD NOW
865,384 professionals have used our research since 2012.
See our Anomali vs. ThreatLocker Zero Trust Endpoint Protection Platform report.
See our list of best Advanced Threat Protection (ATP) vendors.

We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.