Try our new research platform with insights from 80,000+ expert users

Anomali vs Microsoft Defender Threat Intelligence comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 1, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Anomali
Ranking in Advanced Threat Protection (ATP)
31st
Ranking in Threat Intelligence Platforms
9th
Average Rating
7.0
Reviews Sentiment
7.2
Number of Reviews
2
Ranking in other categories
Security Information and Event Management (SIEM) (56th), User Entity Behavior Analytics (UEBA) (25th), Extended Detection and Response (XDR) (41st)
Microsoft Defender Threat I...
Ranking in Advanced Threat Protection (ATP)
11th
Ranking in Threat Intelligence Platforms
4th
Average Rating
8.4
Reviews Sentiment
7.4
Number of Reviews
31
Ranking in other categories
Microsoft Security Suite (18th)
 

Mindshare comparison

As of April 2025, in the Advanced Threat Protection (ATP) category, the mindshare of Anomali is 1.1%, up from 1.0% compared to the previous year. The mindshare of Microsoft Defender Threat Intelligence is 1.6%, up from 1.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Advanced Threat Protection (ATP)
 

Featured Reviews

PP
Easy and quick credential monitoring; tech support could be improved
Currently, we are not using any other solution for this use case, but previously we used MISP, which is an open-source project that requires a lot of effort to make work. That way, it required a lot of attention from our system administrator, and we had to sanitize the data very frequently because the peers we had. Sometimes they flooded our systems with chunk data and that needs to be handled and we decided to go with a paid solution instead.
Nim Nadarajah - PeerSpot reviewer
A native Microsoft solution the provides great ROI and continuously improves its offering
We have Microsoft bias. We generally don't have any significant negative feedback or improvement points around Defender, EDR and CMDR platforms. It does a good job across the board. The price point is something they can improve slightly for those who don't have an M 365 E5. I believe it's a $2.80 cents add-on. In Canadian, that's expensive. If they can drop it to a dollar, for those who don't have M 365 E5, they're going to open up market share and increase affordability for an entire market segment in the medium business category. Other than that, we have no major negative feedback.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use."
"The feature I have found most valuable is credential monitoring. This feature is easy and quick."
"I value how Threat Intelligence integrates with the different platforms in Microsoft."
"Microsoft's integration into the security stack works quite well."
"The product is stable."
"The product is useful when the end user downloads malware files."
"The user interface is pretty user-friendly."
"Its user-friendliness is its most valuable aspect."
"They have a very transparent roadmap for the product."
"I would rate Microsoft Defender ATP as nine out of ten."
 

Cons

"A lot of tools can give you many features, such as CTI intelligence and a tax service reduction. However, many people are combining different tools together to have more capabilities. It is up to the consumer whether they want to have multiple tools or have one tool that serves the purpose. Anomali Enterprise could improve by combining all the other tools' features into one solution."
"Less code in integration would be nice when building blocks."
"One area that can be improved is reducing false positives."
"Some of the customization features could be improved by providing a portion of it as open source."
"The stability of the product is an area of concern where improvements are required."
"It's a bit complicated to manage because you have many dependencies of servers, many dependencies in queue, and so on. Entries or different endpoints, and you make different configuration topics for each one. So that's a major problem."
"I would like to see more integration with other solutions. For example, integration well with Microsoft but not with other solutions."
"The product's dashboard and incident reports functionality needs enhancement."
"We encounter problems connecting the product deployed on the user endpoints with the servers."
"It would be beneficial to enhance the pricing structure and make it more affordable."
 

Pricing and Cost Advice

"When comparing the price of Anomali Enterprise to other solutions it is in the medium to high range. However, I am satisfied with the price."
"It is an expensive product."
"There is a need to make yearly payments towards the licensing charges attached to the product."
"The product has multiple subscription models."
"The product is a part of my Microsoft 365 subscription, so there is no additional cost. It is cost-effective."
"The tool is expensive as a stand-alone solution. However, it is not cheap when you purchase it as a bundle."
"They offer two license plans: Microsoft Defender for endpoints and Microsoft Defender for businesses."
"The pricing of the solution is good."
"Considering Microsoft is constantly changing licensing, I would give it a seven out of ten. It can be difficult to get your head around it, especially for small to medium-sized enterprises (SMEs)."
report
Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
16%
Computer Software Company
14%
Government
11%
Manufacturing Company
8%
Computer Software Company
17%
Financial Services Firm
12%
Educational Organization
11%
Government
10%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about Anomali ThreatStream?
The feature I have found most valuable is credential monitoring. This feature is easy and quick.
What needs improvement with Anomali ThreatStream?
I think that this solution should improve its integrations. This part of the solution could be bigger and moved into the no-code direction. Less code in integration would be nice when building blocks.
What is your primary use case for Anomali ThreatStream?
Our primary use case for this solution is as a threat intelligence platform. We stream various threat feeds into this platform. We also make correlations between the feeds to duplicate the data, ag...
What do you like most about Microsoft Defender Threat Intelligence?
It just runs in the background. I don't have to worry about, making sure it's Intelligence. So, you know, this kind of makes it very easy, have to worry about installing. It is easy to use.
What needs improvement with Microsoft Defender Threat Intelligence?
Some of the customization features could be improved by providing a portion of it as open source. This would allow integration with other solutions, enhancing Threat Intelligence. Providing code cu...
What is your primary use case for Microsoft Defender Threat Intelligence?
We are using Microsoft Defender ATP specifically as an email security solution, as well as for our critical servers as a web security solution. We have almost eleven hundred users utilizing it for ...
 

Also Known As

Match, Lens, ThreatStream, STAXX, Anomali Security Analytics
No data available
 

Overview

 

Sample Customers

Bank of England, First Energy, UBISOFT, Bank of Hope, Blackhawk Network
Information Not Available
Find out what your peers are saying about Anomali vs. Microsoft Defender Threat Intelligence and other solutions. Updated: March 2025.
845,040 professionals have used our research since 2012.