We performed a comparison between LogRhythm SIEM and USM Anywhere based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Users praised LogRhythm SIEM for its user-friendly centralized dashboard, strong integration capabilities, and event-filtering capabilities. USM Anywhere is highly regarded for its extensive reporting capabilities, thorough vulnerability assessment, seamless file integration, and user-friendly management features. LogRhythm SIEM has the potential to improve its SOAR and NDR features, platform stability, and MDI integration. LogRhythm users requested expanded log storage, better load balancing, and streamlined search capabilities. USM Anywhere users have suggested improvements in self-service plugin management, database optimization, and third-party threat intelligence integration.
Service and Support: LogRhythm SIEM was generally praised for its helpful and knowledgeable support, although there have been occasional delays and knowledge problems. Some users say that USM Anywhere's customer service is knowledgeable and responsive, while others have faced delays and incomplete answers.
Ease of Deployment: LogRhythm SIEM's setup is considered to be straightforward. However, it is more time-consuming and complex for enterprise deployments involving multiple components or vendors, and users often require assistance from professional services or LogRhythm-certified engineers. The initial setup for USM Anywhere is generally considered to be straightforward if the user has technical knowledge. Vendor assistance is also available during the deployment phase.
Pricing: LogRhythm SIEM’s license typically includes all elements. However, enterprise customers may encounter complexities related to additional features and add-ons. USM Anywhere is seen as more cost-effective than premium solutions like IBM QRadar and Splunk, with pricing considered reasonable and relatively low.
ROI: LogRhythm SIEM has proven to be highly valuable, delivering a significant ROI by reducing the mean time to detect and respond. USM Anywhere has garnered favorable feedback regarding its ROI.
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"It has a lot of great features."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The product can integrate with any device."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The log analysis feature is valuable."
"We now have a central point of monitoring for all potential threats."
"LogRhythm's GUI is easy to explore. We also like other features, such as its integration with other security solutions, log correlation, and the deployment of use cases."
"We have seen a massive increase in the amount of data that we can collect, the type of things that we can see, the way we can look at logs, the way we can get alerts, and the way can create our own customer roles, which has allowed us to customize the work in our environment."
"It has helped us centralize and have better visibility into devices on our network. We are better able to respond to threats in a timely manner."
"Even other products we have that feed into it, instead of having to watch all of them we only have to watch one. For example, we have CrowdStrike, so instead of having to pay attention that solution - because their dashboard doesn't really pop when an alarm comes up - we can see issues with the red on the LogRhythm alarm. That is very nice."
"Alarms are the most valuable feature. We also like the dashboard and how things are at your fingertips. The fact that we can now edit the report templates is going to be a great thing."
"It gives us insight into our entire installation, where we are multiple sites, going as far as the East Coast to the Central West Coast."
"The solution is stable."
"This is a USM, so being able to get all the features under one roof makes it a good product with good new features."
"As we have to service several servers, we can manage them in a economical way, which is beneficial to our team and business."
"This solution can identify many threats inside the organization (compromised endpoints, configuration issues), as well as "outside" threats (botnets, network scanners, web-attacks, etc)."
"Its powerful correlation engine helps reduce time in manually correlating events."
"This solution can completely detect and prevent incidents on your network."
"It allows for a lot of out-of-the-box features: vuln scanning, HIDS/HIPS, and IDS."
"It has allowed us to see what is happening on our servers."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"The on-prem log sources still require a lot of development."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"I don't think the cloud model in LogRhythm is developed enough."
"We do about 750 million a day and some days we do 715 million. Some days we do 820 million or 1.2 billion. But there's no way to drill in and find out: "Where did I get 400,000 extra logs today?" What was going on in my environment that I was able to absorb that peak? I have no way to identify it without running reports, which will produce a long-running PDF that I have to somehow compare to another long-running PDF... I would like to see like profiling behavior awareness around systems like they've been gunned to do around users with UEBA."
"In the next release, I would certainly like to see more HIPAA compliance. I would also like to see more integration with Palo Alto Networks, particularly their Traps, which is their endpoint solution."
"I have probably submitted half a dozen log parser requests, and I keep finding more stuff that we need to keep an eye on that doesn't have a definition in LogRhythm."
"We have run into problems with stability going through upgrade processes. Recently, we have been on the front edge of the upgrade path. When that happens we tend to run into issues either with certain functionality not working after the upgrades or stability issues because of the upgrades."
"The initial setup is complex. We are using a LogRhythm partner, at least for the first three years, to help with the monitoring and the deployment of it. We are not a big enough environment where we have people that we can dedicate to it right now."
"There is room for improvement with separate running sources or better integration."
"I think there is room for improvement because the system is still running on the Windows Server platform. The problem with running on Windows is that it is not that good for scaling and providing for big deployment environments."
"It should be able to communicate with other security solutions to stop threats."
"The one thing I continue to dislike about the USM is the limitation on reports."
"The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing."
"We would like more plugins. This being the main point of improvement which would benefit the users."
"Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira. It is also a bit slow, and its replication engine can be improved."
"Pay attention to false-positive event automatic correlations."
"Maybe logs are the problem, as the database query is too slow. If you want to search something, you need time to find it."
"they seem to have bugs from time to time that go unfixed for a while and that is frustrating. I'm not saying the product needs to be bug-free, but they need to be responsive to bugs."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews. LogRhythm SIEM is rated 8.4, while USM Anywhere is rated 8.4. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Fortinet FortiSIEM, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Securonix Next-Gen SIEM. See our LogRhythm SIEM vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.