We compared Splunk Enterprise Security and USM Anywhere based on our users' reviews across several parameters. After reading all of the collected data, you can find our conclusion below.
Features: Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality. USM Anywhere is highly regarded for its extensive reporting capabilities, thorough vulnerability assessment, seamless file integration, and user-friendly management features. Users say Splunk is a highly scalable and customizable solution.
Room for Improvement: Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics. USM Anywhere users have suggested improvements in self-service plugin management, database optimization, and third-party threat intelligence integration.
Service and Support: While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. Reviews of USM Anywhere's support were likewise mixed. Some users say that USM Anywhere's customer service is knowledgeable and responsive, while others have faced delays and incomplete answers.
Ease of Deployment: Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators. The initial setup for USM Anywhere is generally considered to be straightforward if the user has technical knowledge. Vendor assistance is also available during the deployment phase.
Pricing: Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data. USM Anywhere is seen as more cost-effective than premium solutions like IBM QRadar and Splunk, with pricing considered reasonable and relatively low.
ROI: Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations. USM Anywhere has garnered favorable feedback regarding its ROI.
Comparison Results: Splunk is highly regarded for its efficient data processing and powerful search capabilities. Users like Splunk's customization options and ability to quickly process data from multiple sources. However, reviews noted that Splunk could be more user-friendly and improve its analytics. USM Anywhere earned praise for its intuitive management interface and vulnerability assessment features, but users say the solution could integrate third-party threat intelligence better.
"Sentinel pricing is good"
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"We have no complaints about the features or functionality."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"It provides a lot of analytics with the underlying AI engine, and it is a lot easier than other solutions. There are some products that do automated AI-based detection and drawing up charts, but for network monitoring and all of the monitoring aspects, it is quite a nice tool. It is very convenient for business users because they get more or less a lot of data readily available. If you're familiar with the Splunk query language, you can pretty much do whatever you want."
"The solution is the market leader."
"The solution's newly developed dashboard is pretty amazing."
"The additional vendors we've brought on board, particularly the elastic, have been quite beneficial."
"Good for log collection and log management."
"I really like the user interface and how it works."
"You can use it to gather syslog messages from anything."
"Visualizations are the best way to understand deviation techniques from the norm."
"OTX is a great module that lets staff maintain and monitor updates regarding events in the infrastructure and takes decision to improve the security perimeter."
"The asset management functionality (active and passive scans) is also really important. You can't protect what you do not know about, so having an inventory of all your devices and software is critical to a security management program."
"Asset discovery seems to be good."
"It has streamlined log aggregation and analysis to meet organizational and regulatory needs."
"I can easily check (in one place) all the logs and data in relation to attacks. It also gives me an overview if a server is not configured properly."
"As we have to service several servers, we can manage them in a economical way, which is beneficial to our team and business."
"The dashboards are very descriptive and contain just the right amount of information. The activity alarms and events contain a plethora of data that is very descriptive and useful."
"The solution has all the features that we need, however they do not work correctly."
"The solution should allow for a streamlined CI/CD procedure."
"I would like to be able to monitor applications outside of the Azure Cloud."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"We are invoiced according to the amount of data generated within each log."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"While Splunkbase (the app repository) has a lot of great content, some apps are terribly old and could stand to be updated or purged."
"It is a challenge to manage the environment in such a way, that one’s log, even with the bandwidth license, isn’t exceeded."
"Splunk can improve regex/asset analysis as we do not want to crawl until it is done."
"Splunk Enterprise Security can provide more details and help CISOs resolve vulnerability situations better. The reason is that the tools we choose for data analysis and log collection cannot collect all the data and logs. Splunk Enterprise Security should help me with this, but it cannot."
"The Web Application Firewall will send you too much information because it's more dedicated to security than a normal firewall."
"It can be tough to get a hold of somebody in technical support depending on the complexity of the issue."
"It could be more user friendly, in terms of the end-user experience."
"Given the ever-increasing number of threats, I would like Splunk to update its threat signatures more frequently."
"The price of AT&T AlienVault USM could be reduced."
"Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement."
"The reporting and dashboards have room for improvement."
"The vulnerability reporting needs to have options to be able to sort or customize the output."
"Pay attention to false-positive event automatic correlations."
"AT&T AlienVault USM can improve searchable data. It should be available for more than 90 days. If you need more than 90 days of data, you have to put a request and they give you raw data, which is not easy to search. A good addition would be to allow users to search data older than 90 days."
"The one thing I continue to dislike about the USM is the limitation on reports."
"USM Anywhere relies a lot on the community putting the data in. Often, you'll right-click on the attack, but nothing will be found. That's a weakness of it."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews while USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews. Splunk Enterprise Security is rated 8.4, while USM Anywhere is rated 8.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Rapid7 InsightIDR and LogRhythm SIEM. See our Splunk Enterprise Security vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.