We compared Splunk Enterprise Security and USM Anywhere based on our users' reviews across several parameters. After reading all of the collected data, you can find our conclusion below.
Features: Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality. USM Anywhere is highly regarded for its extensive reporting capabilities, thorough vulnerability assessment, seamless file integration, and user-friendly management features. Users say Splunk is a highly scalable and customizable solution.
Room for Improvement: Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics. USM Anywhere users have suggested improvements in self-service plugin management, database optimization, and third-party threat intelligence integration.
Service and Support: While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. Reviews of USM Anywhere's support were likewise mixed. Some users say that USM Anywhere's customer service is knowledgeable and responsive, while others have faced delays and incomplete answers.
Ease of Deployment: Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators. The initial setup for USM Anywhere is generally considered to be straightforward if the user has technical knowledge. Vendor assistance is also available during the deployment phase.
Pricing: Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data. USM Anywhere is seen as more cost-effective than premium solutions like IBM QRadar and Splunk, with pricing considered reasonable and relatively low.
ROI: Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations. USM Anywhere has garnered favorable feedback regarding its ROI.
Comparison Results: Splunk is highly regarded for its efficient data processing and powerful search capabilities. Users like Splunk's customization options and ability to quickly process data from multiple sources. However, reviews noted that Splunk could be more user-friendly and improve its analytics. USM Anywhere earned praise for its intuitive management interface and vulnerability assessment features, but users say the solution could integrate third-party threat intelligence better.
"The ability to quickly search logs, performance data, and other inputs has helped tremendously with troubleshooting."
"The fact that Splunk is a platform and not just a SIEM solution is a key benefit."
"The reporting aspect is good and it does what I need it to do."
"Its usability is the best part. It is easy for our developers to use if they want to search their logs, etc."
"The correlation searches are most valuable just because we are able to do things like RBA."
"The most valuable feature of Splunk is the log monitoring."
"It definitely does help with both auditing and as well as regular monitoring. SOC does more monitoring, but ES also gives you other features that are auditing-related. The dashboards are also beneficial."
"It provides logs in one place, so they are easy to find. It collects the logs from multiple places, then you have just one place where you see the whole flow from the front-end to the back-end."
"The best feature of this product is the ease of use. It is extremely easy to set up and get going. This is a very useful tool for a small organization."
"Having everything in a central place has been helpful."
"Reports are customized, so you can present them to executives or engineers."
"The most valuable feature in AT&T AlienVault USM is the reporting."
"The most valuable feature is vulnerability management because it gives you insight into your environment to know what systems need to be updated or patched."
"The most valuable feature of this solution is security management for PCI DSS."
"Easy to use, scalable, stable, and very intuitive platform that provides protection against security threats."
"I can easily check (in one place) all the logs and data in relation to attacks. It also gives me an overview if a server is not configured properly."
"The configuration had a bit of a learning curve."
"A problem that we had recently had was we licensed it based on how much data you upload to them every day. Something changed in one our applications, and it started generating three to four times as many logs and. So now, we are trying to assemble something with parts of the Splunk API to warn ourselves, then turn it off and throttle it back more. However it would be better if they had something systematically built into the product that if you're getting close to your license, then to shut things down."
"The prices are complicated as we operate in a small third-world country."
"There are limitations with Splunk not detecting all user activity, especially on mainframes and network devices."
"It needs a better way to export dynamic views without requiring a ton of code and user/pw."
"Its pricing is extremely high. There are other tools out in the market that are competitive. They do not necessarily have all the functionality, but they are competitive. The professional services we have used have been high as well in comparison to the market."
"It needs more formatting control without having to be an admin."
"The product is relatively expensive."
"The only room for improvement I can mention is the initial installation procedures. I found that the online installation instructions for the product were missing important details, they lacked necessary steps."
"I've been told that AlienVault doesn't have a full version of NES running in there, but I'm not sure if that's accurate or if my engineer made it that way. I'm not sure he was completely honest either because we had NES in the environment before. Those tools could be improved because AlienVault is a SIEM, and it added all these other features."
"We would like more plugins. This being the main point of improvement which would benefit the users."
"I've been using it just for my own personal upskilling in terms of how the product works. At the moment, it is pretty straightforward and simple, and it is working how it is supposed to. The feedback would come once it is deployed to customer sites. They'll be using it on a more frequent basis, and that's when the feedback would come in terms of the areas in which they're facing issues or are looking for simplicity."
"The reporting tools are a bit lacking for building reports to give directly to customers, but support has been helpful in giving our requests for new features to the development team and following up with us."
"Reporting is convoluted and difficult at times, although they claim to have hundreds of pre-built reports, very few of them are actually useful for anything but what the USM is doing."
"There could be some type of integration with our existing portal. We have our own customer portals, and it would be good if there was an integration so that our portal can provide reports. There could be some type of API into the AlienVault system with the USM system so that it is easy to show the customers high-level reports of the system through our portal."
"This solution could be easier to use."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 246 reviews while USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews. Splunk Enterprise Security is rated 8.4, while USM Anywhere is rated 8.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". Splunk Enterprise Security is most compared with Wazuh, IBM Security QRadar, Dynatrace, Elastic Security and Microsoft Sentinel, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Microsoft Sentinel and LogRhythm SIEM. See our Splunk Enterprise Security vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
