We performed a comparison between ArcSight ESM and USM Anywhere based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: ArcSight ESM is praised for its well-designed dashboard, real-time reporting, and threat intelligence capabilities that leverage AI and correlation tools. Users also like ArcSight’s seamless integration and effortless management.USM Anywhere is highly regarded for its extensive reporting capabilities, thorough vulnerability assessment, seamless file integration, and user-friendly management features. ArcSight ESM users have recommended improvements in training, speed, and data administration. USM Anywhere users have suggested improvements in self-service plugin management, database optimization, and third-party threat intelligence integration.
Service and Support: Some ArcSight ESM users have found the support to be responsive and helpful, while others have faced issues with slow response times and a lack of expertise. Some users say that USM Anywhere's customer service is knowledgeable and responsive, while others have faced delays and incomplete answers.
Ease of Deployment: Some said that ArcSight ESM is straightforward to set up, while others noted that integration with other systems can be challenging and requires specialized knowledge. The initial setup for USM Anywhere is generally considered to be straightforward if the user has technical knowledge. Vendor assistance is also available during the deployment phase.
Pricing: Users consider the pricing of ArcSight ESM to be reasonable and affordable. USM Anywhere is seen as more cost-effective than premium solutions like IBM QRadar and Splunk, with pricing considered reasonable and relatively low.
ROI: ArcSight ESM delivers an ROI by helping clients achieve compliance objectives and prevent incidents. USM Anywhere has garnered favorable feedback regarding its ROI.
"It is a robust product and has multiple valuable features."
"It is a vital tool for live monitoring and helps us to understand the traffic alerts of any major issue on the network, thereby reducing hacking attempts."
"This process has helped to improve our organization because we have centralized the intra-group security equipment logs."
"It is a very useful tool for intelligence building because it has many use cases and many rule sets."
"The solution offers very good monitoring."
"I think that the overall experience with this solution is good, but in particular, I think that the dashboards are quite interactive."
"ArcSight gives us better visibility into threats that were unknown earlier."
"The most useful features are directories, price, and live reporting."
"It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts, NIDS, HIDS, etc. - provides a very efficient way of dealing with things."
"I can easily check (in one place) all the logs and data in relation to attacks. It also gives me an overview if a server is not configured properly."
"Allowed us to help our customers satisfy compliance needs around logging and monitoring."
"It allows for a lot of out-of-the-box features: vuln scanning, HIDS/HIPS, and IDS."
"The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure."
"Its powerful correlation engine helps reduce time in manually correlating events."
"AlienVault provides a checklist answer when using SIEM."
"The dashboards are very descriptive and contain just the right amount of information. The activity alarms and events contain a plethora of data that is very descriptive and useful."
"ArcSight is incredibly complex when configuring and deploying, and if your organization doesn't know what they want and what they need, ArcSight will be a challenge for them."
"What could be improved in ArcSight Enterprise Security Manager (ESM) is its analytics feature. That feature should be more powerful and have more correlation in terms of AI/ML, though MicroFocus has done a good job in adding analytics to ArcSight Enterprise Security Manager (ESM) which has become a big draw to customers. What I'd like to see in the next release of the solution is the addition of AI/ML features."
"The analytics feature is not reliable and needs improvement for more detailed analysis."
"The customer experience could be improved."
"The API integration could be better, and I'd like to see more machine-learning capabilities in the future."
"Sometimes, it takes ages to get an issue resolved. I have ArcSight experience, so I normally try to fix things on my own or find a workaround, but it's tough to get support when I need it."
"The way that scaling is set up isn't very cost-effective."
"There could be more API features for extracting logs on different devices included in the product."
"AlienVault needs to continue to integrate with other third-party technologies that clients want to have monitored."
"I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job."
"The AT&T AlienVault USM is okay, but the relational database is not very good for large amounts of data. For example, many logs cannot be processed. It has been very slow for the queries and some data which are large, it is not very good in this case."
"It would be nice to see some machine learning and monitoring of the configuration in network devices."
"The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management."
"The reporting is mediocre and is something that needs to be improved."
"The reporting tools are a bit lacking for building reports to give directly to customers, but support has been helpful in giving our requests for new features to the development team and following up with us."
"I want to see more compliance management capability. The quality of integrations seems to be a little bit low."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while USM Anywhere is ranked 13th in Security Information and Event Management (SIEM) with 113 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while USM Anywhere is rated 8.4. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, Trellix ESM, ArcSight Intelligence, IBM Security QRadar and Elastic Security, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Microsoft Sentinel. See our ArcSight Enterprise Security Manager (ESM) vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.