We performed a comparison between SolarWinds Security Event Manager and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"It has a lot of great features."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"The connectivity and analytics are great."
"SolarWinds is easy to configure, and it provides timely alerts."
"The solution helps you monitor database instances, application instances, other customer application things, Linux servers, IBM servers, and Oracle servers."
"The most valuable feature of this solution is the visibility into both attempted and failed logins."
"SolarWinds' stability is fine. I don't think we've had any software issues."
"Some of the rules are most valuable because you can be notified about various things, such as spyware or things that are going on in the internal network."
"It performs network behavior monitoring, log monitoring, and disaster recovery monitoring."
"The out of the box reports and dashboard. It was easy to trim down these windows to something we could quickly use."
"It's extremely easy to deploy."
"SIEM log collection is great, and all of the rules that support updates with maintenance."
"Every activity on the firewall is recorded, and notifications are sent with this solution."
"There are multiple tools for information security. The solution includes all the latest advances on the network and host intrusion detection systems."
"The other big selling feature for us was its integration capabilities with all the other security-based products."
"The USM is a work horse, no matter what devices or the number of logs we throw at it, the system processes them in real time, correlates the events, and alerts on only events that need human review."
"The most valuable feature in AT&T AlienVault USM is the reporting."
"The new cloud-based panel is excellent both for client review as well as for our SOC to review and respond to threats. It is much easier to configure and use than the previous solution from AlienVault."
"The vulnerability scanning is helpful to identify the areas that need patching or fixes installed."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"We are invoiced according to the amount of data generated within each log."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"There is room for improvement in entity behavior and the integration site."
"SolarWinds should improve its correlation capabilities. The correlation does not automatically detect and reduce the events fast enough. You have to manually do a correlation report, which means the tool is not scalable in many ways."
"I would like to have a more customizable dashboard."
"The reporting could be more robust. It can be a lot more granular and that will make it a lot more useful in comparison to how it is incorporated at the moment."
"I imagine we will have to develop our own reports soon, this seems to be more cumbersome."
"We used the support from SolarWinds Security Event Manager and they are knowledgeable but challenging to get in contact with them."
"The solution's technical support is okay, but we don't have an SLA, and sometimes the response times are very slow."
"I don't think SolarWinds is scalable enough. It is somewhat limited when I need to deploy it across multiple environments in a distributed architecture."
"We'd like more customization capabilities."
"Plugins could be better utilized, as some of them do not recognize all logs."
"The only room for improvement I can mention is the initial installation procedures. I found that the online installation instructions for the product were missing important details, they lacked necessary steps."
"It should be able to communicate with other security solutions to stop threats."
"Sometimes the log is unclear, and the report is a bit ambiguous."
"For creating new rules, you have to be familiar with regular expressions. I feel there could be something built-in to make sure that process is easier."
"they seem to have bugs from time to time that go unfixed for a while and that is frustrating. I'm not saying the product needs to be bug-free, but they need to be responsive to bugs."
"Search performance can be slow. The Raw Logs feature is painfully slow. And if we're talking about the newer, the Anywhere product, you can't even schedule reports on the thing. There are probably a dozen other features I'd really like to see there, but that would be one of the biggies."
"The lack of mature functionality and expertise in any of those areas is a strong negative."
More SolarWinds Security Event Manager Pricing and Cost Advice →
SolarWinds Security Event Manager is ranked 21st in Security Information and Event Management (SIEM) with 24 reviews while USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews. SolarWinds Security Event Manager is rated 7.8, while USM Anywhere is rated 8.4. The top reviewer of SolarWinds Security Event Manager writes "A comprehensive network security with robust technical capabilities, effective threat response, and centralized management". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". SolarWinds Security Event Manager is most compared with ManageEngine Log360, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender XDR and Wazuh, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our SolarWinds Security Event Manager vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.