We performed a comparison between SolarWinds Security Event Manager and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The features that stand out are the detection engine and its integration with multiple data sources."
"The UI of Sentinel is very good and easy to use, even for beginners."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"The most valuable feature is the reporting."
"The most valuable feature of this solution is the visibility into both attempted and failed logins."
"This tool is simple to use."
"The most valuable feature is the ease of use for the end user."
"The out of the box reports and dashboard. It was easy to trim down these windows to something we could quickly use."
"It supports high availability, which is very helpful."
"It's easy to build rules and actions based on the logs and event types we collect with the software."
"It has in-depth monitoring capabilities and an easy way for setting up dashboards. I can expand in various areas, or I can reduce areas. It supports different types of breakdowns, filters, and rules. It is very simple for an out-of-the-box type of product. It doesn't take a lot of time to figure it out, which is unlike some of the solutions that I have looked at. It meets all the aspects."
"The most valuable features of AT&T AlienVault USM are the ease of management and knowledge of what is on the network of my customers. It's easy to understand the problems, and management our alarms and events."
"The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure."
"The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution. So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable."
"The new cloud-based panel is excellent both for client review as well as for our SOC to review and respond to threats. It is much easier to configure and use than the previous solution from AlienVault."
"It is my "security person" looking at irregularities and letting me know when something has occurred."
"We're using it more for reporting, that's all. We're using it to help our customers to pass any kind of audits that they receive."
"The most valuable feature of the solution is the ease of deployment that it provides to users. The integrations that the product has with third-party applications are useful."
"The best thing about AlienVault USM is it being a “Jack-of-All Trades” solution. It provides SIEM, HIDS/NIDS, FIM, NetFlow, Asset Management, Vulnerability Management, etc., under one USM platform. None of the commercial SIEM vendors like ArcSight, McAfee, etc., can boast of such a diverse feature set."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"One key area that can be improved is by building a strong integration with our XDR platform."
"I think the number one area of improvement for Sentinel would be the cost."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"The on-prem log sources still require a lot of development."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"The product should improve the ease with which you can create event alerts. They are not as hard now but you need to have an easier way."
"I don't think SolarWinds is scalable enough. It is somewhat limited when I need to deploy it across multiple environments in a distributed architecture."
"The only issue is the pricetag. SolarWinds is a costly solution."
"Training for this solution needs to be improved, as new employees are sometimes unfamiliar with the product."
"I would like to be able to dig deeper into the visibility of events or incidents to determine whether they are malicious, such as by doing behavior analysis."
"I would like to have a more customizable dashboard."
"It can be difficult for users who are inexperienced with the solution."
"SolarWinds should improve its correlation capabilities. The correlation does not automatically detect and reduce the events fast enough. You have to manually do a correlation report, which means the tool is not scalable in many ways."
"Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products."
"Pay attention to false-positive event automatic correlations."
"I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins."
"It was easy on PoC, but when we got to the product it was different story. We had to learn the product again and got feeling that the PoC was a different product."
"The reporting and dashboards have room for improvement."
"As this software is in the cloud, you do not have control on updates and general changes which are happening."
"The vulnerability reporting needs to have options to be able to sort or customize the output."
"Reporting is convoluted and difficult at times, although they claim to have hundreds of pre-built reports, very few of them are actually useful for anything but what the USM is doing."
More SolarWinds Security Event Manager Pricing and Cost Advice →
SolarWinds Security Event Manager is ranked 21st in Security Information and Event Management (SIEM) with 24 reviews while USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews. SolarWinds Security Event Manager is rated 7.8, while USM Anywhere is rated 8.4. The top reviewer of SolarWinds Security Event Manager writes "A comprehensive network security with robust technical capabilities, effective threat response, and centralized management". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". SolarWinds Security Event Manager is most compared with ManageEngine Log360, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender XDR and Wazuh, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our SolarWinds Security Event Manager vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
