We performed a comparison between Netsurion and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"The initial setup is very simple and straightforward."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The analytic rule is the most valuable feature."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"When it comes to threat detection and response, it does a very good job detecting and blocking on its own. And the SOC is a nice added value because they're doing analysis on things that aren't as obvious, on things that you can't just detect with a signature or behavior. Also, any SIEM will come with a lot of noise, so having them do a lot of the initial analysis to find out what's critical and what issues are false alarms is very good."
"The most important feature is keeping track of when accounts are created and deleted, when permission groups are changed, and memberships are changed in groups; and overall, how many errors are occurring on the various systems that we're monitoring."
"They have what they call Elasticsearch which is very quick, although that's only available for the last seven days' worth of data. It used to be that, if I wanted to do a search from three days ago, it might take me 10 to 15 minutes because it had to actually unzip some archive files. So I really like that feature. It's almost instantaneous for anything within the last seven days."
"The network alert is the most valuable feature. That way, we in the IT department are aware of user lockout and invalid password attempts way before a user ever even calls in."
"If I were to look at logs manually, there's no way I could do that. As an example, they are 48 million logs processed a day. There is no way I could look at all 48 million of those. So, it gives me a good structure to be able to look at the different incidents which are created and do different searches."
"I like EventTracker's dashboard. I see it every time I log in because it's the first thing you get to. We have our own widgets that we use. For the sake of transparency, there are a few widgets that we look at there and then we move out from there... Among the particularly helpful widgets, the not-reporting widget is a big one. The number-of-logs-processed is also a good one."
"When I looked last week, we probably averaged about 20 million log entries a day. So, we certainly can't individually manage that. Just looking at the reports, then trying to go back and find anything that was questionable, was a challenge. Therefore, the managed service has been invaluable to us in terms of being able to narrow the scope of what really needs to be looked at and bringing those things to our attention to be dealt with."
"The most valuable feature is definitely real-time alerting, especially in situations where someone might attempt to exploit or hack into our network."
"Reports are customized, so you can present them to executives or engineers."
"The asset management functionality (active and passive scans) is also really important. You can't protect what you do not know about, so having an inventory of all your devices and software is critical to a security management program."
"The IDS and the threat intelligence are very useful. They are very intuitive and data-rich."
"It has powerful threat detection, incident response, and compliance management."
"AlientVault has helped us in improving our visualization and incident response during cybersecurity situations."
"Ease of deployment across various environments."
"Having everything in a central place has been helpful."
"AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small company that doesn't have those resources."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"There is room for improvement in entity behavior and the integration site."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"The AI capabilities must be improved."
"We'd like to see more connectors."
"We'd like also a better ticketing system, which is older."
"The solution could improve the playbooks."
"I would like to see the dashboard come up more quickly."
"Netsurion's threat detection and response aren't quite mature. I would expect a little more."
"The MITRE ATT&CK framework could be faster when identifying and understanding sophisticated threats. Whenever something happens, we usually get notified a couple hours later."
"The deployment of the agents could be a bit easier. We always seem to have a bit of a challenge with that. A lot of times the agents either don't deploy or they quit responding, then we have to go and redeploy them."
"The biggest problem is that we have too many domain controllers. So, we have to keep all the clients and main system updated with the latest versions along with making sure all the firewalls are open."
"The system requirements are very, very high. So I need a pretty powerful server to run. If they could lighten that load so that the on-premise part of their product didn't impact my systems as much that would be ideal."
"I would like to see a faster response when we see things like 15,000 lockouts. I really wished that I had known that on Friday afternoon rather than waiting until I got the weekly report today. By the same token, they are looking at it from the point of view that this is a system or software malfunction. This is not a bad actor repeating the exact same password three times a second. Therefore, they can tell that this is not a bad thing. However, it's not a security event but it is an operational event for me. Knowing this sort of thing would help my team and me out more because then we would be able to clear out a lot of network traffic that we didn't know was going on. So, we would like quicker updates on non-high security events."
"There's always room to improve because there would be no competition if they had a perfect solution. The GUI to perform searches within the product may not be intuitive to a new user."
"It would be nice to see some machine learning and monitoring of the configuration in network devices."
"I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job."
"Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products."
"Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement."
"The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing."
"I've been using it just for my own personal upskilling in terms of how the product works. At the moment, it is pretty straightforward and simple, and it is working how it is supposed to. The feedback would come once it is deployed to customer sites. They'll be using it on a more frequent basis, and that's when the feedback would come in terms of the areas in which they're facing issues or are looking for simplicity."
"I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins."
"I've been told that AlienVault doesn't have a full version of NES running in there, but I'm not sure if that's accurate or if my engineer made it that way. I'm not sure he was completely honest either because we had NES in the environment before. Those tools could be improved because AlienVault is a SIEM, and it added all these other features."
Netsurion is ranked 16th in Security Information and Event Management (SIEM) with 24 reviews while USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews. Netsurion is rated 8.4, while USM Anywhere is rated 8.4. The top reviewer of Netsurion writes "The SOC center monitors, hunts, and notifies us of threats around the clock". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". Netsurion is most compared with Arctic Wolf Managed Detection and Response and CyberHat CYREBRO, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our Netsurion vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.