We performed a comparison between Trellix ESM and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"Free ingestion for Azure logs (with E5 licence)"
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The main benefit is the ease of integration."
"This solution integrates easily and very well with other technologies."
"The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."
"Trellix ESM is very user-friendly."
"The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure."
"It is easy to use and deploy. It comes with user-friendly manuals."
"It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself."
"The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use."
"McAfee as a whole is a good solution."
"The vulnerability scanning is helpful to identify the areas that need patching or fixes installed."
"It has powerful threat detection, incident response, and compliance management."
"Log-monitoring and alerting enable us to know when things happen that we need to know about."
"The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution. So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable."
"The ease of implementation is the most valuable feature."
"The new cloud-based panel is excellent both for client review as well as for our SOC to review and respond to threats. It is much easier to configure and use than the previous solution from AlienVault."
"The vulnerability manager and the file integration are very good."
"Asset discovery seems to be good."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"I think the number one area of improvement for Sentinel would be the cost."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"I would like to see more AI used in processes."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"We cannot add new data sources to the most recent version."
"We acquired the IBM product because McAfee is slightly confusing to use, and it's broader."
"The user interface could be more user-friendly."
"Customized reports and alerting functionality could be included in the dashboard."
"The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use."
"I would like to see fingerprint recognition included in the next release of this solution."
"The product's stability is an area of concern where improvements are required."
"The product’s alert response feature needs improvement. It could be more flexible and secure."
"AlienVault needs to continue to integrate with other third-party technologies that clients want to have monitored."
"Search performance can be slow. The Raw Logs feature is painfully slow. And if we're talking about the newer, the Anywhere product, you can't even schedule reports on the thing. There are probably a dozen other features I'd really like to see there, but that would be one of the biggies."
"As this software is in the cloud, you do not have control on updates and general changes which are happening."
"The dashboard could be improved as well as the level of customization."
"We would like more plugins. This being the main point of improvement which would benefit the users."
"The lack of mature functionality and expertise in any of those areas is a strong negative."
"It should be able to communicate with other security solutions to stop threats."
"Reporting is convoluted and difficult at times, although they claim to have hundreds of pre-built reports, very few of them are actually useful for anything but what the USM is doing."
Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews while USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews. Trellix ESM is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Cybereason Endpoint Detection & Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our Trellix ESM vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.