We performed a comparison between AT&T AlienVault USM and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The main difference between the two products is that Wazuh users say the product is missing threat intelligence. In addition, Wazuh users do not mention an ROI. For these reasons, AT&T AlienVault USM is the winner in this comparison.
"It allows for a lot of out-of-the-box features: vuln scanning, HIDS/HIPS, and IDS."
"It brought our logs into one place for review and set up alarms based on changes we were missing due to lack of having one place for everything to go."
"The setup is very easy and straightforward."
"OTX is a great module that lets staff maintain and monitor updates regarding events in the infrastructure and takes decision to improve the security perimeter."
"The AlienVault solution has enabled us to create a SOC on a budget with smaller than usual staff requirements, offering a wider range of solutions for our customers."
"The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure."
"In terms of monitoring, my best feature would be the monitoring of components across the network. It monitors the respective nodes and any new node that comes onto the network and provides reports. The reporting dashboards are really helpful for management in terms of making decisions around patch management."
"The most valuable feature of this solution is security management for PCI DSS."
"The most valuable features are the modules and metrics."
"My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance."
"We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company."
"If they support a solution, it is easy to do an integration."
"It offers built-in modules for file integrity and vulnerability management."
"I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."
"Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work."
"The most valuable feature of Wazuh is the ELK for doing an investigation."
"USM Anywhere relies a lot on the community putting the data in. Often, you'll right-click on the attack, but nothing will be found. That's a weakness of it."
"The vulnerability reporting needs to have options to be able to sort or customize the output."
"I want to see more compliance management capability. The quality of integrations seems to be a little bit low."
"Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement."
"I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job."
"The one thing I continue to dislike about the USM is the limitation on reports."
"AlienVault cannot automatically respond to threats like other SIEM solutions, such as Sentinel and LogRhythm. Most of our clients are far away, so it's often challenging to handle alerts when they come up on our dashboard."
"The reporting tools are a bit lacking for building reports to give directly to customers, but support has been helpful in giving our requests for new features to the development team and following up with us."
"The deployment is a bit complex."
"The support team could be more responsive and provide quicker replies during our working hours in Indonesia, which would be a significant improvement."
"It would be better if they had a vulnerability assessment plug-in like the one AlienVault has. In the next release, I would like to have an app with an alerting mechanism."
"A lack of certain features creates limitations."
"It would be great if there could be customization for the decoder portion."
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
"There could be a hardware monitoring tool for the solution."
USM Anywhere is ranked 15th in Log Management with 113 reviews while Wazuh is ranked 2nd in Log Management with 38 reviews. USM Anywhere is rated 8.4, while Wazuh is rated 7.4. The top reviewer of USM Anywhere writes "Easy to use and affordable". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". USM Anywhere is most compared with AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security, Microsoft Sentinel and Rapid7 InsightIDR, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Graylog. See our USM Anywhere vs. Wazuh report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
