We performed a comparison between Trellix ESM and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"Free ingestion for Azure logs (with E5 licence)"
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"The Log analytics are useful."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"McAfee as a whole is a good solution."
"The most valuable feature in ESM is its search and reporting feature. It's really nice."
"It is easy to use and deploy. It comes with user-friendly manuals."
"It is easy to use."
"I like the ease of deployment."
"I rate the tool's deployment an eight out of ten. The deployment is completed in two days."
"This solution integrates easily and very well with other technologies."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"We are able to get alerts perfectly with FIM and VA features."
"The setup is very easy and straightforward."
"The other big selling feature for us was its integration capabilities with all the other security-based products."
"Having everything in a central place has been helpful."
"It has streamlined log aggregation and analysis to meet organizational and regulatory needs."
"As we have to service several servers, we can manage them in a economical way, which is beneficial to our team and business."
"The most valuable feature of this solution is security management for PCI DSS."
"The main menu: You can see everything there, what is happening on the servers, and in the logs, you can view more details of each event."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"The solution could improve the playbooks."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"We are invoiced according to the amount of data generated within each log."
"The solution needs to improve case management. The UI is confusing."
"There's no software support from McAfee."
"We acquired the IBM product because McAfee is slightly confusing to use, and it's broader."
"The product's stability is an area of concern where improvements are required."
"The product’s alert response feature needs improvement. It could be more flexible and secure."
"Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved."
"McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support. It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better."
"We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioural analytics."
"We've had some stability problems, not a lot, but a few. Updates seem to be the worst. That seems to be when the stability problems come up."
"The only room for improvement I can mention is the initial installation procedures. I found that the online installation instructions for the product were missing important details, they lacked necessary steps."
"The reporting and dashboards have room for improvement."
"The reporting is mediocre and is something that needs to be improved."
"The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management."
"The price of AT&T AlienVault USM could be reduced."
"The lack of mature functionality and expertise in any of those areas is a strong negative."
"The UI and overall processes need a little bit more love. This shows in the error banners that come up when you select certain things. There isn't a day that goes by that the UI doesn't error out and I can't view events for an alarm."
Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews while USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews. Trellix ESM is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Cybereason Endpoint Detection & Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our Trellix ESM vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.