ArcSight Enterprise Security Manager (ESM) vs USM Anywhere comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Jul 20, 2023

We performed a comparison between ArcSight ESM and USM Anywhere based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Features: ArcSight ESM is praised for its well-designed dashboard, real-time reporting, and threat intelligence capabilities that leverage AI and correlation tools. Users also like ArcSight’s seamless integration and effortless management.USM Anywhere is highly regarded for its extensive reporting capabilities, thorough vulnerability assessment, seamless file integration, and user-friendly management features. ArcSight ESM users have recommended improvements in training, speed, and data administration. USM Anywhere users have suggested improvements in self-service plugin management, database optimization, and third-party threat intelligence integration.

  • Service and Support: Some ArcSight ESM users have found the support to be responsive and helpful, while others have faced issues with slow response times and a lack of expertise. Some users say that USM Anywhere's customer service is knowledgeable and responsive, while others have faced delays and incomplete answers.

  • Ease of Deployment: Some said that ArcSight ESM is straightforward to set up, while others noted that integration with other systems can be challenging and requires specialized knowledge. The initial setup for USM Anywhere is generally considered to be straightforward if the user has technical knowledge. Vendor assistance is also available during the deployment phase.

  • Pricing: Users consider the pricing of ArcSight ESM to be reasonable and affordable. USM Anywhere is seen as more cost-effective than premium solutions like IBM QRadar and Splunk, with pricing considered reasonable and relatively low.

  • ROI: ArcSight ESM delivers an ROI by helping clients achieve compliance objectives and prevent incidents. USM Anywhere has garnered favorable feedback regarding its ROI.

Conclusion: Based on the provided review answers, it can be concluded that USM Anywhere is the preferred option over ArcSight Enterprise Security Manager (ESM). Users appreciate its straightforward and easy initial setup process, intuitive user interface, and affordable pricing. They also value the fact that it does not require a dedicated SOC team. USM Anywhere is commended for its valuable features including vulnerability assessment, cloud deployment, easy integration, and comprehensive reporting capabilities. Although both products have areas that can be improved, USM Anywhere stands out for its simplicity and cost-effectiveness.
To learn more, read our detailed ArcSight Enterprise Security Manager (ESM) vs. USM Anywhere Report (Updated: March 2024).
765,234 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules.""The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance.""Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements.""The product can integrate with any device.""The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP.""The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases.""If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications.""Free ingestion for Azure logs (with E5 licence)"

More Microsoft Sentinel Pros →

"The reports that we are from getting from ArcSight are very valuable. The reporting in ArcSight is good. Our regulators ask us for the reports on a regular basis, and we have been able to provide the required data. Its overall functionality in terms of log analysis and the speed at which it does that is also valuable. It is very quick. Whatever alerts we had configured were extremely fast. We immediately get alerts when there is unauthorized access or unknown access, or even positive access. This is where we found the difference between ArcSight and other solutions.""The filters and the ability to do what you want are the most valuable features. There is nothing that you cannot do in this solution. It has all the features, which makes it very dynamic.""We utilize ArcSight ESM for real-time threat detection in our organization. We have custom rules that we've developed on top of the WAN services, along with scheduled licensing activities.""The most useful features are directories, price, and live reporting.""Customization. ArcSight gives you a platform to on-board out-of-the-box devices with a more accurate way of collecting desired logs/events.""The most valuable features of ArcSight ESM are the dashboards, ease of management for anyone, and simple for teams to provide reports related to cyber security. There are a lot of good features that are provided.""The most valuable feature of ArcSight ESM is its ease of use.""The correlation feature is good."

More ArcSight Enterprise Security Manager (ESM) Pros →

"The most valuable features of AT&T AlienVault USM are the ease of management and knowledge of what is on the network of my customers. It's easy to understand the problems, and management our alarms and events.""The most valuable feature of the solution is the ease of deployment that it provides to users. The integrations that the product has with third-party applications are useful.""The vulnerability scanning is helpful to identify the areas that need patching or fixes installed.""There are multiple tools for information security. The solution includes all the latest advances on the network and host intrusion detection systems.""The best feature of this product is the ease of use. It is extremely easy to set up and get going. This is a very useful tool for a small organization.""The most valuable feature is vulnerability management because it gives you insight into your environment to know what systems need to be updated or patched.""This solution can identify many threats inside the organization (compromised endpoints, configuration issues), as well as "outside" threats (botnets, network scanners, web-attacks, etc).""This is a USM, so being able to get all the features under one roof makes it a good product with good new features."

More USM Anywhere Pros →

Cons
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework.""Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc.""I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them.""I would like to be able to monitor applications outside of the Azure Cloud.""The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything...""Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex.""They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft.""We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."

More Microsoft Sentinel Cons →

"We have pricing issues. ArcSight ESM may not be the most user-friendly option, and its interface is quite traditional. However, despite these aspects, we find it a good cybersecurity solution. It needs to improve the dashboards, documentation, and support as well.""The correlation engine effectively connects different events, significantly improving our detection reach. However, limitations exist with non-default alerts, where additional costs arise for integration.""The solution could be more stable.""The user interface of ArcSight Enterprise Security Manager could improve. It is not very good. Additionally, they could integrate the web interface better.""It is quite complex and could use a better UI. So the improvement would be a simplification. It is pretty complicated to use. The architecture is not complex but the setup and use are.""The weakness in this system comes about because, with so many different logs, it is possible that the security analyst will lose information.""We would like the ability to easily identify either unused resources or those that are being used sub-optimally.""The product should include a lot more predefined scenarios so the adopted company will have knowledge and a broader skill set in security and network."

More ArcSight Enterprise Security Manager (ESM) Cons →

"The lack of mature functionality and expertise in any of those areas is a strong negative.""In the future, I would like to see all these features of the solution working properly.""For creating new rules, you have to be familiar with regular expressions. I feel there could be something built-in to make sure that process is easier.""AlienVault needs to continue to integrate with other third-party technologies that clients want to have monitored.""It was easy on PoC, but when we got to the product it was different story. We had to learn the product again and got feeling that the PoC was a different product.""Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products.""This solution could be easier to use.""The solution is a bit complicated. It could be simplified quite a bit."

More USM Anywhere Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."
  • More Microsoft Sentinel Pricing and Cost Advice →

  • "HPE ArcSight pricing might be more expensive than other SIEM solutions, but in my opinion it has powerful features and great flexibility in developing complex use cases."
  • "ArcSight is pretty expensive compared with its competitors. I believe that is fine as it provides value."
  • "Aggregation can help a lot in pushing down licensing costs."
  • "​It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders.​"
  • "Thanks to Micro Focus's licensing model, as an MSSP, we are able to see a complete return on our investment almost immediately."
  • "Customers without a ton of resources to dedicate to deployment may be better served by a managed ArcSight service."
  • "The pricing is great compared to others."
  • "The cost of the solution is not very high, although hiring a qualified analyst to work with the product is expensive."
  • More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →

  • "AlienVault is flexible on their pricing for unlimited licenses."
  • "Pricing is very competitive with other products and you get much more functionality from AlienVault."
  • "QRadar, ArcSight and Splunk are some of the most expensive SIEM products out there in the market and not everyone has the budget to buy them. In such cases, AV USM is a very cost effective alternative."
  • "Do the one month trial and try to work out the kinks during it, as it has free support and service hours."
  • "We checked out several competitors. For what it can do and the cost, it was the best option!"
  • "Use the AlienVault team. They are helpful and the documentation that they provide is second to none."
  • "​The price point is good.​"
  • "It has good pricing."
  • More USM Anywhere Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    765,234 professionals have used our research since 2012.
    Comparison Review
    Vinod Shankar
    Questions from the Community
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Top Answer:In my market, a lot of financial companies had or have an ArcSight installation. Just because in former times it was… more »
    Top Answer:It gives better overall visibility. Before, we didn't have a unified system for managing security alerts. ArcSight… more »
    Top Answer:The pricing model is expensive compared to open-source alternatives, especially as your needs grow.
    Top Answer:The most valuable feature of the solution is the ease of deployment that it provides to users. The integrations that the… more »
    Top Answer:It is a product that is priced in a medium range, making it neither a cheap nor a costly product.
    Top Answer:The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve… more »
    Comparisons
    Also Known As
    Azure Sentinel
    Micro Focus ArcSight, HPE ArcSight, ArcSight
    AT&T AlienVault USM, AlienVault, AlienVault USM, Alienvault Cybersecurity
    Learn More
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    ArcSight Enterprise Security Manager (ESM) is a powerful SIEM solution for analyzing, collecting, correlating, and reporting on security event information. ArcSight ESM analyzes information from all of your data sources while helping your organization maintain high security. In addition, the solution is very customizable and enables users to create their own company-specific rule sets to automatically trigger instant alerts.

    ArcSight Enterprise Security Manager (ESM) Features

    • Real-time threat detection
    • Visualization and reporting capabilities
    • Patented log management
    • Personalized dashboards
    • Scalable event monitoring
    • Seamless integration with your existing SOC tools
    • Behavior profiling
    • Data and user monitoring
    • Application monitoring
    • Analytics
    • Deployment/support simplicity

    ArcSight Enterprise Security Manager (ESM) Benefits

    Some of the benefits of using ESM include:

    • Real-time information: ArcSight ESM can correlate data from any source in real-time to detect incidents before they become a breach.
    • Compliance: Optional compliance packs enable packaged reports for PCI, SOX, and IT Governance.
    • Security analytics: With ArcSight ESM, you can build and maintain a security operation center (SOC) through big data security analytics.
    • Integration: ArcSight ESM allows you to integrate SOC with network operations, service desk, CMDB, business intelligence, Hadoop, email security, application security, threat feeds, and more. 
    • Speed: ArcSight ESM provides excellent speed of event collection with patented log management tools. 
    • Advanced detection: ArcSight ESM can detect unusual or unauthorized activities as they occur, preventing business disruptions. 
    • Decrease threat exposure: By implementing ArcSight ESM, you reduce threat exposure because the solution detects threats in real time.  
    • Operational efficiency: ArcSight ESM makes it possible for you to automate responses with ArcSight’s native SOAR, which saves your organization time, and therefore increases your operational efficiency.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by ArcSight Enterprise Security Manager (ESM) users.

    A Head of Professional Services at a computer software company says, “The simplicity of the solution is the most valuable aspect of the product. The product is quite mature. It's been around for a long time. The integration is easy for the most part.”

    A Managing partner at a tech services company states that the solution is “Good at consolidating logs, fairly stable, and can scale.” 

    PeerSpot user Abbasi P., Vice President Derivatives Ops IT at a financial services firm, explains, “The user interfaces are quite good and speedy, and I like the consoles too. The typology and the setup are also good.”

    A Chief Technological Officer at a tech services company says, "It is a very useful tool for intelligence building because it has many use cases and many rule sets."

    An Associate Vice President at a consumer goods company comments, “We primarily use the solution for its technology including its independent logs, and those types of things. The solution offers very good monitoring. The product's log management and event management capabilities are excellent. There are a lot of really good analytical components. It helps us focus on analysis.”

    USM Anywhere centralizes security monitoring of networks and devices in the cloud, on premises, and in remote locations, helping you to detect threats virtually anywhere.

    Discover

    • Network asset discovery
    • Software & services discovery
    • AWS asset discovery
    • Azure asset discovery
    • Google Cloud Platform asset discovery

    Analyze

    • SIEM event correlation, auto-prioritized alarms
    • User activity monitoring
    • Up to 90-days of online, searchable events

    Detect

    • Cloud intrusion detection (AWS, Azure, GCP)
    • Network intrusion detection (NIDS)
    • Host intrusion detection (HIDS)
    • Endpoint Detection and Response (EDR)

    Respond

    • Forensics querying
    • Automate & orchestrate response
    • Notifications and ticketing

    Assess

    • Vulnerability scanning
    • Cloud infrastructure assessment
    • User & asset configuration
    • Dark web monitoring

    Report

    • Pre-built compliance reporting templates
    • Pre-built event reporting templates
    • Customizable views and dashboards
    • Log storage
    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Lake Health, U.S. Department of Health and Human Services, Bank AlJazira, Banca Intesa, and Obrela.
    Abel & Cole, Bank of Ireland, Bluegrass Cellular, CareerBuilder, Claire's, Hays Medical Center, Hope International, McCurrach, McKinsey & Company, Party Delights, Pepco Holdings, Richland School District, Ricoh, SaveMart, Shake Shack, Steelcase, TaxAct, Taylor Morrison, Vonage and Zoom
    Top Industries
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Manufacturing Company8%
    Comms Service Provider8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    REVIEWERS
    Financial Services Firm33%
    Comms Service Provider19%
    Computer Software Company17%
    Insurance Company5%
    VISITORS READING REVIEWS
    Financial Services Firm17%
    Computer Software Company12%
    Manufacturing Company9%
    Government9%
    REVIEWERS
    Financial Services Firm20%
    Healthcare Company17%
    Computer Software Company9%
    Comms Service Provider7%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Comms Service Provider8%
    Government8%
    Educational Organization7%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise60%
    REVIEWERS
    Small Business32%
    Midsize Enterprise14%
    Large Enterprise54%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise15%
    Large Enterprise63%
    REVIEWERS
    Small Business54%
    Midsize Enterprise25%
    Large Enterprise21%
    VISITORS READING REVIEWS
    Small Business35%
    Midsize Enterprise18%
    Large Enterprise47%
    Buyer's Guide
    ArcSight Enterprise Security Manager (ESM) vs. USM Anywhere
    March 2024
    Find out what your peers are saying about ArcSight Enterprise Security Manager (ESM) vs. USM Anywhere and other solutions. Updated: March 2024.
    765,234 professionals have used our research since 2012.

    ArcSight Enterprise Security Manager (ESM) is ranked 11th in Security Information and Event Management (SIEM) with 93 reviews while USM Anywhere is ranked 10th in Security Information and Event Management (SIEM) with 113 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while USM Anywhere is rated 8.4. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, IBM Security QRadar and Elastic Security, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our ArcSight Enterprise Security Manager (ESM) vs. USM Anywhere report.

    See our list of best Security Information and Event Management (SIEM) vendors.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.