We performed a comparison between Elastic Security and USM Anywhere based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Elastic Security is commended for its adaptability, extensive customization options, and seamless integration with the ELK Stack. USM Anywhere is highly regarded for its extensive reporting capabilities, thorough vulnerability assessment, seamless file integration, and user-friendly management features. Elastic Security could improve by reducing resource usage, automating threat response, and simplifying the user experience. USM Anywhere users have suggested improvements in self-service plugin management, database optimization, and third-party threat intelligence integration.
Service and Support: Some Elastic Security users found their support helpful, while others experienced difficulties and delays. Some users say that USM Anywhere's customer service is knowledgeable and responsive, while others have faced delays and incomplete answers.
Ease of Deployment: Elastic Security generally has a straightforward setup but may require trained specialists. USM Anywhere's initial setup is generally considered to be straightforward if the user has technical knowledge. Vendor assistance is also available during the deployment phase.
Pricing: Elastic Security is considered affordable and cost-effective, with pricing based on the size of the monitored environment. USM Anywhere has garnered favorable feedback regarding its ROI.
ROI: Elastic Security has shown mixed results in terms of ROI, with some users expressing concerns about the quality of their premium support. USM Anywhere has garnered favorable feedback regarding its ROI.
"It is stable and scalable."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"Fortinet is very user-friendly for customers."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"The most valuable features of Elastic Security are it is open-source and provides a high level of security."
"The most valuable feature is the machine learning capability."
"The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for."
"Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."
"The solution is compatible with the cloud-native environment and they can adapt to it faster."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"It's very customizable, which is quite helpful."
"The visualization is very good."
"There are multiple tools for information security. The solution includes all the latest advances on the network and host intrusion detection systems."
"The solution has all the features that we need, however they do not work correctly."
"This solution can identify many threats inside the organization (compromised endpoints, configuration issues), as well as "outside" threats (botnets, network scanners, web-attacks, etc)."
"The main menu: You can see everything there, what is happening on the servers, and in the logs, you can view more details of each event."
"SIEM log collection is great, and all of the rules that support updates with maintenance."
"AlientVault has helped us in improving our visualization and incident response during cybersecurity situations."
"The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure."
"Reports are customized, so you can present them to executives or engineers."
"Cannot be used on mobile devices with a secure connection."
"We find the solution to be a bit expensive."
"The only minor concern is occasional interference with desired programs."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team."
"The tool should improve its scalability."
"Email notification should be done the same way as Logentries does it."
"Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price."
"It's a little bit of a learning curve to understand the logic of searching for things and trying to find what you're looking for in Elastic Security."
"There is room for improvement in the Kibana dashboard and in the asset management for the program."
"Sometimes, the solution isn't the easiest to use."
"In terms of improvement, there could be more automation in responding to and evaluating detections."
"There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated."
"The solution is a bit complicated. It could be simplified quite a bit."
"Pay attention to false-positive event automatic correlations."
"There are many reports included but would be nice to have better access to the data."
"The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient."
"In the future, I would like to see all these features of the solution working properly."
"The reporting tools are a bit lacking for building reports to give directly to customers, but support has been helpful in giving our requests for new features to the development team and following up with us."
"For creating new rules, you have to be familiar with regular expressions. I feel there could be something built-in to make sure that process is easier."
"AT&T AlienVault USM can improve searchable data. It should be available for more than 90 days. If you need more than 90 days of data, you have to put a request and they give you raw data, which is not easy to search. A good addition would be to allow users to search data older than 90 days."
Elastic Security is ranked 5th in Log Management with 58 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. Elastic Security is rated 7.6, while USM Anywhere is rated 8.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and CrowdStrike Falcon. See our Elastic Security vs. USM Anywhere report.
See our list of best Log Management vendors, best Endpoint Detection and Response (EDR) vendors, and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.