We performed a comparison between Exabeam Fusion SIEM and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The pricing of the product is excellent."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"I have customers that like the EUBA functionality of it. The solution has the ability to build a session, basically. It pulls a lot of information together, for example, everything a user does in a specific timeframe. It's quite helpful."
"The way it can connect with AWS is very useful, and the integrations are pretty good."
"The advanced analytics has a really great overview of user behavior."
"It's a very user-friendly product and it's a very comprehensive technology."
"Exabeam Fusion SIEM has a good performance and more advantages than traditional solutions."
"The setup is not difficult. It was easy."
"The user interface and the timelines they use are the most valuable features. The price model is very simple so that one can understand it easily and there are no surprises within it."
"The most valuable feature of Exabeam Fusion SIEM is the easy-to-use user interface."
"Its powerful correlation engine helps reduce time in manually correlating events."
"It allows you to define what alerts you want to see, or not to see, as well as if you want them grouped, or ungrouped."
"I can easily check (in one place) all the logs and data in relation to attacks. It also gives me an overview if a server is not configured properly."
"AT&T AlienVault USM is good for ELK Stack, the user experience is great because of its architecture. The ELK has a great performance and it has very good speed in the search and Kibana. Additionally, the visuals and dashboards and very nice and customizable."
"This is a USM, so being able to get all the features under one roof makes it a good product with good new features."
"The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution. So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable."
"The main menu: You can see everything there, what is happening on the servers, and in the logs, you can view more details of each event."
"Any unusual behaviour, we can monitor. We have alerts set up to be sent when we receive signs of any unusual behaviour."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"One key area that can be improved is by building a strong integration with our XDR platform."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"The on-prem log sources still require a lot of development."
"We still have questions surrounding hardware deployment."
"We had a large volume right from the beginning and they weren't quite prepared for that. That's something that they should think about when it comes to customers that have a large volume to start off with."
"They should provide detailed information about detecting phishing emails."
"Updating the new release of Exabeam Fusion SIEM takes time and slows our performance."
"Adding to the number of certifications that they have, for example, ISO 27001, would be helpful."
"They need to focus on more of the MITRE ATT&CK Framework and coverage. They claim they cover about 70 to 80%. I'm not sure if it's really quite that much, however."
"The initial setup of Exabeam Fusion SIEM is complex because it needs to integrate with the SIEM solution, but after this is complete it is straightforward."
"The only problem is that the UI is not very impressive."
"One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs... The logger can only hold so much data. If they improved that, that would help."
"AlienVault needs to continue to integrate with other third-party technologies that clients want to have monitored."
"The vulnerability reporting needs to have options to be able to sort or customize the output."
"USM Anywhere relies a lot on the community putting the data in. Often, you'll right-click on the attack, but nothing will be found. That's a weakness of it."
"The reporting and dashboards have room for improvement."
"The other thing is the agent is OSSEC. They needed to create its own agent to help to find threats on the devices that it happens to be installed."
"It should be able to communicate with other security solutions to stop threats."
"Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement."
Exabeam Fusion SIEM is ranked 31st in Log Management with 10 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. Exabeam Fusion SIEM is rated 8.0, while USM Anywhere is rated 8.4. The top reviewer of Exabeam Fusion SIEM writes "Enables centralized log collection on a single platform". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". Exabeam Fusion SIEM is most compared with IBM Security QRadar, Palo Alto Networks Cortex XSOAR, Splunk Enterprise Security, Splunk User Behavior Analytics and Gurucul UEBA, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and ThreatConnect Threat Intelligence Platform (TIP). See our Exabeam Fusion SIEM vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
