We performed a comparison between Trellix Helix and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Log aggregation and data connectors are the most valuable features."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The main benefit is the ease of integration."
"Sentinel pricing is good"
"Trellix Helix helps prevent email attacks, like phishing and email spoofing attacks."
"The integration is very useful and very easy. You can have an API connection with any cloud and I'll be able to do both ways of communication with the help of APA."
"The most valuable features include predefined use cases and threatening states."
"I like that it's easy. It's got the protection set up, and we can see whatever is required. We write our own rules and the rules that we can input. I think it is good."
"It is kind of simple and very easily deployable. You can start working with it very fast."
"FireEye Helix's best features are its speed and use of an easy-to-understand language to send queries to the raw logs."
"The product offers very strong automation. Our cyber security analysts don't have to correlate the information to detect problems. They only need to analyze problems that have been identified by the platform."
"There are multiple tools for information security. The solution includes all the latest advances on the network and host intrusion detection systems."
"The setup is very easy and straightforward."
"Asset discovery and vulnerability scanner are good features. The integration between this solution and OTX, which is an AlienVault platform for Open Threat Exchange, is also a valuable feature. It is also quick and easy to deploy, so you can quickly engage with a customer's environment."
"Our main focus was intrusion detection, alerts, and correlation. It's easy to use AlienVault and integrate it with other alert tools because it includes lots of connectors. Either the tool is already there, or AlienVault will write an API for us if they don't have a connector for the solution that is providing the logs."
"Ease of deployment across various environments."
"It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts, NIDS, HIDS, etc. - provides a very efficient way of dealing with things."
"Log-monitoring and alerting enable us to know when things happen that we need to know about."
"AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small company that doesn't have those resources."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"One key area that can be improved is by building a strong integration with our XDR platform."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"Sometimes the rules are disabled by FireEye, and we basically get it after the patch. I think there needs to be a better way of creating the application rules. I would like to see better pricing for our licensing."
"The graphical user interface could be improved. It's not easy to handle and it's not easy for a customer or end-user to learn how to manage the solution."
"Trellix Helix's configuration and learning could be improved to identify normal traffic from abnormal and to identify trusted domains."
"Integrations could be improved, and the dashboard could be a little better."
"FireEye Helix would be improved with the option of an on-prem version, which they don't currently offer."
"We have certain challenges with integrating the SOAR platform with multiple vendors."
"It should have more cloud connectors. It could also be cheaper."
"I want to see more compliance management capability. The quality of integrations seems to be a little bit low."
"The UI and overall processes need a little bit more love. This shows in the error banners that come up when you select certain things. There isn't a day that goes by that the UI doesn't error out and I can't view events for an alarm."
"Pay attention to false-positive event automatic correlations."
"More complimentary training needs to be done for use with this tool. If you get into a bind, then it will cost you."
"It would be hard for any legitimate MSSP to use it."
"AT&T AlienVault USM can improve searchable data. It should be available for more than 90 days. If you need more than 90 days of data, you have to put a request and they give you raw data, which is not easy to search. A good addition would be to allow users to search data older than 90 days."
"I'd like to see a dashboard that's a little more descriptive."
"I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job."
Trellix Helix is ranked 32nd in Security Information and Event Management (SIEM) with 7 reviews while USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews. Trellix Helix is rated 8.6, while USM Anywhere is rated 8.4. The top reviewer of Trellix Helix writes "Helps prevent email attacks, like phishing and email spoofing attacks". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". Trellix Helix is most compared with LogRhythm SIEM, Splunk Enterprise Security, Trellix ESM, IBM Security QRadar and Palo Alto Networks Cortex XSOAR, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our Trellix Helix vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.