We performed a comparison between USM Anywhere and Zabbix based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM).
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"The initial setup is very simple and straightforward."
"The automation feature is valuable."
"The Log analytics are useful."
"The best thing about AlienVault USM is it being a “Jack-of-All Trades” solution. It provides SIEM, HIDS/NIDS, FIM, NetFlow, Asset Management, Vulnerability Management, etc., under one USM platform. None of the commercial SIEM vendors like ArcSight, McAfee, etc., can boast of such a diverse feature set."
"It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts, NIDS, HIDS, etc. - provides a very efficient way of dealing with things."
"The vulnerability manager and the file integration are very good."
"In terms of monitoring, my best feature would be the monitoring of components across the network. It monitors the respective nodes and any new node that comes onto the network and provides reports. The reporting dashboards are really helpful for management in terms of making decisions around patch management."
"Every activity on the firewall is recorded, and notifications are sent with this solution."
"The asset management of nodes has been a large help in terms of being able to track applications with more detail and have changes made being monitored into one source."
"Its powerful correlation engine helps reduce time in manually correlating events."
"It has streamlined log aggregation and analysis to meet organizational and regulatory needs."
"Zabbix is scalable."
"There is a problems page that shows us every warning or problem that occurs on our VMs globally. The map screen is also really useful because this is something that was missing. I don't know every other tool in the market. So, I don't know if this is a good point of only Zabbix, or other tools are also doing it, but from my point of view, this is the most useful page that I use, along with the problems page that efficiently lists the problem, recovery time, ending hours, starting hours, and so on."
"We like the user-interface for this solution, which makes it an easy to use tool."
"The solution's design has recently changed and it is visually pleasing with more color, for example, there is blue, black, and white."
"There are lots of great features and functionality within the solution."
"I like being able to use proxy servers for different locations. The agents are pretty cool. They're easy to roll out. The standard out-of-the-box templates are also pretty easy to use. The integration with other learning products is also good. I have, in the past, used Slack, but we've integrated it with Microsoft Teams. We also use it for SMS with a service called Redcoat. It is very flexible. It does what I need it to do, and my manager is very happy because it doesn't cost anything. We are nearing 4,000 hosts inside Zabbix, and we've got another 6,000 access points to add to it. We've thrown everything at it, and it has managed to keep going. I am very impressed with the tool, and I'd shake their hand very hard if I got to say the compliments to the Zabbix team. They keep improving it and doing refreshes, which is one good thing about it. There is also online information as well as books that you can purchase if you're willing to read enough. There is a lot to pick up, but it is a pretty complete solution."
"I really enjoy network traffic triggers that allow us to check traffic threshold from ISP."
"The initial setup was not complex."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"Sentinel's reporting is complex and can be more user-friendly."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient."
"Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira. It is also a bit slow, and its replication engine can be improved."
"It was easy on PoC, but when we got to the product it was different story. We had to learn the product again and got feeling that the PoC was a different product."
"This solution could be easier to use."
"Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products."
"The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on."
"The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management."
"Plugins could be better utilized, as some of them do not recognize all logs."
"I would like for this solution to be more cloud-friendly."
"I would like to better be able to monitor Oracle processes."
"There are not too much documentation or manuals. We found the tutorials very easy to understand but do not go deep enough in the use of Zabbix. We need more manuals, proper use, documentation, etc."
"The solution needs to add features for finding loopholes or problems and their root causes."
"The performance reporting could be improved."
"The user interface could be better."
"The documentation gets a bit messy between versions and is not too detailed, which is a bit painful for first-timers, especially when they run into issues."
"Zabbix could improve when it comes to large-scale use cases. Additionally, the inventory could be better when connecting to other solutions, such as ServiceNow. There show to be better integration with other platforms and storage."
USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews while Zabbix is ranked 1st in Network Monitoring Software with 98 reviews. USM Anywhere is rated 8.4, while Zabbix is rated 8.2. The top reviewer of USM Anywhere writes "Easy to use and affordable". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar and Splunk Enterprise Security, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios XI and Nagios Core.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
