We performed a comparison between Elastic Security and USM Anywhere based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Elastic Security is commended for its adaptability, extensive customization options, and seamless integration with the ELK Stack. USM Anywhere is highly regarded for its extensive reporting capabilities, thorough vulnerability assessment, seamless file integration, and user-friendly management features. Elastic Security could improve by reducing resource usage, automating threat response, and simplifying the user experience. USM Anywhere users have suggested improvements in self-service plugin management, database optimization, and third-party threat intelligence integration.
Service and Support: Some Elastic Security users found their support helpful, while others experienced difficulties and delays. Some users say that USM Anywhere's customer service is knowledgeable and responsive, while others have faced delays and incomplete answers.
Ease of Deployment: Elastic Security generally has a straightforward setup but may require trained specialists. USM Anywhere's initial setup is generally considered to be straightforward if the user has technical knowledge. Vendor assistance is also available during the deployment phase.
Pricing: Elastic Security is considered affordable and cost-effective, with pricing based on the size of the monitored environment. USM Anywhere has garnered favorable feedback regarding its ROI.
ROI: Elastic Security has shown mixed results in terms of ROI, with some users expressing concerns about the quality of their premium support. USM Anywhere has garnered favorable feedback regarding its ROI.
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"The price is low and quite competitive with others."
"The product's initial setup phase is very easy."
"Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution."
"Ability to get forensics details and also memory exfiltration."
"The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"The most valuable feature is the scalability. We are in Indonesia, more engineers understand Elastic Security here. So it is easier to scale and also develop. In features, the discovery to query all the logs is very important to us. It is very easy, especially with the query function and the feature to generate alerts and create tools. Sometimes we use the alert security dashboard to monitor our clients."
"Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."
"It is an extremely stable solution. Stability-wise, I rate the solution a ten out of ten."
"The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology."
"What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results."
"It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically."
"It's very stable and reliable."
"It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast."
"It has allowed us to see what is happening on our servers."
"The other big selling feature for us was its integration capabilities with all the other security-based products."
"The main menu: You can see everything there, what is happening on the servers, and in the logs, you can view more details of each event."
"AlienVault provides a checklist answer when using SIEM."
"Ease of deployment across various environments."
"The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure."
"As we have to service several servers, we can manage them in a economical way, which is beneficial to our team and business."
"There are multiple tools for information security. The solution includes all the latest advances on the network and host intrusion detection systems."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"The solution should address emerging threats like SQL injection."
"Cannot be used on mobile devices with a secure connection."
"The only minor concern is occasional interference with desired programs."
"One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow."
"Technical support could respond faster."
"Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price."
"The price of this product could be improved, especially the additional costs. I would also like to see better-quality graphics."
"It could use maybe a little more on the Linux side."
"I think because we are a cybersecurity company, the thing that can be improved is the prebuilt tools, especially quality. Compared to its competitor, they still have fewer prebuilt security rules. Elastic Security, in terms of generating alerts, cannot group the same products into one another. Even though the alerts are the same, they still generate them one by one. So, it is very noisy in our dashboard. I would like the Elastic Security admin to group all the same alarms into one alarm so that our dashboard is not noisy."
"There isn't really a very good user experience. You need a lot of training."
"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
"It was easy on PoC, but when we got to the product it was different story. We had to learn the product again and got feeling that the PoC was a different product."
"The reporting and dashboards have room for improvement."
"We've had some stability problems, not a lot, but a few. Updates seem to be the worst. That seems to be when the stability problems come up."
"The only room for improvement I can mention is the initial installation procedures. I found that the online installation instructions for the product were missing important details, they lacked necessary steps."
"In the future, I would like to see all these features of the solution working properly."
"Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira. It is also a bit slow, and its replication engine can be improved."
"The price of AT&T AlienVault USM could be reduced."
"I've been using it just for my own personal upskilling in terms of how the product works. At the moment, it is pretty straightforward and simple, and it is working how it is supposed to. The feedback would come once it is deployed to customer sites. They'll be using it on a more frequent basis, and that's when the feedback would come in terms of the areas in which they're facing issues or are looking for simplicity."
Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 59 reviews while USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews. Elastic Security is rated 7.6, while USM Anywhere is rated 8.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Microsoft Sentinel and CrowdStrike Falcon. See our Elastic Security vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors, best Log Management vendors, and best Endpoint Detection and Response (EDR) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.