We performed a comparison between LogRhythm SIEM and USM Anywhere based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Users praised LogRhythm SIEM for its user-friendly centralized dashboard, strong integration capabilities, and event-filtering capabilities. USM Anywhere is highly regarded for its extensive reporting capabilities, thorough vulnerability assessment, seamless file integration, and user-friendly management features. LogRhythm SIEM has the potential to improve its SOAR and NDR features, platform stability, and MDI integration. LogRhythm users requested expanded log storage, better load balancing, and streamlined search capabilities. USM Anywhere users have suggested improvements in self-service plugin management, database optimization, and third-party threat intelligence integration.
Service and Support: LogRhythm SIEM was generally praised for its helpful and knowledgeable support, although there have been occasional delays and knowledge problems. Some users say that USM Anywhere's customer service is knowledgeable and responsive, while others have faced delays and incomplete answers.
Ease of Deployment: LogRhythm SIEM's setup is considered to be straightforward. However, it is more time-consuming and complex for enterprise deployments involving multiple components or vendors, and users often require assistance from professional services or LogRhythm-certified engineers. The initial setup for USM Anywhere is generally considered to be straightforward if the user has technical knowledge. Vendor assistance is also available during the deployment phase.
Pricing: LogRhythm SIEM’s license typically includes all elements. However, enterprise customers may encounter complexities related to additional features and add-ons. USM Anywhere is seen as more cost-effective than premium solutions like IBM QRadar and Splunk, with pricing considered reasonable and relatively low.
ROI: LogRhythm SIEM has proven to be highly valuable, delivering a significant ROI by reducing the mean time to detect and respond. USM Anywhere has garnered favorable feedback regarding its ROI.
"The ability to drill down and pivot from an event is one of the biggest advantage the product has compared to other things that I have seen in the market."
"One of the main features that I like about LogRhythm NextGen SIEM is that there are a lot of pre-built pieces. Like with our AV, we didn't have to tell it how to read the logs; they already had it pre-made. So, we essentially just had to follow their guide to get the logs imported in and set up some rules for it. We've only had to manually create the parsing rules for a few of our vendors so that we could interpret the logs correctly. Most of them had already been pre-created for us."
"Technical support has always been helpful."
"I would rate the product a ten out of ten. The solution is very user-friendly and straightforward. The tool's report customization is interesting."
"When it comes to dealing with support, all my interactions have been great. Everyone has known what they're doing and have been quick to respond. They seem to always know the answer. I haven't stumped anybody yet."
"The security operation center is excellent."
"We should be able to response to threats and gain visibility into our environment that we don't currently have."
"LogRhythm NextGen SIEM is customizable, simple to manage, and there are many features. The solution does not require an expert to be able to use it, anyone can use it."
"It has powerful threat detection, incident response, and compliance management."
"As we have to service several servers, we can manage them in a economical way, which is beneficial to our team and business."
"SIEM log collection is great, and all of the rules that support updates with maintenance."
"Any unusual behaviour, we can monitor. We have alerts set up to be sent when we receive signs of any unusual behaviour."
"Ease of deployment across various environments."
"The USM is a work horse, no matter what devices or the number of logs we throw at it, the system processes them in real time, correlates the events, and alerts on only events that need human review."
"OTX is a great module that lets staff maintain and monitor updates regarding events in the infrastructure and takes decision to improve the security perimeter."
"We're using it more for reporting, that's all. We're using it to help our customers to pass any kind of audits that they receive."
"When we originally got LogRhythm, their tech support was fantastic, and I loved them. Now, we don't quite get as quick of a response. I've been disappointed in the more recent tech support. When you call in, they'll say that they will get you somebody, and you'll finally get someone who will contact you back a day or so later. Whereas before, I would get help right away."
"We would like to see more things out of the console into the web UI. I guess this is what they are doing in 7.4."
"We're still struggling to get a real return on it and finding something that isn't false noise."
"It should be improved for automated setup and auto-configuration. There should be ease of integration and ease of setup."
"My biggest issue - I know that they say they're doing it - is that the API-building is extremely important. They keep saying it's coming, it's coming. It's not coming fast enough. I don't care if they need to double their team size to get it out there quicker, the world is already in the cloud and we can't monitor it. That's a big problem for us. My boss keeps coming to me about it. That's an issue."
"I would like it to do a lot of the automation (which I still need to learn more about), because I am essentially a one man shop doing all the jobs. I'd like for it to be able to do more for me."
"Their ticketing system for managing cases can be improved. They can either do that or adopt some of the open-source ticket systems into theirs. The current system works and gets the job done, but it is very bare-bones and basic. There are some things that could be improved there. They should also bring in more threat intelligence into the product and also probably start to look into the integration of more cloud or SAS products for ingesting logs. They're doing the work, but with the explosion of COVID, a lot of businesses have started to move towards more cloud applications or SAS applications. There is a whole diverse suite of SAS products out there, which is a challenge for them and I get it. They seem to be focusing on the big ones, but it'll be nice to be able to, for example, pull in Microsoft logs from Office 365. They are working towards a better way of doing that, and they have a product in the pipeline to pull logs in from other SAS applications. The biggest thing for them is going to be moving away from a Windows Server infrastructure into a straight-up Linux, which is more stable in my eyes. For the backend, they can maybe move into more of an up-to-date Elastic search engine and use less of Microsoft products."
"I think they probably need to, because a lot of companies are having this cloud-first strategy, where anything that's new has to go into the cloud for some reason."
"The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient."
"Reporting is convoluted and difficult at times, although they claim to have hundreds of pre-built reports, very few of them are actually useful for anything but what the USM is doing."
"It should be able to communicate with other security solutions to stop threats."
"The lack of mature functionality and expertise in any of those areas is a strong negative."
"Windows log collection works with HIDS, but documentation is sparse and confusing."
"Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement."
"We've had some stability problems, not a lot, but a few. Updates seem to be the worst. That seems to be when the stability problems come up."
"The reporting and dashboards have room for improvement."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews. LogRhythm SIEM is rated 8.4, while USM Anywhere is rated 8.4. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Microsoft Sentinel, Wazuh and LogRhythm Axon, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Securonix Next-Gen SIEM. See our LogRhythm SIEM vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
