USM Anywhere Reviews

Name: USM Anywhere
Brand: LevelBlue
Rating: 4.2 (115 reviews)

4.2 out of 5

115 reviews
92% willing to recommend

4,490 followers

What is USM Anywhere?

USM Anywhere centralizes security monitoring of networks and devices in the cloud, on premises, and in remote locations, helping you to detect threats virtually anywhere.

Get the USM Anywhere Buyer's Guide and find out what your peers are saying about USM Anywhere, CrowdStrike Falcon, Wazuh and more!

USM Anywhere is the #12 ranked solution in top Compliance Management solutions, #28 ranked solution in top Security Information and Event Management (SIEM) solutions, #47 ranked solution in Log Management Software, and #52 ranked solution in EDR tools. PeerSpot users give USM Anywhere an average rating of 8.4 out of 10. USM Anywhere is most commonly compared to CrowdStrike Falcon: USM Anywhere vs CrowdStrike Falcon. USM Anywhere is popular among the large enterprise segment, accounting for 46% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 20% of all views.

Helped 856,874 peers since 2012

Featured USM Anywhere reviews

Kris Nawani

Co-Founder/Director at Bangkok MSP Company Limited

USM Anywhere is used for threat detection and investigation. It provides a solution with built-in threat intelligence and various other investigation tools The solution offers complete coverage without the need to install additional software, as it is maintained by the vendor. It helps in saving…

Read full review

Oluwatoyese Agoro

Information Security Engineer at Infoprive

The only issue that you need to bypass is the issue with integration with some other log sources, some other application security applications. The issue is still present. The process of collecting logs from applications that do not have an alien app or alien routes can be made a little bit better. Once there is no alien app, it's always very difficult to collect logs from third-party applications. So, the process of collecting logs from third-party applications is something that needs to be improved. Also, when it comes to parsing of some logs, I've worked with another solution that has a custom parsing feature that can assist you in creating the custom parsing rule by yourself. But for any of those, USM needs to reach out to the engineering team, which takes months to come up with. There is room for improvement in Log parsing. So when there are logs that are being parsed, we need to create a custom parsing rule to correctly parse some event logs. I've worked with a solution that has a feature that helps you to create custom parsing rules. But for enablement, we need to escalate to their engineering team, which takes months before they can respond and give you that parsing rule.

Read full review

Omer Jamil

Supervisor, Security Operations at Bpm

To those who plan to use the solution, I would suggest that they go through the documentation and online training models available for free, as it can help you deploy the product quickly while also being helpful in areas where there is a need to understand correlation and monitoring. I rate the overall product a seven out of ten.

Read full review

USM Anywhere mindshare

Product category:

As of June 2025, the mindshare of USM Anywhere in the Security Information and Event Management (SIEM) category stands at 0.9%, down from 1.7% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Security Information and Event Management (SIEM)

PeerResearch reports based on USM Anywhere reviews

Type	Title	Date
Category	Security Information and Event Management (SIEM)	Jun 15, 2025	Download
Product	Reviews, tips, and advice from real users	Jun 15, 2025	Download
Comparison	USM Anywhere vs Splunk Enterprise Security	Jun 15, 2025	Download
Comparison	USM Anywhere vs Wazuh	Jun 15, 2025	Download
Comparison	USM Anywhere vs Microsoft Sentinel	Jun 15, 2025	Download

Title	Rating	Mindshare	Recommending
CrowdStrike Falcon	4.3	4.8%	96%	132 interviews Add to research
Wazuh	3.7	13.3%	80%	48 interviews Add to research

Valuable Features

USM Anywhere's most valuable features include event correlation, vulnerability scanning, and integrated threat detection. Users appreciate its centralized log management, ease of deployment, and customizable dashboards. The system's ability to combine SIEM, IDS, and vulnerability assessment tools streamlines security management. The Open Threat Exchange integration and real-time alerts enhance network visibility, making it a preferred choice for compliance and network monitoring. Its scalability and user-friendly interface cater to diverse security needs within organizations.

"The pricing is amazing and really cheap."
"The solution also provides basic log storage options for periods of 15, 30, and 90 days."
"The asset discovery and inventory capabilities in USM Anywhere is quite good."

Room for Improvement

USM Anywhere requires improvements in search query functionality and vulnerability scanning efficiency. It suffers from complicated deployment and setup processes. Customization, particularly in rule creation and reports, presents challenges. IPv6 support is limited, and plugin management needs enhancement. Search capabilities are slow, documentation should be clearer, and interface navigation can be confusing. Integration with third-party technologies could be enhanced, and QA before updates is necessary to prevent broken features impacting users.

"There are scalability issues due to a 60 TB limit, which restricts its use for large customers like banks."
"There are scalability issues due to a 60 TB limit, which restricts its use for large customers like banks."
"There is room for improvement in Log parsing."

ROI

Many find ROI from USM Anywhere to be positive, valuing intelligence gathered and time saved over direct financial gain. Users note significant reduction in security alert response time, cost savings on cybersecurity purchases, and manpower efficiency. Some mention benefits in meeting compliance needs and consolidation of log monitoring, enhancing alerts. For academic partners, it offers students practical exposure. Calculating exact ROI is challenging due to variables in prevented incidents.

Pricing

AlienVault USM Anywhere offers competitive pricing, making it affordable for both SMBs and enterprises. Users find its scalability and bundled features valuable, often surpassing more costly alternatives like Splunk and QRadar. Pricing is flexible, based on devices managed rather than events per second, and AlienVault frequently negotiates on costs. Unlimited endpoint licenses are advisable for large setups. Overall, its cost-effectiveness and comprehensive functionality make it an attractive choice for varied organizational needs.

"It's affordable for most customers."
"It's saved security costs."
"It is a product that is priced in a medium range, making it neither a cheap nor a costly product."

Popular Use Cases

Organizations primarily utilize USM Anywhere for log management, threat detection, and SIEM functionality, integrating it within their existing security infrastructure for enhanced visibility and compliance. It supports cloud, on-premise, and hybrid deployments, aiding in asset management and vulnerability assessments. Many employ it for forensic analysis and incident response, benefiting from its centralized logging, correlation, and alert capabilities. This tool is favored by MSSPs and MSPs for efficient monitoring of client environments and maintaining stringent security protocols.

Service and Support

USM Anywhere offers strong customer service and support, praised for helpful and knowledgeable personnel. Some users highlight quick response times and effective issue resolution, while others experience delayed responses and inconsistent quality. Technical support often excels in technical expertise, with successful handling of complex configurations and system troubleshooting. However, some users mention relying more on community resources for certain questions. Overall, the experience widely varies based on individual interactions and representatives.

Deployment

USM Anywhere's initial setup is often described as straightforward. Many find it easy to deploy, especially with guidance, despite its complexity for advanced configurations. While basic setup can be done quickly, maximizing features and customizing may require technical knowledge. Users appreciate the documentation and support available but note that understanding system intricacies takes time. Some entities choose professional assistance for setup, while others leverage training for better outcomes.

Scalability

USM Anywhere demonstrates extensive scalability, handling diverse environments efficiently. Users appreciate its ability to adapt with minimal issues, although some encounter limitations with large enterprises or high data volumes. Many benefit from cloud-based architecture, ensuring ease of scaling. While a few address specific performance restrictions when exceeding certain capacities, adding sensors or upgrading infrastructure resolves most challenges. USM Anywhere effectively supports small to medium businesses, with occasional adjustments required for larger deployments.

Stability

Users report mixed experiences with USM Anywhere's stability. Many mention a stable experience with minimal disruptions, while some note issues during updates and with high-volume log processing. Support services are praised for resolving problems effectively. Hardware adequacy and network setup are crucial for optimal performance. Scalability features are appreciated, yet some found upgrades challenging, particularly concerning sensor and logging configurations. Stability ratings often vary, but many users find it sufficient for their needs.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our USM Anywhere Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

20%

Financial Services Firm

10%

Comms Service Provider

Educational Organization

Government

University

Manufacturing Company

Healthcare Company

Real Estate/Law Firm

Legal Firm

Non Profit

Retailer

Consumer Goods Company

Energy/Utilities Company

Performing Arts

Media Company

Insurance Company

Hospitality Company

Construction Company

Outsourcing Company

Logistics Company

Aerospace/Defense Firm

Security Firm

Recruiting/Hr Firm

Wellness & Fitness Company

Wholesaler/Distributor

Compare USM Anywhere with alternative products

Learn more about USM Anywhere

Discover

Network asset discovery
Software & services discovery
AWS asset discovery
Azure asset discovery
Google Cloud Platform asset discovery

Analyze

SIEM event correlation, auto-prioritized alarms
User activity monitoring
Up to 90-days of online, searchable events

Detect

Cloud intrusion detection (AWS, Azure, GCP)
Network intrusion detection (NIDS)
Host intrusion detection (HIDS)
Endpoint Detection and Response (EDR)

Respond

Forensics querying
Automate & orchestrate response
Notifications and ticketing

Assess

Vulnerability scanning
Cloud infrastructure assessment
User & asset configuration
Dark web monitoring

Report

Pre-built compliance reporting templates
Pre-built event reporting templates
Customizable views and dashboards
Log storage

USM Anywhere was previously known as AT&T AlienVault USM, AlienVault, AlienVault USM, Alienvault Cybersecurity.

USM Anywhere customers

Abel & Cole, Bank of Ireland, Bluegrass Cellular, CareerBuilder, Claire's, Hays Medical Center, Hope International, McCurrach, McKinsey & Company, Party Delights, Pepco Holdings, Richland School District, Ricoh, SaveMart, Shake Shack, Steelcase, TaxAct, Taylor Morrison, Vonage and Zoom

Julia Miller

Community Director at PeerSpot

Top SIEM Solutions & Success Stories: Strengthening Cybersecurity in Diverse Industries

Has anyone got experience in deployment of a SIEM solution?

AlienVault saying I can't use it in a DHCP environment. Help!

What Solution for SIEM is Best To Be NIST 800-171 Compliant?

When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?

What are the main differences between Nessus and Arcsight?

What's The Best Way to Trial SIEM Solutions?

Which is the best SIEM solution for a government organization?

1,020

What is the difference between IT event correlation and aggregation?

What Is SIEM Used For?

RSA-EMC vs. other SIEM products?

USM Anywhere reviews

Sort by:

Kris Nawani

Co-Founder/Director at Bangkok MSP Company Limited

Verified user of USM Anywhere

Nov 26, 2024

Offers complete coverage without the need to install additional software

Pros

"The solution also provides basic log storage options for periods of 15, 30, and 90 days. "

Cons

"There are scalability issues due to a 60 TB limit, which restricts its use for large customers like banks. "

What is our primary use case?

USM Anywhere is used for threat detection and investigation. It provides a solution with built-in threat intelligence and various other investigation tools.

How has it helped my organization?

The solution offers complete coverage without the need to install additional software, as it is maintained by the vendor. It helps in saving costs on staffing and other resources.

*Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

Read full review (345 words)

Oluwatoyese Agoro

Information Security Engineer at Infoprive

Verified user of USM Anywhere

Sep 23, 2024

Offers SIEM capabilities, Log aggregation and alarms

Pros

"The asset discovery and inventory capabilities in USM Anywhere is quite good."

Cons

"There is room for improvement in Log parsing."

What is our primary use case?

Our customers have three use cases, Log aggregation, correlation, and the SIEM functionalities.

Our customers are mostly in the finance and banking sectors.

What is most valuable?

Log aggregation and alarms are the most useful for security for our customers. It collects logs from various log sources in the corporate network and then gives you actionable intel on the collected logs.

The second feature is SIEM capabilities. It's an umbrella set for what SIEM does.

The asset discovery and inventory capabilities in USM Anywhere is quite good because it helps to discover all assets and IP addresses on the corporate network.

USM Anywhere uses artificial intelligence to enhance threat detection.

*Disclosure: My company has a business relationship with this vendor other than being a customer:

Read full review (743 words)

Buyer's Guide

USM Anywhere

Download free report

Find out what your peers are saying about USM Anywhere. Updated May 2025

856,874 professionals have used our research since 2012.

Philip Bradley

Senior Security Information Manager at agiito

Verified user of USM Anywhere

Sep 11, 2023

Easy to use and affordable

Pros

"What I find the most valuable about USM Anywhere is its compliance. It shows a list of all the administrators logged on and does it quite well. There are no whistles and bells, it's reliable and simple to use."

Cons

"USM Anywhere relies a lot on the community putting the data in. Often, you'll right-click on the attack, but nothing will be found. That's a weakness of it."

What is our primary use case?

I find that USM Anywhere is not overly complicated and things flow logically. The way it lays out the Microsoft alert and formats the text for you so you can actually read it is very workable.

What is most valuable?

What I find the most valuable about USM Anywhere is its compliance. It shows a list of all the administrators logged on and does it quite well. There are no whistles and bells, it's reliable and simple to use. Also, for the first time in eight years, I felt I could actually work with the raw data. I don't have to use search or log file manipulator engines because I can see the log file directly. It's readable and it's not cloudy like, for example, QRadar.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Read full review (487 words)

Omer Jamil

Supervisor, Security Operations at Bpm

Verified user of USM Anywhere

Jan 19, 2024

An easy-to-deploy tool that needs to improve its vulnerability scanning feature

Pros

"The most valuable feature of the solution is the ease of deployment that it provides to users. The integrations that the product has with third-party applications are useful."

Cons

"The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient."

What is our primary use case?

In my company, we use the solution in our security operation center to monitor the client environment and as a solution that provides us with continuous monitoring ability.

How has it helped my organization?

The benefits experienced by our company from the use of the solution stem from the fact that it has been working pretty well in terms of getting the events correlated and getting the alarms on suspicious activities.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Read full review (521 words)

CHARLES GOLLIDAY

Chief Information Security Officer at a computer software company with 51-200 employees

Verified user of USM Anywhere

Aug 9, 2022

it brings everything into one single pane that includes your vulnerability management, asset management, IDS, logs, and correlation

Pros

"Our main focus was intrusion detection, alerts, and correlation. It's easy to use AlienVault and integrate it with other alert tools because it includes lots of connectors. Either the tool is already there, or AlienVault will write an API for us if they don't have a connector for the solution that is providing the logs. "

Cons

"I've been told that AlienVault doesn't have a full version of NES running in there, but I'm not sure if that's accurate or if my engineer made it that way. I'm not sure he was completely honest either because we had NES in the environment before. Those tools could be improved because AlienVault is a SIEM, and it added all these other features. "

What is our primary use case?

We primarily use AlienVault for managing logs, IDS, and correlation, but we haven't used the other tools, which was a huge disappointment to me.

What is most valuable?

Our main focus was intrusion detection, alerts, and correlation. It's easy to use AlienVault and integrate it with other alert tools because it includes lots of connectors. Either the tool is already there, or AlienVault will write an API for us if they don't have a connector for the solution that is providing the logs.

We've seen a lot of improvement in the product over the years. Their threat monitoring was an important feature for us, but we didn't use the tool to its full advantage. I wanted to use the built-in NES and asset management tools, but unfortunately we didn't use those because we had other solutions to address those areas.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Read full review (678 words)

Dr. Sushan Banerjee

GISO - Global Information Security Officer at Beyon Connect

Verified user of USM Anywhere

Jul 29, 2022

Comes with a vulnerability assessment package, has good pricing, and is extremely easy to set up and integrate

Pros

"The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution. So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable."

Cons

"Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products. "

What is our primary use case?

I used it in my previous company. My main use case was to identify the security events. Basically, it was a platform through which we used to monitor threat events for SOC operations.

We had its latest version. We used to keep updating it whenever there was a new release.

AlienVault was on-prem, and for cloud, we had Wazuh.

What is most valuable?

The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution. So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable.

The setup of AlienVault is extremely easy. It is very simple to understand for someone who is trying a SIEM solution for the first time.

The integration of servers and other devices is extremely easy. It is a piece of cake. You just double-click and start, and you are up and running. That's all.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Read full review (680 words)

Subramaniam L.

Senior Talent Sourcer, Digital at Digitaltrack

Verified user of USM Anywhere

Apr 11, 2023

Product version discussed: Latest version

Easy to deploy, stable, and affordable

Pros

"The ease of implementation is the most valuable feature."

Cons

"The reporting and dashboards have room for improvement."

What is our primary use case?

We use AT&T AlienVault USM as a managed SOC service for our customers to detect and respond to security events and potential incidents.

How has it helped my organization?

AT&T AlienVault USM has improved detection of the potential threats and helped us to proactively take action against these threats. AT&T USM has enabled us to identify the weaknesses and has helped in strengthening the weaknesses.

*Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

Read full review (688 words)

Gerald Mbewa

Cyber Security Analyst at DIgital Sentry Ltd

Verified user of USM Anywhere

Jan 23, 2023

It provides a central place for ingesting and managing logs but lacks automated remediation

Pros

"Having everything in a central place has been helpful. "

Cons

"AlienVault cannot automatically respond to threats like other SIEM solutions, such as Sentinel and LogRhythm. Most of our clients are far away, so it's often challenging to handle alerts when they come up on our dashboard. "

What is our primary use case?

AlienVault provides a central place for monitoring the logs from various security tools in our environment, such as CrowdStrike and Datrix. It gives us complete visibility into the logs from those tools and endpoints in our environment. We use AlienVault for managing logs and vulnerabilities with tools like CrowdStrike.

What is most valuable?

Having everything in a central place has been helpful.

*Disclosure: My company has a business relationship with this vendor other than being a customer: partner

Read full review (375 words)

USM Anywhere Reviews

What is USM Anywhere?

Featured USM Anywhere reviews

USM Anywhere mindshare

PeerResearch reports based on USM Anywhere reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare USM Anywhere with alternative products

Learn more about USM Anywhere

USM Anywhere customers

Related articles

Related questions

Product Categories

Popular Comparisons

USM Anywhere reviews

Pros

Cons

What is our primary use case?

How has it helped my organization?

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

How has it helped my organization?

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

How has it helped my organization?

Pros

Cons

What is our primary use case?

What is most valuable?

What is most valuable?

How has it helped my organization?

What needs improvement?

For how long have I used the solution?

What was my experience with deployment of the solution?

What do I think about the stability of the solution?

What do I think about the scalability of the solution?

How are customer service and support?

Which solution did I use previously and why did I switch?

How was the initial setup?

What about the implementation team?

What was our ROI?

What's my experience with pricing, setup cost, and licensing?

Which other solutions did I evaluate?

What other advice do I have?