Try our new research platform with insights from 80,000+ expert users
USM Anywhere Logo

USM Anywhere Reviews

Vendor: LevelBlue
4.2 out of 5
Leave a review

What is USM Anywhere?

USM Anywhere centralizes security monitoring of networks and devices in the cloud, on premises, and in remote locations, helping you to detect threats virtually anywhere.

Get the USM Anywhere Buyer's Guide and find out what your peers are saying about USM Anywhere, CrowdStrike Falcon, Wazuh and more!
USM Anywhere is the #13 ranked solution in top Compliance Management solutions, #32 ranked solution in top Security Information and Event Management (SIEM) solutions, #45 ranked solution in Log Management Software, and #52 ranked solution in EDR tools. PeerSpot users give USM Anywhere an average rating of 8.4 out of 10. USM Anywhere is most commonly compared to CrowdStrike Falcon: USM Anywhere vs CrowdStrike Falcon. USM Anywhere is popular among the large enterprise segment, accounting for 40% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 17% of all views.
Buyer's Guide
USM Anywhere
July 2025
Get the report
Helped 864,313 peers since 2012

Featured USM Anywhere reviews

Read more reviews

USM Anywhere mindshare

Product category:
Security Information and Event Manage...
As of August 2025, the mindshare of USM Anywhere in the Security Information and Event Management (SIEM) category stands at 0.9%, down from 1.3% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)

PeerResearch reports based on USM Anywhere reviews

TypeTitleDate
CategorySecurity Information and Event Management (SIEM)Aug 5, 2025Download
ProductReviews, tips, and advice from real usersAug 5, 2025Download
ComparisonUSM Anywhere vs Splunk Enterprise SecurityAug 5, 2025Download
ComparisonUSM Anywhere vs WazuhAug 5, 2025Download
ComparisonUSM Anywhere vs Microsoft SentinelAug 5, 2025Download
Suggested products
TitleRatingMindshareRecommending
CrowdStrike Falcon4.34.7%96%132 interviewsAdd to research
Wazuh3.711.8%80%48 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

USM Anywhere's most valuable features include event correlation, vulnerability scanning, and integrated threat detection. Users appreciate its centralized log management, ease of deployment, and customizable dashboards. The system's ability to combine SIEM, IDS, and vulnerability assessment tools streamlines security management. The Open Threat Exchange integration and real-time alerts enhance network visibility, making it a preferred choice for compliance and network monitoring. Its scalability and user-friendly interface cater to diverse security needs within organizations.
  • "The pricing is amazing and really cheap."
  • "The solution also provides basic log storage options for periods of 15, 30, and 90 days."
  • "The asset discovery and inventory capabilities in USM Anywhere is quite good."

Room for Improvement

USM Anywhere requires improvements in search query functionality and vulnerability scanning efficiency. It suffers from complicated deployment and setup processes. Customization, particularly in rule creation and reports, presents challenges. IPv6 support is limited, and plugin management needs enhancement. Search capabilities are slow, documentation should be clearer, and interface navigation can be confusing. Integration with third-party technologies could be enhanced, and QA before updates is necessary to prevent broken features impacting users.
  • "There are scalability issues due to a 60 TB limit, which restricts its use for large customers like banks."
  • "There are scalability issues due to a 60 TB limit, which restricts its use for large customers like banks."
  • "There is room for improvement in Log parsing."

ROI

Many find ROI from USM Anywhere to be positive, valuing intelligence gathered and time saved over direct financial gain. Users note significant reduction in security alert response time, cost savings on cybersecurity purchases, and manpower efficiency. Some mention benefits in meeting compliance needs and consolidation of log monitoring, enhancing alerts. For academic partners, it offers students practical exposure. Calculating exact ROI is challenging due to variables in prevented incidents.

Pricing

AlienVault USM Anywhere offers competitive pricing, making it affordable for both SMBs and enterprises. Users find its scalability and bundled features valuable, often surpassing more costly alternatives like Splunk and QRadar. Pricing is flexible, based on devices managed rather than events per second, and AlienVault frequently negotiates on costs. Unlimited endpoint licenses are advisable for large setups. Overall, its cost-effectiveness and comprehensive functionality make it an attractive choice for varied organizational needs.
  • "It's affordable for most customers."
  • "It's saved security costs."
  • "It is a product that is priced in a medium range, making it neither a cheap nor a costly product."

Popular Use Cases

Organizations primarily utilize USM Anywhere for log management, threat detection, and SIEM functionality, integrating it within their existing security infrastructure for enhanced visibility and compliance. It supports cloud, on-premise, and hybrid deployments, aiding in asset management and vulnerability assessments. Many employ it for forensic analysis and incident response, benefiting from its centralized logging, correlation, and alert capabilities. This tool is favored by MSSPs and MSPs for efficient monitoring of client environments and maintaining stringent security protocols.

Service and Support

USM Anywhere offers strong customer service and support, praised for helpful and knowledgeable personnel. Some users highlight quick response times and effective issue resolution, while others experience delayed responses and inconsistent quality. Technical support often excels in technical expertise, with successful handling of complex configurations and system troubleshooting. However, some users mention relying more on community resources for certain questions. Overall, the experience widely varies based on individual interactions and representatives.

Deployment

USM Anywhere's initial setup is often described as straightforward. Many find it easy to deploy, especially with guidance, despite its complexity for advanced configurations. While basic setup can be done quickly, maximizing features and customizing may require technical knowledge. Users appreciate the documentation and support available but note that understanding system intricacies takes time. Some entities choose professional assistance for setup, while others leverage training for better outcomes.

Scalability

USM Anywhere demonstrates extensive scalability, handling diverse environments efficiently. Users appreciate its ability to adapt with minimal issues, although some encounter limitations with large enterprises or high data volumes. Many benefit from cloud-based architecture, ensuring ease of scaling. While a few address specific performance restrictions when exceeding certain capacities, adding sensors or upgrading infrastructure resolves most challenges. USM Anywhere effectively supports small to medium businesses, with occasional adjustments required for larger deployments.

Stability

Users report mixed experiences with USM Anywhere's stability. Many mention a stable experience with minimal disruptions, while some note issues during updates and with high-volume log processing. Support services are praised for resolving problems effectively. Hardware adequacy and network setup are crucial for optimal performance. Scalability features are appreciated, yet some found upgrades challenging, particularly concerning sensor and logging configurations. Stability ratings often vary, but many users find it sufficient for their needs.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our USM Anywhere Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
By visitors reading reviews

Top industries

By visitors reading reviews
Computer Software Company
17%
Comms Service Provider
10%
Educational Organization
7%
Financial Services Firm
7%
Government
5%
University
5%
Manufacturing Company
4%
Performing Arts
4%
Non Profit
4%
Healthcare Company
3%
Legal Firm
3%
Retailer
3%
Consumer Goods Company
3%
Real Estate/Law Firm
3%
Energy/Utilities Company
2%
Construction Company
2%
Hospitality Company
2%
Insurance Company
2%
Transportation Company
2%
Media Company
2%
Outsourcing Company
1%
Logistics Company
1%
Security Firm
1%
Recreational Facilities/Services Company
1%
Wellness & Fitness Company
1%
Recruiting/Hr Firm
1%
Renewables & Environment Company
1%

Compare USM Anywhere with alternative products

Go!

Learn more about USM Anywhere

Discover

  • Network asset discovery
  • Software & services discovery
  • AWS asset discovery
  • Azure asset discovery
  • Google Cloud Platform asset discovery

Analyze

  • SIEM event correlation, auto-prioritized alarms
  • User activity monitoring
  • Up to 90-days of online, searchable events

Detect

  • Cloud intrusion detection (AWS, Azure, GCP)
  • Network intrusion detection (NIDS)
  • Host intrusion detection (HIDS)
  • Endpoint Detection and Response (EDR)

Respond

  • Forensics querying
  • Automate & orchestrate response
  • Notifications and ticketing

Assess

  • Vulnerability scanning
  • Cloud infrastructure assessment
  • User & asset configuration
  • Dark web monitoring

Report

  • Pre-built compliance reporting templates
  • Pre-built event reporting templates
  • Customizable views and dashboards
  • Log storage

USM Anywhere was previously known as AT&T AlienVault USM, AlienVault, AlienVault USM, Alienvault Cybersecurity.

USM Anywhere customers

Abel & Cole, Bank of Ireland, Bluegrass Cellular, CareerBuilder, Claire's, Hays Medical Center, Hope International, McCurrach, McKinsey & Company, Party Delights, Pepco Holdings, Richland School District, Ricoh, SaveMart, Shake Shack, Steelcase, TaxAct, Taylor Morrison, Vonage and Zoom

Related articles

Julia Miller - PeerSpot reviewer
Top SIEM Solutions & Success Stories: Strengthening Cybersecurity in Diverse Industries
Read more

Related questions

  • 45
Has anyone got experience in deployment of a SIEM solution?
  • 57
AlienVault saying I can't use it in a DHCP environment. Help!
  • 194
What Solution for SIEM is Best To Be NIST 800-171 Compliant?
  • 52
When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
  • 108
What are the main differences between Nessus and Arcsight?
  • 21
What's The Best Way to Trial SIEM Solutions?
  • 146
Which is the best SIEM solution for a government organization?
  • 873
What is the difference between IT event correlation and aggregation?
  • 83
What Is SIEM Used For?
  • 31
RSA-EMC vs. other SIEM products?

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Log Management
Endpoint Detection and Response (EDR)
Compliance Management

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs USM Anywhere Logo
CrowdStrike Falcon vs USM Anywhere
Wazuh vs USM Anywhere Logo
Wazuh vs USM Anywhere
Microsoft Sentinel vs USM Anywhere Logo
Microsoft Sentinel vs USM Anywhere
Datadog vs USM Anywhere Logo
Datadog vs USM Anywhere
Splunk Enterprise Security vs USM Anywhere Logo
Splunk Enterprise Security vs USM Anywhere
IBM Security QRadar vs USM Anywhere Logo
IBM Security QRadar vs USM Anywhere
Elastic Security vs USM Anywhere Logo
Elastic Security vs USM Anywhere
Graylog vs USM Anywhere Logo
Graylog vs USM Anywhere
Rapid7 InsightIDR vs USM Anywhere Logo
Rapid7 InsightIDR vs USM Anywhere
LogRhythm SIEM vs USM Anywhere Logo
LogRhythm SIEM vs USM Anywhere
Fortinet FortiSIEM vs USM Anywhere Logo
Fortinet FortiSIEM vs USM Anywhere
AlienVault OSSIM vs USM Anywhere Logo
AlienVault OSSIM vs USM Anywhere
Fortinet FortiAnalyzer vs USM Anywhere Logo
Fortinet FortiAnalyzer vs USM Anywhere
Securonix Next-Gen SIEM vs USM Anywhere Logo
Securonix Next-Gen SIEM vs USM Anywhere
Sentinel vs USM Anywhere Logo
Sentinel vs USM Anywhere
See all alternatives
 

USM Anywhere reviews

Sort by:
Kris Nawani - PeerSpot user
Co-Founder/Director at Bangkok MSP Company Limited
Verified user of USM Anywhere
Nov 26, 2024
Offers complete coverage without the need to install additional software

Pros

"The solution also provides basic log storage options for periods of 15, 30, and 90 days. "

Cons

"There are scalability issues due to a 60 TB limit, which restricts its use for large customers like banks. "

What is our primary use case?

USM Anywhere is used for threat detection and investigation. It provides a solution with built-in threat intelligence and various other investigation tools.

How has it helped my organization?

The solution offers complete coverage without the need to install additional software, as it is maintained by the vendor. It helps in saving costs on staffing and other resources.

*Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Read full review (345 words)
Oluwatoyese Agoro - PeerSpot user
Information Security Engineer at Infoprive
Verified user of USM Anywhere
Sep 23, 2024
Offers SIEM capabilities, Log aggregation and alarms

Pros

"The asset discovery and inventory capabilities in USM Anywhere is quite good."

Cons

"There is room for improvement in Log parsing."

What is our primary use case?

Our customers have three use cases, Log aggregation, correlation, and the SIEM functionalities.

Our customers are mostly in the finance and banking sectors. 

What is most valuable?

Log aggregation and alarms are the most useful for security for our customers. It collects logs from various log sources in the corporate network and then gives you actionable intel on the collected logs.

The second feature is SIEM capabilities. It's an umbrella set for what SIEM does.

The asset discovery and inventory capabilities in USM Anywhere is quite good because it helps to discover all assets and IP addresses on the corporate network.

USM Anywhere uses artificial intelligence to enhance threat detection.

*Disclosure: My company has a business relationship with this vendor other than being a customer.
Read full review (743 words)
Buyer's Guide
USM Anywhere
Download free report
Find out what your peers are saying about USM Anywhere. Updated July 2025
864,313 professionals have used our research since 2012.
PB
Senior Security Information Manager at agiito
Verified user of USM Anywhere
Sep 11, 2023
Easy to use and affordable

Pros

"What I find the most valuable about USM Anywhere is its compliance. It shows a list of all the administrators logged on and does it quite well. There are no whistles and bells, it's reliable and simple to use."

Cons

"USM Anywhere relies a lot on the community putting the data in. Often, you'll right-click on the attack, but nothing will be found. That's a weakness of it."

What is our primary use case?

I find that USM Anywhere is not overly complicated and things flow logically. The way it lays out the Microsoft alert and formats the text for you so you can actually read it is very workable.

What is most valuable?

What I find the most valuable about USM Anywhere is its compliance. It shows a list of all the administrators logged on and does it quite well. There are no whistles and bells, it's reliable and simple to use. Also, for the first time in eight years, I felt I could actually work with the raw data. I don't have to use search or log file manipulator engines because I can see the log file directly. It's readable and it's not cloudy like, for example, QRadar. 

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Read full review (487 words)
Omer Jamil - PeerSpot user
Supervisor, Security Operations at Bpm
Verified user of USM Anywhere
Jan 19, 2024
An easy-to-deploy tool that needs to improve its vulnerability scanning feature

Pros

"The most valuable feature of the solution is the ease of deployment that it provides to users. The integrations that the product has with third-party applications are useful."

Cons

"The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient."

What is our primary use case?

In my company, we use the solution in our security operation center to monitor the client environment and as a solution that provides us with continuous monitoring ability.

How has it helped my organization?

The benefits experienced by our company from the use of the solution stem from the fact that it has been working pretty well in terms of getting the events correlated and getting the alarms on suspicious activities.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Read full review (521 words)
CHARLES GOLLIDAY - PeerSpot user
Chief Information Security Officer at a computer software company with 51-200 employees
Verified user of USM Anywhere
Aug 9, 2022
it brings everything into one single pane that includes your vulnerability management, asset management, IDS, logs, and correlation

Pros

"Our main focus was intrusion detection, alerts, and correlation. It's easy to use AlienVault and integrate it with other alert tools because it includes lots of connectors. Either the tool is already there, or AlienVault will write an API for us if they don't have a connector for the solution that is providing the logs. "

Cons

"I've been told that AlienVault doesn't have a full version of NES running in there, but I'm not sure if that's accurate or if my engineer made it that way. I'm not sure he was completely honest either because we had NES in the environment before. Those tools could be improved because AlienVault is a SIEM, and it added all these other features. "

What is our primary use case?

We primarily use AlienVault for managing logs, IDS, and correlation, but we haven't used the other tools, which was a huge disappointment to me. 

What is most valuable?

Our main focus was intrusion detection, alerts, and correlation. It's easy to use AlienVault and integrate it with other alert tools because it includes lots of connectors. Either the tool is already there, or AlienVault will write an API for us if they don't have a connector for the solution that is providing the logs.

We've seen a lot of improvement in the product over the years. Their threat monitoring was an important feature for us, but we didn't use the tool to its full advantage. I wanted to use the built-in NES and asset management tools, but unfortunately we didn't use those because we had other solutions to address those areas.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Read full review (678 words)
Dr. Sushan Banerjee - PeerSpot user
GISO - Global Information Security Officer at Beyon Connect
Verified user of USM Anywhere
Jul 29, 2022
Comes with a vulnerability assessment package, has good pricing, and is extremely easy to set up and integrate

Pros

"The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution. So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable."

Cons

"Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products. "

What is our primary use case?

I used it in my previous company. My main use case was to identify the security events. Basically, it was a platform through which we used to monitor threat events for SOC operations.

We had its latest version. We used to keep updating it whenever there was a new release.

AlienVault was on-prem, and for cloud, we had Wazuh.

What is most valuable?

The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution. So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable.

The setup of AlienVault is extremely easy. It is very simple to understand for someone who is trying a SIEM solution for the first time.

The integration of servers and other devices is extremely easy. It is a piece of cake. You just double-click and start, and you are up and running. That's all.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Read full review (680 words)
SL
Senior Talent Sourcer, Digital at Digitaltrack
Verified user of USM Anywhere
Apr 11, 2023
Product version discussed: Latest version
Easy to deploy, stable, and affordable

Pros

"The ease of implementation is the most valuable feature."

Cons

"The reporting and dashboards have room for improvement."

What is our primary use case?

We use AT&T AlienVault USM as a managed SOC service for our customers to detect and respond to security events and potential incidents.

How has it helped my organization?

AT&T AlienVault USM has improved detection of the potential threats and helped us to proactively take action against these threats. AT&T USM has enabled us to identify the weaknesses and has helped in strengthening the weaknesses.

*Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Read full review (688 words)
Gerald Mbewa - PeerSpot user
Cyber Security Analyst at DIgital Sentry Ltd
Verified user of USM Anywhere
Jan 23, 2023
It provides a central place for ingesting and managing logs but lacks automated remediation

Pros

"Having everything in a central place has been helpful. "

Cons

"AlienVault cannot automatically respond to threats like other SIEM solutions, such as Sentinel and LogRhythm. Most of our clients are far away, so it's often challenging to handle alerts when they come up on our dashboard. "

What is our primary use case?

AlienVault provides a central place for monitoring the logs from various security tools in our environment, such as CrowdStrike and Datrix. It gives us complete visibility into the logs from those tools and endpoints in our environment. We use AlienVault for managing logs and vulnerabilities with tools like CrowdStrike.

What is most valuable?

Having everything in a central place has been helpful. 

*Disclosure: My company has a business relationship with this vendor other than being a customer. partner
Read full review (375 words)