We compared Splunk Enterprise Security and USM Anywhere based on our users' reviews across several parameters. After reading all of the collected data, you can find our conclusion below.
Features: Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality. USM Anywhere is highly regarded for its extensive reporting capabilities, thorough vulnerability assessment, seamless file integration, and user-friendly management features. Users say Splunk is a highly scalable and customizable solution.
Room for Improvement: Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics. USM Anywhere users have suggested improvements in self-service plugin management, database optimization, and third-party threat intelligence integration.
Service and Support: While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. Reviews of USM Anywhere's support were likewise mixed. Some users say that USM Anywhere's customer service is knowledgeable and responsive, while others have faced delays and incomplete answers.
Ease of Deployment: Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators. The initial setup for USM Anywhere is generally considered to be straightforward if the user has technical knowledge. Vendor assistance is also available during the deployment phase.
Pricing: Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data. USM Anywhere is seen as more cost-effective than premium solutions like IBM QRadar and Splunk, with pricing considered reasonable and relatively low.
ROI: Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations. USM Anywhere has garnered favorable feedback regarding its ROI.
Comparison Results: Splunk is highly regarded for its efficient data processing and powerful search capabilities. Users like Splunk's customization options and ability to quickly process data from multiple sources. However, reviews noted that Splunk could be more user-friendly and improve its analytics. USM Anywhere earned praise for its intuitive management interface and vulnerability assessment features, but users say the solution could integrate third-party threat intelligence better.
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The initial setup is very simple and straightforward."
"We have no complaints about the features or functionality."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"We can ingest and correlate data from virtually any type of system."
"The dashboards are the most valuable feature. We like the ability to drill in and see what queries are under the dashboard, build new visualizations, edit the querying, and see the reports."
"The alerts are very effective."
"We have a more secure, robust environment, which keeps the harmful software out of the zone required."
"The most valuable feature of Splunk Enterprise Security is the comprehensive logging capabilities it provides."
"To get visibility from your network devices, servers, and security devices is a great feature."
"It helped us consolidate all our solutions into an easy tool to use for various employees."
"We are using Microsoft 365 and we're using the Exchange Mail Service. It's good for monitoring that in particular."
"Vulnerability scanning helped out shortcomings of what was not patched in the past and what needed to be patched. This assisted with fine tuning the environment for compliance."
"The vulnerability manager and the file integration are very good."
"The AlienVault solution has enabled us to create a SOC on a budget with smaller than usual staff requirements, offering a wider range of solutions for our customers."
"The solution is stable."
"The most valuable feature in AT&T AlienVault USM is the reporting."
"Asset discovery seems to be good."
"We're using it more for reporting, that's all. We're using it to help our customers to pass any kind of audits that they receive."
"Asset discovery and vulnerability scanner are good features. The integration between this solution and OTX, which is an AlienVault platform for Open Threat Exchange, is also a valuable feature. It is also quick and easy to deploy, so you can quickly engage with a customer's environment."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"The on-prem log sources still require a lot of development."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"Splunk could enhance its services by providing more comprehensive professional assistance aimed at optimizing our investment."
"Its search or filtering capability is nice, but it can be improved. It is currently a bit complicated, and it should be simplified. If we can write the search filter in a more simplified way, it would be better."
"I love the solution, but I would like to see more accessibility to the machine-learning capabilities that are sprinkled around Splunk."
"Search head clustering is often temperamental in its current state and should be improved, replaced by something better, or be reverted to search head pooling."
"On-premises scaling of the solution is a bit more limited than it is on the cloud."
"From the commercial point of view, they have to bring down their costs."
"I find that the learning curve for Splunk is relatively lengthy."
"An improved user interface along with multi-tenancy support would be beneficial."
"Sometimes the log is unclear, and the report is a bit ambiguous."
"The vulnerability reporting needs to have options to be able to sort or customize the output."
"The other thing is the agent is OSSEC. They needed to create its own agent to help to find threats on the devices that it happens to be installed."
"AlienVault must improve their correlation feature. Some of the events do not match with the correlation rules and some of the correlation events are false-positive."
"The AT&T AlienVault USM is okay, but the relational database is not very good for large amounts of data. For example, many logs cannot be processed. It has been very slow for the queries and some data which are large, it is not very good in this case."
"Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products."
"The dashboard could be improved as well as the level of customization."
"It should be able to communicate with other security solutions to stop threats."
Splunk Enterprise Security is ranked 1st in Log Management with 228 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. Splunk Enterprise Security is rated 8.4, while USM Anywhere is rated 8.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Rapid7 InsightIDR and LogRhythm SIEM. See our Splunk Enterprise Security vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.