We performed a comparison between Sumo Logic Security and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The initial setup is very simple and straightforward."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"The solution is quite stable."
"It helps a lot because we can troubleshoot issues pretty easily."
"It gives us a bird's eye view of what's happening from our connection's point of view."
"Technical support is always great."
"We can integrate threat intelligence solutions into the product."
"Sumo Logic is an easy solution to use. You can set it up very quickly, and it includes a lot of training videos."
"The tool has key features like operability. It will alert the admins whenever a device is onboarded."
"We have used it many times to find a root cause of a live issue, then fix the problem in the applications."
"The dashboards are very descriptive and contain just the right amount of information. The activity alarms and events contain a plethora of data that is very descriptive and useful."
"This solution can completely detect and prevent incidents on your network."
"SIEM log collection is great, and all of the rules that support updates with maintenance."
"As we have to service several servers, we can manage them in a economical way, which is beneficial to our team and business."
"Every activity on the firewall is recorded, and notifications are sent with this solution."
"The asset management functionality (active and passive scans) is also really important. You can't protect what you do not know about, so having an inventory of all your devices and software is critical to a security management program."
"Log-monitoring and alerting enable us to know when things happen that we need to know about."
"The vulnerability scanning is helpful to identify the areas that need patching or fixes installed."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"We are invoiced according to the amount of data generated within each log."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"The AI capabilities must be improved."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"I would like to see more AI used in processes."
"There are some API gaps that are missing."
"If you look at some of the other offerings right now that are available in the market, they do offer APM as well as the product they're offering. I believe Sumo Logic is not there yet. So that's something which I would love to see."
"If you want to up your subscription through the AWS Marketplace, it can be difficult. You can't just go back to the AWS Marketplace, and say, "I want a bigger one now." You have to contact the sales team, then they do it on the back-end. This could definitely be improved."
"We would like the ability to drill down into a dashboard and get into deeper levels."
"It would be nice to have an improved ability to scroll through logs within a time frame. Right now, we can search for specific errors. However, if we want to look for "before and after" within a specific time frame, it's not easy using the tool. This would be an improvement."
"The solution should improve its UI."
"I would like better UI-driven functionality to create alerts and reports. Now, we have to understand the syntax, so it is a little difficult for someone to pick it up without using the manuals. If there was more of a graphical user interface, it would be beneficial."
"The dashboard has room for improvement, because sometimes it is a difficult to create a specific dashboard or query. This would be a nice place to correct problems."
"One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs... The logger can only hold so much data. If they improved that, that would help."
"More complimentary training needs to be done for use with this tool. If you get into a bind, then it will cost you."
"We develop additional rules and scripts to make it more usable."
"I've been told that AlienVault doesn't have a full version of NES running in there, but I'm not sure if that's accurate or if my engineer made it that way. I'm not sure he was completely honest either because we had NES in the environment before. Those tools could be improved because AlienVault is a SIEM, and it added all these other features."
"Source material on the forums to be more up-to-date with the changes happening within the product. Forums being out-of-date with information due to the changes makes troubleshooting a little more difficult - specific to the HIDS agents."
"Sometimes the log is unclear, and the report is a bit ambiguous."
"The AT&T AlienVault USM is okay, but the relational database is not very good for large amounts of data. For example, many logs cannot be processed. It has been very slow for the queries and some data which are large, it is not very good in this case."
"Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products."
Sumo Logic Security is ranked 21st in Log Management with 17 reviews while USM Anywhere is ranked 14th in Log Management with 113 reviews. Sumo Logic Security is rated 8.4, while USM Anywhere is rated 8.4. The top reviewer of Sumo Logic Security writes "Integrates well, useful rules, and beneficial GUI". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". Sumo Logic Security is most compared with Splunk Enterprise Security, Wazuh, Rapid7 InsightIDR, VMware Aria Operations for Logs and IBM Security QRadar, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our Sumo Logic Security vs. USM Anywhere report.
See our list of best Log Management vendors, best Security Information and Event Management (SIEM) vendors, and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.