USM Anywhere and Wazuh compete in the security information and event management (SIEM) space. USM Anywhere appears to have the upper hand due to its comprehensive features and enterprise-friendly pricing structure, making it suitable for organizations with larger security budgets and needs.
Features: USM Anywhere integrates SIEM, HIDS, and NIDS with centralized log management, vulnerability scanning, and correlation engines to enhance threat detection. It's particularly beneficial for organizations that require ISO compliance. Wazuh, being open-source, supports customizable integrations and is effective for threat detection, file monitoring, and compliance reporting, catering to cost-conscious users.
Room for Improvement: USM Anywhere needs enhancements in ease of deployment, search capabilities, and plugin support, alongside refining user guidance and custom rule updates. Wazuh faces challenges with scalability, third-party application integration, and its limited AI capabilities, along with a lack of built-in threat intelligence compared to other solutions.
Ease of Deployment and Customer Service: USM Anywhere provides both cloud and on-premises deployment options, though some users find support inconsistent, relying instead on community solutions. Wazuh excels in on-premises deployment with strong community support, despite its direct technical support being perceived as lacking at times.
Pricing and ROI: USM Anywhere offers flexible pricing based on components and log volume, making it a preferred choice for mid-sized organizations. It promises a favorable ROI by integrating multiple security capabilities. In contrast, Wazuh's open-source nature makes it cost-effective, with savings arising from reduced licensing costs and expenses primarily tied to support and host infrastructure.
Customers see ROI as they save on staff and other resources.
I have seen value in security cost savings with Wazuh, as using proprietary EDR versions could save us substantial money.
They responded quickly, which was crucial as I was on a time constraint.
We use the open-source version of Wazuh, which does not provide paid support.
The documentation is good and provides clear instructions, though it's targeted at those with technical backgrounds.
USM Anywhere faces scalability issues because of a 60 TB limit.
It can accommodate thousands of endpoints on one instance, and multiple instances can run for different clients.
Currently, I don't see any limitations in terms of scalability as Wazuh can still connect many endpoints.
Scalability depends on the configuration and the infrastructure resources like compute and memory we allocate.
The stability of Wazuh is strong, with no issues stemming from the solution itself.
The stability of Wazuh is largely dependent on maintenance.
The indexer frequently times out, requiring system restarts.
There are scalability issues due to a 60 TB limit, which restricts its use for large customers like banks.
Machine learning is needed along with understanding user behavior and behavioral patterns.
The integration modules are insufficiently developed, necessitating the creation of custom integration solutions using tools like Logstash and PubSub.
I think Wazuh should improve by introducing AI functionalities, as it would be beneficial to see AI incorporated in the threat hunting and detection functionalities.
The pricing is amazing and really cheap.
Wazuh is completely free of charge.
I would definitely recommend Wazuh, especially considering Fortinet's licensing model which is confusing and overpriced in my opinion.
Totaling around two lakh Indian rupees per month.
The 365-day block query is a major feature.
Wazuh is a SIEM tool that is highly customizable and versatile.
The system allows us to monitor endpoints effectively and collect security data that can be utilized across other platforms such as SOAR.
With this open source tool, organizations can establish their own customized setup.
| Product | Mindshare (%) |
|---|---|
| Wazuh | 5.8% |
| USM Anywhere | 1.0% |
| Other | 93.2% |
| Company Size | Count |
|---|---|
| Small Business | 64 |
| Midsize Enterprise | 29 |
| Large Enterprise | 25 |
| Company Size | Count |
|---|---|
| Small Business | 27 |
| Midsize Enterprise | 15 |
| Large Enterprise | 8 |
USM Anywhere centralizes security monitoring of networks and devices in the cloud, on premises, and in remote locations, helping you to detect threats virtually anywhere.
Discover
Analyze
Detect
Respond
Assess
Report
Wazuh offers an open-source platform designed for seamless integration into diverse environments, making it ideal for enhancing security infrastructure. Its features include log monitoring, compliance support, and real-time threat detection, providing effective cybersecurity management.
Wazuh stands out for its ability to integrate easily with Kubernetes, cloud-native infrastructures, and various SIEM platforms like ELK. It features robust MITRE ATT&CK correlation, comprehensive log monitoring capabilities, and detailed reporting dashboards. Users benefit from its file integrity monitoring and endpoint detection and response (EDR) capabilities, which streamline compliance and vulnerability assessments. While appreciated for its customization and easy deployment, room for improvement exists in scalability, particularly in the free version, and in areas such as threat intelligence integration, cloud integration, and container security. The platform is acknowledged for its strong documentation and technical support.
What are the key features of Wazuh?In industries like finance, healthcare, and technology, Wazuh is utilized for its capabilities in log aggregation, threat detection, and vulnerability management. Companies often implement its features to ensure compliance with stringent regulations and to enhance security practices across cloud environments. By leveraging its integration capabilities, organizations can achieve unified security management, ensuring comprehensive protection of their digital assets.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
