AWS Security Hub vs USM Anywhere comparison

You must select at least 2 products to compare!
Microsoft Logo
35,678 views|20,151 comparisons
Amazon Logo
9,239 views|7,654 comparisons
AT&T Logo
7,286 views|5,035 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between AWS Security Hub and USM Anywhere based on real PeerSpot user reviews.

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed AWS Security Hub vs. USM Anywhere Report (Updated: November 2023).
745,341 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going.""It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment.""The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it.""The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards.""Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly.""It's pretty powerful and its performance is pretty good.""The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities.""The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."

More Microsoft Sentinel Pros →

"The most valuable feature of AWS Security Hub is the ability to track when monitoring is not enabled on any of my resources.""Currently, our organization utilizes AWS for various purposes, including SaaS (Software as a Service), PaaS (Platform as a Service), and hosting applications in the cloud. We develop our applications and use AWS services as a platform for basic functions and secondary development needs. Additionally, we rely on PaaS for accounting services. Approximately, 50% of our applications are hosted in the cloud environment, making it a significant part of our current setup.""The best feature of AWS Security Hub is that you can get compliance or your cloud's current security posture.""The most valuable feature of the solution stems from the fact that it is easy to manage...It is a scalable solution.""Cloudposse is a valuable feature as it guarantees my security.""I find all of the features to be highly valuable.""The platform has valuable features for security.""I like that AWS Security Hub currently has several good features, around four or five. The technical support for AWS Security Hub is also responsive."

More AWS Security Hub Pros →

"Our main focus was intrusion detection, alerts, and correlation. It's easy to use AlienVault and integrate it with other alert tools because it includes lots of connectors. Either the tool is already there, or AlienVault will write an API for us if they don't have a connector for the solution that is providing the logs.""The ease of implementation is the most valuable feature.""AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small company that doesn't have those resources.""Easy to use, scalable, stable, and very intuitive platform that provides protection against security threats.""What I find the most valuable about USM Anywhere is its compliance. It shows a list of all the administrators logged on and does it quite well. There are no whistles and bells, it's reliable and simple to use.""Every activity on the firewall is recorded, and notifications are sent with this solution.""The most valuable features of AT&T AlienVault USM are the ease of management and knowledge of what is on the network of my customers. It's easy to understand the problems, and management our alarms and events.""The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution. So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable."

More USM Anywhere Pros →

"The reporting could be more structured.""If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients.""Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes.""Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc.""The playbook is a bit difficult and could be improved.""The product can be improved by reducing the cost to use AI machine learning.""Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel.""Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."

More Microsoft Sentinel Cons →

"The telemetry doesn't always go into the control center. When you have multiple instances running in AWS, you need a control tower to take feeds from Security Hub and analyze your results. Sometimes exemptions aren't passed between the control tower and Security Hub. The configuration gets mixed up or you don't get the desired results.""Whenever my team gets some alarms from the central team, my team needs to initiate whether it's a real or false trigger. The central team needs to keep adjusting to the parameters or at least the concerned IPs, whether it's really from the company's pool of IPs, so the trigger process can be improved. In the next release of AWS Security Hub, I'd like a better dashboard that could result in better alert visibility.""AWS Security Hub's configuration and integration are areas where it lacks and needs to improve.""From an improvement perspective, there is a need to add more compliance since, right now, AWS Security Hub only provides four to five compliances to control the tool.""Although AWS Security Hub does a periodic scan of your overall infrastructure, it doesn't do it in real time.""It is not flexible for multi-cloud environments.""Adding SIEM features would be beneficial because of the limited customization of AWS Security Hub.""AWS Security Hub should improve the time it takes to update. It takes a long period of time when updating. It can take 24 hours sometimes to update. Additionally, when integrating this solution with more security tools, takes time."

More AWS Security Hub Cons →

"AlienVault cannot automatically respond to threats like other SIEM solutions, such as Sentinel and LogRhythm. Most of our clients are far away, so it's often challenging to handle alerts when they come up on our dashboard.""The reporting and dashboards have room for improvement.""Sometimes the log is unclear, and the report is a bit ambiguous.""USM Anywhere relies a lot on the community putting the data in. Often, you'll right-click on the attack, but nothing will be found. That's a weakness of it.""The price of AT&T AlienVault USM could be reduced.""Adding a parsing interface for the customers would make AT&T AlienVault USM better.""The AT&T AlienVault USM is okay, but the relational database is not very good for large amounts of data. For example, many logs cannot be processed. It has been very slow for the queries and some data which are large, it is not very good in this case.""I want to see more compliance management capability. The quality of integrations seems to be a little bit low."

More USM Anywhere Cons →

Pricing and Cost Advice
  • "I have worked with a lot of SIEMs. We are using Sentinel three to four times more than other SIEMs that we have used. Azure Sentinel's only limitation is its price point. Sentinel costs a lot if your ingestion goes up to a certain point."
  • "Pricing is pay-as-you-go with Sentinel, which is good because it all depends on the number of users and the number of devices to which you connect."
  • "For us, it is not expensive at this time, but if we start to collect all logs from our on-premise SIEM solutions, it will cost more than QRadar. If we calculate its cost over the next five or ten years, it will cost more than what we paid for QRadar."
  • "I don't know yet because they gave us a 30-day test window for free."
  • "It's costly to maintain and renew."
  • "Microsoft Sentinel is expensive."
  • "Sentinel is pretty competitive. The pricing is at the level of other SIEM solutions."
  • "It is certainly the most expensive solution. The cost is very high. We need to do an assessment using the one-month trial so that we can study the cost side. Before implementing it, we must do a careful calculation."
  • More Microsoft Sentinel Pricing and Cost Advice →

  • "The price of AWS Security Hub is average compared to other solutions."
  • "The pricing is fine. It is not an expensive tool."
  • "AWS Security Hub's pricing is pretty reasonable."
  • "There are multiple subscription models, like yearly, monthly, and packaged."
  • "AWS Security Hub is not an expensive tool. I would consider it to be a cheap solution. AWS Security Hub follows the PAYG pricing model, meaning you will have to pay for whatever you use."
  • More AWS Security Hub Pricing and Cost Advice →

  • "They charge a license based on the storage. ATT AlienVault USM is a less expensive solution than IBM QRadar."
  • "It is affordable, and it also has many features that the premium products such as ArcSight and QRadar have. It is a very good platform for a SIEM solution. Everything is included in the price."
  • "AlienVault is certainly not nearly as expensive as Splunk or QRadar. It's decently priced, but I don't have the exact figure."
  • "I rate the price of AT&T AlienVault USM a four out of five."
  • "AT&T AlienVault USM is an expensive solution and we pay for the license and the support separately. We paid for the license and support for three years."
  • "They are a little more expensive than Microsoft."
  • "We pay around $12,000 a year including storage."
  • More USM Anywhere Pricing and Cost Advice →

    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    745,341 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Top Answer:I find all of the features to be highly valuable.
    Top Answer:Adding SIEM features would be beneficial because of the limited customization of AWS Security Hub.
    Top Answer:We use it to get a comprehensive view of all the processes within the company. It provides us with centralized security… more »
    Top Answer:What I find the most valuable about USM Anywhere is its compliance. It shows a list of all the administrators logged on… more »
    Top Answer:The solution is not expensive at all. When it comes to costliness, I would rate it a two out of ten.
    Top Answer:USM Anywhere relies a lot on the community putting the data in. Often, you'll right-click on the attack, but nothing… more »
    Also Known As
    Azure Sentinel
    AT&T AlienVault USM, AlienVault, AlienVault USM, Alienvault Cybersecurity
    Learn More

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    AWS Security Hub is a comprehensive security service that provides a centralized view of security alerts and compliance status across an AWS environment. It collects data from various AWS services, partner solutions, and AWS Marketplace products to provide a holistic view of security posture. With Security Hub, users can quickly identify and prioritize security issues, automate compliance checks, and streamline remediation efforts. 

    The service offers a range of features including continuous monitoring, threat intelligence integration, and customizable dashboards. It also provides automated insights and recommendations to help users improve their security posture. Security Hub integrates with other AWS services like Amazon GuardDuty, AWS Config, and AWS Macie to provide a unified security experience. Additionally, it supports integration with third-party security tools through its API, allowing users to leverage their existing security investments. 

    With its user-friendly interface and powerful capabilities, AWS Security Hub is a valuable tool for organizations looking to enhance their security and compliance posture in the cloud.

    USM Anywhere centralizes security monitoring of networks and devices in the cloud, on premises, and in remote locations, helping you to detect threats virtually anywhere.


    • Network asset discovery
    • Software & services discovery
    • AWS asset discovery
    • Azure asset discovery
    • Google Cloud Platform asset discovery


    • SIEM event correlation, auto-prioritized alarms
    • User activity monitoring
    • Up to 90-days of online, searchable events


    • Cloud intrusion detection (AWS, Azure, GCP)
    • Network intrusion detection (NIDS)
    • Host intrusion detection (HIDS)
    • Endpoint Detection and Response (EDR)


    • Forensics querying
    • Automate & orchestrate response
    • Notifications and ticketing


    • Vulnerability scanning
    • Cloud infrastructure assessment
    • User & asset configuration
    • Dark web monitoring


    • Pre-built compliance reporting templates
    • Pre-built event reporting templates
    • Customizable views and dashboards
    • Log storage
    Learn more about Microsoft Sentinel
    Learn more about AWS Security Hub
    Learn more about USM Anywhere
    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Edmunds,, GoDaddy,
    Abel & Cole, Bank of Ireland, Bluegrass Cellular, CareerBuilder, Claire's, Hays Medical Center, Hope International, McCurrach, McKinsey & Company, Party Delights, Pepco Holdings, Richland School District, Ricoh, SaveMart, Shake Shack, Steelcase, TaxAct, Taylor Morrison, Vonage and Zoom
    Top Industries
    Financial Services Firm22%
    Computer Software Company11%
    Manufacturing Company8%
    Real Estate/Law Firm6%
    Computer Software Company17%
    Financial Services Firm10%
    Manufacturing Company7%
    Financial Services Firm22%
    Recreational Facilities/Services Company11%
    Manufacturing Company11%
    Computer Software Company17%
    Financial Services Firm13%
    Manufacturing Company7%
    Financial Services Firm19%
    Healthcare Company17%
    Computer Software Company8%
    Comms Service Provider8%
    Computer Software Company17%
    Comms Service Provider8%
    Educational Organization6%
    Company Size
    Small Business33%
    Midsize Enterprise20%
    Large Enterprise47%
    Small Business24%
    Midsize Enterprise16%
    Large Enterprise60%
    Small Business18%
    Midsize Enterprise18%
    Large Enterprise64%
    Small Business21%
    Midsize Enterprise12%
    Large Enterprise66%
    Small Business55%
    Midsize Enterprise25%
    Large Enterprise20%
    Small Business36%
    Midsize Enterprise19%
    Large Enterprise46%
    Buyer's Guide
    AWS Security Hub vs. USM Anywhere
    November 2023
    Find out what your peers are saying about AWS Security Hub vs. USM Anywhere and other solutions. Updated: November 2023.
    745,341 professionals have used our research since 2012.

    AWS Security Hub is ranked 12th in Security Information and Event Management (SIEM) with 9 reviews while USM Anywhere is ranked 9th in Security Information and Event Management (SIEM) with 13 reviews. AWS Security Hub is rated 7.8, while USM Anywhere is rated 7.8. The top reviewer of AWS Security Hub writes "An easy-to-manage tool that needs to make more compliances available for its users". On the other hand, the top reviewer of USM Anywhere writes "A very scalable solution with vulnerability management that helps avoid weaknesses, but needs broader compliance management capabilities". AWS Security Hub is most compared with Prisma Cloud by Palo Alto Networks, Wiz, Microsoft Defender for Cloud, Splunk Enterprise Security and Oracle Security Monitoring and Analytics Cloud Service, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, Splunk Enterprise Security, IBM Security QRadar and Rapid7 InsightIDR. See our AWS Security Hub vs. USM Anywhere report.

    See our list of best Security Information and Event Management (SIEM) vendors.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.