We performed a comparison between USM Anywhere and Microsoft Sentinel based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: USM Anywhere is highly regarded for its extensive reporting capabilities, thorough vulnerability assessment, seamless file integration, and user-friendly management features. Microsoft Sentinel effectively identifies threats and integrates seamlessly with other Microsoft solutions. Users say Sentinel makes it easy to find information quickly using KQL queries and praised the solution’s centralized log storage. USM Anywhere users have suggested improvements in self-service plugin management, database optimization, and third-party threat intelligence integration. Microsoft Sentinel could benefit from simplifying documentation, enhancing collaboration with security vendors, and improving data ingestion. Users also want more robust threat intelligence and UEBA features.
Service and Support: Some users say that USM Anywhere's customer service is knowledgeable and responsive, while others have faced delays and incomplete answers. Some users praised Microsoft’s quick response times and expertise, while others experienced challenges and support delays.
Ease of Deployment: The initial setup for USM Anywhere is generally considered to be straightforward if the user has technical knowledge. Vendor assistance is also available during the deployment phase. Some users said that deploying Microsoft Sentinel is straightforward, while others consider it to be moderately complex.
Pricing: USM Anywhere is seen as more cost-effective than premium solutions like IBM QRadar and Splunk, with pricing considered reasonable and relatively low. Microsoft Sentinel charges customers based on data usage, and it can be expensive for users who need to ingest data from non-cloud sources.
ROI: USM Anywhere has garnered favorable feedback regarding its ROI. Some Sentinel users have seen cost savings, while others have not experienced any financial benefits.
Comparison Results: Our users prefer USM Anywhere over Microsoft Sentinel for its user-friendly nature and comprehensive reporting. Users also praised USM Anywhere's vulnerability assessment features and integration. Microsoft Sentinel needs improvement in areas such as documentation, log collection, and user interface.
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"It's pretty powerful and its performance is pretty good."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"OTX is a great module that lets staff maintain and monitor updates regarding events in the infrastructure and takes decision to improve the security perimeter."
"This is a USM, so being able to get all the features under one roof makes it a good product with good new features."
"The ease of implementation is the most valuable feature."
"It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts, NIDS, HIDS, etc. - provides a very efficient way of dealing with things."
"Using the communication within the security device, it is easier to create plugins."
"Log-monitoring and alerting enable us to know when things happen that we need to know about."
"Asset discovery and vulnerability scanner are good features. The integration between this solution and OTX, which is an AlienVault platform for Open Threat Exchange, is also a valuable feature. It is also quick and easy to deploy, so you can quickly engage with a customer's environment."
"The asset management functionality (active and passive scans) is also really important. You can't protect what you do not know about, so having an inventory of all your devices and software is critical to a security management program."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"The only thing is sometimes you can have a false positive."
"I would like to be able to monitor applications outside of the Azure Cloud."
"I think the number one area of improvement for Sentinel would be the cost."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"It would be nice to see some machine learning and monitoring of the configuration in network devices."
"It should be able to communicate with other security solutions to stop threats."
"There could be some type of integration with our existing portal. We have our own customer portals, and it would be good if there was an integration so that our portal can provide reports. There could be some type of API into the AlienVault system with the USM system so that it is easy to show the customers high-level reports of the system through our portal."
"The reporting is mediocre and is something that needs to be improved."
"Adding a parsing interface for the customers would make AT&T AlienVault USM better."
"The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing."
"The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management."
"The dashboard could be improved as well as the level of customization."
Microsoft Sentinel is ranked 1st in Security Information and Event Management (SIEM) with 85 reviews while USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews. Microsoft Sentinel is rated 8.2, while USM Anywhere is rated 8.4. The top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Microsoft Defender for Cloud, Splunk Enterprise Security and Elastic Security, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our Microsoft Sentinel vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
