Palo Alto Networks AutoFocus vs Splunk User Behavior Analytics vs USM Anywhere comparison

The compared Palo Alto Networks and Splunk solutions aren't in the same category. Palo Alto Networks is ranked #20 in TIPT , with an average rating of 6.0, and holds a 1.2% mindshare in the category. Splunk is ranked #4 in UBA , with an average rating of 7.8, and holds a 8.9% mindshare. Additionally, 87% of Palo Alto Networks users are willing to recommend the solution, compared to 100% of Splunk users who would recommend it.

Palo Alto Networks AutoFocus

Read 7 Palo Alto Networks AutoFocus reviews

1,260 Views
1,058 Comparison Views

87% willing to recommend

Splunk User Behavior Analytics

Read 24 Splunk User Behavior Analytics reviews

3,300 Views
1,188 Comparison Views

100% willing to recommend

USM Anywhere

Read 115 USM Anywhere reviews

2,455 Views
1,719 Comparison Views

92% willing to recommend

Palo Alto Networks AutoFocus

Splunk User Behavior Analytics

USM Anywhere

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Palo Alto Networks AutoFocus, Splunk User Behavior Analytics, and USM Anywhere based on real PeerSpot user reviews.

Find out what your peers are saying about CrowdStrike, Recorded Future, VirusTotal and others in Threat Intelligence Platforms.

To learn more, read our detailed Threat Intelligence Platforms Report (Updated: August 2025).

Buyer's Guide

Threat Intelligence Platforms

August 2025

Download the complete report

Helped 868,029 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Mindshare comparison

Threat Intelligence Platforms Market Share Distribution
Product	Market Share (%)
Palo Alto Networks AutoFocus	1.2%
Recorded Future	14.8%
CrowdStrike Falcon	8.7%
Other	75.3%

Threat Intelligence Platforms

User Entity Behavior Analytics (UEBA) Market Share Distribution
Product	Market Share (%)
Splunk User Behavior Analytics	8.9%
Exabeam	9.6%
IBM Security QRadar	9.3%
Other	72.2%

User Entity Behavior Analytics (UEBA)

Security Information and Event Management (SIEM) Market Share Distribution
Product	Market Share (%)
USM Anywhere	1.0%
Wazuh	10.9%
Splunk Enterprise Security	9.3%
Other	78.8%

Security Information and Event Management (SIEM)

Featured Reviews

RichPhillips

Enterprise Architect at a tech services company with 5,001-10,000 employees

Offers a centralized dashboard for reporting threats and anomalies

The tool along with other suite of products provides us with threat and alert information. The solution has provided us with a centralized dashboard for reporting threats and anomalies. I am impressed with the tool's integration of Palo Alto products which serves as a platform for security. I…

Read full review

Subhayu Chakraborty

System Engineer at Infosys

Automatic reports streamline tasks and offers easy report gathering

The dashboard part could be improved. While using it, I noticed two options: Classic, which is adequate yet only in black and white, and another one that is more advanced or smart, though I forgot the exact term. I encountered several issues while trying to create solutions for this advanced version, which seem unrelated to query or data issues.

Read full review

Kris Nawani

Co-Founder/Director at Bangkok MSP Company Limited

Offers complete coverage without the need to install additional software

USM Anywhere is used for threat detection and investigation. It provides a solution with built-in threat intelligence and various other investigation tools The solution offers complete coverage without the need to install additional software, as it is maintained by the vendor. It helps in saving…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"I am impressed with the tool's integration of Palo Alto products which serves as a platform for security."

"It integrates well with other solutions and provides good threat intelligence in terms of external threats."

"The feature that I like best is the dashboard."

"I would rate Palo Alto Networks AutoFocus a ten out of ten."

"Palo Alto Networks AutoFocus has had a positive impact on my company as we can reduce the cost for the SOC investment, and we can also get good feedback on how to strengthen our network from the expertise people available."

"The most valuable feature is alerting."

"The logs play a crucial role as they contribute to blocking unwanted Internet traffic."

"The solution appears to be stable, although we haven't used it heavily."

"The most valuable features are its data aggregation and the ability to automatically identify a number of threats, then suggest recommended actions upon them."

"The product is at the forefront of auto-remediation networking. It's great."

"The most valuable feature is being able to take data and put it into other systems so that we could see the output, and to see where we need to apply our focus."

"Splunk is highly valuable for query purposes."

"Features like alerts and auto report generation are valuable."

"Splunk's technical support is amazing."

"This intelligent user behavior analytics package is easy to configure and use while remaining feature filled."

More Splunk User Behavior Analytics pros

"Every activity on the firewall is recorded, and notifications are sent with this solution."

"SIEM log collection is great, and all of the rules that support updates with maintenance."

"The solution has all the features that we need, however they do not work correctly."

"Its powerful correlation engine helps reduce time in manually correlating events."

"Ease of deployment across various environments."

"Easy to use, scalable, stable, and very intuitive platform that provides protection against security threats."

"It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts, NIDS, HIDS, etc. - provides a very efficient way of dealing with things."

"The asset discovery and inventory capabilities in USM Anywhere is quite good."

More USM Anywhere pros

Cons

"I would like to have more technical documentation that contains greater detail on the types of threats that are occurring."

"It would be helpful to have better documentation for configuring and installing the solution."

"It would be better if they used the threat intelligence feeds directly from their side and changing the verdict instead of us requesting it."

"I would like the tool to see more integration with Cortex XDR. There is no real reason to keep them separate."

"It is a completely cloud-based product at present."

"In terms of improvements, advanced reporting could see enhancements as there are some issues with latency."

"If the price was lowered and the setup process was less complex, I would consider rating it higher."

"The initial setup was complex because some of the configurations that we required needed customization."

"There are occasional bugs."

"A disadvantage is that it can lead to cost overrun if not properly factored or governed."

"They should work to add more built-in correlation searches and more use cases based on worldwide customer experiences. They need more ready-made use cases."

"It could be easier to scale the solution if you are using it on-premise, not in the cloud."

"The dashboard part could be improved. While using it, I noticed two options: Classic, which is adequate yet only in black and white, and another one that is more advanced or smart."

More Splunk User Behavior Analytics cons

"The reporting is mediocre and is something that needs to be improved."

"The dashboard could be improved as well as the level of customization."

"The lack of mature functionality and expertise in any of those areas is a strong negative."

"We develop additional rules and scripts to make it more usable."

"Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira. It is also a bit slow, and its replication engine can be improved."

"It was easy on PoC, but when we got to the product it was different story. We had to learn the product again and got feeling that the PoC was a different product."

"Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products."

"The price of AT&T AlienVault USM could be reduced."

More USM Anywhere cons

Pricing and Cost Advice

"The solution is reasonably priced."

"It is expensive."

"There are additional costs associated with the integrator."

"The licensing costs is around 10,000 dollars."

"Pricing varies based on the packages you choose and the volume of your usage."

"I hope we can increase the free license to be more than 5 gig a day. This would help people who want to introduce a POC or a demo license for the solution."

"I am not aware of the price, but it is expensive."

"My biggest complaint is the way they do pricing... You can never know the pricing for next year. Every single time you adjust to something new, the price goes up. It's impossible to truly budget for it. It goes up constantly."

"It is a product that is priced in a medium range, making it neither a cheap nor a costly product."

"We pay around $12,000 a year including storage."

"Negotiate the best package for your environment."

"Its price is in the medium to upper range."

"The licensing fees are dependent on usage."

"I don't think the product's pricing is a good value because they try to raise the price 50 percent every year... AlienVault needs to understand that not all customers are huge enterprises... Their sales team is way too aggressive. The price they advertise is not always the price you get."

"The ROI is quite good."

"It is affordable, and it also has many features that the premium products such as ArcSight and QRadar have. It is a very good platform for a SIEM solution. Everything is included in the price."

More USM Anywhere pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Threat Intelligence Platforms solutions are best for your needs.

See recommendations

868,029 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Performing Arts

13%

Insurance Company

10%

Computer Software Company

Manufacturing Company

Computer Software Company

17%

Financial Services Firm

10%

Government

University

Computer Software Company

17%

Comms Service Provider

10%

Educational Organization

Financial Services Firm

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	3
Midsize Enterprise	1
Large Enterprise	5

By reviewers
Company Size	Count
Small Business	7
Midsize Enterprise	5
Large Enterprise	12

By reviewers
Company Size	Count
Small Business	64
Midsize Enterprise	29
Large Enterprise	25

Questions from the Community

What needs improvement with Palo Alto Networks AutoFocus?

I feel that Palo Alto Networks AutoFocus can improve, especially since most of the OEMs are implementing MDR, Managed...

See all answers

What is your primary use case for Palo Alto Networks AutoFocus?

I use Palo Alto Networks AutoFocus for threat monitoring, and it is provided by the OEM itself. I use the threat data...

See all answers

What advice do you have for others considering Palo Alto Networks AutoFocus?

As a partner with Palo Alto Networks, my email is Sarvajit at bsrgroup.in. My job title is Technical Manager. I confi...

See all answers

What do you like most about Splunk User Behavior Analytics?

The solution's most valuable feature is Splunk queries, which allow us to query the logs and analyze the attack vectors.

See all answers

What is your experience regarding pricing and costs for Splunk User Behavior Analytics?

In terms of setup cost, pricing, and licensing, Splunk User Behavior Analytics is not an inexpensive product. The set...

See all answers

What needs improvement with Splunk User Behavior Analytics?

There are improvements that could be made to Splunk User Behavior Analytics as any product will have advantages and d...

See all answers

What do you like most about AT&T AlienVault USM?

The most valuable feature of the solution is the ease of deployment that it provides to users. The integrations that ...

See all answers

What is your experience regarding pricing and costs for AT&T AlienVault USM?

The pricing is amazing and really cheap.

See all answers

What needs improvement with AT&T AlienVault USM?

There are scalability issues due to a 60 TB limit, which restricts its use for large customers like banks. It is also...

See all answers

Comparisons

Anomali vs Palo Alto Networks AutoFocus

Compared 54% of the time

Recorded Future vs Palo Alto Networks AutoFocus

Compared 46% of the time

More Palo Alto Networks AutoFocus Competitors

Microsoft Purview Insider Risk Management vs Splunk User Behavior Analytics

Compared 49% of the time

Exabeam vs Splunk User Behavior Analytics

Compared 8% of the time

Darktrace vs Splunk User Behavior Analytics

Compared 7% of the time

Gurucul UEBA vs Splunk User Behavior Analytics

Compared 4% of the time

Varonis Platform vs Splunk User Behavior Analytics

Compared 4% of the time

More Splunk User Behavior Analytics Competitors

AlienVault OSSIM vs USM Anywhere

Compared 21% of the time

LogRhythm SIEM vs USM Anywhere

Compared 12% of the time

Splunk Enterprise Security vs USM Anywhere

Compared 9% of the time

Rapid7 InsightIDR vs USM Anywhere

Compared 7% of the time

IBM Security QRadar vs USM Anywhere

Compared 6% of the time

More USM Anywhere Competitors

Product Reports

Buyer's Guide

Threat Intelligence Platforms

August 2025

Download Palo Alto Networks AutoFocus product report

Buyer's Guide

Splunk User Behavior Analytics

August 2025

Download Splunk User Behavior Analytics product report

Buyer's Guide

USM Anywhere

August 2025

Download USM Anywhere product report

Also Known As

Palo Alto Threat Intelligence Management

Caspida, Splunk UBA

AT&T AlienVault USM, AlienVault, AlienVault USM, Alienvault Cybersecurity

Overview

AutoFocus contextual threat intelligence service accelerates analysis, correlation and prevention workflows. Unique, targeted attacks are automatically prioritized with full context, allowing security teams to respond to critical attacks faster, without additional IT security resources.

Palo Alto Networks

Splunk User Behavior Analytics is a behavior-based threat detection is based on machine learning methodologies that require no signatures or human analysis, enabling multi-entity behavior profiling and peer group analytics for users, devices, service accounts and applications. It detects insider threats and external attacks using out-of-the-box purpose-built that helps organizations find known, unknown and hidden threats, but extensible unsupervised machine learning (ML) algorithms, provides context around the threat via ML driven anomaly correlation and visual mapping of stitched anomalies over various phases of the attack lifecycle (Kill-Chain View). It uses a data science driven approach that produces actionable results with risk ratings and supporting evidence that increases SOC efficiency and supports bi-directional integration with Splunk Enterprise for data ingestion and correlation and with Splunk Enterprise Security for incident scoping, workflow management and automated response. The result is automated, accurate threat and anomaly detection.

Splunk

USM Anywhere centralizes security monitoring of networks and devices in the cloud, on premises, and in remote locations, helping you to detect threats virtually anywhere.

Discover

Network asset discovery
Software & services discovery
AWS asset discovery
Azure asset discovery
Google Cloud Platform asset discovery

Analyze

SIEM event correlation, auto-prioritized alarms
User activity monitoring
Up to 90-days of online, searchable events

Detect

Cloud intrusion detection (AWS, Azure, GCP)
Network intrusion detection (NIDS)
Host intrusion detection (HIDS)
Endpoint Detection and Response (EDR)

Respond

Forensics querying
Automate & orchestrate response
Notifications and ticketing

Assess

Vulnerability scanning
Cloud infrastructure assessment
User & asset configuration
Dark web monitoring

Report

Pre-built compliance reporting templates
Pre-built event reporting templates
Customizable views and dashboards
Log storage

LevelBlue

Sample Customers

Telkom Indonesia

8 Securities, AAA Western, AdvancedMD, Amaya, Cerner Corporation, CJ O Shopping, CloudShare, Crossroads Foundation, 7-Eleven Indonesia

Abel & Cole, Bank of Ireland, Bluegrass Cellular, CareerBuilder, Claire's, Hays Medical Center, Hope International, McCurrach, McKinsey & Company, Party Delights, Pepco Holdings, Richland School District, Ricoh, SaveMart, Shake Shack, Steelcase, TaxAct, Taylor Morrison, Vonage and Zoom

Buyer's Guide

Threat Intelligence Platforms

August 2025

Download Free Report

Find out what your peers are saying about CrowdStrike, Recorded Future, VirusTotal and others in Threat Intelligence Platforms. Updated: August 2025.

DOWNLOAD NOW

868,029 professionals have used our research since 2012.