We performed a comparison between RSA enVision and USM Anywhere based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."The features that stand out are the detection engine and its integration with multiple data sources."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"Log aggregation and data connectors are the most valuable features."
"The most valuable feature is the management features. It's capable of managing large enterprises."
"The most valuable feature of this solution is the reporting."
"The configuration part is very easy...The technical support was sincere in their responses...I rate the technical support a nine out of ten."
"The other big selling feature for us was its integration capabilities with all the other security-based products."
"Any unusual behaviour, we can monitor. We have alerts set up to be sent when we receive signs of any unusual behaviour."
"Easy to use, scalable, stable, and very intuitive platform that provides protection against security threats."
"AlienVault has an advanced component within one package. With this, we can cover more area with one solution."
"The IDS and the threat intelligence are very useful. They are very intuitive and data-rich."
"The vulnerability manager and the file integration are very good."
"As we have to service several servers, we can manage them in a economical way, which is beneficial to our team and business."
"Having everything in a central place has been helpful."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"The reporting could be more structured."
"One key area that can be improved is by building a strong integration with our XDR platform."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"The integration could be easier, it should support more products."
"In general, the solution currently isn't user-friendly."
"RSA enVision log manager is out of date and is not in use anymore."
"Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira. It is also a bit slow, and its replication engine can be improved."
"It should be able to communicate with other security solutions to stop threats."
"We develop additional rules and scripts to make it more usable."
"Search performance can be slow. The Raw Logs feature is painfully slow. And if we're talking about the newer, the Anywhere product, you can't even schedule reports on the thing. There are probably a dozen other features I'd really like to see there, but that would be one of the biggies."
"The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient."
"More complimentary training needs to be done for use with this tool. If you get into a bind, then it will cost you."
"Source material on the forums to be more up-to-date with the changes happening within the product. Forums being out-of-date with information due to the changes makes troubleshooting a little more difficult - specific to the HIDS agents."
"The only complex area of the setup was writing the custom scripts."
RSA enVision is ranked 36th in Security Information and Event Management (SIEM) with 5 reviews while USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews. RSA enVision is rated 6.8, while USM Anywhere is rated 8.4. The top reviewer of RSA enVision writes "Though the solution offers good technical support, it needs to be made more user-friendly ". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". RSA enVision is most compared with NetWitness Platform, Splunk Enterprise Security and IBM Security QRadar, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.