We compared Splunk Enterprise Security and USM Anywhere based on our users' reviews across several parameters. After reading all of the collected data, you can find our conclusion below.
Features: Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality. USM Anywhere is highly regarded for its extensive reporting capabilities, thorough vulnerability assessment, seamless file integration, and user-friendly management features. Users say Splunk is a highly scalable and customizable solution.
Room for Improvement: Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics. USM Anywhere users have suggested improvements in self-service plugin management, database optimization, and third-party threat intelligence integration.
Service and Support: While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. Reviews of USM Anywhere's support were likewise mixed. Some users say that USM Anywhere's customer service is knowledgeable and responsive, while others have faced delays and incomplete answers.
Ease of Deployment: Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators. The initial setup for USM Anywhere is generally considered to be straightforward if the user has technical knowledge. Vendor assistance is also available during the deployment phase.
Pricing: Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data. USM Anywhere is seen as more cost-effective than premium solutions like IBM QRadar and Splunk, with pricing considered reasonable and relatively low.
ROI: Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations. USM Anywhere has garnered favorable feedback regarding its ROI.
Comparison Results: Splunk is highly regarded for its efficient data processing and powerful search capabilities. Users like Splunk's customization options and ability to quickly process data from multiple sources. However, reviews noted that Splunk could be more user-friendly and improve its analytics. USM Anywhere earned praise for its intuitive management interface and vulnerability assessment features, but users say the solution could integrate third-party threat intelligence better.
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"Log aggregation and data connectors are the most valuable features."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The initial setup is very simple and straightforward."
"Splunk allows us to customize processing and dashboards, which helps us take care of our customers' needs."
"The ability to digest any information and then correlate it in accordance with what you need is valuable. The ability to connect to pretty much everything and bring the information in the same format is also valuable. On top of that, we can use their language in order to create and customize the dashboards, correlations, or analytics that we want to incorporate."
"The search lookups are useful."
"Splunk is quite flexible for our customers. Splunk does not filter from a specific lock, you can define it later."
"Internal tracking is helpful because we do not like to deal with multiple ticketing systems, and I am not a fan of ServiceNow. We are able to keep everything internal and utilize Enterprise Security."
"I really like the user interface and how it works."
"The most useful feature for me is the ability to create different kinds of alerts and set a different kind of denominator that will capture the real event. That is helpful for a power user like me."
"It is very scalable."
"What I find the most valuable about USM Anywhere is its compliance. It shows a list of all the administrators logged on and does it quite well. There are no whistles and bells, it's reliable and simple to use."
"AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small company that doesn't have those resources."
"The most valuable feature in AT&T AlienVault USM is the reporting."
"AT&T AlienVault USM is good for ELK Stack, the user experience is great because of its architecture. The ELK has a great performance and it has very good speed in the search and Kibana. Additionally, the visuals and dashboards and very nice and customizable."
"The ease of implementation is the most valuable feature."
"The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution. So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable."
"Every activity on the firewall is recorded, and notifications are sent with this solution."
"Easy to use, scalable, stable, and very intuitive platform that provides protection against security threats."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"There is room for improvement in entity behavior and the integration site."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"The documentation is in definite need of improvement."
"Writing queries is a bit complicated sometimes."
"Its interface and usability can always be improved."
"The UI could be better. This is applicable to Splunk in general. I know that a lot of people who get their hands on Splunk are hesitant to use it just because they find it overwhelming. There are a lot of options."
"Its user interface for everything other than the charts can be improved. Some parts of it can be simplified a bit, such as when importing documents that have the network traffic. When you're going through the information about the network traffic, you have to have the expertise, but even if a program is supposed to be for IT support, it is good to make it user-friendly because it gets easier to train people. When something goes wrong, the more difficult a program is in terms of UI, the harder it is to fix the issue."
"The pricing can be better."
"It is a hugely complicated product."
"The analytics of Splunk could be improved."
"AT&T AlienVault USM can improve searchable data. It should be available for more than 90 days. If you need more than 90 days of data, you have to put a request and they give you raw data, which is not easy to search. A good addition would be to allow users to search data older than 90 days."
"The AT&T AlienVault USM is okay, but the relational database is not very good for large amounts of data. For example, many logs cannot be processed. It has been very slow for the queries and some data which are large, it is not very good in this case."
"I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins."
"Sometimes the log is unclear, and the report is a bit ambiguous."
"Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products."
"I want to see more compliance management capability. The quality of integrations seems to be a little bit low."
"Adding a parsing interface for the customers would make AT&T AlienVault USM better."
"I've been told that AlienVault doesn't have a full version of NES running in there, but I'm not sure if that's accurate or if my engineer made it that way. I'm not sure he was completely honest either because we had NES in the environment before. Those tools could be improved because AlienVault is a SIEM, and it added all these other features."
Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:
- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds
- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft
- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft
- Respond to incidents rapidly with built-in orchestration and automation of common tasks
To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.
Splunk Enterprise Security is a SIEM, log management, and IT operations analytics tool. The solution provides users with the ability to secure their information and manage their data in the cloud, data centers, or other applications. Splunk Enterprise Security also offers visibility from different areas, levels, and devices, rather than from a single system, thus, providing its users with flexibility. Splunk Enterprise Security can monitor data and analyze, detect, and prevent intrusions. This benefits users as it provides alerts to possible intrusions, helps users to be proactive, and reduces risk factors.
Break down data silos and gain actionable intelligence by ingesting data from multicloud and on-premises deployments. Get full visibility to quickly detect malicious threats in your environment.
Defend against threats with advanced security analytics, machine learning and threat intelligence that focus detection and provide high-fidelity alerts to shorten triage times and raise true positive rates.
Gather all the context you need and initiate flexible investigations with security analytics at your fingertips. The built-in open and extensible data platform boosts productivity and drives down fatigue.
Built on an open and scalable data platform, you can stay agile in the face of evolving threats and business needs. Splunk meets you where you are on your cloud journey, and integrates across your data, tools and content.
USM Anywhere centralizes security monitoring of networks and devices in the cloud, on premises, and in remote locations, helping you to detect threats virtually anywhere.
Splunk Enterprise Security is ranked 1st in Log Management with 74 reviews while USM Anywhere is ranked 13th in Log Management with 13 reviews. Splunk Enterprise Security is rated 8.6, while USM Anywhere is rated 7.8. The top reviewer of Splunk Enterprise Security writes "Can be used to find any threats or vulnerabilities inside a user’s environment". On the other hand, the top reviewer of USM Anywhere writes "A very scalable solution with vulnerability management that helps avoid weaknesses, but needs broader compliance management capabilities". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Rapid7 InsightIDR and LogRhythm SIEM. See our Splunk Enterprise Security vs. USM Anywhere report.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.