We performed a comparison between AlienVault OSSIM and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The initial setup is very simple and straightforward."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The pricing of the product is excellent."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"Free ingestion for Azure logs (with E5 licence)"
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"With AlienVault you get everything in one box."
"Better than other SIEM solutions because almost everything can be integrated."
"The threat alerts it gives me from time to time on harmful code within the network, or if they are generating any network traffic, are very useful."
"The most valuable features of AlienVault OSSIM are case management, ease of configuration, and investigation."
"The dashboard is the solution's most valuable aspect. It brings everything into one central point where I can actually look at it and go, "Okay, I understand what's going on.""
"There are a lot of people you will find using OSSIM since they are also offering OTX as a service"
"AlienVault OSSIM is an enterprise solution that sells easily. It is rated highly by organizations."
"The most valuable features of AlienVault OSSIM are vulnerability assessment, network intrusion detection system, response to critical events, and awareness of the whole network."
"As we have to service several servers, we can manage them in a economical way, which is beneficial to our team and business."
"Asset discovery seems to be good."
"Allowed us to help our customers satisfy compliance needs around logging and monitoring."
"It brought our logs into one place for review and set up alarms based on changes we were missing due to lack of having one place for everything to go."
"Any unusual behaviour, we can monitor. We have alerts set up to be sent when we receive signs of any unusual behaviour."
"The new cloud-based panel is excellent both for client review as well as for our SOC to review and respond to threats. It is much easier to configure and use than the previous solution from AlienVault."
"Using the communication within the security device, it is easier to create plugins."
"Our main focus was intrusion detection, alerts, and correlation. It's easy to use AlienVault and integrate it with other alert tools because it includes lots of connectors. Either the tool is already there, or AlienVault will write an API for us if they don't have a connector for the solution that is providing the logs."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"There is room for improvement in entity behavior and the integration site."
"There needs to be more support or some kind of training program so users can self-learn the system more effectively."
"They can add more compliance templates."
"It takes some time. It does not give me a prompt response for any such [malicious] traffic. It takes time to get that alert from the AlienVault system."
"The correlation engine needs to be improved."
"AlienVault OSSIM gives unwanted notifications."
"AlienVault OSSIM should improve the deployment and make it unified like the USM."
"The user interface could be improved."
"AlienVault OSSIM on-premise version is more difficult to implement than the cloud version. Additionally, they should add integration between several different environments at once and improve their online knowledge base."
"Reporting is convoluted and difficult at times, although they claim to have hundreds of pre-built reports, very few of them are actually useful for anything but what the USM is doing."
"USM Anywhere relies a lot on the community putting the data in. Often, you'll right-click on the attack, but nothing will be found. That's a weakness of it."
"AT&T AlienVault USM can improve searchable data. It should be available for more than 90 days. If you need more than 90 days of data, you have to put a request and they give you raw data, which is not easy to search. A good addition would be to allow users to search data older than 90 days."
"The solution is a bit complicated. It could be simplified quite a bit."
"The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient."
"The other thing is the agent is OSSEC. They needed to create its own agent to help to find threats on the devices that it happens to be installed."
"The only room for improvement I can mention is the initial installation procedures. I found that the online installation instructions for the product were missing important details, they lacked necessary steps."
"We would like more plugins. This being the main point of improvement which would benefit the users."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 27 reviews while USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews. AlienVault OSSIM is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". AlienVault OSSIM is most compared with Wazuh, Elastic Security, Splunk Enterprise Security, Fortinet FortiSIEM and AWS Security Hub, whereas USM Anywhere is most compared with Wazuh, IBM Security QRadar, Splunk Enterprise Security, Rapid7 InsightIDR and LogRhythm SIEM. See our AlienVault OSSIM vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.