Trellix ESM vs USM Anywhere Comparison 2024

Sponsored

Microsoft Sentinel

Read 85 Microsoft Sentinel reviews

31,886 views|17,713 comparisons

Trellix ESM

Read 34 Trellix ESM reviews

3,603 views|1,525 comparisons

USM Anywhere

Read 113 USM Anywhere reviews

5,644 views|3,733 comparisons

Comparison Buyer's Guide

Download the complete report

Buyer's Guide

Trellix ESM vs. USM Anywhere

May 2024

Executive Summary

We performed a comparison between Trellix ESM and USM Anywhere based on real PeerSpot user reviews.

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Trellix ESM vs. USM Anywhere Report (Updated: May 2024).

Download the complete report

771,157 professionals have used our research since 2012.

Featured Review

Nagendra Nekkala

Senior Manager ICT & Innovations at Bangalore International Airport Limited

Provides a unified set of tools to detect, investigate, and respond to incidents and enables proactive threat hunting

We use the tool because we want a solution that can quickly analyze large volumes of data across the enterprise. Microsoft Sentinel is a one-stop... Read more →

Daniel Durian

Information Security Manager at SM Prime Holdings

Provides visibility of all the traffic within the company infrastructure

It provides threat monitoring from the Internet and if there is malicious activity on the end-point, the ESM can provide us what host is affected.

Hesham Hameed

Operation Manager at Checksum Consultancy

Researched Trellix ESM but chose USM Anywhere: Easy to deploy, good integration with OTX, and good at asset discovery and vulnerability scanning

Quotes From Members

We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:

Pros

"It has a lot of great features.""The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects.""The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found.""We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place.""There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection.""It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks.""The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature.""The initial setup is very simple and straightforward."

More Microsoft Sentinel Pros →

"It can be easily deployed with the other solutions.""It is user-friendly. The notification part of McAfee ESM is very easy.""It has good technical support, which is available around the clock. You can call up anytime and get whatever you want. My queues are resolved.""The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it.""It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself.""Compared to other solutions, the user interface is good.""McAfee as a whole is a good solution.""The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure."

More Trellix ESM Pros →

"Every activity on the firewall is recorded, and notifications are sent with this solution.""The most valuable features of AT&T AlienVault USM are the ease of management and knowledge of what is on the network of my customers. It's easy to understand the problems, and management our alarms and events.""The most valuable feature in AT&T AlienVault USM is the reporting.""AlienVault provides a checklist answer when using SIEM.""SIEM log collection is great, and all of the rules that support updates with maintenance.""The most valuable feature of the solution is the ease of deployment that it provides to users. The integrations that the product has with third-party applications are useful.""Ease of deployment across various environments.""It brought our logs into one place for review and set up alarms based on changes we were missing due to lack of having one place for everything to go."

More USM Anywhere Pros →

Cons

"The playbook is a bit difficult and could be improved.""I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us.""If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement.""Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel.""They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us.""There is room for improvement in entity behavior and the integration site.""Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks.""If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."

More Microsoft Sentinel Cons →

"The user interface could be more user-friendly.""The support from McAfee ESM could improve. They could improve the speed.""I would like to see fingerprint recognition included in the next release of this solution.""McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support. It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better.""We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioural analytics.""It seems McAfee does test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs.""The initial setup is difficult and could improve.""I would like to see improvements to the user interface."

More Trellix ESM Cons →

"The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing.""The GUI needs to improve because it's not user-friendly.""The one thing I continue to dislike about the USM is the limitation on reports.""Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products.""AlienVault needs to continue to integrate with other third-party technologies that clients want to have monitored.""The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient.""I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins.""It was easy on PoC, but when we got to the product it was different story. We had to learn the product again and got feeling that the PoC was a different product."

More USM Anywhere Cons →

Pricing and Cost Advice

"It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."

"It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"

"Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."

"I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."

"It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."

"I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."

"Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."

"Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."

More Microsoft Sentinel Pricing and Cost Advice →

"You should buy the distributed option instead of the all-in-one for environments with more than 1000 end points."

"We pay for our licensing fees on a yearly basis, and there are no costs in addition to the standard licensing fees."

"The cost is dependent on the customer's environment and requirements."

"The pricing is good, and they are competitive compared to providers such as RSA and IBM QRadar."

"The cost is all included. The finance department handles the financial part, and we mostly don't get involved in it."

"We renew our license annually."

"McAfee is the right choice for a low-budget solution."

"The price is good. It's moderate. We follow a pay-as-you-go model. There are different models available, and they can also be monthly. You can choose monthly or yearly. It's very flexible. If our existing customers exceed the current plan, you can just call McAfee and get it extended."

More Trellix ESM Pricing and Cost Advice →

"AlienVault is flexible on their pricing for unlimited licenses."

"Pricing is very competitive with other products and you get much more functionality from AlienVault."

"QRadar, ArcSight and Splunk are some of the most expensive SIEM products out there in the market and not everyone has the budget to buy them. In such cases, AV USM is a very cost effective alternative."

"Do the one month trial and try to work out the kinks during it, as it has free support and service hours."

"We checked out several competitors. For what it can do and the cost, it was the best option!"

"Use the AlienVault team. They are helpful and the documentation that they provide is second to none."

"The price point is good."

"It has good pricing."

More USM Anywhere Pricing and Cost Advice →

See Which Vendors Are Best For You

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See Recommendations

771,157 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at a tech company

HP ArcSight vs. IBM QRadar vs. McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm

We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are based on Gartner Magic Q which is what Organizations typically use to select SIEM vendors. The Vendors mentioned here in the deck are : 1. HP ArcSight 2. McAfee Nitro 3. IBM QRadar 4. Splunk SIEM 5. RSA Security Analytic 6. LogRhythm. SIEM Technology Space SIEM market analysis of the last 3 years suggest: Market consolidation of SIEM players (25 vendors in 2011 to 16 vendors in 2013)Only products with technology maturity and a strong road map have featured in leaders quadrant.HP ArcSight & IBM Q1 Labs have maintained leadership in SIEM industry with continued technology upgradeMcAfee Nitro has strong product features & road map to challenge HP & IBM for leadershipHPArcSight The ArcSight Enterprise Threat and Risk Management (ETRM) Platform is an integrated set of products for collecting, analysing, and managing enterprise Security Event information ArcSight Enterprise Security Manager (ESM): Correlation and analysis engine used to identify security threat in real-time& virtual environments ArcSight Logger: Log storage and Search solution ArcSight IdentityView: User Identity tracking/User activity monitoring ArcSight Connectors: For data collection from a variety of data… Read more →

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threa...

Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »

Read all 10 answers →

What is a better choice, Splunk or Azure Sentinel?

Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »

Which is better - Azure Sentinel or AWS Security Hub?

Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »

Read all 2 answers →

What do you like most about McAfee ESM?

Top Answer:The solution's technical support is great.

Read all 22 answers →

What is your experience regarding pricing and costs for McAfee ESM?

Top Answer:The product is slightly expensive. They offer some discount on the purchase of a certain number of nodes. They should… more »

Read all 16 answers →

What needs improvement with McAfee ESM?

Top Answer:The integration capabilities of Trellix ESM with SaaS solutions are an area of concern where improvements are needed… more »

Read all 20 answers →

What do you like most about AT&T AlienVault USM?

Top Answer:The most valuable feature of the solution is the ease of deployment that it provides to users. The integrations that the… more »

Read all 33 answers →

What is your experience regarding pricing and costs for AT&T AlienVault USM?

Top Answer:It is a product that is priced in a medium range, making it neither a cheap nor a costly product.

Read all 33 answers →

What needs improvement with AT&T AlienVault USM?

Top Answer:The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve… more »

Read all 36 answers →

Comparisons

AWS Security Hub vs. Microsoft Sentinel

Compared 17% of the time.

IBM Security QRadar vs. Microsoft Sentinel

Compared 12% of the time.

Splunk Enterprise Security vs. Microsoft Sentinel

Compared 6% of the time.

Microsoft Defender for Cloud vs. Microsoft Sentinel

Compared 6% of the time.

Elastic Security vs. Microsoft Sentinel

Compared 5% of the time.

More Microsoft Sentinel Competitors →

ArcSight Enterprise Security Manager (ESM) vs. Trellix ESM

Compared 20% of the time.

IBM Security QRadar vs. Trellix ESM

Compared 18% of the time.

LogRhythm SIEM vs. Trellix ESM

Compared 17% of the time.

Splunk Enterprise Security vs. Trellix ESM

Compared 17% of the time.

Cybereason Endpoint Detection & Response vs. Trellix ESM

Compared 4% of the time.

More Trellix ESM Competitors →

Wazuh vs. USM Anywhere

Compared 26% of the time.

AlienVault OSSIM vs. USM Anywhere

Compared 12% of the time.

IBM Security QRadar vs. USM Anywhere

Compared 8% of the time.

Splunk Enterprise Security vs. USM Anywhere

Compared 7% of the time.

Rapid7 InsightIDR vs. USM Anywhere

Compared 5% of the time.

More USM Anywhere Competitors →

Also Known As

Azure Sentinel

McAfee ESM, NitroSecurity, McAfee Enterprise Security Manager

AT&T AlienVault USM, AlienVault, AlienVault USM, Alienvault Cybersecurity

Learn More

Microsoft

Trellix

Video Not Available

AT&T

Overview

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

Make your organization more resilient and confident with Trellix Security Operations. Filter out the noise and cut complexity to deliver faster, more effective SecOps. Integrate your existing security tools and connect with over 650 Trellix solutions and third-party products.

USM Anywhere centralizes security monitoring of networks and devices in the cloud, on premises, and in remote locations, helping you to detect threats virtually anywhere.

Discover

Network asset discovery
Software & services discovery
AWS asset discovery
Azure asset discovery
Google Cloud Platform asset discovery

Analyze

SIEM event correlation, auto-prioritized alarms
User activity monitoring
Up to 90-days of online, searchable events

Detect

Cloud intrusion detection (AWS, Azure, GCP)
Network intrusion detection (NIDS)
Host intrusion detection (HIDS)
Endpoint Detection and Response (EDR)

Respond

Forensics querying
Automate & orchestrate response
Notifications and ticketing

Assess

Vulnerability scanning
Cloud infrastructure assessment
User & asset configuration
Dark web monitoring

Report

Pre-built compliance reporting templates
Pre-built event reporting templates
Customizable views and dashboards
Log storage

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.

San Francisco Police Credit Union, Wªstenrot Gruppe, Volusion, California Department of Corrections & Rehabilitation, Government of New Brunswick, State of Colorado, Macquarie Telecom, Texas Tech University Health Sciences Center, Cologne Bonn Airport

Abel & Cole, Bank of Ireland, Bluegrass Cellular, CareerBuilder, Claire's, Hays Medical Center, Hope International, McCurrach, McKinsey & Company, Party Delights, Pepco Holdings, Richland School District, Ricoh, SaveMart, Shake Shack, Steelcase, TaxAct, Taylor Morrison, Vonage and Zoom

Top Industries

REVIEWERS

Financial Services Firm22%

Computer Software Company11%

Manufacturing Company8%

Comms Service Provider8%

VISITORS READING REVIEWS

Computer Software Company16%

Financial Services Firm10%

Government9%

Manufacturing Company7%

REVIEWERS

Financial Services Firm25%

Government15%

Healthcare Company10%

Manufacturing Company10%

VISITORS READING REVIEWS

Educational Organization71%

Computer Software Company5%

Financial Services Firm4%

Government4%

REVIEWERS

Financial Services Firm22%

Healthcare Company17%

Computer Software Company9%

Comms Service Provider7%

VISITORS READING REVIEWS

Computer Software Company17%

Government8%

Comms Service Provider7%

Educational Organization7%

Company Size

REVIEWERS

Small Business33%

Midsize Enterprise21%

Large Enterprise47%

VISITORS READING REVIEWS

Small Business25%

Midsize Enterprise16%

Large Enterprise59%

REVIEWERS

Small Business29%

Midsize Enterprise15%

Large Enterprise56%

VISITORS READING REVIEWS

Small Business8%

Midsize Enterprise75%

Large Enterprise18%

REVIEWERS

Small Business54%

Midsize Enterprise25%

Large Enterprise21%

VISITORS READING REVIEWS

Small Business34%

Midsize Enterprise19%

Large Enterprise47%

Buyer's Guide

Trellix ESM vs. USM Anywhere

May 2024

Free Report: Trellix ESM vs. USM Anywhere

Find out what your peers are saying about Trellix ESM vs. USM Anywhere and other solutions. Updated: May 2024.

DOWNLOAD NOW

771,157 professionals have used our research since 2012.

Trellix ESM is ranked 19th in Security Information and Event Management (SIEM) with 34 reviews while USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews. Trellix ESM is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, LogRhythm SIEM, Splunk Enterprise Security and Cybereason Endpoint Detection & Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our Trellix ESM vs. USM Anywhere report.

See our list of best Security Information and Event Management (SIEM) vendors.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.

Trellix ESM vs USM Anywhere comparison