We performed a comparison between Trellix ESM and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It has a lot of great features."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The initial setup is very simple and straightforward."
"It can be easily deployed with the other solutions."
"It is user-friendly. The notification part of McAfee ESM is very easy."
"It has good technical support, which is available around the clock. You can call up anytime and get whatever you want. My queues are resolved."
"The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it."
"It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself."
"Compared to other solutions, the user interface is good."
"McAfee as a whole is a good solution."
"The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure."
"Every activity on the firewall is recorded, and notifications are sent with this solution."
"The most valuable features of AT&T AlienVault USM are the ease of management and knowledge of what is on the network of my customers. It's easy to understand the problems, and management our alarms and events."
"The most valuable feature in AT&T AlienVault USM is the reporting."
"AlienVault provides a checklist answer when using SIEM."
"SIEM log collection is great, and all of the rules that support updates with maintenance."
"The most valuable feature of the solution is the ease of deployment that it provides to users. The integrations that the product has with third-party applications are useful."
"Ease of deployment across various environments."
"It brought our logs into one place for review and set up alarms based on changes we were missing due to lack of having one place for everything to go."
"The playbook is a bit difficult and could be improved."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"There is room for improvement in entity behavior and the integration site."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"The user interface could be more user-friendly."
"The support from McAfee ESM could improve. They could improve the speed."
"I would like to see fingerprint recognition included in the next release of this solution."
"McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support. It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better."
"We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioural analytics."
"It seems McAfee does test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs."
"The initial setup is difficult and could improve."
"I would like to see improvements to the user interface."
"The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing."
"The GUI needs to improve because it's not user-friendly."
"The one thing I continue to dislike about the USM is the limitation on reports."
"Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products."
"AlienVault needs to continue to integrate with other third-party technologies that clients want to have monitored."
"The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient."
"I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins."
"It was easy on PoC, but when we got to the product it was different story. We had to learn the product again and got feeling that the PoC was a different product."
Trellix ESM is ranked 19th in Security Information and Event Management (SIEM) with 34 reviews while USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews. Trellix ESM is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, LogRhythm SIEM, Splunk Enterprise Security and Cybereason Endpoint Detection & Response, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our Trellix ESM vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.