The LevelBlue USM Anywhere XDR platform (replacing the former AlienVault USM) delivers threat detection, incident response, and compliance management.
$1,075
per month
Microsoft Sentinel
Score 8.6 out of 10
N/A
Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
AlienVault USM offers a user-friendly interface and comprehensive features at a lower cost compared to QRadar, making it our preferred choice for effective threat detection and response.
I have used Splunk and QRadar which are quite manual and resource-intensive to get set up. On the other hand, AlienVault USM seems to have everything you need out of the box to get set up.
QRadar is one of the top SIEMs on the market. AlienVault USM is more suitable for companies or clients having a smaller budget, as AlienVault USM is cheaper than QRadar. Regarding features, QRadar trumps AlienVault USM, as it is a product with a vast array of features.
The cost of AlienVault is what sold us on AlienVault. However, considering the amount of time and effort that has gone into getting it set up and realizing that views and reports cannot be shared across groups makes it not worth the savings.
I evaluated Crowd Strike. It didn't provide any insight into my network equipment, only Mac and Windows clients. I wanted a complete SIEM and log manager.
The only other product I've used similar to AlienVault is SolarWinds SIEM (formerly TriGeo). It too could be difficult to implement and maintain, but it's user interface was much worse. While AlienVault USM Anywhere charges for the amount of data being processed, SolarWinds was …
Darktrace - While also a fantastic product, its use case is slightly different from a SIEM, and we found that AlienVault's broad SIEM capabilities complemented Darkrace's focussed use case well. CyberShark - Cloud SIEM solutions do not often allow full control of or access to …
AlienVault USM Anywhere provided the right gamut of features at the right price, with not a great deal of time or effort required to fully implement. As an added bonus, we can tick many checkboxes for various compliance standards, all from one solution. Complexity is an enemy …
We already had familiarity with the platform but we needed cloud support so we upgraded to USM. We reviewed a few other options but decided USM was the best fit our requirements and price point.
The tools reviewed were quite sophisticated. The reason for choosing AlienVault USM was mainly inclusiveness (multiple services integrated) of the solution as well as the cost-benefit ratio. Integrating the solution into our current infrastructure also appeared relatively …
AlienVault USM is considerably more user-friendly, but it does fall short with the search functionality that a query language offers when looking for specific logs/statistics/data.
USM anywhere is easy to deploy and has sufficient documentation to guide administrators throughout the process of configuration and log creation. It also verifies threats against the Open Threat Exchange platform. USM gives remediation advice and insights to all threats …
The price and the ease-of-use, and the support from AlienVault are better. I had a lot of trouble starting out, but they guided me very well. The training provided by AlienVault was fantastic, because I could play without the fear of breaking anything.
In terms of user-friendliness and overall navigation, I think AlienVault USM has the advantage. Also, AlienVault USM provides its own threat intelligence and then integrates it into its SEIM, which is a very helpful feature.
AlienVault was given to us, even though we already had Secureworks. Both SecureWorks and Fireye are more of a managed solution. It's fine to say we'll use AlienVault but it requires a lot of expertise to get it running and alerting correctly. And even then, if no one is …
We had used Splunk, which is not even close to its pricing not at all budget-friendly. Splunk implementation requires more man-power and is a time-consuming process because no default directives are present and in implementation, each and every case needs to be checked. …
I didn't select either product but I have used both. I suspect IBM Qradar is more expensive, however, it is also more responsive, includes support for e-streamer, does parse the "blocked" field in source fire logs, and includes UEBA.
We decided to go with Microsoft Sentinel because it works really well with Microsoft tools we are already using. Microsoft Sentinel's intelligent features detect and resolve problems more quickly than Sumo Logic. It also allows us to pay for what we use and grow as we need. …
Well, primarily we use different stuff like CrowdStrike. We use different sign-on features. We primarily use those different products because we support a wider ecosystem.
Splunk, Google, SecOps. I look at how it stacks up based on the fact that it's the primary solution that we sell. So I think it stacks up really well. Why do we select it? Well, we selected it primarily because we're a very large Microsoft partner. The technology is very good …
Well before there was Microsoft Sentinel, you had other competing products like ArcSight or Splunk, et cetera. I think they have their own qualities, but the Microsoft integration story is really why we're using it.
We use intune to protect endpoints and we pull logs from all the endpoints through the intune connector into the Microsoft Sentinel SIEM and that way we can run rules on those logs to find anomalies.
Elastic seems to have a much better interface for log search and is able to filter out noise. Microsoft Sentinel also appears to generate a lot of false positives.
Elastic is some carbon for various use cases. So because Elastic is a very, very wrong history in the market. So Sentinel is very recent for products from my understanding.
Prior to using Sentinel, we were using Splunk specifically Splunk Enterprise Security and Splunk Cloud, so their on-prem and their cloud-based products. We switched originally for cost reasons, specifically cost control, but I have found that the ability to create reports, the …
Based on the overall infrastructure configuration that we have and also after analysing various solutions provided by Microsoft Sentinel, we came to a conclusion that the Microsoft Sentinel is the best option for us to help us in overall threat detection on our custom servers, …
I use most of the Sims that are out there, but RSAs, old Sim Log, logic, elastic, a lot of them. Sumo, we checked out Sumo too. We're a Microsoft shop and live almost entirely on top of a Microsoft ecosystem. We are considering other Microsoft security products to integrate …
As mentioned, the product was part of the purchase of several Microsoft Suites that we did earlier last year and with 200 licenses included, we can exclude those from the other SIEM and SOAR product, it just work well with the Microsoft's environment that we partially have Is …
The key advantage of using Sentinel lies in Microsoft already being a renowned name in cloud services. Hence, the Collection of data at the cloud scale across all users, devices, applications, and infrastructure, both on-premises and especially in the MS Cloud, is super easy. …
ArcSight is an on-prem solution that has a different approach than Sentinel.
In a basis this product is more complex to maintain and deploy. The query functionality in Sentinel is more powerful and easier to maintain. ArcSight has a much slower performance and an interface that …
We don't need to maintain a third-party SaaS solution or spend any time integrating it since Microsoft Sentinel is the ideal option to give a single point of attack detection and alert monitoring.
Microsoft Sentinel really goes the extra mile when it comes to an SIEM that slowly improves toward a proper SOAR, this may be the best selling point of the entire solution. Highly scalable, cloud-based, and nearly perfect when dealing with Microsoft-based infrastructures, …
Most of those have been out in the industry for a longer time, so they have a lot more user friendliness to them. So I'd say it's in the mix. It's just not as high as it should be or I would expect it to be.
Previous to Azure Sentinel, we were using the McAfee SIM and it just wasn't keeping up with the times and that was the choice of moving to Azure Sentinel.
AlienVault Unified Security Management (USM) Anywhere is a cloud-based security information and event management solution that provides effective and affordable threat detection, incident response, and compliance management capabilities. USM Anywhere is well suited to mid-size enterprise environments operating in the cloud. USM Anywhere is also well suited to enterprises whose operations teams require easy deployment and management. Last, USM Anywhere is considered a highly affordable option compared to competitors. USM Anywhere lags competitors in several areas, such as application monitoring, database monitoring, and integrations with third-party solutions such as cloud access security brokers (CASB), DAM, DAP, and DLP.
We use it because when a user sees the suspicious activity on his account, Microsoft Sentinel gives alerts to the user's system and the admin system as well. When a user of one of our systems clicked a spam email, that email was trying to install a virus on our server, but Microsoft Sentinel gave an alert to the user and admin both, so that is why our team was able to fix that issue with Microsoft Sentinel very fast. However, it will not be the best option for you if your team is utilizing every feature but you are on a tight budget.
The USM platform provides the essential security capabilities that work together for a fast and cost-effective way for organizations to have complete visibility into the security of their environment.
With the information gathered during asset discovery, USM will correlated that information with known vulnerabilities for continuous vulnerability awareness. In addition, USM contains an active scanner capable of scanning for over 30,000 known vulnerabilities.
To give better visibility into your network, and possibly detect intrusions that don’t follow behavioral patterns, we offer Netflow information, bandwidth monitoring, and traffic capture, all part of our behavioral monitoring capabilities built into USM.
It is a good tool for threat detection and analysis of the threats. We are using this tool for real time threat detection on our employee machines as well as some servers.
It provides various options for collecting data sources by leveraging multiple sources using data connectors. This helps us in gathering data from multiple sources such as our servers as well as our employee machines.
One good thing about this tool is automated incident response thereby increasing the security of servers.
USM Anywhere doesn't allow you to multi-home sensors. So if you have non-routable networks, you'll need to investigate the on-premise solution too.
You have to be on top of tuning else a constant stream of alerts will cause your SOC staff to begin ignoring alarms.
You have to be on top of tuning else you'll eat your allotment of storage for that month. It is really easy to exceed your storage quota if you don't proactively monitor log sources. USM could do a better job letting you know if a log source is too chatty.
It takes some time to learn how to use and install it properly, and it does not connect effectively with external PaaS systems such as Salesforce CRM, Salesforce Commerce Cloud, and so on.
Microsoft can simplify the display of the logs to make them easier to study, and the user interface occasionally delays, which can also be enhanced.
The centralized logging and retention for PCI compliance was our main driver, and it is meeting that need. Otherwise there has been enough frustration with the lack of documentation and the need to customize through the CLI that I would be open to alternatives.
Once you are able to navigate the different panels, finding what you need is quite easily. Before getting used it it can be a bit of challenge . Each panel is quite well laid out and the filtering search capabilities are quite strong.
The Microsoft Azure Sentinel solution is very good and even better if you use Azure. It's easy to implement and learn how to use the tool with an intuitive and simple interface. New updates are happening to always bring new news and improve the experience and usability. The solution brings reliability as it is from a very reliable manufacturer.
We do have issues with maintenance on the AlienVault USM as the disk fills up from time to time with other data sources. Sources for scanning logs and net flow data isn't calculated in regular disk maintenance and can easily fill up our disk if we do not keep an eye on it with some custom Nagios plugins. The system does properly trim logging data from logging sources properly.
With the latest release of AlienVault USM overall performance has not been an issue. We have noticed single source events per second does not scale well with the overall system. 2,000eps on a vmware system with a single source produces delays of up to an hour for us. Pages, reporting and even raw log searches are rather quick though.
Support is friendly but response time has been spotty. Also initially when we signed up there was a lot of pointing us at the documentation, which has been spotty and ad-hoc for what is supposed to be a commercial product. Overall the feel of AlienVault and the support has been of a very new and startup company that is trying to grow up out of it's open source roots, and I'm not sure if they've totally been able to make the transition to being able to meet the expectations of the enterprise customers.
I did not have any experience with "in person" training directly. The free online classes offered for a half a day are based on the actual training offered. These little teasers are very good and well worth your time to learn a few quick and dirty ways of getting more information from your SIEM
The instructor gave detailed overview and went through the labs before allowing us to attempt using them. I enjoyed the balance of time and level of instruction received. The content went deeper that usual and the lab environment was easy to use and all results were consistent. I came away from the course knowing more than i did if I had just read the course notes.
AlienVault USM was a very simple to implement and get up and running. We started with a trial version and had that up and going within an hour of receiving email instructions from the sales engineer. We never had to contact support to get the system up and going. It was extremely easy to convert over to a full license once we started with a paid version.
The cost of AlienVault is what sold us on AlienVault. However, considering the amount of time and effort that has gone into getting it set up and realizing that views and reports cannot be shared across groups makes it not worth the savings.
Microsoft Sentinel excels in cloud-native scalability, Microsoft ecosystem integration, and AI-driven threat detection with UEBA and Fusion rules, offering faster deployment and lower costs (48% cheaper per Forrester) than Splunk, QRadar, Exabeam, SentinelOne, Securonix, and Wazuh. It lags in third-party integrations and syslog parsing. Organizations choose Microsoft Sentinel for its cost-effectiveness, automation, and Microsoft synergy, especially in Azure-heavy environments, though Splunk and Exabeam lead in flexibility and UEBA, respectively.
The AlienVault USM is not very scalable. Some scalability can be achieved by installing additional sensors, but this only offers 500eps per sensor and is still overall limited by the installation type of VM or physical. We have also noticed the EPS (events per second) is rated overall and not towards a single source. A single source on a very healthy VMware partition tops out at 2,000eps for us, no matter how we configure it. Maybe this is a problem of the 5.2 release?
Once you hit the 150 asset mark, you have to jump to their unlimited license. There is no middle ground. We were only 10 or so assets above the 150 so we had to chose to either not monitor those assets or pay the price of the upgrade.
AlienVault brings all the information to one place which makes it much quicker to track down problems.
As any cybersecurity product, this has to be more with risk to avoid loss in case of a ransomware that more than relate to a productivity increase. Maybe the impact could be that instead of having people that are checking 24/7 the dashboard, you could implement Sentinel and have less people checking that or people with less expertise. So the saving will be a minor but will be a saving in the cost of your team.