We compared Splunk Enterprise Security and USM Anywhere based on our users' reviews across several parameters. After reading all of the collected data, you can find our conclusion below.
Features: Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality. USM Anywhere is highly regarded for its extensive reporting capabilities, thorough vulnerability assessment, seamless file integration, and user-friendly management features. Users say Splunk is a highly scalable and customizable solution.
Room for Improvement: Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics. USM Anywhere users have suggested improvements in self-service plugin management, database optimization, and third-party threat intelligence integration.
Service and Support: While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. Reviews of USM Anywhere's support were likewise mixed. Some users say that USM Anywhere's customer service is knowledgeable and responsive, while others have faced delays and incomplete answers.
Ease of Deployment: Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators. The initial setup for USM Anywhere is generally considered to be straightforward if the user has technical knowledge. Vendor assistance is also available during the deployment phase.
Pricing: Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data. USM Anywhere is seen as more cost-effective than premium solutions like IBM QRadar and Splunk, with pricing considered reasonable and relatively low.
ROI: Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations. USM Anywhere has garnered favorable feedback regarding its ROI.
Comparison Results: Splunk is highly regarded for its efficient data processing and powerful search capabilities. Users like Splunk's customization options and ability to quickly process data from multiple sources. However, reviews noted that Splunk could be more user-friendly and improve its analytics. USM Anywhere earned praise for its intuitive management interface and vulnerability assessment features, but users say the solution could integrate third-party threat intelligence better.
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"The Log analytics are useful."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"We have no complaints about the features or functionality."
"Ease of correlation, creating correlation searches are easy and you can combine multiple sources with little effort"
"The stock analysts and security people use one single dashboard (one single location) to check our logs."
"The technical support has been very good. They are very responsive and have been helpful."
"The most valuable features are the logs, which allow us to identify what happened and who interacted with the web repository."
"The most valuable feature of Splunk is the management and built-in workflows."
"Splunk is a user-friendly solution."
"We are using Microsoft 365 and we're using the Exchange Mail Service. It's good for monitoring that in particular."
"Splunk gives my clients the ability to bring multiple, disparate types of data together, then correlate and report on them."
"Ease of deployment across various environments."
"This solution can identify many threats inside the organization (compromised endpoints, configuration issues), as well as "outside" threats (botnets, network scanners, web-attacks, etc)."
"The most valuable feature is threat intelligence."
"The best feature of this product is the ease of use. It is extremely easy to set up and get going. This is a very useful tool for a small organization."
"In terms of monitoring, my best feature would be the monitoring of components across the network. It monitors the respective nodes and any new node that comes onto the network and provides reports. The reporting dashboards are really helpful for management in terms of making decisions around patch management."
"The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution. So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable."
"I can easily check (in one place) all the logs and data in relation to attacks. It also gives me an overview if a server is not configured properly."
"This solution can completely detect and prevent incidents on your network."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"The on-prem log sources still require a lot of development."
"The solution could be more user-friendly; some query languages are required to operate it."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"There is room for improvement in entity behavior and the integration site."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"The cluster environment should be improved. We have a cluster. In the Splunk cluster environment, in the case of heavy searches and heavy load, the Splunk cluster goes down, and we have to put it in the maintenance mode to get it back. We are not able to find the actual culprit for this issue. I know that cluster has RF and SF, but it has been down so many times. There should be something in Splunk to help users to find the reason and the solution for such issues."
"The documentation is in definite need of improvement."
"Its user interface for everything other than the charts can be improved. Some parts of it can be simplified a bit, such as when importing documents that have the network traffic. When you're going through the information about the network traffic, you have to have the expertise, but even if a program is supposed to be for IT support, it is good to make it user-friendly because it gets easier to train people. When something goes wrong, the more difficult a program is in terms of UI, the harder it is to fix the issue."
"Splunk's ability to analyze malicious activities scores an 8 out of 10, but there's room for improvement. By analyzing emerging patterns, Splunk could identify and predict potential threats more effectively."
"Adding custom visualization in Splunk has been improved over the years but can still be made better by integrating more and more JavaScript visualization sources."
"Splunk Enterprise Security can be improved by including backup network detection and response and safe management to the paid platform."
"It is a hugely complicated product."
"The solution could use a different licensing model."
"I've been using it just for my own personal upskilling in terms of how the product works. At the moment, it is pretty straightforward and simple, and it is working how it is supposed to. The feedback would come once it is deployed to customer sites. They'll be using it on a more frequent basis, and that's when the feedback would come in terms of the areas in which they're facing issues or are looking for simplicity."
"As this software is in the cloud, you do not have control on updates and general changes which are happening."
"In the future, I would like to see all these features of the solution working properly."
"More complimentary training needs to be done for use with this tool. If you get into a bind, then it will cost you."
"The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on."
"It would be hard for any legitimate MSSP to use it."
"The only complex area of the setup was writing the custom scripts."
"I'd like to see a dashboard that's a little more descriptive."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews while USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews. Splunk Enterprise Security is rated 8.4, while USM Anywhere is rated 8.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Rapid7 InsightIDR and LogRhythm SIEM. See our Splunk Enterprise Security vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
