The LevelBlue USM Anywhere XDR platform (replacing the former AlienVault USM) delivers threat detection, incident response, and compliance management.
$1,075
per month
SolarWinds Loggly
Score 7.6 out of 10
Mid-Size Companies (51-1,000 employees)
Loggly is a cloud-based log management service provider. It does not require the use of proprietary software agents to collect log data. The service uses open source technologies, including ElasticSearch, Apache Lucene 4 and Apache Kafka.
$79
per month/billed annually
Pricing
LevelBlue USM Anywhere
SolarWinds Loggly
Editions & Modules
Essentials
$1,075
per month
Standard
$1,695
per month
Premium
$2,595
per month
Standard
$79
per month/billed annually
Pro
$159
per month/billed annually
Enterprise
$279
per month/billed annually
Offerings
Pricing Offerings
LevelBlue USM Anywhere
SolarWinds Loggly
Free Trial
Yes
Yes
Free/Freemium Version
Yes
Yes
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
Optional
No setup fee
Additional Details
—
Free trial for Standard and Pro plans for 14 days with all features.
More Pricing Information
Community Pulse
LevelBlue USM Anywhere
SolarWinds Loggly
Considered Both Products
LevelBlue USM Anywhere
Verified User
Anonymous
Chose LevelBlue USM Anywhere
AlienVault USM offers a user-friendly interface and comprehensive features at a lower cost compared to QRadar, making it our preferred choice for effective threat detection and response.
I have used Splunk and QRadar which are quite manual and resource-intensive to get set up. On the other hand, AlienVault USM seems to have everything you need out of the box to get set up.
AlienVault provides a much simpler implementation than Zabbix but of course the cost is much lower. While both do a good job, AlienVault USM does the best for vulnerability scanning and reporting but Zabbix excels much better with integration with Splunk for alerting.
QRadar is one of the top SIEMs on the market. AlienVault USM is more suitable for companies or clients having a smaller budget, as AlienVault USM is cheaper than QRadar. Regarding features, QRadar trumps AlienVault USM, as it is a product with a vast array of features.
The cost of AlienVault is what sold us on AlienVault. However, considering the amount of time and effort that has gone into getting it set up and realizing that views and reports cannot be shared across groups makes it not worth the savings.
I evaluated Crowd Strike. It didn't provide any insight into my network equipment, only Mac and Windows clients. I wanted a complete SIEM and log manager.
The only other product I've used similar to AlienVault is SolarWinds SIEM (formerly TriGeo). It too could be difficult to implement and maintain, but it's user interface was much worse. While AlienVault USM Anywhere charges for the amount of data being processed, SolarWinds was …
Darktrace - While also a fantastic product, its use case is slightly different from a SIEM, and we found that AlienVault's broad SIEM capabilities complemented Darkrace's focussed use case well. CyberShark - Cloud SIEM solutions do not often allow full control of or access to …
AlienVault USM Anywhere provided the right gamut of features at the right price, with not a great deal of time or effort required to fully implement. As an added bonus, we can tick many checkboxes for various compliance standards, all from one solution. Complexity is an enemy …
We already had familiarity with the platform but we needed cloud support so we upgraded to USM. We reviewed a few other options but decided USM was the best fit our requirements and price point.
The tools reviewed were quite sophisticated. The reason for choosing AlienVault USM was mainly inclusiveness (multiple services integrated) of the solution as well as the cost-benefit ratio. Integrating the solution into our current infrastructure also appeared relatively …
AlienVault USM is considerably more user-friendly, but it does fall short with the search functionality that a query language offers when looking for specific logs/statistics/data.
USM anywhere is easy to deploy and has sufficient documentation to guide administrators throughout the process of configuration and log creation. It also verifies threats against the Open Threat Exchange platform. USM gives remediation advice and insights to all threats …
The price and the ease-of-use, and the support from AlienVault are better. I had a lot of trouble starting out, but they guided me very well. The training provided by AlienVault was fantastic, because I could play without the fear of breaking anything.
In terms of user-friendliness and overall navigation, I think AlienVault USM has the advantage. Also, AlienVault USM provides its own threat intelligence and then integrates it into its SEIM, which is a very helpful feature.
We had used Splunk, which is not even close to its pricing not at all budget-friendly. Splunk implementation requires more man-power and is a time-consuming process because no default directives are present and in implementation, each and every case needs to be checked. …
AlienVault was given to us, even though we already had Secureworks. Both SecureWorks and Fireye are more of a managed solution. It's fine to say we'll use AlienVault but it requires a lot of expertise to get it running and alerting correctly. And even then, if no one is …
Security Onion was a much better fit for our uses at this time. The more we integrate into a hybrid environment the more need for Loggly but at this time Security Onion accomplishes our goals.
We found that Loggly is a very good balance between functionality and costs. With the ability to analyze different log files across different platforms gives it just a bit of a bigger edge compared to other monitoring systems.
Loggly proved to be very easy to set up and integrate with our existing systems without having to add extra agents or roll our own everything. Insights others give for Java performance may be better than we've seen with Loggly, but in terms of log aggregation and data insights …
I actually couldn't get anybody from Datadog to engage with me, the main problem we had was that our devices couldn't connect to an encrypted port, but we didn't want to send our logs in plain text over the internet. We implemented an on-net log aggregator which then connects …
We have a Nagios Log Server, however needed specialist help to get it running before it fell over, which is why we went down the Loggly route. We also use Microsoft Cloud App Security, however we find using this as well as Loggly gives us double the power to search for issues …
Loggly was a mistake. We selected it to get a cheap vendor-hosted solution up and running quickly but have come to regret the decision and should have spent the effort to set up the right tool from the beginning.
SolarWinds Loggly integrates well with other SOlarWinds products, and that is ultimately why we chose to use Loggly. LogDNA was fine for our needs, but costly for only providing logging.
Graylog would also have met our requirements, but since we then needed to run a virtual machine (with huge disk space) and also needed more work for setup and maintenance, our calculations resulted in Loggly being more cost effective. Icinga is not made for log file monitoring …
With Loggly we can manage not only AWS apps but all the apps we have (not only Cloud-based apps). It is also very convenient to add users that need to have access to a given log streams: we do not need to manage an AWS IAM role/user. And the search engine is way more easy and …
Loggly is at another level at indexing and search experience. However, since CloudWatch has the full history with least cost it is always the fallback. So if Loggly has something like S3 glacier kind of feature for keeping old logs which are least accessed with less cost, that …
I've used ELK, Sumo, Splunk, Cloudtrail/watch, Sentinel. You get what you pay for. If you have the time, expertise, and budget for a Splunk setup, you can't beat it. ELK is great for OSS shops but takes more hand-holding to scale and stabilize. Loggly, for us, was closer to …
Loggly was the easiest to use and the one that really allowed us to get a full view of what's going on with our services, and proactively solve problems.
I honestly didn't shop around that much. I came from CloudWatch, which though it has been improving, was very frustrating when it came to just setting up a simple alarm when a specific log message is found, or extracting useful metrics from logs. Loggly was recommended to me by …
Price and ease of deployment were huge factors in our decision to use Loggly. Loggly is actually within reach for most companies while also being very easy to setup. Elasticsearch, for instance, had wildly outdated documentation when I was previewing all these tools so I was …
I have used EFK stack (ElasticSearch, Fluentd, and Kibana) and Splunk. Solarwind Loggly is the most flexible managed service out of these solutions and suitable for companies embracing the SaaS model
AlienVault Unified Security Management (USM) Anywhere is a cloud-based security information and event management solution that provides effective and affordable threat detection, incident response, and compliance management capabilities. USM Anywhere is well suited to mid-size enterprise environments operating in the cloud. USM Anywhere is also well suited to enterprises whose operations teams require easy deployment and management. Last, USM Anywhere is considered a highly affordable option compared to competitors. USM Anywhere lags competitors in several areas, such as application monitoring, database monitoring, and integrations with third-party solutions such as cloud access security brokers (CASB), DAM, DAP, and DLP.
SolarWinds Loggly is great for capturing and organizing logs from 3rd party sources such as NGINX. Without SolarWinds Loggly it's really difficult to manage the logs overtime, find traffic patterns, and identify issues before they become a problem. Anyone who is routinely searching through massive log files could quickly benefit from the SolarWinds Loggly and it's capabilities.
The USM platform provides the essential security capabilities that work together for a fast and cost-effective way for organizations to have complete visibility into the security of their environment.
With the information gathered during asset discovery, USM will correlated that information with known vulnerabilities for continuous vulnerability awareness. In addition, USM contains an active scanner capable of scanning for over 30,000 known vulnerabilities.
To give better visibility into your network, and possibly detect intrusions that don’t follow behavioral patterns, we offer Netflow information, bandwidth monitoring, and traffic capture, all part of our behavioral monitoring capabilities built into USM.
Modern: Loggly is modern: Dashboards, realtime information and the ability speak many different data sources and environments makes it an attractive choice
Configurability: Loggly gets log parsing right: by allowing you to in real time- filtering of log data, tagging and identifying data sources
DevOps friendly: Loggly is very Componentized: You can have an instance of Loggly running that will Monitor your Linux instance, in addition to all of it's services, as an example. Also, you can start/stop Loggly, without affecting your other components
USM Anywhere doesn't allow you to multi-home sensors. So if you have non-routable networks, you'll need to investigate the on-premise solution too.
You have to be on top of tuning else a constant stream of alerts will cause your SOC staff to begin ignoring alarms.
You have to be on top of tuning else you'll eat your allotment of storage for that month. It is really easy to exceed your storage quota if you don't proactively monitor log sources. USM could do a better job letting you know if a log source is too chatty.
Once the logging limit is exceeded, there are no logs period. Unexpectedly noisy logs often correlate with services misbehaving and potentially leading to disruption. An outage is an awful time to lose visibility into the entire system of apps. Some ways to bridge this gap would be appreciated.
Filtering by tags is not intuitive in the web interface. You may believe that you are performing the same search and filter as last time since the tags entered are the same, however, this is often not the case. The reliable way to know that you have the same filter is to bookmark the URL. This lack of ease in usability results in devs using Loggly less than they could and implementing logs less effectively during development time (since they don't consider themselves likely to view them anyway).
Would like to see a way to onboard our less experienced devs to using Loggly effectively.
The centralized logging and retention for PCI compliance was our main driver, and it is meeting that need. Otherwise there has been enough frustration with the lack of documentation and the need to customize through the CLI that I would be open to alternatives.
Once you are able to navigate the different panels, finding what you need is quite easily. Before getting used it it can be a bit of challenge . Each panel is quite well laid out and the filtering search capabilities are quite strong.
Loggly's easy setup, very good customer support, and intuitive interface make Loggly very easy to use. User access management is also very easy as we can tailor the experience for each of our developers to access the information they need without having to wade through other information. While there was a slight learning curve in how to view the logs the way some specifically wanted, everything was possible and quite easy to do.
We do have issues with maintenance on the AlienVault USM as the disk fills up from time to time with other data sources. Sources for scanning logs and net flow data isn't calculated in regular disk maintenance and can easily fill up our disk if we do not keep an eye on it with some custom Nagios plugins. The system does properly trim logging data from logging sources properly.
With the latest release of AlienVault USM overall performance has not been an issue. We have noticed single source events per second does not scale well with the overall system. 2,000eps on a vmware system with a single source produces delays of up to an hour for us. Pages, reporting and even raw log searches are rather quick though.
Support is friendly but response time has been spotty. Also initially when we signed up there was a lot of pointing us at the documentation, which has been spotty and ad-hoc for what is supposed to be a commercial product. Overall the feel of AlienVault and the support has been of a very new and startup company that is trying to grow up out of it's open source roots, and I'm not sure if they've totally been able to make the transition to being able to meet the expectations of the enterprise customers.
The support team have been great when we have logged tickets or had issues, most of the time it is down to user training, however we have had a couple of bugs that they have been able to iron out for us.
I did not have any experience with "in person" training directly. The free online classes offered for a half a day are based on the actual training offered. These little teasers are very good and well worth your time to learn a few quick and dirty ways of getting more information from your SIEM
The instructor gave detailed overview and went through the labs before allowing us to attempt using them. I enjoyed the balance of time and level of instruction received. The content went deeper that usual and the lab environment was easy to use and all results were consistent. I came away from the course knowing more than i did if I had just read the course notes.
AlienVault USM was a very simple to implement and get up and running. We started with a trial version and had that up and going within an hour of receiving email instructions from the sales engineer. We never had to contact support to get the system up and going. It was extremely easy to convert over to a full license once we started with a paid version.
The cost of AlienVault is what sold us on AlienVault. However, considering the amount of time and effort that has gone into getting it set up and realizing that views and reports cannot be shared across groups makes it not worth the savings.
I actually couldn't get anybody from Datadog to engage with me, the main problem we had was that our devices couldn't connect to an encrypted port, but we didn't want to send our logs in plain text over the internet. We implemented an on-net log aggregator which then connects to Loggly over encrypted UDP. In theory Loggly made this particularly easy providing configuration snippets for most of the common log services (e.g. rSyslog, syslog-ng). Unfortunately the documentation was out of date and none of the provided configs worked, fortunately they were close enough that combined with our own syslog-ng experience we were able to get it up and going relatively painlessly. The choice then of going with Loggly, backed by an industry favourite in Solarwinds was a no brainer.
The AlienVault USM is not very scalable. Some scalability can be achieved by installing additional sensors, but this only offers 500eps per sensor and is still overall limited by the installation type of VM or physical. We have also noticed the EPS (events per second) is rated overall and not towards a single source. A single source on a very healthy VMware partition tops out at 2,000eps for us, no matter how we configure it. Maybe this is a problem of the 5.2 release?
Once you hit the 150 asset mark, you have to jump to their unlimited license. There is no middle ground. We were only 10 or so assets above the 150 so we had to chose to either not monitor those assets or pay the price of the upgrade.
AlienVault brings all the information to one place which makes it much quicker to track down problems.
Loggly has alerted us to several bugs, ranging from major to small to "would have been a major problem under load."
It's great having our disparate logs collected and the alerts we have set up around them let us know recently that somebody used an incorrect document to generate a mass email. Users were trying to log in with the link provided but getting 401s and I have an alert configured to tell me about high numbers of 4xx errors.
Metrics and alerts around metrics have given us peace of mind that automated fulfillment systems aren't going off the rails and costing us hundreds of dollars.