AlienVault USM

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
336 Ratings

AlienVault USM

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
336 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8 out of 101
4 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 9.6 out of 101

Add comparison

Likelihood to Recommend

AlienVault USM

AlienVault USM Anywhere is a great SIEM and if you need to deploy a SaaS solution then it is suited very well. It works very well for us being 100% AWS and integrates well with our toolset and AWS features. The Open Threat Intelligence (OTX) is perfect for providing context on events and feeding our incident response processes.
Matthew White profile photo

CrowdStrike Falcon Endpoint Protection

It simply works. I do get alerts, but I know Crowdstrike is blocking the behavior or malware, so I don't lose any sleep. Since installing CS, we have not had a single security incident. Nice to focus on other value add tasks than remediating malware or Ransomeware.
Mark Sauer profile photo

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault USM
7.3
CrowdStrike Falcon Endpoint Protection
Centralized event and log data collection
AlienVault USM
8.0
CrowdStrike Falcon Endpoint Protection
Correlation
AlienVault USM
8.0
CrowdStrike Falcon Endpoint Protection
Event and log normalization
AlienVault USM
8.0
CrowdStrike Falcon Endpoint Protection
Deployment flexibility
AlienVault USM
7.0
CrowdStrike Falcon Endpoint Protection
Custom dashboards and views
AlienVault USM
6.0
CrowdStrike Falcon Endpoint Protection
Host and network-based intrusion detection
AlienVault USM
7.0
CrowdStrike Falcon Endpoint Protection

Pros

  • AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the cloud) is quick and easy.
  • Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response.
  • USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice.
  • With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon CloudWatch Logs.
Matthew White profile photo
  • Detects and automatically blocks dangerous behavior on endpoints that could be indicative of malicious activity, like executing programs from the deleted items folder, executing a SSH command in silent mode from different places in the OS, etc.
  • Monitors endpoints continuously for known malware, evaluates dangerous behaviors and blocks execution based on risk tolerance settings, uses AI to draw correlations on multiple attack vectors, and has a human malware hunting element to detect known or newly detected attack vectors.
  • Is easy to deploy across a large organization and manage centrally by as few as 1 person part time.
  • This was the fastest and easiest implementation of an enterprise grade security system I have ever done. I pushed software to the endpoints on a Friday afternoon, and was complete by Noon on Monday, as each workstation came online, the installer completed, and we were protected.
Mark Sauer profile photo

Cons

  • We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.
  • More data tiers - something between 250GB and 500GB tiers, maybe break it down into 100GB tiers?
  • Integration with OpsGenie would be great.
Matthew White profile photo
  • We get false positive detections when we run an email signature script for our users. These false positives can be a distraction. We've implemented a whitelist for those behaviors, but had some difficulty in figuring out how to configure CrowdStrike to recognize these executions since the file name and hash were always different (the executing file was firstname_lastname.exe, and that was too Vague to whitelist.
Mark Sauer profile photo

Likelihood to Renew

AlienVault USM9.0
Based on 13 answers
It is a great product and has been instrumental to our security posture.
Dana Hancock profile photo
No score
No answers yet
No answers on this topic

Usability

AlienVault USM7.2
Based on 33 answers
Almost all functions are intuitive, custom logging is not very easy to configure.
Dana Hancock profile photo
No score
No answers yet
No answers on this topic

Support

AlienVault USM7.6
Based on 24 answers
Basically by perception. I am well attended to, the staff is technically efficient. I found a bug once and in a few weeks it was fixed.
Erlon Sousa Pinheiro profile photo
No score
No answers yet
No answers on this topic

Implementation

AlienVault USM7.1
Based on 37 answers
The best recommendation I can offer is understand the system that is being installed. Knowing how to configure and specific expectations that you expect from the machine. I would say to watch the tutorials and the online video's, get yourself involved with the community forum and ask the questions if you do not understand.Our company did not make the best choice on the computer that the service was installed on and it has led to some adverse effects that did not appear until now, almost 2 years later and needing to re-install the entire system all over again.If you need the help, ask for it. The technical support team at alienvault and community forum members are always there to answer questions.
James Ellsworth profile photo
No score
No answers yet
No answers on this topic

Alternatives Considered

None at the time as the product was purchased before I joined the organization.
AJ Gumataotao profile photo
Trend Micro, Darktrace (I like Darktrace a lot too), Cylance. Crowdstrike is as good or better than all the other products. Trend Micro AV/endpoint security is probably less mature, but CS and Darktrace are both excellent tools. Cylance is good too, but there has been some long-term concern expressed whether the Cylance algorithms can evolve as fast as malicious code.
Mark Sauer profile photo

Return on Investment

No answers on this topic
  • CS is fairly expensive for security software, but it works.
  • From an ROI perspective, if you could quantify the cost of a day or more of company downtime during a Ransomware event, plus the remediation time, and the fact that you will likely have some data loss, the cost is quickly justified.
  • CS keeps our business units (26 across the globe) up and running 24/7 with no incidents for 2 years and running.
  • Easy install, little time required to administrate and manage, makes this a security tool most CIO / CISO executives can love.
Mark Sauer profile photo

Screenshots

CrowdStrike Falcon Endpoint Protection

Pricing Details

AlienVault USM

General
Free Trial
Yes
Free/Freemium Version
Yes
Premium Consulting/Integration Services
Yes
Entry-level set up fee?
Optional
Additional Pricing Details

AlienVault USM More Information

CrowdStrike Falcon Endpoint Protection

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

CrowdStrike Falcon Endpoint Protection More Information