AlienVault USM<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>

329 Ratings

AlienVault USM<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>

329 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 7.9 out of 101

CrowdStrike Falcon Endpoint Protection

4 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 9.6 out of 101

Add comparison

Likelihood to Recommend

AlienVault USM

AlienVault USM Anywhere is a great SIEM and if you need to deploy a SaaS solution then it is suited very well. It works very well for us being 100% AWS and integrates well with our toolset and AWS features. The Open Threat Intelligence (OTX) is perfect for providing context on events and feeding our incident response processes.
Matthew White profile photo

CrowdStrike Falcon Endpoint Protection

It simply works. I do get alerts, but I know Crowdstrike is blocking the behavior or malware, so I don't lose any sleep. Since installing CS, we have not had a single security incident. Nice to focus on other value add tasks than remediating malware or Ransomeware.
Mark Sauer profile photo

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault USM
7.3
CrowdStrike Falcon Endpoint Protection
Centralized event and log data collection
AlienVault USM
8.0
CrowdStrike Falcon Endpoint Protection
Correlation
AlienVault USM
8.0
CrowdStrike Falcon Endpoint Protection
Event and log normalization
AlienVault USM
8.0
CrowdStrike Falcon Endpoint Protection
Deployment flexibility
AlienVault USM
7.0
CrowdStrike Falcon Endpoint Protection
Custom dashboards and views
AlienVault USM
6.0
CrowdStrike Falcon Endpoint Protection
Host and network-based intrusion detection
AlienVault USM
7.0
CrowdStrike Falcon Endpoint Protection

Pros

  • Centralizing and aggregating logs from sources of all types
  • Searching through real-time and long-term events
  • Flexibility and customization (Linux OS with open source tools, open for whatever hacking you desire)
Jon Armani profile photo
  • Detects and automatically blocks dangerous behavior on endpoints that could be indicative of malicious activity, like executing programs from the deleted items folder, executing a SSH command in silent mode from different places in the OS, etc.
  • Monitors endpoints continuously for known malware, evaluates dangerous behaviors and blocks execution based on risk tolerance settings, uses AI to draw correlations on multiple attack vectors, and has a human malware hunting element to detect known or newly detected attack vectors.
  • Is easy to deploy across a large organization and manage centrally by as few as 1 person part time.
  • This was the fastest and easiest implementation of an enterprise grade security system I have ever done. I pushed software to the endpoints on a Friday afternoon, and was complete by Noon on Monday, as each workstation came online, the installer completed, and we were protected.
Mark Sauer profile photo

Cons

  • Performance is not great at more than 300 EPS; bottleneck appears to be the MySQL disk I/O
  • Dashboards are decent to customize, but are lacking
  • UI and services aren't always stable or predictable; when adding a new plugin it sometimes takes things like a reconfig command at CLI in order for the change to stick
Jon Armani profile photo
  • We get false positive detections when we run an email signature script for our users. These false positives can be a distraction. We've implemented a whitelist for those behaviors, but had some difficulty in figuring out how to configure CrowdStrike to recognize these executions since the file name and hash were always different (the executing file was firstname_lastname.exe, and that was too Vague to whitelist.
Mark Sauer profile photo

Likelihood to Renew

AlienVault USM9.0
Based on 13 answers
It is a very well built software and solution for meeting our cybersecurity needs. The staff is always very well responsive with any issues that we have and it is perfect for satisfying FINRA's cybersecurity regulations.
Mikhail Suleymanov profile photo
No score
No answers yet
No answers on this topic

Usability

AlienVault USM7.2
Based on 33 answers
Almost all functions are intuitive, custom logging is not very easy to configure.
Dana Hancock profile photo
No score
No answers yet
No answers on this topic

Support

AlienVault USM7.6
Based on 24 answers
Support was initially slow but once engaged resolution was fast and efficient.Additional support on other topics was also resolved under the same initial call which helped rather than closing the call off and starting again.Further check backs were carried out before the case was closed so support was very useful throughout.
Philip Clarke profile photo
No score
No answers yet
No answers on this topic

Implementation

AlienVault USM7.1
Based on 37 answers
Initial implementation was okay, but we should have gone on the one week course first as an understanding of the features and what to look for would have been of great use. This is especially relevant when fine tuning and correlating events and creating parsers.Once set up the system is pretty resilient and adding in configuration is quite an easy process. We only had on the odd few occasions had to progress any set up problems to tech support.There are also some great whitepapers and set up articles on AlienVault's website support.
Philip Clarke profile photo
No score
No answers yet
No answers on this topic

Alternatives Considered

We were looking at other solutions, but ultimately the sales demo we received for AlienVault looked good and was at a MUCH better price point than the alternatives we evaluated. We are also intrigued by the additional capability of vulnerability scanning.
Aaron Rothstein profile photo
Trend Micro, Darktrace (I like Darktrace a lot too), Cylance. Crowdstrike is as good or better than all the other products. Trend Micro AV/endpoint security is probably less mature, but CS and Darktrace are both excellent tools. Cylance is good too, but there has been some long-term concern expressed whether the Cylance algorithms can evolve as fast as malicious code.
Mark Sauer profile photo

Return on Investment

No answers on this topic
  • CS is fairly expensive for security software, but it works.
  • From an ROI perspective, if you could quantify the cost of a day or more of company downtime during a Ransomware event, plus the remediation time, and the fact that you will likely have some data loss, the cost is quickly justified.
  • CS keeps our business units (26 across the globe) up and running 24/7 with no incidents for 2 years and running.
  • Easy install, little time required to administrate and manage, makes this a security tool most CIO / CISO executives can love.
Mark Sauer profile photo

Screenshots

CrowdStrike Falcon Endpoint Protection

Pricing Details

AlienVault USM

General
Free Trial
Yes
Free/Freemium Version
Yes
Premium Consulting/Integration Services
Yes
Entry-level set up fee?
Optional
Additional Pricing Details

AlienVault USM More Information

CrowdStrike Falcon Endpoint Protection

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

CrowdStrike Falcon Endpoint Protection More Information