AlienVault USM<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>Score 7.9 out of 101
Based on 329 reviews and ratings
Likelihood to Recommend
AlienVault USM Anywhere is a great SIEM and if you need to deploy a SaaS solution then it is suited very well. It works very well for us being 100% AWS and integrates well with our toolset and AWS features. The Open Threat Intelligence (OTX) is perfect for providing context on events and feeding our incident response processes.
Elasticsearch is the gold standard for text-based search. Across large data sets it performs admirably, and we will certainly make it our first choice search solution in the future. For a use case where needs are simple and regular database queries might suffice, Elasticsearch may or may not provide any benefits.
Engineer in EngineeringHealth, Wellness and Fitness Company, 1-10 employees
Feature Rating Comparison
Centralized event and log data collection
Event and log normalization
Custom dashboards and views
Host and network-based intrusion detection
- AlienVault enables integration with external technologies, thereby broadening its scope and possibilities.
- AlienVault has a dashboard customization and reporting scheme that makes it flexible to query your data, allowing you to model the tool according to your needs.
- AlienVault will make you forget the need to consult some information on AWS Cloudtrail. It extracts the data from there and delivers in a much more efficient way.
- With a single tool you can monitor your cloud and on-premises environment.
- Super-fast search on millions of documents. We've got over 2 billion documents in our index and the retrieve speeds are still in the < 1-second range.
- Analytics on top of your search. If you organize your data appropriately, Elasticsearch can serve as a distributed OLAP system
- Elasticsearch is great for geographic data as well, including searching and filtering with geojson, and a variety of geospatial algorithms.
- It can be difficult to set up correctly. I found the documentation sparse in some instances.
- It can generate a ton of alerts, again if not set up correctly. I recommend taking the engineer's class for it, so that you can get the most out of your investment.
- The vulnerability scans can eat up a lot of resources, as well as be a bit pushy. Running a scan against one of our printers resulted in that printer constantly flooded with inventory scan requests by AlienVault, which rendered said printer unusable. Make sure you break out your networks when doing scans!
- Setting Java memory thresholds can be a pain for those not accustomed to things like Eden Space & Old Generation which can lead to over allocation, or more likely, under allocation. Apache Solr had a similar issue. It would be nice if the program would take an extra step and dogfood it's own advice by analyzing the system & processes to return a solid recommendation for that configuration. The proper configuration information is outlined in the documentation, it would be nice if that was automated.
- The only health check that ElasticSearch reports back is a "red" status without any real solid information about what is going on, though its usually memory thresholds or disk I/O. I am currently on ElasticSearch 1.5 so that may have changed for newer versions. When the status goes "red", I as the administrator of the software, feel like I lose control of whats going on which should rarely happen. Something more verbose would eliminate that.
- This is more of a critique of the ElasticStack in general. The whole top to bottom stack is starting to get feature creep with things that are better suited in other software and increasing the barrier for entry for people to get started with setting up a robust logging infrastructure. ElasticSearch as a storage search engine, is pretty streamlined, but I can see that the tools that comprise the ELK Stack are going to require a certification with constant study at some point. During major release for Logstash a while back, it literally took a month to learn a new language because Elastic completely changed the syntax. For a medium sized organization of only a couple of admins, that is a pretty high bar where time is money. They really should work on refining/automating the tools & search engine they have, instead of shoehorning/changing things on to an already rock solid foundation.
Likelihood to Renew
Based on 13 answers
The centralized logging and retention for PCI compliance was our main driver, and it is meeting that need. Otherwise there has been enough frustration with the lack of documentation and the need to customize through the CLI that I would be open to alternatives.
Based on 1 answer
We're pretty heavily invested in ElasticSearch at this point, and there aren't any obvious negatives that would make us reconsider this decision.
Based on 33 answers
Best SIEM out there. Built for the serious security practioner. Has features you would expect in something much more expensive. Product continues to be refined and improved.
Based on 1 answer
To get started with Elasticsearch, you don't have to get very involved in configuring what really is an incredibly complex system under the hood. You simply install the package, run the service, and you're immediately able to begin using it. You don't need to learn any sort of query language to add data to Elasticsearch or perform some basic searching.If you're used to any sort of RESTful API, getting started with Elasticsearch is a breeze. If you've never interacted with a RESTful API directly, the journey may be a little more bumpy. Overall, though, it's incredibly simple to use for what it's doing under the covers.
Vice-President in Information TechnologyComputer Software Company, 1-10 employees
Based on 24 answers
Based on previous experience we had to explain and demonstrate the problems several times; fixes takes long time to be implemented and rolled out to end users. Several times we had to guide the support contact to fully understand the problem
No answers yet
Based on 37 answers
The one thing to remember is where to place the sensors within your organization. It is one thing to collect and analyze data, but collecting the right data is key. This is where AlienVaults experts really help. Instead of trying to sell you a gazillion sensors, they walk you through your network to make sure he sensors are where they need to be so you can achieve your goal. Implementation works so well because they take the time upfront to know your goals before they help you achieve them.
Based on 1 answer
Do not mix data and master roles. Dedicate at least 3 nodes just for Master
Contributor in Information TechnologyPharmaceuticals Company, 51-200 employees
I recommended Alert Logic, but management was drawn to the much lower price of AlienVault. Alert Logic seems to have a more mature product and has some of these features that have been lacking in AlienVault.
The only other competitor we researched was mongo as some of our table information is stored in an XML file, but as we were doing searching we gravitated towards Elasticsearch. We knew mongo had some of the qualifications for what we wanted, but went with Elasticsearch for specifically our searches and actually used Mongo for more DB storage.
Return on Investment
Premium Consulting/Integration Services
Entry-level set up fee?
Additional Pricing Details—
AlienVault USM More Information
Premium Consulting/Integration Services—
Entry-level set up fee?