AlienVault USM<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>Score 7.9 out of 101
Based on 329 reviews and ratings
Likelihood to Recommend
AlienVault USM Anywhere is a great SIEM and if you need to deploy a SaaS solution then it is suited very well. It works very well for us being 100% AWS and integrates well with our toolset and AWS features. The Open Threat Intelligence (OTX) is perfect for providing context on events and feeding our incident response processes.
If budget is an issue then Fortisiem fits well, as it's more than a typical SIEM solution. It can integrate with environmental monitoring systems, UPS HVAC etc. It can be used as the CMDB solution etc. If fine-tuned and looked after it can actually bring a lot of value for less.
Feature Rating Comparison
Centralized event and log data collection
Event and log normalization
Custom dashboards and views
Host and network-based intrusion detection
- AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the cloud) is quick and easy.
- Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response.
- USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice.
- With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon CloudWatch Logs.
- Log aggregation and analytics
- Device inventory and remote management .
- It can be used by Managed Security Providers who have multiple customers as it offers multi organization support .
- We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.
- More data tiers - something between 250GB and 500GB tiers, maybe break it down into 100GB tiers?
- Integration with OpsGenie would be great.
- Non-intuitive/unattractive user interface
- Too many features that will usually remain unused
- Very crowded (too many icons) portal
- The reporting feature is confusing, e.g. you have to click on the "refresh" button to get the result of your inquiry. The report generation process can be much easier, as the user interaction is not pleasant.
Likelihood to Renew
Based on 33 answers
The system is great in turns of functionality but in terms of being user friendly and usability for the average person it is very hard to understand and wil take a lot of training.
Based on 24 answers
Based on previous experience we had to explain and demonstrate the problems several times; fixes takes long time to be implemented and rolled out to end users. Several times we had to guide the support contact to fully understand the problem
AlienVault was the analyzed solution that delivered more value for less. It has several features and functionalities that do not exist in other analytic solutions. As previously mentioned, we needed an IDS and hired a complete multi-tiered security solution from SIEM to a vulnerability scanner of our cloud resources.
Return on Investment
- Other SIEM solutions were cost prohibitive at the time of purchase (2016).
- Just like any other SIEM, it helped draw a better picture of our current security posture.
Premium Consulting/Integration Services
Entry-level set up fee?
Additional Pricing Details—
AlienVault USM More Information
Premium Consulting/Integration Services—
Entry-level set up fee?