What users are saying about

AlienVault USM

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
333 Ratings
31 Ratings

AlienVault USM

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
333 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 7.9 out of 101
31 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 7.6 out of 101

Add comparison

Likelihood to Recommend

AlienVault USM

In my organization's scenario, the on-premise appliance provides great value as we are a small company with site inter-connectivity. Where I am not too sure of is how exactly the product scales with very large networks with separate Windows and network domains.
AJ Gumataotao profile photo

LogRhythm

It helps achieve various aspects of compliance needs and requirements. It also provides a nice overview of what is going on within the environment in respect to security threats. It is less appropriate if there is no internal team that can properly manage it and respond to alerts/events that are triggered.
No photo available

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault USM
7.3
LogRhythm
8.7
Centralized event and log data collection
AlienVault USM
8.0
LogRhythm
9.4
Correlation
AlienVault USM
8.0
LogRhythm
9.4
Event and log normalization
AlienVault USM
8.0
LogRhythm
9.0
Deployment flexibility
AlienVault USM
7.0
LogRhythm
7.3
Custom dashboards and views
AlienVault USM
6.0
LogRhythm
9.0
Host and network-based intrusion detection
AlienVault USM
7.0
LogRhythm
7.7
Integration with Identity and Access Management Tools
AlienVault USM
LogRhythm
8.9

Pros

  • Very in depth on scanning for inventory! This allows one to get the "50,000 feet" view of the organizations IT assets, and can narrow down on a specific inventory item with just a few clicks.
  • Conducts detailed vulnerability scans. While it doesn't mitigate the vulnerabilities, it gives us instructions on how to mitigate them..what steps we need to take.
  • The reporting function is phenomenal. It aggregates logs from other hardware and software, and can present a in-depth report based on that data.
Christopher Taylor profile photo
  • LogRhythm is a great SIEM to learn content on because the building blocks are very intuitive and easy to implement. All of the concepts relevant to content development are literally represented as drag and drop building blocks that can be easily manipulated.
  • The statistical building blocks contain powerful anomaly detection capabilities that are extremely difficult to implement in other SIEMs or not possible at all.
  • LogRhythm does better event classification than any other SIEM by far. My team typically drops all classification schemes from default installations of SIEMs and rebuilds them from scratch. I can actually use LogRhythms event classifications in rules without worrying about excessive partial matches or correlating unwanted events.
Joel Eng profile photo

Cons

  • SMTP: The appliance can only send SMTP alerts to ONE email address. At the very least, it should be able to send to multiple people, and this shouldn't be a global setting. Some people want to see certain alerts, others need to see other alerts. It's highly inflexible.
  • Reports: There basically aren't any. I need a way to prove to the CEO that this expense is worth it, but I can't print a nice graph of logs collected per day, alarms on each device, or really anything at all.
  • SLOW: When it starts collecting lots of logs, the appliance really slows down. When you're trying to do a search on logs, it can take an hour or more. Almost impossible to do forensic analysis of an incident when it takes this long to gather the correct logs.
  • Multiple VPCs are not supported: The only deployment option is a single box. Without allowing multiple sensor nodes, it's very difficult to see into other networks. VPC peering can get you around this, but this is not allowed for us because of security concerns, and it's impossible because both VPCs use the same IP range. You can use a Linux jump box, but you can't use a Windows jump box, and a Linux jump box won't connect to any Windows servers.
John Grosjean profile photo
  • The upgrade process could be easier.
Stephen Ilbery profile photo

Likelihood to Renew

AlienVault USM9.0
Based on 13 answers
The centralized logging and retention for PCI compliance was our main driver, and it is meeting that need. Otherwise there has been enough frustration with the lack of documentation and the need to customize through the CLI that I would be open to alternatives.
Aaron Rothstein profile photo
LogRhythm9.0
Based on 1 answer
LogRhythm is focused on SIEM. That is their core business. Cost of operations, feature set and ease of use. The Log Rhythm support team is outstanding. Overall reliability is good. Reporting module needs some improvement and LR is promising that there will be significant improvements in future releases.
James Harrison profile photo

Usability

AlienVault USM7.2
Based on 33 answers
The system is great in turns of functionality but in terms of being user friendly and usability for the average person it is very hard to understand and wil take a lot of training.
Mikhail Suleymanov profile photo
LogRhythm9.0
Based on 1 answer
Training is lacking for the reporting and query building. Overall, the investigation tool is my most used feature. It is very easy to drill down when searching for an interesting event. The real time dashboard in the console is feature rich and provides graphical views and the ability to see associated logs.The alarms dashboard displays the most recent significant events, and the ability to track and document how the event is being handled.
James Harrison profile photo

Support

AlienVault USM7.6
Based on 24 answers
I have not had a single issue with the alienvault support staff. Any issue or question that we had, especially in the beginning during the installation phase the support staff was readily available via phone and email to help us. I am very happy with the decision we made to go with alienvault.
Mikhail Suleymanov profile photo
LogRhythm10.0
Based on 1 answer
Over the last couple of years, we have had some challenges requiring longer and higher tiered support. Log Rhythm was quick to assign a 3rd tier engineer to assist us in identifying and re-mediating those problems. They have also assisted in getting us to later versions. They are willing to hand hold during platform upgrades
James Harrison profile photo

Implementation

AlienVault USM7.1
Based on 37 answers
Anything beyond a vanilla deployment will take a lot of effort.
Aaron Rothstein profile photo
LogRhythm8.0
Based on 1 answer
  • Buy professional services.
  • Buy and implement the system if possible.
  • Remember that the end point log configuration may require other teams in your company to assist you in getting the desired logs from all resources.
  • Attend the end user and daily operations training after a period of usage so you are not overwhelmed with information on concepts not yet seen.
  • Don't be afraid to call for help during your first months of use.
  • Don't close any ticket until you are sure the expected results are verified.
  • Use the community forums to discuss issues with your peers.
  • Watch the training videos offered by L R University.
James Harrison profile photo

Alternatives Considered

Did not look at many, but cost was a big driver for me, along with ease of setup and use
Marc Roche, MBA, CISSP, CCSP profile photo
We had business requirements for the following features:
  • Sustained flow acquisition and data collection of dissimilar log types from multiple sources.
  • Customization for Reporting and Alerting in near real time.
  • Offer Dynamic Monitoring.
  • Presented in a Security Event Console.
  • Automated Response Generation for Security Events.
  • Support for Regulatory Compliance.
  • Host, Application and Object Access Logs.
  • Integration with IAM (Identity Access Management).
  • Ability to Express and Track Compliance with User-Defined Policy.
  • Mapping of Events to NIST/CSF and ISO 27001 Control Frameworks and Regulations.
  • Incident Management and Workflow.
  • Data Collection and Archiving.
  • Redundancy, Scalability and Deployment Flexibility.
  • Correlation and Taxonomy.
  • Enterprise Administration, Auto-Discovery, Asset Classification, Embedded Security Knowledge
James Harrison profile photo

Return on Investment

No answers on this topic
  • It helps us satisfy log file monitoring requirements for PCI.
Stephen Ilbery profile photo

Screenshots

LogRhythm

Pricing Details

AlienVault USM

General
Free Trial
Yes
Free/Freemium Version
Yes
Premium Consulting/Integration Services
Yes
Entry-level set up fee?
Optional
Additional Pricing Details

AlienVault USM More Information

LogRhythm

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

LogRhythm More Information