AlienVault USM<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>Score 7.9 out of 101
Based on 329 reviews and ratings
Likelihood to Recommend
AlienVault USM Anywhere is a great SIEM and if you need to deploy a SaaS solution then it is suited very well. It works very well for us being 100% AWS and integrates well with our toolset and AWS features. The Open Threat Intelligence (OTX) is perfect for providing context on events and feeding our incident response processes.
Anytime you want to run ELK stack or want just want centralized logging, logz.io is an affordable tool that is far better than anything else I have ever seen. It’s a lot cheaper than splunk, and cheaper/less maintenance than Elastic Cloud.
Feature Rating Comparison
Centralized event and log data collection
Event and log normalization
Custom dashboards and views
Host and network-based intrusion detection
Integration with Identity and Access Management Tools
- The SIEM does a good job of correlating network data from multiple sources along with the Data from deployed HIDS
- The Nmap scan is fast and non-invasive that defines devices on your network.
- The vulnerability scanning has several options and reports to enable data to be available for compliance purposes.
- Vulnerability Scanner reporting: The reporting from the integrated scanner (OpenVAS) are really difficult to read. They could have done a better job by scraping the report or creating a custom report from the data of the scan. However, leaving the default report template from OpenVAS makes the report somewhat useless.
- Sometimes the local integration fails because of the scope of the tool. Let me elaborate on that: The OpenVAS scanner has certificated that expire within a year, and that makes the USM fail scans if you don't renew certificates yourself. They should have made them last at least 10 years. Same with Nagios, sometimes the integration fails and one doesn't know why unless you jailbreak it and find out in the logs for sure.
- They do not provide a standalone installation of the product, because they modified so much the Linux distribution, that it must always be deployed as a virtual machine or appliance, but not on your own server.
Likelihood to Renew
Based on 33 answers
The system is great in turns of functionality but in terms of being user friendly and usability for the average person it is very hard to understand and wil take a lot of training.
Based on 24 answers
Only had to use this once, and they had us back on track in an hour or so. They followed up the day after to make sure all was still working, great team.
Based on 37 answers
The one thing to remember is where to place the sensors within your organization. It is one thing to collect and analyze data, but collecting the right data is key. This is where AlienVaults experts really help. Instead of trying to sell you a gazillion sensors, they walk you through your network to make sure he sensors are where they need to be so you can achieve your goal. Implementation works so well because they take the time upfront to know your goals before they help you achieve them.
AlienVault USM works well for any company size. LogRhythm might be too much if your company is not already big, and the same can be said of McAfee Enterprise Security Manager. If this is your first SIEM, it's a really good choice and has nothing to envy from the others I'm comparing it with. I also recommend the cloud version of AlienVault, the USM Anywhere, which the interface is a bit different, but the principles remain the same. Also, the McAfee Enterprise Security Manager has a Flash-based interface, for which Adobe is phasing out. AlienVault USM is HTML5 and can even be used mobile.
Logz.io is more affordable, less work to maintain, and has more features. It was an easy choice. After my last team had to manage their own ELK stack, this was a no brainer. It helps us be focused on our core competencies.
Return on Investment
Premium Consulting/Integration Services
Entry-level set up fee?
Additional Pricing Details—
AlienVault USM More Information
Premium Consulting/Integration Services—
Entry-level set up fee?