<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>Score 7.9 out of 101
Based on 334 reviews and ratings
Likelihood to Recommend
Since AlienVault is a versatile tool, having versions for various cloud providers as well as virtualization frameworks, it adheres to the most diverse scenarios. Another strong point to be highlighted is how the company is constantly improving the product. AlienVault is famous for the effort the company puts behind the tool, and it is being improved constantly by adding new resources.
It is appropriate for companies that focus on developing extremely simple applications. The great visibility it provides makes it ideal to avoid problems that may affect the entire business or company thanks to the fact that it is capable of emitting dozens of alerts in a short time. Sometimes the search behavior becomes slow and inefficient, which can be uncomfortable.
Feature Rating Comparison
Centralized event and log data collection
Event and log normalization
Custom dashboards and views
Host and network-based intrusion detection
Integration with Identity and Access Management Tools
- The SIEM does a good job of correlating network data from multiple sources along with the Data from deployed HIDS
- The Nmap scan is fast and non-invasive that defines devices on your network.
- The vulnerability scanning has several options and reports to enable data to be available for compliance purposes.
- Emits alerts inmediately if somenthing is out of the ordinary.
- It performs high-speed monitoring automatically so it does not require configuration.
- Does not require any maintenance.
- It has a very simple interface.
- It offers its users great scalability.
- SMTP: The appliance can only send SMTP alerts to ONE email address. At the very least, it should be able to send to multiple people, and this shouldn't be a global setting. Some people want to see certain alerts, others need to see other alerts. It's highly inflexible.
- Reports: There basically aren't any. I need a way to prove to the CEO that this expense is worth it, but I can't print a nice graph of logs collected per day, alarms on each device, or really anything at all.
- SLOW: When it starts collecting lots of logs, the appliance really slows down. When you're trying to do a search on logs, it can take an hour or more. Almost impossible to do forensic analysis of an incident when it takes this long to gather the correct logs.
- Multiple VPCs are not supported: The only deployment option is a single box. Without allowing multiple sensor nodes, it's very difficult to see into other networks. VPC peering can get you around this, but this is not allowed for us because of security concerns, and it's impossible because both VPCs use the same IP range. You can use a Linux jump box, but you can't use a Windows jump box, and a Linux jump box won't connect to any Windows servers.
- Its price can be very high, so you should have good control of it to avoid exaggerated figures.
- Some functions can be confusing.
- It has limits to create subaccounts, which is a big problem for large companies.
Likelihood to Renew
Based on 33 answers
Best SIEM out there. Built for the serious security practioner. Has features you would expect in something much more expensive. Product continues to be refined and improved.
Based on 24 answers
Only had to use this once, and they had us back on track in an hour or so. They followed up the day after to make sure all was still working, great team.
Based on 37 answers
Initial deployment was great compared to all the research I had read about deploying SIEM solutions. The basic setup gives excellent information about what is occurring on your enterprise network.
I recommended Alert Logic, but management was drawn to the much lower price of AlienVault. Alert Logic seems to have a more mature product and has some of these features that have been lacking in AlienVault.
Chosen before any other software for its versatility and speed to immediately stop any failure that may impair the operation of our applications, also their prices are very fair and it is very easy to work with it. On the other hand, other software such as FortiSIEM is very slow and its configurations are very complex and require maintenance, which implies more expense.
Return on Investment
- It helps us keep up with all the problems we may encounter.
- Logz.io API helps a lot in debugging automation
- We can use our set of tools to automatically look for common problems and monitor the current situation and in this way avoid our clients being alerted by some faults generated in the infrastructures of the applications.
Premium Consulting/Integration Services
Entry-level set up fee?
Additional Pricing Details—
AlienVault USM More Information
Premium Consulting/Integration Services—
Entry-level set up fee?