<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>Score 8 out of 101
Based on 334 reviews and ratings
Likelihood to Recommend
AlienVault is most probably the best choice for smaller companies with up to 200 assets, which have limited resources in security personnel and are looking for an easy-to-implement, easy-to-run and easy-to-use SIEM including a "detection ecosystem". If you are highly skilled and very sophisticated (and you have the time too), you better run all the components, each as a stand-alone solution and feed their results into an ELK stack. If you are looking for something in between: AlienVault is customizable too! You can go down on a very system level (they call it jail-breaking, ouch!), and get on a config spree, but be warned: The next update can break your changes. You need to know what you can so and what not, but once you understand where you can go, and where not, AlienVault becomes a friend for a lifetime.
Config Manager is particularly well suited to larger environments where the flexibility and power of the product can be fully realised. It is one of those products that would benefit from a dedicated staff resource.I do not think that Systems Center Configuration Manager is a good product to recommend to smaller business (e.g. those in single offices with fewer than 400 devices).
Feature Rating Comparison
Centralized event and log data collection
Event and log normalization
Custom dashboards and views
Host and network-based intrusion detection
- Alarms dashboard provides a great overview of all alerts, makes it easy to see what I need to focus on and what is noise
- Easily connects to all my desktops/servers using the HIDS agent, makes it simple to get setup
- As a solution, it was relatively cheap in comparison to it's competitors.
- SCCM has a very strong user community.
- One of SCCM's best feature would be the ability to push software through packages to multiple computers at once.
- What I like best about this release is the added powershell support.
Consultant in Information TechnologyInformation Technology and Services Company, 501-1000 employees
- Although the creation of custom report modules is powerful and easy, incorporating them into reports that are readable by non-technical staff without some interpretation is not so easy. Section headers can't be customized, and full log events cannot be presented in reports.
- Normalization (extraction/parsing of log fields and mapping them to actionable fields in the SIEM) needs to be done in further detail. There are times when I want to search on a particular field in a log, and can't do it because it's not normalized. I'm sure that it's a bit of a cat and mouse game with device vendors and operating systems, but more actionable fields in the database would be better. Fortunately, I can go into the underlying Linux system and do it myself, but it is quite time consuming to do so.
- A faster, more convenient way to weed out false positives would speed up the journey to SIEM success. I envision an interface similar to Micorosoft Outlook's rules, in which an analyst can look at an alarm from the USM, select the criteria on which she wants to suppress the event, create the rule, then hit a button to "delete existing alarms that match these criteria". I've shared this vision with AlienVault, and have my fingers crossed for the next version.
Likelihood to Renew
Based on 13 answers
The centralized logging and retention for PCI compliance was our main driver, and it is meeting that need. Otherwise there has been enough frustration with the lack of documentation and the need to customize through the CLI that I would be open to alternatives.
Based on 33 answers
Not enough documentation, non-descript error messages, and too much required to be done at the command line for an "appliance".
Based on 3 answers
No answer on this topic is available.
Based on 2 answers
I've given this rating because once you start Microsoft System Center Configuration Manager, it takes a little while to open and sometimes to open collections as well. Other than this, it's performance is fairly good. I haven't used features other than patching, software deployment, and asset tracking though, so I can't provide an in-depth review of its performance. For what I use, it's fairly good.
Analyst in Information TechnologyInformation Technology and Services Company, 501-1000 employees
Based on 24 answers
Only had to use this once, and they had us back on track in an hour or so. They followed up the day after to make sure all was still working, great team.
Based on 37 answers
Initial implementation was okay, but we should have gone on the one week course first as an understanding of the features and what to look for would have been of great use. This is especially relevant when fine tuning and correlating events and creating parsers.Once set up the system is pretty resilient and adding in configuration is quite an easy process. We only had on the odd few occasions had to progress any set up problems to tech support.There are also some great whitepapers and set up articles on AlienVault's website support.
We were looking at other solutions, but ultimately the sales demo we received for AlienVault looked good and was at a MUCH better price point than the alternatives we evaluated. We are also intrigued by the additional capability of vulnerability scanning.
Microsoft SCCM was selected because Microsoft provides a great pricing feature and explicit documentation, to start working with the product quickly and avoid huge impact to processes. No other vendors can propose something meeting all our business requirements.
Return on Investment
- We were short staffed and this allowed us to install software and image machines where we needed 2 more FTEs. This was able to do that process with very little human interaction and reduced our need to hire more employees.
- Nurses and front line staff who were registering patients needed IT to very quickly remote into their machine and fix problems and the remote assistance to help us resolve problems faster than and remote assistance tool we found. There is an option to allow direct access with or without asking permission. Our staff didn't want the software to ask permission, they just wanted the problem fixed.
- Our EMR vendor releases patches all the time and we were going around to each PC installing the patches one by one. This allowed us to push out the software to all machines and get a detailed report on success and failure.
Director in Information TechnologyHospital & Health Care Company, 501-1000 employees
Premium Consulting/Integration Services
Entry-level set up fee?
Additional Pricing Details—
AlienVault USM More Information
Premium Consulting/Integration Services—
Entry-level set up fee?