AlienVault USM vs Palo Alto Networks Threat Protection

• AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the cloud) is quick and easy.
• Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response.
• USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice.
• With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon CloudWatch Logs.

Read full review

• The threat engine has constant updates for important threats.
• Wildfire helps supplement the Threat engine to help protect against 0 day threats.
• The way the threat engine can be added at different levels to different zones and policies helps to ensure business essential traffic can have policies that are tuned to ensure traffic will flow.

Read full review

• We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.
• More data tiers - something between 250GB and 500GB tiers, maybe break it down into 100GB tiers?
• Integration with OpsGenie would be great.

Read full review

• Visibility into signatures and how they function/what triggers them would be very beneficial.
• Lacking customizability compared to other tools.
• Inability to write custom signatures easily and for traffic with small (less than 8 bit) signatures.

Read full review

• New deployment hasn't been fully calculated yet.
• With the addition of Panorama and central logging, event investigation has become more streamlined.

Read full review