AlienVault USM<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>

327 Ratings

AlienVault USM<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>

327 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 7.9 out of 101

Palo Alto Networks Threat Protection

4 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.6 out of 101

Add comparison

Likelihood to Recommend

AlienVault USM

AlienVault USM Anywhere is a great SIEM and if you need to deploy a SaaS solution then it is suited very well. It works very well for us being 100% AWS and integrates well with our toolset and AWS features. The Open Threat Intelligence (OTX) is perfect for providing context on events and feeding our incident response processes.
Matthew White profile photo

Palo Alto Networks Threat Protection

I think threat prevention on a certain level could be used in all Palo Alto deployments (even if just alerting without blocking).
Alex Waitkus, CISSP-ISSAP, OSCP profile photo

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault USM
7.3
Palo Alto Networks Threat Protection
Centralized event and log data collection
AlienVault USM
8.0
Palo Alto Networks Threat Protection
Correlation
AlienVault USM
8.0
Palo Alto Networks Threat Protection
Event and log normalization
AlienVault USM
8.0
Palo Alto Networks Threat Protection
Deployment flexibility
AlienVault USM
7.0
Palo Alto Networks Threat Protection
Custom dashboards and views
AlienVault USM
6.0
Palo Alto Networks Threat Protection
Host and network-based intrusion detection
AlienVault USM
7.0
Palo Alto Networks Threat Protection

Pros

  • AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the cloud) is quick and easy.
  • Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response.
  • USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice.
  • With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon CloudWatch Logs.
Matthew White profile photo
  • The threat engine has constant updates for important threats.
  • Wildfire helps supplement the Threat engine to help protect against 0 day threats.
  • The way the threat engine can be added at different levels to different zones and policies helps to ensure business essential traffic can have policies that are tuned to ensure traffic will flow.
Alex Waitkus, CISSP-ISSAP, OSCP profile photo

Cons

  • We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.
  • More data tiers - something between 250GB and 500GB tiers, maybe break it down into 100GB tiers?
  • Integration with OpsGenie would be great.
Matthew White profile photo
  • Visibility into signatures and how they function/what triggers them would be very beneficial.
  • Lacking customizability compared to other tools.
  • Inability to write custom signatures easily and for traffic with small (less than 8 bit) signatures.
Alex Waitkus, CISSP-ISSAP, OSCP profile photo

Likelihood to Renew

AlienVault USM9.0
Based on 13 answers
It is a great product and has been instrumental to our security posture.
Dana Hancock profile photo
No score
No answers yet
No answers on this topic

Usability

AlienVault USM7.2
Based on 33 answers
Almost all functions are intuitive, custom logging is not very easy to configure.
Dana Hancock profile photo
No score
No answers yet
No answers on this topic

Support

AlienVault USM7.6
Based on 24 answers
Only had to use this once, and they had us back on track in an hour or so. They followed up the day after to make sure all was still working, great team.
Jason Cresswell profile photo
No score
No answers yet
No answers on this topic

Implementation

AlienVault USM7.1
Based on 37 answers
Initial deployment was great compared to all the research I had read about deploying SIEM solutions. The basic setup gives excellent information about what is occurring on your enterprise network.
Russel Beckham profile photo
No score
No answers yet
No answers on this topic

Alternatives Considered

We looked at a number of other products besides AlienVault. Most of them were software packages that had OK reviews, but would have been costly to implement and time-consuming to maintain. AlienVault was an all-in-one appliance, though it comes in a virtual machine that you can run as well. We chose the USM because of our virtualization resources were getting pretty tight at the time we chose AlienVault, and we prefer hardware appliances.
Christopher Taylor profile photo
It is comparable but not as robust as other stand alone IPS/IDS.
Alex Waitkus, CISSP-ISSAP, OSCP profile photo

Return on Investment

No answers on this topic
  • New deployment hasn't been fully calculated yet.
  • With the addition of Panorama and central logging, event investigation has become more streamlined.
Alex Waitkus, CISSP-ISSAP, OSCP profile photo

Screenshots

Palo Alto Networks Threat Protection

Pricing Details

AlienVault USM

General
Free Trial
Yes
Free/Freemium Version
Yes
Premium Consulting/Integration Services
Yes
Entry-level set up fee?
Optional
Additional Pricing Details

AlienVault USM More Information

Palo Alto Networks Threat Protection

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

Palo Alto Networks Threat Protection More Information