What users are saying about

AlienVault USM

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
336 Ratings
3 Ratings

AlienVault USM

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
336 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8 out of 101
3 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 6.3 out of 101

Add comparison

Likelihood to Recommend

AlienVault USM

In my organization's scenario, the on-premise appliance provides great value as we are a small company with site inter-connectivity. Where I am not too sure of is how exactly the product scales with very large networks with separate Windows and network domains.
AJ Gumataotao profile photo

RSA enVision

It is really a robust platform that can be heavily customized to suit requirements. Good for advanced hunting and forensics. Robust automation features.
No photo available

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault USM
7.3
RSA enVision
7.6
Centralized event and log data collection
AlienVault USM
8.0
RSA enVision
8.0
Correlation
AlienVault USM
8.0
RSA enVision
10.0
Event and log normalization
AlienVault USM
8.0
RSA enVision
8.0
Deployment flexibility
AlienVault USM
7.0
RSA enVision
10.0
Custom dashboards and views
AlienVault USM
6.0
RSA enVision
6.0
Host and network-based intrusion detection
AlienVault USM
7.0
RSA enVision
4.0
Integration with Identity and Access Management Tools
AlienVault USM
RSA enVision
7.0

Pros

  • The SIEM does a good job of correlating network data from multiple sources along with the Data from deployed HIDS
  • The Nmap scan is fast and non-invasive that defines devices on your network.
  • The vulnerability scanning has several options and reports to enable data to be available for compliance purposes.
Clark Crain profile photo
  • Log collection and parsing.
  • Packet collection and parsing.
  • Enhanched analytics and alerting.
  • Robust integration.
No photo available

Cons

  • Because AlienVault USM combines several well know components, you have to life with the fact, that they are not in their latest version, i.e. the integrated OSSEC, which should be replaced with the OSSEC-Wazuh fork instead.
  • Due to the all-in-one approach, the solution is quite resource hungry. You have to have a decent machine to run it.
  • The reporting module is nice, but sometimes it is quite a challenge to configure a custom report as you will only get the results you want after a trial and error run.
Christian B. Caldarone profile photo
  • Lacking out of the box best practice templates etc. It relies heavily on customization.
  • Lack of up to date threat feeds.
  • Difficult to learn and use initially.
No photo available

Likelihood to Renew

AlienVault USM9.0
Based on 13 answers
The centralized logging and retention for PCI compliance was our main driver, and it is meeting that need. Otherwise there has been enough frustration with the lack of documentation and the need to customize through the CLI that I would be open to alternatives.
Aaron Rothstein profile photo
No score
No answers yet
No answers on this topic

Usability

AlienVault USM7.2
Based on 33 answers
Almost all functions are intuitive, custom logging is not very easy to configure.
Dana Hancock profile photo
No score
No answers yet
No answers on this topic

Support

AlienVault USM7.6
Based on 24 answers
I have not had a single issue with the alienvault support staff. Any issue or question that we had, especially in the beginning during the installation phase the support staff was readily available via phone and email to help us. I am very happy with the decision we made to go with alienvault.
Mikhail Suleymanov profile photo
No score
No answers yet
No answers on this topic

Implementation

AlienVault USM7.1
Based on 37 answers
Anything beyond a vanilla deployment will take a lot of effort.
Aaron Rothstein profile photo
No score
No answers yet
No answers on this topic

Alternatives Considered

I looked into Splunk, QRadar, but they were way too expensive and the reviews weren't always great. I used McAfee ESM extensively at my prior job and the product is probably the worst in the SIEM space. We moved to AlienVault from ELK which, while a cool product, didn't do any security event correlation and has a terrible search and log review and export. AlienVault is the only major SIEM comprised of over 200 open source tools I'd want to use anyway, so it does more than any SIEM with its HIDS agents, vulnerability scanning, asset discovery, etc. The included Open Threat Exchange subscription is also a major plus.
Jon Armani profile photo
Best in Class for us, and was a good choice since we already are using a lot of other RSA products(DLP, Archer etc.)
No photo available

Return on Investment

No answers on this topic
  • Hard to calculate ROI since it is not revenue based.
  • It is a expensive solution, bit very capable.
No photo available

Screenshots

RSA enVision

Pricing Details

AlienVault USM

General
Free Trial
Yes
Free/Freemium Version
Yes
Premium Consulting/Integration Services
Yes
Entry-level set up fee?
Optional
Additional Pricing Details

AlienVault USM More Information

RSA enVision

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

RSA enVision More Information