AlienVault USM<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>Score 7.9 out of 101
Based on 329 reviews and ratings
Likelihood to Recommend
AlienVault USM Anywhere is a great SIEM and if you need to deploy a SaaS solution then it is suited very well. It works very well for us being 100% AWS and integrates well with our toolset and AWS features. The Open Threat Intelligence (OTX) is perfect for providing context on events and feeding our incident response processes.
In a big environment with many server ad network appliances, Skybox works very well to prioritize vulnerabilities in a smart mode and to have a network sight in terms of discovering security holes.It's not useful for a small company because the cost is expensive and it's possible to make the three tasks above manually.
Feature Rating Comparison
Centralized event and log data collection
Event and log normalization
Custom dashboards and views
Host and network-based intrusion detection
- AlienVault USM is based on well-known Open Source components, which each for itself, represents a quasi industry standard
- Integration into the existing infrastructure works like a charm. Basically you just need to roll-out an OSSEC client to each server or PC and you have already a pretty high coverage of security information and events. They immediately show up in the AlienVault Webinterface
- Due to the countless plugins, it is very easy to add network devices like firewalls, router, switches, but also servers running apache and the alike. You will just need to forward syslog and it will all appear in your AlienVault Webinterface
- The modular design of AlienVault USM in form of "deployable sensors", allows you to easily integrate different network segments, such as remote sites.
- As regular vulnerability scans are a must to understand which CVEs your infrastructure is exposed at, this becomes an easy task with AlienVault. They provide you with a set-and-forget approach for running regular scans. Additionally there are helpful hints to how to get more secure.
- Vulnerability prioritization
- Review of firewall rules
- Review of routing rules
- I would like to see an interface that is more menu driven. For example a method that allows me to drag and drop the items I would like in an adhoc report based on local machines that are attempting to connect to sites beyond our network that are blocked by our firewall.
- I would like to see a more robust connection to our SonicWall, having two devices in the same rack that must be configured independently is some times a pain to fine tune.
- I would like to see additional help files built that allow users to work with the Alienvault without attending formal training.
- User experience. On the first approach, it's not the simplest tool that I have ever used.
- Web-based console. In my honest opinion it's very important [to have] this type of functionality to extend the use of Skybox.
- Too many updates of the product.
Likelihood to Renew
Based on 33 answers
The product once properly configured seems to offer a wealth of information but has it's issues. I feel that the initial setup/ installation should include technical support to get up and running. My personal experience from the configuration as installed indicates that the network adaptors are not properly configured to read information. The network ports where configured to only ready 1/2 the network?? So having help to get the system up and running should be part of the initial purchase.
Based on 24 answers
I have a 50/50 rating on this because they have been helpful in one aspect but not in another. They seem to be fairly responsive to requests, but like with my most recent request no solution offered. that is not truly a fair statement, but rather no solution unless I agree to pay additional fee's. From conversations with both our sales rep and another representative they both indicate that we have 3 years of extended support, but the problem reported to them is not covered under our support agreement.
Based on 37 answers
If you look at AlienVault USM, you will have to look at OSSIM too. For very small enterprises with limited budget or no budget at all, OSSIM might be a good alternative, it is the free version of AlienVault USM, but that means you are on your own with it. Another competitor is definitively GrayLog as it provides a very good interface and is easy to use, plus it is using ElasticSearch as its data store. As stated previously, the ELK stack (ElasticSearch Logstash Kibana) is a good alternative too, but not ready to use off the shelf, nor an all-in-one solution. In fact, the components used by AlienVault, such as OpenVAS, OSSEC, Suricata, etc are its biggest competitors at the same time, but only if you make the effort to run each of the as an independent solution. In return you get a maximum of flexibility and full power over your solution.
Return on Investment
- Reduces cost in terms of time and money to spend in remediation activity.
- Improve the network topology and then it's possibile to reduce cost of network/security appliances where they're not necessary.
- The cost of the solution is not trivial when the number of network appliances is big.
Premium Consulting/Integration Services
Entry-level set up fee?
Additional Pricing Details—
AlienVault USM More Information
Premium Consulting/Integration Services—
Entry-level set up fee?