AlienVault USM<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>Score 7.9 out of 101
Based on 329 reviews and ratings
Likelihood to Recommend
AlienVault USM Anywhere is a great SIEM and if you need to deploy a SaaS solution then it is suited very well. It works very well for us being 100% AWS and integrates well with our toolset and AWS features. The Open Threat Intelligence (OTX) is perfect for providing context on events and feeding our incident response processes.
Feature Rating Comparison
Centralized event and log data collection
Event and log normalization
Custom dashboards and views
Host and network-based intrusion detection
- Compliance: For each compliance aspect in each standard, there's an AlienVault USM feature which helps compliance. For instance, in PCI DSS Compliance you require File Integrity Monitoring, and AlienVault USM has it. Every component of the standard gets covered by the product.
- Data handling: Event management can become cumbersome if not well handled. AlienVault USM classifies event information properly where it belongs to the data it's useful to you. When you export a report, you can filter out easily what you don't need, so you only extract valuable information.
- Asset availability: It is really handy to cover every aspect of your asset classification, events to come in, services each asset has, location, all of the information really helps to draw alarms properly.
- Low false positive rate as long as it is properly managed/tuned.
- Easy to manage and configure with the GUI.
- Support is great if assistance is needed.
- Because AlienVault USM combines several well know components, you have to life with the fact, that they are not in their latest version, i.e. the integrated OSSEC, which should be replaced with the OSSEC-Wazuh fork instead.
- Due to the all-in-one approach, the solution is quite resource hungry. You have to have a decent machine to run it.
- The reporting module is nice, but sometimes it is quite a challenge to configure a custom report as you will only get the results you want after a trial and error run.
- Wish additional modules were included such as FireAmp.
- Wish it was easier to include customized signatures if needed. Required to know how to code with Snort in order to add real customization.
Likelihood to Renew
Based on 13 answers
Based on 1 answer
Based on 33 answers
Best SIEM out there. Built for the serious security practioner. Has features you would expect in something much more expensive. Product continues to be refined and improved.
Based on 24 answers
Support was initially slow but once engaged resolution was fast and efficient.Additional support on other topics was also resolved under the same initial call which helped rather than closing the call off and starting again.Further check backs were carried out before the case was closed so support was very useful throughout.
Based on 37 answers
Implementation is easy but having easy access to support and professional services is a great help. Getting it up and running is very easy, getting it configured for your specific environment does take a little more work, when you run into any issues support or your professional services provider is always there.
I recommended Alert Logic, but management was drawn to the much lower price of AlienVault. Alert Logic seems to have a more mature product and has some of these features that have been lacking in AlienVault.
Sourcefire 3D is Snort on steroids. Snort is a great free open source tool but Sourcefire adds a lot of functionality on top of the Snort engine. It opens a whole new world when it comes to detecting and blocking malicious traffic if you decide to place it inline. We needed to enhance our Security posture and Sourcefire allowed us to do that.
Return on Investment
- We have noticed a drop in the amount of infections within the environment since introducing Sourcefire 3 years ago. This saves on time and effort on our desktop teams to remediate threats.
Premium Consulting/Integration Services
Entry-level set up fee?
Additional Pricing Details—
AlienVault USM More Information
Premium Consulting/Integration Services—
Entry-level set up fee?