<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>Score 7.9 out of 101
Based on 334 reviews and ratings
Likelihood to Recommend
AlienVault USM Anywhere is a great SIEM and if you need to deploy a SaaS solution then it is suited very well. It works very well for us being 100% AWS and integrates well with our toolset and AWS features. The Open Threat Intelligence (OTX) is perfect for providing context on events and feeding our incident response processes.
I find that Splunk Cloud is well suited for tracking user logins, Server Reboots, failed login attempts, account lockouts, and sorting these items by host or user. We often trace failed user logins to someone having cached credentials on an endpoint which can result in locked accounts that drive the Help Desk ticket volume up unnecessarily.
Feature Rating Comparison
Centralized event and log data collection
Event and log normalization
Custom dashboards and views
Host and network-based intrusion detection
Integration with Identity and Access Management Tools
- Up to this point, I have had no issues integrating with a system we currently have in production. while AlienVault stays on top with plugin updates.
- Te dashboard is very informative when you figure out how to navigate around it and tweaked to your organization needs.
- Correlation of events is probably my favorite as I normally only need to jump on the AlienVault dashboard to hammer down on network traffic/activity details.
- Splunk Cloud allows me to search the volumes of information help in Windows Server Logs quickly and accurately.
- Splunk Cloud allows me to create Dashboards for everyday monitoring of multiple parameters.
- Splunk Cloud allows me to create and schedule reports for Management on network usage and statistics.
- Initial setup and administration. I came into this company after the utility was deployed and what I have found in our setup was that the ESXi environment in our setup does not scan the entire network. Having an initial setup assistance program for the installation.
- Asset environment. In our current configuration we have all the servers and network appliances running with static ip's or reservations from our dhcp server, this works very well in our environment. What does not work well are the machines that are part of the dhcp pool, if the machines are configured as an asset and the ip address changes the description (identity) does not follow the device. I think that if we have the ability assign assets from the MAC address would eliminate this problem as I see it.
- Kick-off program. As part of the service we where invited to join a kick-off event that I personally attended (virtual class actually) what I discovered from this class was a more advanced configuration than what I had expected to see. While in provided good information and virtual labs, I think if the class is a kick-off then it should be about the basic installation and configuration of the appliance. The time spent on configuring rules out weighed how to get information to be read from the sensors.
- The SPL programming language that the queries are built in is not very intuitive.
- There should be a better repository of pre-built queries for what I would think of as common Active Directory usage monitoring.
- I would like to see more free training/familiarization information made available.
Likelihood to Renew
Based on 33 answers
The system is great in turns of functionality but in terms of being user friendly and usability for the average person it is very hard to understand and wil take a lot of training.
Based on 24 answers
Support was initially slow but once engaged resolution was fast and efficient.Additional support on other topics was also resolved under the same initial call which helped rather than closing the call off and starting again.Further check backs were carried out before the case was closed so support was very useful throughout.
Based on 37 answers
AlienVault Unified Security Management is just a better integration of the tools needed for monitoring your environment. Adding to the polish of the product, the support behind the software has been great.
I have used several Solar Winds tools in the past to monitor and track similar things. Both tools are comparable in their performance. Each one has it's own set of challenges when getting set up for the first time as well as a learning curve to get comfortable with usage.
Return on Investment
- Splunk Cloud has had a positive ROI in helping more efficiently track the cause of Help Desk Tickets.
- The billing model which is based on the amount of data from logs uploaded doesn't alert if a threshold is approaching. This can have a negative ROI.
- The training that I have taken while in-depth and focused is pretty expensive.
Premium Consulting/Integration Services
Entry-level set up fee?
Additional Pricing Details—
AlienVault USM More Information
Premium Consulting/Integration Services—
Entry-level set up fee?