AlienVault® Unified Security Management®
(USM) delivers threat detection, incident response, and compliance
management in one unified platform. It is designed to combine all the essential security
capabilities needed for effective security monitoring across cloud and
on-premises environments, including SIEM, intrusion detection, vulnerability
management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT
security teams, AlienVault…
$1,075
per month
Splunk Cloud
Score 8.3 out of 10
N/A
A data platform service thats help users search, analyze, visualize and act on data. The service can go live in as little as two days, and with an IT backend managed by Splunk experts, users can focus on acting on data. Search any kind of data in real-time to detect and prevent issues before they happen with access to streaming and machine learning capabilities. Search any kind of data in real-time to detect and prevent issues before they happen with access to the latest streaming and machine…
We looked at Splunk and compared it to AlienVault USM,but their offerings weren't as friendly both in implementation and pricing. One of the biggest pluses of AlienVault USM is the offering of an on-premise virtual appliance. We are still a shop where we like to be hands-on …
The tool works well compared with the two others. As I said previously, AlienVault USM gives you a lot of visibility right out of the box and with very little configuration.
However, I like the ability to customize pieces, such as log parsers and dashboards, as I see fit without …
I researched Splunk, AlienVault USM, and two other competitors, but the first two were the only ones seriously considered. AlienVault USM was able to offer better pricing and consummate a deal faster than Splunk. Splunk just could not get their act together to close the deal. …
I’ve found AlienVault to be the cheaper, simpler winner in the space, but their platform leaves a lot to be desired (though I still haven’t found anything better).
AlienVault was the cheapest solution compared with the competition and had similar or better features. Also, the SaaS based solution made it easy to deploy the solution without the need to maintain additional servers on premise. It was very easy to use and had a great UI which …
For baseline functionality and simplicity in deployment, we chose USM over other commercial or open source technologies in the same arena. When compared against other tooling like Rapid7 or Splunk, the cost for the ingestion load we were seeing on a monthly basis was best with …
In our initial search for a SIEM solution, we evaluated many companies including Splunk. Splunk is one of the best SIEM solutions on the market. The reason that we chose to not use them is because they are built for much larger organizations than ours. The cost was very out …
We found AlienVault to best suit our environment and provide the level of detail that we needed to not only secure our environment but to help us prepare for IT asset audits. It has VMWare, O365, and Meraki integrations which we use in our office and we required software that …
Splunk does a good job, but the configuration was very complex and we have concerns about customization. In addition, the cost per GB of data made the solution excessively expensive. The cost of AlienVault USM is more in-line with what we are able to spend on a SIEM solution.
AlienVault solution has a very complete set of functionalities. At the time we elected, their price was well positioned but in the last year this changed drastically.
For us, AlienVault was better than Splunk in many ways. One of them was that AlienVault includes an easier interface and better alert rules. In the case of FortiSIEM, the cost of AlienVault was more competitive, and we were already using OSSEC, so the connection between …
IBM QRadar - long and clunky installation process, after which we weren't blown away by the tired and over-complicated user interface - wasn't a good fit for us. InsightIDR - disappointing engagement with their sales team, who weren't able to answer surface-level questions about …
They are similar in concept and operation. AlienVault USM platform feels a little more search friendly than the competition. Threat dashboard within AlienVault USM is much more consumable in the initial days of release and has a much more user friendly feel to it versus others. …
For us it came down to cost. AlienVault's competitors just could not compare on cost for a small organization like us. They are out of touch. Everyone needs a solid tool like AlienVault, but too often the industry only caters to big budgets. More often than not, that results in …
At this point I'm saying a 4. While the marketing material make it appear to be easy to use and it was relatively easy to set up, as previously mentioned, each event description is based upon the individual asset making it nearly impossible for the administrator to be a SME for each asset. For example, if one of the assets reporting is a router, the administrator monitoring alerts would need to know what the various events are that can be triggered as an event for the particular router; however, if the asset is a workstation, the administrator would need to know the various events that are triggered for workstations.
Splunk is excellent when all your data is in one location. Its ability to correlate all that data is intuitive (once the hurdle of learning the query language is overcome). It is also easy to standardize the presentation of information to the company. When data is siloed/standalone, other systems can be cheaper and faster to implement.
AlienVault USM is simple and easy to deploy. Sensors can be deployed in as little as 15 minutes through the setup wizard.
The USM UI is easy to understand. I've trained multiple analysts who are able to perform their duties on their first day, in part because of USM Anywhere's ease of use.
Top-notch built-in compliance templates and reporting features.
This SIEM consolidates multiple data points and offers several features and benefits, creating custom dashboards and managing alert workflows.
Splunk Cloud provides a simple way to have a central monitoring and security solution. Though it does not have a huge learning curve, you should spend some time learning the basics.
Splunk Cloud enables me to create and schedule statistical reports on network use for Management.
Personally, I've wished I could purchase a service that would configure AV for my environment. I get a lot of traffic on a daily basis and I almost need to hire an analyst that just works on AV.
Some of the filters when looking for a specific alert aren't that easy to use.
The centralized logging and retention for PCI compliance was our main driver, and it is meeting that need. Otherwise there has been enough frustration with the lack of documentation and the need to customize through the CLI that I would be open to alternatives.
Once you are able to navigate the different panels, finding what you need is quite easily. Before getting used it it can be a bit of challenge . Each panel is quite well laid out and the filtering search capabilities are quite strong.
Overall, it is very usable. I would like if recent searches were saved for longer because I always have to refer to my notes when I'm looking for something specific and it's been a few weeks. But that's a small issue, and the actual search and browsing interface is easy to use and powerful.
We do have issues with maintenance on the AlienVault USM as the disk fills up from time to time with other data sources. Sources for scanning logs and net flow data isn't calculated in regular disk maintenance and can easily fill up our disk if we do not keep an eye on it with some custom Nagios plugins. The system does properly trim logging data from logging sources properly.
With the latest release of AlienVault USM overall performance has not been an issue. We have noticed single source events per second does not scale well with the overall system. 2,000eps on a vmware system with a single source produces delays of up to an hour for us. Pages, reporting and even raw log searches are rather quick though.
The support we received from alienvault was excellent. They went above and beyond in making sure everything was working as it needed to be. They REALLY want their product implementation to be a success and our security goals be achieved. They are like a member of our security team.
Splunk Cloud support is sorely lacking unfortunately. The portal where you submit tickets is not very good and is lacking polish. Tickets are left for days without any updates and when chased it is only sometimes you get a reply back. I get the feeling the support team are very understaffed and have far too much going on. From what I know, Splunk is aware of this and seem to be trying to remedy it.
I did not have any experience with "in person" training directly. The free online classes offered for a half a day are based on the actual training offered. These little teasers are very good and well worth your time to learn a few quick and dirty ways of getting more information from your SIEM
It was very well organized and helpful in using the product to the fullest extent. The instructor allowed time for folks who were involved with managed services to receive tuning tips in order to better support their customers. In addition, the course materials were automatically updated when the new version came out.
AlienVault USM was a very simple to implement and get up and running. We started with a trial version and had that up and going within an hour of receiving email instructions from the sales engineer. We never had to contact support to get the system up and going. It was extremely easy to convert over to a full license once we started with a paid version.
Splunk's ES is a paid add-on on top of an already pricey product. Finding a MSSP that supports Splunk and isn't a 6 figure annual commitment seems unlikely. LogRhythm did not have a cloud-based solution when we were considering SIEMs. Fantastic product though and have a good MSSP base. Devo did not have a MSSP partner base when we looked. Their product is fantastic too. AlienVault USM has good partners to choose from as well as an affordable cloud model, that's why we chose it.
Splunk Cloud blows Sumo Logic out of the water. The experience is night and day. We went from several highly stressed IT security professionals who were unsure if the data they were getting was valuable, to very happy IT security professionals who can now be more proactive and get all the information they need.
The AlienVault USM is not very scalable. Some scalability can be achieved by installing additional sensors, but this only offers 500eps per sensor and is still overall limited by the installation type of VM or physical. We have also noticed the EPS (events per second) is rated overall and not towards a single source. A single source on a very healthy VMware partition tops out at 2,000eps for us, no matter how we configure it. Maybe this is a problem of the 5.2 release?
Once you hit the 150 asset mark, you have to jump to their unlimited license. There is no middle ground. We were only 10 or so assets above the 150 so we had to chose to either not monitor those assets or pay the price of the upgrade.
AlienVault brings all the information to one place which makes it much quicker to track down problems.
