What users are saying about

AlienVault USM

328 Ratings

Splunk Cloud

22 Ratings

AlienVault USM

328 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 7.9 out of 101

Splunk Cloud

22 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.5 out of 101

Add comparison

Likelihood to Recommend

AlienVault USM

AlienVault USM Anywhere is a great SIEM and if you need to deploy a SaaS solution then it is suited very well. It works very well for us being 100% AWS and integrates well with our toolset and AWS features. The Open Threat Intelligence (OTX) is perfect for providing context on events and feeding our incident response processes.
Matthew White profile photo

Splunk Cloud

I find that Splunk Cloud is well suited for tracking user logins, Server Reboots, failed login attempts, account lockouts, and sorting these items by host or user. We often trace failed user logins to someone having cached credentials on an endpoint which can result in locked accounts that drive the Help Desk ticket volume up unnecessarily.
Jeff Kitchens profile photo

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault USM
7.3
Splunk Cloud
9.5
Centralized event and log data collection
AlienVault USM
8.0
Splunk Cloud
10.0
Correlation
AlienVault USM
8.0
Splunk Cloud
9.5
Event and log normalization
AlienVault USM
8.0
Splunk Cloud
9.0
Deployment flexibility
AlienVault USM
7.0
Splunk Cloud
9.0
Custom dashboards and views
AlienVault USM
6.0
Splunk Cloud
10.0
Host and network-based intrusion detection
AlienVault USM
7.0
Splunk Cloud
10.0
Integration with Identity and Access Management Tools
AlienVault USM
Splunk Cloud
9.0

Pros

  • AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the cloud) is quick and easy.
  • Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response.
  • USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice.
  • With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon CloudWatch Logs.
Matthew White profile photo
  • Splunk Cloud allows me to search the volumes of information help in Windows Server Logs quickly and accurately.
  • Splunk Cloud allows me to create Dashboards for everyday monitoring of multiple parameters.
  • Splunk Cloud allows me to create and schedule reports for Management on network usage and statistics.
Jeff Kitchens profile photo

Cons

  • Because AlienVault USM combines several well know components, you have to life with the fact, that they are not in their latest version, i.e. the integrated OSSEC, which should be replaced with the OSSEC-Wazuh fork instead.
  • Due to the all-in-one approach, the solution is quite resource hungry. You have to have a decent machine to run it.
  • The reporting module is nice, but sometimes it is quite a challenge to configure a custom report as you will only get the results you want after a trial and error run.
Christian B. Caldarone profile photo
  • The SPL programming language that the queries are built in is not very intuitive.
  • There should be a better repository of pre-built queries for what I would think of as common Active Directory usage monitoring.
  • I would like to see more free training/familiarization information made available.
Jeff Kitchens profile photo

Likelihood to Renew

AlienVault USM9.0
Based on 13 answers
It is a great product and has been instrumental to our security posture.
Dana Hancock profile photo
No score
No answers yet
No answers on this topic

Usability

AlienVault USM7.2
Based on 33 answers
Almost all functions are intuitive, custom logging is not very easy to configure.
Dana Hancock profile photo
No score
No answers yet
No answers on this topic

Support

AlienVault USM7.6
Based on 24 answers
Based on previous experience we had to explain and demonstrate the problems several times; fixes takes long time to be implemented and rolled out to end users. Several times we had to guide the support contact to fully understand the problem
Bilal Al Sabbagh profile photo
No score
No answers yet
No answers on this topic

Implementation

AlienVault USM7.1
Based on 37 answers
The one thing to remember is where to place the sensors within your organization. It is one thing to collect and analyze data, but collecting the right data is key. This is where AlienVaults experts really help. Instead of trying to sell you a gazillion sensors, they walk you through your network to make sure he sensors are where they need to be so you can achieve your goal. Implementation works so well because they take the time upfront to know your goals before they help you achieve them.
Matthew Frederickson profile photo
No score
No answers yet
No answers on this topic

Alternatives Considered

We looked at a number of other products besides AlienVault. Most of them were software packages that had OK reviews, but would have been costly to implement and time-consuming to maintain. AlienVault was an all-in-one appliance, though it comes in a virtual machine that you can run as well. We chose the USM because of our virtualization resources were getting pretty tight at the time we chose AlienVault, and we prefer hardware appliances.
Christopher Taylor profile photo
I have used several Solar Winds tools in the past to monitor and track similar things. Both tools are comparable in their performance. Each one has it's own set of challenges when getting set up for the first time as well as a learning curve to get comfortable with usage.
Jeff Kitchens profile photo

Return on Investment

No answers on this topic
  • Splunk Cloud has had a positive ROI in helping more efficiently track the cause of Help Desk Tickets.
  • The billing model which is based on the amount of data from logs uploaded doesn't alert if a threshold is approaching. This can have a negative ROI.
  • The training that I have taken while in-depth and focused is pretty expensive.
Jeff Kitchens profile photo

Screenshots

Splunk Cloud

Pricing Details

AlienVault USM

General
Free Trial
Yes
Free/Freemium Version
Yes
Premium Consulting/Integration Services
Yes
Entry-level set up fee?
Optional
Additional Pricing Details

AlienVault USM More Information

Splunk Cloud

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

Splunk Cloud More Information