What users are saying about

AlienVault USM<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>

329 Ratings

Splunk Enterprise<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>

189 Ratings

AlienVault USM<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>

329 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 7.9 out of 101

Splunk Enterprise<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>

189 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.5 out of 101

Add comparison

Likelihood to Recommend

AlienVault USM

In my organization's scenario, the on-premise appliance provides great value as we are a small company with site inter-connectivity. Where I am not too sure of is how exactly the product scales with very large networks with separate Windows and network domains.
AJ Gumataotao profile photo

Splunk Enterprise

Splunk is a great data analytics tool for you if you have a large amount of data to analyze. Splunk provides accurate and real-time analysis of data through its dashboard. But if you not quite a technical person or not willing to learn Splunk before using it, I will not recommend it to you. Also, Splunk is less appropriate for static data.
Rahul Shinde profile photo

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault USM
7.3
Splunk Enterprise
8.7
Centralized event and log data collection
AlienVault USM
8.0
Splunk Enterprise
9.2
Correlation
AlienVault USM
8.0
Splunk Enterprise
8.1
Event and log normalization
AlienVault USM
8.0
Splunk Enterprise
9.1
Deployment flexibility
AlienVault USM
7.0
Splunk Enterprise
8.7
Custom dashboards and views
AlienVault USM
6.0
Splunk Enterprise
9.4
Host and network-based intrusion detection
AlienVault USM
7.0
Splunk Enterprise
8.6
Integration with Identity and Access Management Tools
AlienVault USM
Splunk Enterprise
7.9

Pros

  • Up to this point, I have had no issues integrating with a system we currently have in production. while AlienVault stays on top with plugin updates.
  • Te dashboard is very informative when you figure out how to navigate around it and tweaked to your organization needs.
  • Correlation of events is probably my favorite as I normally only need to jump on the AlienVault dashboard to hammer down on network traffic/activity details.
AJ Gumataotao profile photo
  • Allow for separation of control where we don't let some employees have access to production but still can diagnose issues.
  • Common location to go for all logs even if the logs themselves aren't in the same place.
  • Ability to ingest logs from different locations without having to change the code to put logs in a certain place (pro and con).
No photo available

Cons

  • It can be difficult to set up correctly. I found the documentation sparse in some instances.
  • It can generate a ton of alerts, again if not set up correctly. I recommend taking the engineer's class for it, so that you can get the most out of your investment.
  • The vulnerability scans can eat up a lot of resources, as well as be a bit pushy. Running a scan against one of our printers resulted in that printer constantly flooded with inventory scan requests by AlienVault, which rendered said printer unusable. Make sure you break out your networks when doing scans!
Christopher Taylor profile photo
  • Search head clustering is great for reducing configuration differences among standalone search heads. The biggest problem with search head clustering (at the moment) is administration of non-knowledge object functions, like user roles and capabilities. Tasks like these must be done using Linux text editors and forces a rolling restart of all the search heads in the cluster.
  • Creating custom applications in a search head cluster has also taken a step backwards. One strength I didn't mention earlier, is the ability to segregate users from data sets they shouldn't see. One method to assist partitioning users is with custom applications (aka sandboxes). However, like user administration, creating the "sandbox" requires Linux skills as opposed to the previous GUI-driven method.
  • Querying LDAP datasets is limited to users with admin capabilities. That's okay only if the entire user community in your shop are administrators. Thus a great source for analyzing active directory membership is hindered until Splunk gets this fixed.
No photo available

Likelihood to Renew

AlienVault USM9.0
Based on 13 answers
No need to renew our use. We are actively using and liking it. Future outlook is continued use of the USM platform and tailoring it more and more for our environment.
Jay Dibble profile photo
Splunk Enterprise7.7
Based on 15 answers
The use cases for Splunk continue to grow. I leverage it in the sales cycle and to demo security. That is only the tip of the iceberg for this product. If I had more time, I would experiment wiith many other use cases and become more proficient at the coding
Richard Wilbert, MBA profile photo

Usability

AlienVault USM7.2
Based on 33 answers
Almost all functions are intuitive, custom logging is not very easy to configure.
Dana Hancock profile photo
Splunk Enterprise9.9
Based on 2 answers
You can literally throw in a single word into Splunk and it will pull back all instances of that word across all of your logs for the time span you select (provided you have permission to see that data). We have several users who have taken a few of the free courses from Splunk that are able to pull data out of it everyday with little help at all.
Kenneth Taitingfong profile photo

Reliability and Availability

AlienVault USM6.4
Based on 3 answers
No answer on this topic is available.
Splunk Enterprise10.0
Based on 1 answer
When properly setup and configured, Splunk is extremely reliable.
No photo available

Support

AlienVault USM7.6
Based on 24 answers
I have contacted support many times and every time they addressed the issue and continued until it was resolved. The product is solid, so the overall operation is trouble free.
Dana Hancock profile photo
Splunk Enterprise8.9
Based on 3 answers
Support from Splunk to our company is extremely good . Our team developed many dash boards , reports and alerts in Splunk which saved so many hours of our development time and made us very very efficient . We are extremely happy with current functionality provided by Splunk and have no complaints at all . I would definitely recommend it to everyone
No photo available

Implementation

AlienVault USM7.1
Based on 37 answers
The best recommendation I can offer is understand the system that is being installed. Knowing how to configure and specific expectations that you expect from the machine. I would say to watch the tutorials and the online video's, get yourself involved with the community forum and ask the questions if you do not understand.Our company did not make the best choice on the computer that the service was installed on and it has led to some adverse effects that did not appear until now, almost 2 years later and needing to re-install the entire system all over again.If you need the help, ask for it. The technical support team at alienvault and community forum members are always there to answer questions.
James Ellsworth profile photo
Splunk Enterprise8.0
Based on 1 answer
Engage professional service early on in the implementation
No photo available

Alternatives Considered

We looked at a number of other products besides AlienVault. Most of them were software packages that had OK reviews, but would have been costly to implement and time-consuming to maintain. AlienVault was an all-in-one appliance, though it comes in a virtual machine that you can run as well. We chose the USM because of our virtualization resources were getting pretty tight at the time we chose AlienVault, and we prefer hardware appliances.
Christopher Taylor profile photo
We have also used ELK (Elastic Logstash Kibana) with some benefits, but Splunk is way better than ELK.We also use AWS CloudWatch for Lambdas that are written in AWS. However CloudWatch is not a replacement for Splunk.
No photo available

Scalability

AlienVault USM6.3
Based on 3 answers
No answer on this topic is available.
Splunk Enterprise9.1
Based on 1 answer
Splunk can scale in to the petabyte per day range which of course is awesome
Rick Yetter profile photo

Return on Investment

No answers on this topic
  • Increased efficiency in the NOC.
  • Reduction on app/dev lifecycles
  • Reduction on MTTR on most outage scenarios
Rick Yetter profile photo

Screenshots

Splunk Enterprise

Pricing Details

AlienVault USM

General
Free Trial
Yes
Free/Freemium Version
Yes
Premium Consulting/Integration Services
Yes
Entry-level set up fee?
Optional
Additional Pricing Details

AlienVault USM More Information

Splunk Enterprise

General
Free Trial
Yes
Free/Freemium Version
Yes
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

Splunk Enterprise More Information