AlienVault USM<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>Score 7.9 out of 101
Based on 329 reviews and ratings
Likelihood to Recommend
AlienVault is well suited for businesses that lack someone who specializes in information security. As new threats emerge daily, as long as updates are taking place and the system is set up correctly, you'll be notified of suspicious activity. I find the Reputation report to be invaluable, as it shows what machines within the organization are talking to known bad IP addresses (based on the OTX reputation...make sure you opt into OTX).
Splunk light is awesome for anyone wanting to do proactive monitoring. It is also really well suited for insights into data with dashboards. Splunk light might not be a great choice if you do not want to manage the infrastructure on your own.
Feature Rating Comparison
Centralized event and log data collection
Event and log normalization
Custom dashboards and views
Host and network-based intrusion detection
Integration with Identity and Access Management Tools
- AlienVault USM does log aggregation and quick analysis very well. There is an analysis screen which provides the ability to group events by signature for quick "big head and long tail" analysis. Looking at the most common events and the least common events often highlight misconfigurations, device errors, and security concerns. The analysis screen also provides the ability to filter events by signature, then select fields of interest within those events. Once this is done, it's just a few clicks to create a custom view and report module so that an analyst can quickly find and report on key pieces of information in the future.
- AlienVault USM provides powerful out of the box correlation rules which generate alarms on security concerns, misconfigurations, and vulnerabilities. Analysts can add their own rules to alert on just about anything in the environment, such as a specific user logging into a specific machine, a machine going offline, or configuration change to a critical device.
- Another thing AlienVault does well is providing administrative access to the underlying Linux system giving the analyst the ability to quickly troubleshoot issues within the SIEM implementation itself. Access to the underlying OS also provides the ability to make changes to configurations of the underlying well-known security tools to weed out noise events before they can start to consume higher level compute resources.
- Real-time + Scheduled alerts - i-e you can set up alerts which are actively monitoring your logs
- Pretty good response time for search results. With our key/value logging, Splunk makes it blazing fast to query the data.
- Dashboards provide insights into historical data
- Love how Splunk indexes all of the data and provides keys to search on
- The documentation can be spotty at times. Finding what you need to understand how to take full advantage of the appliance can be a bit difficult at times.
- The vulnerability scanning within the USM is a nice feature that doesn't execute well. Getting the scans to complete in a timely manner- or at all sometimes- can be a pain. There are other scanners out there that do a much better job of finding the holes than this.
- Splunk light limits number of users to 5. Wish there was a flexible license, where one could add more users.
- Splunk light does not let you add > few realtime alerts. Wish there was a flexible license, where one could add as many realtime alerts as wanted.
- Better insight into daily ingestion values
Likelihood to Renew
Based on 13 answers
The centralized logging and retention for PCI compliance was our main driver, and it is meeting that need. Otherwise there has been enough frustration with the lack of documentation and the need to customize through the CLI that I would be open to alternatives.
Based on 33 answers
The system is great in turns of functionality but in terms of being user friendly and usability for the average person it is very hard to understand and wil take a lot of training.
Based on 24 answers
Only had to use this once, and they had us back on track in an hour or so. They followed up the day after to make sure all was still working, great team.
I evaluated AlienVault against Secure Works, Snort, Palo Alto, IBM's Informix Dynamic Server, and HPE's ArcSight. I based my evaluation on several criteria and after talking with several people at AlienVault (including management) I decided it would be a good fit as the product was evolving with a solid roadmap. In the last year, there have been no updates of substance (despite being on the roadmap) and the product does not meet expectations.
Return on Investment
Premium Consulting/Integration Services
Entry-level set up fee?
Additional Pricing Details—
AlienVault USM More Information
Premium Consulting/Integration Services—
Entry-level set up fee?