Skip to main content
TrustRadius
AlienVault USM

AlienVault USM

Overview

What is AlienVault USM?

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…

Read more
Recent Reviews

TrustRadius Insights

Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network …
Continue reading

MSSP Review

8 out of 10
October 04, 2021
AlienVault offers a different experience as opposed to other SIEM tools where it can be set up and configured properly in a shorter amount …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 7 features
  • Centralized event and log data collection (8)
    8.5
    85%
  • Correlation (8)
    8.5
    85%
  • Event and log normalization/management (8)
    8.0
    80%
  • Custom dashboards and workspaces (8)
    7.0
    70%

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing

Essentials

$1,075

Cloud
per month

Standard

$1,695

Cloud
per month

Premium

$2,595

Cloud
per month

Entry-level set up fee?

  • Setup fee optional
For the latest information on pricing, visithttps://www.alienvault.com/products/pri…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services
Return to navigation

Features

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

8
Avg 7.8
Return to navigation

Product Details

What is AlienVault USM?

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.

Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.

Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.

Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.

AlienVault USM Features

Security Information and Event Management (SIEM) Features

  • Supported: Centralized event and log data collection
  • Supported: Correlation
  • Supported: Event and log normalization/management
  • Supported: Deployment flexibility
  • Supported: Integration with Identity and Access Management Tools
  • Supported: Custom dashboards and workspaces
  • Supported: Host and network-based intrusion detection

Additional Features

  • Supported: AlienVault Open Threat Exchange

AlienVault USM Screenshots

Screenshot of USM Anywhere NIDS Dashboard

AlienVault USM Videos

AlienVault USM Competitors

AlienVault USM Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo
Supported CountriesGlobal

Frequently Asked Questions

Splunk Cloud and Fortinet on IBM Cloud are common alternatives for AlienVault USM.

Reviewers rate Deployment flexibility highest, with a score of 8.6.

The most common users of AlienVault USM are from Mid-sized Companies (51-1,000 employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(736)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.

AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.

AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.

The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.

Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.

Based on user recommendations, AlienVault USM receives the following common recommendations:

  1. AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.

  2. Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.

  3. To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.

Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.

Attribute Ratings

Reviews

(1-25 of 390)
Companies can't remove reviews or game the system. Here's why
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Our organization uses AlienVault USM to enhance the security posture and streamline our clients' threat detection and response. The product helps us address critical business problems, such as identifying and mitigating security threats, monitoring network activity, and ensuring compliance with regulations. Our use case involves deploying USM across our network to monitor logs, detect anomalies, and respond to incidents effectively.
  • Asset discovery.
  • Real-time threat detection.
  • Centralized log management.
  • Provides actionable insights into emerging threats.
  • Intrusion detection.
  • Enhancing user interface intuitiveness.
  • Granular customization options for alerts and reporting.
  • Integration with third-party tools and expanding support for emerging threat intelligence sources would be beneficial since the alien app only supports a few.
AlienVault USM is well-suited for organizations needing a centralized solution for threat detection, log management, and compliance. It's less appropriate for large enterprises requiring highly customized or specialized security solutions.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
As an IT researcher at a university, we use AlienVault USM for centralized security monitoring, threat detection, incident response, compliance reporting, and vulnerability assessment to enhance our security posture. The scope includes network infrastructure, servers, and critical systems.
  • Unified Security Monitoring and Threat Detection.
  • Integrated Incident Response.
  • Compliance Management and Reporting.
  • User Interface and Ease of Use.
  • Customization and Flexibility.
  • Enhanced Automation and Orchestration.
AlienVault USM is well-suited for scenarios such as small to medium-sized businesses (SMBs) with limited resources, compliance-driven environments, and organizations with dedicated Security Operations Centers (SOCs). It simplifies security operations for SMBs, aids in compliance monitoring and reporting, and streamlines activities for security teams in SOCs.However, there are scenarios where AlienVault USM may be less appropriate. These include large enterprises with complex environments that require more specialized and scalable solutions, organizations with extensive existing security infrastructure, and highly customized environments where out-of-the-box capabilities may not align perfectly with unique requirements.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
USM is our primary SIEM solution. The solution is not a standard SIEM but rather a SOAR, where one can add orchestration rules as well as run investigations. All of our network devices, servers, IPS IDS FW and more then all send the logs to this solution. Then the SIEM creates events which derive alerts and alarms.
  • Investigations
  • Event collection and alerting
  • correlation rules
  • N/A
  • CBT training
  • training
Investigations, The investigation process is very well planned where, all items can be linked and any asset, time line, or threat can be linked to a single investigation. This assists in solving the purpose of the investigation and getting to the bottom of the cause of the threat. Either an action plan is derived or the investigation can be closed with comments for future.
Score 9 out of 10
Vetted Review
Verified User
It's a very effective security level for industries. We had a security breach sometime back and we opted for AlienVault. It looks like high technology since the multi level security is added. It maintains our logs which helps me as a developer to debug if anything required. Since we use connection in VPN it tracks all the websites we have accessed and blocks it if unnecessary.
  • Security
  • User operations tracking
  • Notifications pop up is annoying
  • Little more improvement in UI side
It's well suited because I can work from home with thinking of my data getting beached. The multi level security will allow only a particular sites allowed by IT and thus no afraid of machine being misused when used privately to watch movies. Log maintaing is effective as a developer.
October 04, 2021

MSSP Review

Score 8 out of 10
Vetted Review
Verified User
AlienVault offers a different experience as opposed to other SIEM tools where it can be set up and configured properly in a shorter amount of time. The built-in correlation rules are of great quality with little-to-no setup required to switch on. Asset management and scanning is a great feature to keep on top of the list of assets to monitor, as well as dynamic and static asset lists. OTX is one of the best features to implement directly into USM Anywhere, with up-to-date threat intelligence as well as pulses to subscribe to.
  • Threat intelligence look-ups
  • Asset management
  • Vulnerability scanning
  • Better UI/workflow for alarms
  • Better alarm management (add notes/set status)
AlienVault is a great all-in-one SIEM appliance to apply to both small and large-scale environments. Asset management and vulnerability scanning as built-in features are useful tools to keep on top of asset management. OTX threat intelligence is a highly valuable feature to correlate with threat alarms, providing up-to-date threat intel.
Score 7 out of 10
Vetted Review
Verified User
Incentivized
Implemented in a SaaS company with resources in colocation and AWS. All server assets are covered however workstations are not. We like that it provides the opportunity of granular logging on all systems and networks.
  • UX/UI responsive and easy to navigate.
  • Covers wide variety of systems and devices.
  • Ease of getting sensors up and running.
  • More simplified dashboards would help not overwhelm new users.
  • Use more industry-standard terms for items.
  • Tech support that actually reads your questions prior to replying with canned responses.
  • Update their KBs to reflect real-world scenarios. We've ran across several places where NxLog's settings in the KB were incorrect and support had no idea, kept telling us that we were wrong despite demonstrating to them the correct settings.
AlienVault is well-suited for the customer that needs compliance reports for PCI/HIPAA/etc. The price will hinder some customers from being able to afford it. This tool does the same thing that dozens of others do, so concentrating more on security scanning, vulnerability, and threats would prevent it from too much overlapping of features. Every vendor who tries to do a "single pane of glass" and be a "single source" always does this poorly.
Thomas Young | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
AlienVault is used across the organization, although only select individuals actually know that it is running. The software addresses the protection of mission-critical information and databases. The software is not useful for any other purposes outside of security of the networks.
  • AlienVault makes following real-time threats very simple with its graphics interface.
  • AlienVault is also easy to work with, and customer support is great.
  • AlienVault works mainly automatically, which makes using it easy. If it required too much effort, the software tool would be replaced.
  • The logs of AlientVault are harder to read through than other logs.
  • Support is good, but not great.
  • Resources for using the product could be made easier to search and understand.
AlienVault is well-suited for organizations concerned about protecting their information technology networks. If you have large volumes of sensitive data, it needs to be protected. AlienVault is a helpful solution in that it provides lots of information about the security of the network, in addition to intruder detection. The software is not well-suited for individuals or corporations that don't understand network security or have little sensitive information worth protecting.
Score 7 out of 10
Vetted Review
ResellerIncentivized
It is being used department-wide. We offer professional services and deploy it for customers and ensure that the SIEM is configured properly. Our current customers are extremely satisfied with the product; the only drawback is that the absence of a skilled technician experienced in AlienVault USM can have trouble configuring and troubleshooting any problems.
  • OTX
  • HIDS
  • Asset discovery
  • Literal terminology used
  • UI
  • Troubleshooting
It is well suited for companies having the resources to deploy on-premises SIEMs and the technically skilled staff to manage it. It's ideal for big companies which require an SOC. It is not suitable for companies with fewer resources, a lack of skilled staff to manage the SIEM, and less financing in security budgets.
Score 4 out of 10
Vetted Review
Verified User
Incentivized
AlienVault was purchased to provide the security department with a security operations center overview of the infrastructure of our environment. It is currently only being used as a SIEM for the Security Department for client compliance. This is due to the the lack of resources to manage the day to day management of the tool.
  • Log collection
  • Users cannot share views across an organization.
  • Views and reports could be more interchangeable.
  • Descriptions of events are based upon each individual asset reporting and not a general grouping of events according to any framework or standards. This makes it difficult for the administrator/user as they would need to know each and every asset and their respective event descriptions.
At this point I'm saying a 4. While the marketing material make it appear to be easy to use and it was relatively easy to set up, as previously mentioned, each event description is based upon the individual asset making it nearly impossible for the administrator to be a SME for each asset. For example, if one of the assets reporting is a router, the administrator monitoring alerts would need to know what the various events are that can be triggered as an event for the particular router; however, if the asset is a workstation, the administrator would need to know the various events that are triggered for workstations.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We are a reseller of Alienvault USM and provide managed SOC services. We recently deployed for a telecom operator to monitor business-critical services including Windows and Linux. It's not for all departments, mainly for agents deployed on critical servers only to monitor the activities and discover anamolies.
  • Deployment is straight forward
  • AlienVault USM forensic and response app is great. You can create rules to shut down, disable networking, etc. automatically if Windows becomes infected.
  • AlienVault allows seamless integration with third-party products like Cisco, Office365 etc.
  • A lot of false-positive alarms
Overall AlienVault USM is a great product.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
AlienVault is one of many security solutions that we utilize in our network. We use it to monitor unusual traffic and behavior to and from our domain controllers, which we combine with endpoint security and network security to have a granular view of activity throughout our network.
  • Extremely customizable and versatile product.
  • Useful dashboard and UI is easy to navigate.
  • Log plugins parse logs from a variety of sources into a readable format
  • AlienApps provide out-of-the-box integration with other solutions.
  • The product requires a considerable amount of time to set up.
  • Setting up log filters in order to prevent USM from quickly running out of space is very time-consuming.
  • The product will stop working if the logs run out of space. There is no way to set retention rules to automatically clean up old logs.
AlienVault is an impressive solution for any organization dedicated to the proactive security of their environment. However, not every organization will be able to spare the time required to properly set up and administer it.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
AlienVault USM is being used by my entire organization for log aggregation and analysis in support of PCI compliance activities. It allows us to quickly identify security threats for 100+ remote and on-prem users, providing a 'single pane of glass' to view identity, networking, and workstation issues across the enterprise.
  • Identifies possible spurious identify (Windows AD) changes and manipulation.
  • Identifies installation of possible malware.
  • Analyzed all activities and filters for only those with a potential negative security impact.
  • Closing an Investigation does not close the attached alarms.
  • Vulnerability Scanning interfaces/process is complicated to use.
  • Vulnerability Scanning allows far too many assets to be specified at once, resulting in timeouts and ambiguous results.
AlienVault USM works well for a cloud/remote/on-prem environment where AV is also centralized (to allow for cross-checking findings). It would be perhaps less well suited to a cloud-only environment with remote users.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
It is used throughout our organization. It is one part of our security portfolio. It provides insight into network and server events and alarms for potentially dangerous behavior. It provides a central place to manage and correlate logs from our servers, network equipment, firewall, antivirus, and I'm currently rolling it out to the end-user computers.
  • Security event correlation.
  • Security event alarms
  • Security event investigations
  • Potential vulnerability identification
In the case of a small office network, it might not be a good fit. In that case, I would recommend finding an MSP that uses it. Along with a good antivirus and firewall, I believe that this tool proves to be an excellent piece of any multi-tiered security system.
Score 7 out of 10
Vetted Review
Verified User
Incentivized
It is our SIEM for the entire firm. It collects logs from various data sources across our network and normalizes the data to make actionable alerts. AlienVault makes it easy to consolidate all information from virtually any data source and make it searchable. It can also recognize anomalous activity and alert on it.
  • Consolidation of logs from various sources.
  • Alerting on particular activities.
  • Alerting on anomalous activities.
  • Time consuming implementation that requires professional services.
  • Pricing model based on the amount of data can be expensive.
  • Training for the product is available, but at additional expense.
For an organization that has a dedicated security team, it is a powerful tool in your security arsenal. For others, it's going to be something that requires a lot of time to implement and maintain that may not be your primary focus. While you can feel confident that all the information is there and searchable, you may not feel as confident that you are getting alerts on everything you want to be alerted about if you don't stay on top of maintaining the system.
Score 9 out of 10
Vetted Review
ResellerIncentivized
We use Alienvault USM internally in our Security Operations Centre as part of our detection and response capabilities. We use it to monitor our on-premise networks and devices, our cloud servers as well as our cloud SaaS services. It allows us good visibility into our entire infrastructure and the events and alarms that we would otherwise miss.
We also implement and manage AlienVault USM deployments for clients as our recommended SIEM solution.
  • Ease of deployment and quick to get operating.
  • Wide range of plugins and log receivers to ingest logs from many sources.
  • Simple interface and dashboard makes daily operation quick and easy.
  • Custom notification templates can be limited - it is not easy to get custom email alert content for example.
  • Some network configuration on premise is needed to take full advantage of NIDS (port/traffic mirroring for example).
  • Vulnerability scanning and reporting can be a bit sparse if you are used to the likes of Nessus.
AlienVault is well suited to companies that use either Azure/Office 365 or GSuite due to the built-in integrations that come with the product. Less complicated networks are easier to fully monitor all traffic on, thus taking advantage of richer correlations of events.

While it works with fully on-premise deployments (Exchange, file server etc), additional configuration for log correlations and alerting will likely be needed. Also for complex networks, getting the required port mirroring to ingest all network traffic can be difficult.
Score 7 out of 10
Vetted Review
Verified User
Incentivized
USM is used across the whole organization and helped us complete and maintain security requirements for an SoC 2 Type 2 compliance. We used USM for Cloud and on-premise for multiple isolated environments. The tool works well but does require much fine-tuning and can be complex without proper training and or guidance.
  • Stability
  • Content filtering
  • Documentation
  • Self service onboarding
  • In-app recommendations for common configurations.
  • Improved error resolution.
USM is well suited for AWS but isn't well suited for on-premise environments to fulfill the role of a NIDS without a potentially uncommon network port mirroring if there are 6+ subnets to monitor. USM will require, as could be expected, security auditing and certain configurations before being useful. USM is best used in well-organized environments and it may not be the best tool if you're looking to get environment security information on an unorganized environment.
Score 7 out of 10
Vetted Review
Verified User
Incentivized
We use AlienVault to monitor our servers for malware or attacks against our network. It's a little difficult to set up initially but once you get it dialed in, it's great! It helps us monitor all of our systems and ensure that we are protected.
  • Easy to understand what is going on with the server.
  • Works on firewalls.
  • Alerts are easy to set up.
  • Support isn't always the best.
  • Hard to initially set up.
I think this works best in an enterprise environments where there are too many servers and objects that need to be monitored and a free product wouldn't work. AlienVault does a good job of allowing you to get down into all the alerts that the machines give off, and also gives suggestions of how to resolve the issues. Sometimes the suggestions aren't great or don't work, but nothing a little googling can't fix.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Alienvault USM Anywhere touches all endpoints and networks of our organization. Is solves some big problems like:
1) Logging aggregation and actionable insights using log correlation.
2) Threat hunting & intel.
3) Vulnerability management and validation of our separate patch automation software.
4) Security orchestration.
5) Asset discovery and inventory management.
  • Log Correlation: The engineers at Alienvault/AT&T Cybersecurity have included a great integrated rule set (which continues to grow) to save analysts time on combing through logs and instead executing threat hunts, investigations, and remedial activities.
  • Single pane-of-glass for all security activities from the convenience and efficiency of a SaaS web console, being that USM has deep integrations with over a dozen major software platforms (Office 365, GSuite, ZScaler, Box, etc.) and what they call plugins which interpret log and SIEM data from hundreds of vendors and platforms like Meraki, CrowdStrike, Aruba switches and AP's, etc.
  • Great value! You can pay the same or more for other big name SIEM vendors that offer less features than this platform. Plus, even if you begin ingesting too much log data, you can filter specifics types of logs (for example, ones that have no impact to security) to bring data ingestion in line with your subscription level. The onboarding team did a great job in right-sizing our subscription plan, so this hasn't been a problem.
  • Vulnerability scanning is currently done by authentication into the host over the network, even when the AlienVault USM agent is installed on an endpoint. It would be nice to have near-real-time vulnerability information provided via the agents. This would also delete the need for specially-configured remote-access admin service accounts on endpoints, which is just another account that has to be administered, namely password management and auditing for potential abuse and compromise.
  • Endpoint agent support for ARM architecture is just starting to get going -- wide availability across Linux and MS Windows/Server platforms won't be available until possibly circa mid-2021. Fortunately, at least general asset scan info, authenticated vulnerability scans, etc. still provide a good deal of security inspection into these devices.
  • Making some UI settings persist across logins on the web console is still lacking. Would also be nice to change a "detailed view" to icons/thumbnails/tiles. UI is very efficient in some aspects but frustrating in others.
AlienVault USM Anywhere is well suited for medium-small (~150 employees) organizations up to the largest enterprises, regardless of almost any industry or industries. It is especially well-suited for any organization that has their own internal SOC. It is not well suited for organizations that have very few Windows endpoints, e.g. developer doing graphics and general-purpose business ops mostly on Mac and programming and mostly in Linux.

A MSP and especially MSSP would do well with this while organizations that pay for MSSP services might not need AlienVault USM.
Score 9 out of 10
Vetted Review
ResellerIncentivized
We use AlienVault USM to monitor our network flow and alert us if any of our alarms are triggered. We integrate our Cisco Umbrella and Meraki solutions so that it saves time, having a single dashboard without having to check each instance. We also like the ability to create custom alarms and us the threat exchange to be notified of any day zero vulnerabilities on the software we run in the office.
  • Easy intergration using APIs
  • Bespoke alarm configuration
  • OTX database
  • Needs to be fine tuned to get any valuable insight
  • Requires alot of resourses when running in VMs
  • Cost makes it hard to sell to smaller buisnesses
It has an intuitive and good user interface making it easy to train engineers. It provides the ultimate visibility and insight into any IT infrastructure.

The system may slow down considerably when a large number of events/logs are fed in the dashboard, so ensure there is enough storage each month.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
It is being used for our entire org as a SIEM and vulnerability management tool. Stretched over 14 locations in the North Americas, we utilize this tool to be our first login in the morning. All of our logs from our on-premise and cloud services flow into this.
  • Vulnerability visibility and remediation
  • Log management and compilation
  • The vulnerability scanner could use some tweaking as I feel it isn't always working
  • The integrations could use some more testing
The only thing I will dock AlienVault for is the lack of support without paying an additional bit of $$.. That seems to be my biggest complaint. When you invest 30K, adding another couple thousand for support is quite silly.
Score 10 out of 10
Vetted Review
ResellerIncentivized
In my current position, I offer AlienVault USM Anywhere to businesses as a managed security service provider. The problem/solution use case is for multiple unrelated point solutions without centralized orchestration or a managed SIEM system in place.
  • The system is intuitive and easy to navigate.
  • Integration with key services like AWS and other cloud applications is crucial.
  • Links to MITRE, root cause, and remediation recommendations is also a very nice feature.
  • Difficult to configure for initial set up.
  • Key features like alarms for brute force attacks or malware should be automatic instead of needing to be created and configured.
  • Remediation should be taken one step further past recommendations to actual solutions able to be purchased or assisted by AlienVault.
Seems to be well suited for larger networks with multiple assets and no orchestration in place. The small business is not what I see as an ideal candidate due to the complexity involved to deploy and configure without dedicated IT staff.
Steinerroggers Ufomaduh | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Incentivized
AlienVault USM is used in our vulnerability management program and endpoint protection program. It addresses the problem of inconsistent patching cadence across organizational units. It is used to perform regular vulnerability scans on our infrastructure and to deliver status reports on progress in program and policy implementation. Some logs are sent to it from servers to help with the SIEM correlation work which is largely outsourced.
  • Endpoint detection notification with detailed logs
  • Vulnerability detection
  • Investigation tracking
  • Endpoint protection agent rollout
  • Vulnerability management historical tracking
  • Endpoint tracking across DHCP infrastructure
The AlienVault USM is suited for networks with minimal IP changes (non-DHCP infrastructure just like most SIEM tools). It struggles with detecting endpoints over VPN tunnels. It identifies the SIP protocol on these interfaces and creates some spurious assets for the entire range. This makes a lot of work for cleanup.
It is very efficient as a supporting tool if SOC work is outsourced or the monitoring requirements are not very intense.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
AlienVault USM is being used in our area as a monitoring tool. The main problems are due to the OSSEC agents used.
  • Customizable
  • Easy installation
  • Scalable
  • NXLog agent compatibility with the Spanish language.
  • OSSEC Agent Compatibility
AlienVault USM is suitable for relatively small volumes of data because when more information is available it is usually slow and queries take time.
Angel Meza | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Incentivized
We use AlienVault in our organization to monitor the environment of our clients, all the way from reviewing suspicious activity to performing server health-checks and behavior.
  • Great documentation.
  • Overall good support.
  • Nice UI.
  • UI can be wonky at times.
  • Log search from the SIEM UI is quite troublesome as every filter applied performs the search again.
  • Some features can stop working seemingly out of nowhere, requiring contacting support.
AlienVault is great for setting up a SIEM solution with little setup required, with a not-so-difficult-to-use interface. Most stuff is easy to find with their screens available through menus/sub-menus with accurate titles without being overly compact.
Arther Magaya | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
ResellerIncentivized
It addresses compliance and vulnerability assessments, which are critical in having a holistic view of mission-critical assets. USM also gives the ability to detect network threats before they are exploited by criminals, as well as forensic evidence of what happened when and how it happened. With the help of AlienApps, there is vast integration with existing security solutions.
  • Authenticated vulnerability assessment
  • Authenticated asset discovery
  • Incident response
  • Log correlation
  • Ability to do an external vulnerability assessment.
  • User training awareness through the console for administrators to educate users.
  • Allow more remediation options for administrators to endusers.
Managing large networks with multiple vendors on different layers of security. USM integrated well with multiple vendors through plugins and Alien apps like CISCO, Sophos, Kaspersky, and Trend Micro. It has customizable correlation rules, as well as filters that enable administrators to search for required logs and asset events.
Return to navigation