TrustRadius
https://dudodiprj2sv7.cloudfront.net/product-logos/LF/Ap/TPOL9A2198T5.JPEGAlienVault USM: better than expected and a convenient way to maintain security complianceWe use AlienVault USM to monitor and secure our AWS, Azure, and Office 365 environments. The primary use of the product is to maintain PCI compliance. The various PCI reports save a significant amount of time each year during our security audits. We use it to collect logs from Windows, Linux, and cloud environments into one convenient location.,The integrations are very end-user friendly. The user interface is fairly intuitive. The PCI reports are extremely time-saving. The cross-platform compatibility makes hybrid environment management much easier.,The "Agent" has caused many problems in our environment. The AlienVault server seems to get overwhelmed quickly and could use an option for greater scaling for larger installations. The documentation is often lacking on details. The documentation often covers what specific steps to take but does not cover why or how certain items work. The user interface is missing many features for bulk/large-scale operations. Such as the ability to close more than one page of alarms at once. The "report false positive" does not provide a way to easily remove items so they still show up in audits. There is no way to reconfigure many checks to avoid false positives. The system lacks transparency for many security or infrastructure operations.,7,,The ability to integrate logging from AWS, Azure, Office 365 and more has been extremely helpful. It allows me to see active security issues in multiple environments and tell if there is a correlation between any events. AlienVault is crucial in actively alerting me to issues regarding possible security breaches. The software can, in some cases, over-report. However, that is more a symptom of configuration than an issue with the product.,By integrating logs from multiple environments, automatically generating reports, and automatically generating alerts the software has saved me considerable time in detecting threats. In many cases, it lacks the ability to customize detection or integrations but thankfully for standard "threat detection" the software seems to work better than expected.Alien Vault USM goods and not so goodsWe are 200 employees strong and have presence in 5 states. We utilize AlienVault (AV) across our entire MPLS network. It addresses the issue of visibility of our servers and workstations to analyze potential threats and less common issues with auditing we wouldn’t otherwise catch but can cause major issues if not resolved.,AV is very customizable. We can set up many built in rules and alerts which saves time but can also be extremely granular to properly scan our unique network. Great technical support. When I need assistance setting up a new sensor or target scan, AV engineers are there to assist and get me on track.,Although the interface shows a lot of development and thought put into it, there are some buggy issues at times with simple form submission and web navigation. Initially setting up Alien Vault in our environment was challenging and there was a lack of support around the “hardware level” meaning our VMWare environment.,7,SolarWinds Kiwi Syslog Server,Other security measures like antivirus only find malicious threats after they have infected one or multiple computers. AlienVault's real time scanning can detect these threats are they are attempting to propagate through my network.,The tool does provide a much needed layer of security we didn’t previously have but I would say still is missing the mark on reducing the amours to of work needed to operate the tool and get the most out of it. I would have to hire a full time resource or outsource the job to a 3rd party to really get the full benefit of my subscription.AlienVault OSSIM SaaS ReviewThis is currently being used across our corporate environment to help monitor our firewalls that process all associate traffic, active directory, O365, etc. This product has helped us to gain more visibility into the traffic that is being sent across our network and help identify threats quicker. Currently, the Security department is in charge of all that is AlienVault, and have given read access to a few neighborliness departments.,Ability to tune alarms and events to your liking. Very easy to get rid of false positives that are known in your environment, and create actionable alerts for legitimate alerts. The simplicity of the dashboard. Everything within Alienvault is easy to navigate and configure. From sorting logs to creating new users, the layout is natural and easy to figure out. The Architecture of the SaaS deployment went smoothly and is very simple and expandable. Very little to worry about on our side with great results.,Support response time and incident handling have some room to improve. We had major issues with a sensor, and it took several days to get a response. Once we got a response the issue was corrected, it just took a while to get our engineer on the phone. Small bugs in the way that the syslog packets are read and normalized. Reading the time in the packet wrong has been the biggest issue we have found so far that is without a solution. Complicated Architecture to fully use the product. Requiring port mirroring to use the IDS portion of Alienvault is quite challenging when dealing with a large network size and diverse locations such as ours.,8,Exabeam Security Intelligence Platform,The OTX platform has proven to be instrumental in identifying threats in our environment quickly and accurately. The ability to correlate login events to known malicious hosts, and generate actionable alerts has been the most utilized feature and generated the most actionable alerts. We did not get far enough into testing Exabeam to determine how their product handled these types of identifications, but I am quite impressed with Alienvault's solution.,After the initial tuning of the platform, this has most definitely saved us time in identifying incidents and allowed us to have most of our logs in one place. The ability to tie all of our logs together and use AlienVault to correlate these together and identify threats within our environment has been greatly appreciated.Things to think aboutIt is being used by the IT department for internal vulnerability scans and log collection. It also plays a role in providing information to our internal and external auditors.,It is good at doing internal scans of end-user devices to find vulnerabilities without the need of installing an agent or client on each device. It is good at being a log server. A place to send logs for all of your networking devices, such as switches, firewalls, and other solutions that accept log servers.,Its ability to collect logs from Barracuda solutions needs heavy improvement. How it collects and organizes the data isn't very useful. The end device client, which is optional, and can be installed on any device you want to collect more data from, has compatibility issues with quite a few products we use, and anti-virus software in-particular doesn't like it. We have also had some performance issues with devices the client is installed on. The way collected data from all devices and locations is presented to the user in the web portal is not as user-friendly or as clean as it could be. It tends to show too much useless data and too many categories, making it easy to miss the important parts.,6,PRTG Network Monitor, Lansweeper and Netwrix Auditor,AlienVault is a good product for detecting vulnerabilities, but does not replace our other solutions. For instance, our firewall solutions do a much better job at logging and providing real-time alerts of issue and attacks. Our SAL monitoring solutions provide uptime and performance that is outside the scope of features for AlienVault.,AlienVault does help reduce the amount of time in searching logs or gathering data for reports. If you take the time, up front, to correctly set up email alerts, it will provide your organization a good method of responding quickly to security threats.No matter how vast your environment is, AlienVault USM can make you feel like home in.I love that it integrates with everything and at different levels. I wish ISO27k was implemented as PCI-DSS for the "Compliance-scoped assets", but so far I love the product. It's the best of both worlds - having opensource stuff as well as support.,AWS integration. Google integration. Asset grouping. Incident-automation with ServiceNow.,Knowing software versions and asset information, we should be able to know the vulnerabilities as they come out without having to rescan the inventory. A rescan could be done to validate the info is still true (about versions and stuff), but instead of va-scan being the vulnerability "informer", you could check when a new vulnerability comes out - if we had this software/service configured somewhere. Malware protection? I'm honestly not sure as there's not a lot that AlienVault doesn't do :),9,,It's easy to deploy. The dashboards accurately represent the risk and attack vector.,Right now, we are still implementing it but I can see it'll reduce my amount of work very soon! We detected a few weird security events already with it and we're not that far into deployment.
Unspecified
AlienVault USM
354 Ratings
Score 8.0 out of 101
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>TRScore

AlienVault USM Reviews

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
AlienVault USM
354 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.0 out of 101
TrustRadius Top Rated for 2019
Show Filters 
Hide Filters 
Filter 354 vetted AlienVault USM reviews and ratings
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role

Reviews (1-25 of 210)

  Vendors can't alter or remove reviews. Here's why.
Alex Kranz profile photo
April 04, 2019

Review: "AlienVault USM: better than expected and a convenient way to maintain security compliance"

Score 7 out of 10
Vetted Review
Verified User
Review Source
We use AlienVault USM to monitor and secure our AWS, Azure, and Office 365 environments. The primary use of the product is to maintain PCI compliance. The various PCI reports save a significant amount of time each year during our security audits. We use it to collect logs from Windows, Linux, and cloud environments into one convenient location.
  • The integrations are very end-user friendly.
  • The user interface is fairly intuitive.
  • The PCI reports are extremely time-saving.
  • The cross-platform compatibility makes hybrid environment management much easier.
  • The "Agent" has caused many problems in our environment.
  • The AlienVault server seems to get overwhelmed quickly and could use an option for greater scaling for larger installations.
  • The documentation is often lacking on details. The documentation often covers what specific steps to take but does not cover why or how certain items work.
  • The user interface is missing many features for bulk/large-scale operations. Such as the ability to close more than one page of alarms at once.
  • The "report false positive" does not provide a way to easily remove items so they still show up in audits.
  • There is no way to reconfigure many checks to avoid false positives.
  • The system lacks transparency for many security or infrastructure operations.
AlienVault is well suited for monitoring environments especially standard Linux environments and is great at generating non-technical reports. The standard user interface allows non-technical individuals to navigate the system and generates clean looking easy to understand reports. The system is not as well suited for Windows environments or any non-standard configurations such as integrating custom software/scripts is very challenging. File integrity monitoring on Windows has been very frustrating.
The ability to integrate logging from AWS, Azure, Office 365 and more has been extremely helpful. It allows me to see active security issues in multiple environments and tell if there is a correlation between any events. AlienVault is crucial in actively alerting me to issues regarding possible security breaches. The software can, in some cases, over-report. However, that is more a symptom of configuration than an issue with the product.
Read Alex Kranz's full review
David Green profile photo
April 12, 2019

AlienVault USM Review: "Alien Vault USM goods and not so goods"

Score 7 out of 10
Vetted Review
Reseller
Review Source
We are 200 employees strong and have presence in 5 states. We utilize AlienVault (AV) across our entire MPLS network. It addresses the issue of visibility of our servers and workstations to analyze potential threats and less common issues with auditing we wouldn’t otherwise catch but can cause major issues if not resolved.
  • AV is very customizable. We can set up many built in rules and alerts which saves time but can also be extremely granular to properly scan our unique network.
  • Great technical support. When I need assistance setting up a new sensor or target scan, AV engineers are there to assist and get me on track.
  • Although the interface shows a lot of development and thought put into it, there are some buggy issues at times with simple form submission and web navigation.
  • Initially setting up Alien Vault in our environment was challenging and there was a lack of support around the “hardware level” meaning our VMWare environment.
AT&T sold us AlienVault as a replacement for penetration testing but before investing do your research. AV is a great tool but ultimately is just. SEIM. It’s the best SIEM on the market but it does have limitations. AT&T needs to be aware of this and how they sell this.
Other security measures like antivirus only find malicious threats after they have infected one or multiple computers. AlienVault's real time scanning can detect these threats are they are attempting to propagate through my network.
Read David Green's full review
Tyler Michels profile photo
April 11, 2019

AlienVault USM: "AlienVault OSSIM SaaS Review"

Score 8 out of 10
Vetted Review
Verified User
Review Source
This is currently being used across our corporate environment to help monitor our firewalls that process all associate traffic, active directory, O365, etc. This product has helped us to gain more visibility into the traffic that is being sent across our network and help identify threats quicker. Currently, the Security department is in charge of all that is AlienVault, and have given read access to a few neighborliness departments.
  • Ability to tune alarms and events to your liking. Very easy to get rid of false positives that are known in your environment, and create actionable alerts for legitimate alerts.
  • The simplicity of the dashboard. Everything within Alienvault is easy to navigate and configure. From sorting logs to creating new users, the layout is natural and easy to figure out.
  • The Architecture of the SaaS deployment went smoothly and is very simple and expandable. Very little to worry about on our side with great results.
  • Support response time and incident handling have some room to improve. We had major issues with a sensor, and it took several days to get a response. Once we got a response the issue was corrected, it just took a while to get our engineer on the phone.
  • Small bugs in the way that the syslog packets are read and normalized. Reading the time in the packet wrong has been the biggest issue we have found so far that is without a solution.
  • Complicated Architecture to fully use the product. Requiring port mirroring to use the IDS portion of Alienvault is quite challenging when dealing with a large network size and diverse locations such as ours.
Has generated many actionable alerts that we chased down and identified as real threats in our environment. The correlation with OTX has proven to be quite useful and saved a lot of time when trying to determine if a specific host is malicious. The integrations with firewalls could be a bit better so that the IDS component in AlienVault can be fully utilized without using port mirroring.
The OTX platform has proven to be instrumental in identifying threats in our environment quickly and accurately. The ability to correlate login events to known malicious hosts, and generate actionable alerts has been the most utilized feature and generated the most actionable alerts. We did not get far enough into testing Exabeam to determine how their product handled these types of identifications, but I am quite impressed with Alienvault's solution.
Read Tyler Michels's full review
Dustin Hannon profile photo
April 06, 2019

AlienVault USM Review: "Things to think about"

Score 6 out of 10
Vetted Review
Verified User
Review Source
It is being used by the IT department for internal vulnerability scans and log collection. It also plays a role in providing information to our internal and external auditors.
  • It is good at doing internal scans of end-user devices to find vulnerabilities without the need of installing an agent or client on each device.
  • It is good at being a log server. A place to send logs for all of your networking devices, such as switches, firewalls, and other solutions that accept log servers.
  • Its ability to collect logs from Barracuda solutions needs heavy improvement. How it collects and organizes the data isn't very useful.
  • The end device client, which is optional, and can be installed on any device you want to collect more data from, has compatibility issues with quite a few products we use, and anti-virus software in-particular doesn't like it. We have also had some performance issues with devices the client is installed on.
  • The way collected data from all devices and locations is presented to the user in the web portal is not as user-friendly or as clean as it could be. It tends to show too much useless data and too many categories, making it easy to miss the important parts.
AlienVault was not a replacement for any of our current solutions. It was an addition to them, because it collects some data our other solutions do not. We hoped for AlienVault to be able to replace most if not all of our similar solutions and log servers, but it just doesn't get the job done on that front.
Our environment is complex and stretched across many physical offices. This limited how we were able to use AlienVault. We are not currently able to use or enable all of its features. In a simple network infrastructure, AlienVault would do much better.
Note that the cost of the AlienVault product itself will most likely not be your only costs. It will require your network engineer(s) to spend multiple hours configuring or re-configuring your infrastructure to make some of its features work, such as mirror ports and virtual hosts to collect all network traffic from your core.
AlienVault is a good product for detecting vulnerabilities, but does not replace our other solutions.
For instance, our firewall solutions do a much better job at logging and providing real-time alerts of issue and attacks. Our SAL monitoring solutions provide uptime and performance that is outside the scope of features for AlienVault.
Read Dustin Hannon's full review
Jonathan Bourgeois profile photo
March 15, 2019

Review: "No matter how vast your environment is, AlienVault USM can make you feel like home in."

Score 9 out of 10
Vetted Review
Verified User
Review Source
I love that it integrates with everything and at different levels. I wish ISO27k was implemented as PCI-DSS for the "Compliance-scoped assets", but so far I love the product. It's the best of both worlds - having opensource stuff as well as support.
  • AWS integration.
  • Google integration.
  • Asset grouping.
  • Incident-automation with ServiceNow.
  • Knowing software versions and asset information, we should be able to know the vulnerabilities as they come out without having to rescan the inventory. A rescan could be done to validate the info is still true (about versions and stuff), but instead of va-scan being the vulnerability "informer", you could check when a new vulnerability comes out - if we had this software/service configured somewhere.
  • Malware protection? I'm honestly not sure as there's not a lot that AlienVault doesn't do :)
So far I love the tool. It's backed by a huge company, I would recommend it to my friends working in small to medium-sized companies.
It's easy to deploy. The dashboards accurately represent the risk and attack vector.
Read Jonathan Bourgeois's full review
Matthew White profile photo
October 29, 2018

Review: "AlienVault USM Anywhere - Cost effective SIEM-as-a-service"

Score 9 out of 10
Vetted Review
Verified User
Review Source
AlienVault USM Anywhere provides us with SIEM, at a low price point and with a great array of functionality. SIEM is critical to our security operations and feeds incident response efforts. We use it to monitor logs and events from our applications and server platforms, integrating many of our other security products into the flow of data into USM Anywhere, for centralised logging and event management.
  • AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the cloud) is quick and easy.
  • Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response.
  • USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice.
  • With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon CloudWatch Logs.
  • We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.
  • More data tiers - something between 250GB and 500GB tiers, maybe break it down into 100GB tiers?
  • Integration with OpsGenie would be great.
AlienVault USM Anywhere is a great SIEM and if you need to deploy a SaaS solution then it is suited very well. It works very well for us being 100% AWS and integrates well with our toolset and AWS features. The Open Threat Intelligence (OTX) is perfect for providing context on events and feeding our incident response processes.
We have OTX to be a valuable source and the tight integration with USM really helps eliminate false positives. Being able to submit your own information into OTX also adds value and helps put context on threats. We sometimes find IP addresses can be out of date in OTX and linked to old threats, but it's good to see the history of what has occurred on this IP and you can go back and look for historical indicators of compromise in your data.
Read Matthew White's full review
Jesse Bickel, MS - PMP profile photo
February 19, 2019

AlienVault USM Review: "AlienVault. Not just a cool product name, but it keeps you safe too!"

Score 9 out of 10
Vetted Review
Verified User
Review Source
AlienVault was selected and implemented on our network to support our needs for proactive notifications, monitoring and response to threat detections. We wanted the ability to put all of our on-premise and cloud presence on a simple to use, one-stop shop platform for ease of monitoring and response. This system is used throughout our IT department and to support our compliance against HIPAA and overall IT Security.
  • AlienVault USM has very strong documentation. They really do not try to push professional services but really offer you the opportunity to try and buy the product and work through the documentation to implement on your network.
  • AlienVault USM's dashboard is easy to use, highly customizable and quick to report (without issues) any of the parameters you set up. The dashboard is intuitive and responsive!
  • AlienVault is easy to scale and deploy. Its soft license platform allows you to deploy additional agents and secure elements of your network at close to a moments notice!
  • AlienVault's Dashboard is very strong but does take some time getting used to and customizing. The reporting functions and proactive reporting is a great tool but takes plenty of time to learn and get right. It could be difficult but if there was some out of the box wizard engine that could get some reports up and running fast it would be helpful.
  • It would be great to see the USM product compare against other similar environments or industry benchmarks to notify us even if we do not have the threat to our network. It would be a huge value added to understand how, why and where other networks that are part of the USM family are hit.
  • Access to the cold storage of logs for AlienVault is a bit confusing. It would be a huge addition if we could dump all the logs locally and have an easier searching tool for such logs. It seems it is not just AlienVault but most companies now want them to use their storage, not local.
AlienVault is a GREAT solution to deploy quick and in a hurry. They are an industry leading product with a strong support team to assist in execution. AlienVault has huge value in helping you secure your network to support HIPAA compliance or any other type of regulatory audit. If your network is Small to Medium in size, this is an ideal solution. If you were going to have a large enterprise-grade network where you are serving others on a large scale, such as a Campus, etc., you may want to take a look at a Cisco IPS (as an example).
AlienVault USM has been instrumental in detecting real security threats to our environment. The important thing is to ensure you set up the agents properly and categorize the assets properly for it to report and scan on. We have avoided multiple external incidents due to the protection, responsiveness and auto-quarantine mechanisms it has in place.
Read Jesse Bickel, MS - PMP's full review
Jasmine Martinez profile photo
February 09, 2019

AlienVault USM Review: "Down, Dirty, And Honest."

Score 7 out of 10
Vetted Review
Verified User
Review Source
AlienVault is currently being used first and foremost to monitor vulnerabilities and audit assets/events received from within our network.

As the Chief AlienVault engineer within the company the product has had its ups and downs, And requires a good amount of knowledge with regards to Linux, and the many smaller components which make AlienVault what it is (e.g. rabbitmq, MySQL, openvas, ossec, NAGIOS, Ansible, NMAP, etc. etc.). To really get any worth beyond what AlienVault provides "out of the box", And you may find your head against a wall occasionally with support as they may be slightly inexperienced in some regards (but this can be said about any product if you support it long enough).

With that said, It excels in every single possible task you may throw at it as a security appliance, There really isn't much else like this SIEM that gives you a nice top-down view of what's going on within your network. Very good value if you're just using something simple like this for basic necessities such as raw log management, and event escalation.
  • Log management - Out of the box, Alienvault already comes with a ton of plugins for a lot of industry standard names (VMware, Cisco, Brocade, Microsoft... ) with automatic categorization.
  • Vulnerability Scanning - With a consistently updated threat-Intelligence database, this is invaluable to highlight some of the weaker points within your network. Maybe that newbie you hired left the default credentials? Maybe a new patch was pushed out for a piece of hardware or software you use that is a serious issue?
  • OTX - The Open Threat Exchange which AlienVault manages and updates is fairly consistent with making sure that outside of the updated directives events which are available to the appliance to correlate with the data you receive from the devices you are monitoring from within your network. For example, checking if an outbound firewall log has information on an asset communication with a known malicious server, or if you have files on that very asset or another asset which match hashed values showing that the server may have been potentially compromised.
  • Support - The support is the *WORST*!, They take a *VERY* long time to respond, and half the time they're just skimming over the issue instead of actually asking questions to be better informed!
  • Buggy Updates - I've had my fair share of issues with the USM Appliance that have either been through updates or oversights from AlienVault's end that have either left the appliance in a degraded or broken state. The most recent 5.6 Update left a lot of people hanging due to failed database upgrades. YOU WILL NEED LINUX KNOWLEDGE IF YOU PLAN TO TAME THIS BEAST.
  • Complexity - A lot of people start out with AlienVault and stare like a deer in headlights at the amount of drop-downs and different pages and menus available. While, Yes, AlienVault is a very technically complex package as it's based on many different working components that work with each other. A lot of this data can be more easily presented to the end user. And quite a bit of the documentation on their website is actually out-dated. But then again, managing a SIEM is a full-time job - you hire one person to do *Just That*.
If the receiving/managing engineer is well experienced or willing to learn, then the value AlienVault can provide is understated, it's a must. For a one-man shop, this also provides great value for being able to more accurately gather and assess what may be happening in your network.
In a preventative aspect? You will be relying on vulnerability scans, and hoping you configured the right events and assets to escalate... And it's fairly decent and comprehensive at that.

In a post-threat scenario? AlienVault should give you a good overhead view of whodunnit, it's just the time it may take to piece together that data may take a while depending on what logs you are sending to it, and how chatty it is.
Read Jasmine Martinez's full review
Thomas Young profile photo
January 25, 2019

AlienVault USM Review: "AlienVault is about as user-friendly as it gets for threat detection"

Score 7 out of 10
Vetted Review
Verified User
Review Source
AlienVault is used across the organization, although only select individuals actually know that it is running. The software addresses the protection of mission-critical information and databases. The software is not useful for any other purposes outside of security of the networks.
  • AlienVault makes following real-time threats very simple with its graphics interface.
  • AlienVault is also easy to work with, and customer support is great.
  • AlienVault works mainly automatically, which makes using it easy. If it required too much effort, the software tool would be replaced.
  • The logs of AlientVault are harder to read through than other logs.
  • Support is good, but not great.
  • Resources for using the product could be made easier to search and understand.
AlienVault is well-suited for organizations concerned about protecting their information technology networks. If you have large volumes of sensitive data, it needs to be protected. AlienVault is a helpful solution in that it provides lots of information about the security of the network, in addition to intruder detection. The software is not well-suited for individuals or corporations that don't understand network security or have little sensitive information worth protecting.
Because threat intelligence is something that is not directly observable for most IT individuals, the software reports real security threats in real-time. Presumably the software is honest in its reporting of such threats, because at times it's hard to believe the number of threats reported by the software. Perhaps the best feature of AlienVault is the ease of use. The software requires some IT knowledge, but really a non-IT person could figure out what the software is doing without advanced knowledge. That ease-of-use is important given the many tasks in a given day.
Read Thomas Young's full review
Rajnikant Bhandare profile photo
November 13, 2018

User Review: "AlienVault USM ...A decent SIEM tool.."

Score 8 out of 10
Vetted Review
Verified User
Review Source
AlienVault USM is one of the best tools I have experienced because it is not only SIEM but also it gives us other functionality as well, like asset discovery, vulnerability assessment and file integrity etc. So we are using it for Network infrastructure monitoring as well as for vulnerability assessment too. It is pane of glass tool and it is used by the SOC department.
  • Single pane of glass solution for on-premises as well as for cloud environment.
  • In-built Vulnerability Assessment.
  • AlienVault's OTX community direct coNnectivity and sync for tool.
  • New End point threat hunter by OTX.
  • Process speed
  • Have a better NetFlow visibility
This tool is suitable for small-scale, medium scale and also for large or complex scale organization. AlienVault provides us a very suited user guide as well as a deployment and configuration guide to configure the solution. So that anybody can easily deploy and configure it. The major importance of this solution is used for security prospect in the infrastructure.
As I compare AlienVault USM with other security technology, it is a decent threat intelligent tool. But it is not up to the mark. We still have had a really good experience with AlienVault. The product provides a lot of features and is relatively easy to use. It detects abnormal activity on servers, networks devices/traffic, and workstations. One module called as vulnerability assessment is very good which is mostly not provided by other security technology tools. It is very good that I can schedule a vulnerability assessment so that I can regularly monitor all servers with vulnerability if any.
Read Rajnikant Bhandare's full review
Jason G profile photo
October 29, 2018

AlienVault USM Review: "Great Product, Great Value"

Score 10 out of 10
Vetted Review
Reseller
Review Source
As a product-agnostic Managed Security Services Provider (MSSP), AlienVault USM is one of several SIEM solutions we utilize in our Security Operation Center (SOC). We deploy, manage, and monitor the solution for other clients, and we use it for ourselves. As do most SIEMs, AlienVault allows us a central location to monitor the cybersecurity of an IT environment. It's impossible to avoid 100% of attacks, so after setting up defenses, the next best thing is to have 24/7 eyes-on-glass to be able to quickly respond to incidents as they happen.
  • AlienVault USM Anywhere has a modern, user-friendly, and intuitive GUI, making it easy to use.
  • AlienVault USM Anywhere is a cloud-based solution that is easy to deploy and easy to scale as well.
  • On top of having built-in support with several technologies, AlienVault USM Anywhere has an API that allows you to develop additional plugins if necessary.
  • Although they use machine learning, the algorithms that they use are graph-based. Their AI/ML capabilities could be improved a bit.
  • The solution provides some compliance reports, but it does not generate reports with information such as... how many of what type of event happened this month. You can see this information on the dashboard, but it would be nice to be able to generate a report automatically.
Of the many SIEM solutions that I have worked with in the past, AlienVault USM has the best value. In my opinion, it is not the best of the best that one can afford, but if you are looking for a good balance between price and performance, then AlienVault USM is for you.
AlienVault is a fantastic solution in helping detect security threats. I have said this before, but again, you can set up all sorts of defenses, but there will always be someone who is able to break in, so the next best thing is to be able to detect when that happens and respond effectively.
Read Jason G's full review
Scott Holland profile photo
October 22, 2018

Review: "AlienVault USM Anywhere taking cyber security to the outer reaches of space"

Score 9 out of 10
Vetted Review
Reseller
Review Source
We utilise AlienVault USM for the below categories

Vulnerability Assessment and Remediation.
Threat and Malware Detection.
Log Management, Monitoring and Archiving.
Managed SIEM.
Compliance Monitoring & Reporting

Being able to cover all the above aspects in one screen considerably reduces time and lets not forget money to quickly and effectivly solve security issues within the company and implemt fixes and reports as needed.
  • SIEM - Real time logs allow you to quickly drill down into current issues in your network and filter out any noise
  • Alarms - The alarms page shows all the current environmental awareness on the network and a quick report and ticketing system allows for ease of use. This again saves time and make you more effective at resolving issues and the ability to pass the tickets to the relevant department.
  • OTX - The open threat exchange integrations enables the USM to use all the latest threat indicators to correlate against incoming threats without the need to manually add rules to your USM.
  • Apps - AlienVault integrate with many apps already but there are plenty more to be added to allow further integration with other products.
  • More ability to filter logs form other security platforms
AlienVault can be used in in most companies' security arsenal as the aspects it addresses are now more of a "must have" than a "I can do without" in attitude. The ability to quickly spot at network security issue and resolve it before a hacker can utilise the vulnerability allows a proactive approach to company cyber security and will reduce the possibility of a cyber security attack at that company.
I find it hard to compare AlienVault USM as they cover so much with the All in one solution but what I will say is that it took less than 2 hours to get the system up and running and collecting threat intelligence and then it was a matter of fine tuning the system. To be able to deploy that fast is a large selling point.
Read Scott Holland's full review
Allan Jacks profile photo
November 01, 2018

Review: "Alienvault USM Rapid Implementation for effective reporting in SMB Environment."

Score 9 out of 10
Vetted Review
Verified User
Review Source
AlienVault USM is used as the Central Alert, notification and was implemented within a short time frame to fulfill audit purposes. It was relatively easy to setup and implement, and has been a great addition to our suite of tools.
  • Enables integration with readily available software currently in use.
  • Easily customizable to allow reporting for different functions and users within the organization.
  • Reporting function for vulnerabilities as a check and balance with other tools utilized.
  • Further integration with Enterprise tools.
  • Rapid growth of product has led to some issues with implementation of alerts and false positives.
  • Ability to report as needed takes some time for focusing and testing of reports.
Short ramp to implementation covering a wide array of commonly implemented environments.
In our case it augments our current suite of tools for security assessments. It is set up for regular scans and offers the opportunity as a secondary check against our security software used.
Read Allan Jacks's full review
No photo available
April 12, 2019

User Review: "AlienVault USM is wonderful!"

Score 10 out of 10
Vetted Review
Verified User
Review Source
AlienVault USM is used primarily by our network engineering staff in our infrastructure department. The application is used for log collection from VMware, Active Directory, Microsoft applications such as MS Exchange 2010/2016, and some of our specialized insurance applications. We also use it for NIDS and Palo Alto firewall log collection. Vulnerability scanning helps us to identify possible security issues on our systems for which we can then patch and upgrade accordingly. We generate quarterly security reports for management staff to review as well.
  • Vulnerability scanning
  • Network Intrusion Detection
  • Log collection from a variety of products
  • Support is not very fast to respond and their resolutions are weak.
  • NIDS support with Cisco UCS
  • Feature Request: automatic report processing for which the report is emailed
Our organization is an insurance brokerage and we require log storage of all systems up to 3 years per compliance. We love the ability to generate vulnerability reports for which we can identify security and patching issues on our systems. Asset management reports are fantastic when our security auditors are on site.
AlienVault USM has an excellent vulnerability and asset scanner for which identifies security threats on systems. The application scans each system, including the applications installed on each system and identifies missing patches and lists each individual vulnerability with detailed information. This is single handedly the best feature that comes with AlienVault USM and I highly recommend AlienVault USM.
Read this authenticated review
No photo available
March 25, 2019

"A review of AlienVault USM"

Score 8 out of 10
Vetted Review
Verified User
Review Source
Ailienvault USM was used by our law firm to monitor for security threats, vulnerabilities and reconnaissance. We wanted to legally protect ourselves by employing security products that were robust enough to withstand a legal challenge in the event we were compromised and AlienVault USM fit those requirements.
  • AlienVault is great at providing a single dashboard to view into all of your security products in one place
  • Alienvault has a powerful intrusion detection system
  • Alienvault does a great job of collecting security data from a hundreds of different sources/vendors
  • Alienvault is complicated. To install and configure it properly you will need to be a seasoned security professional. I am a Sys Admin guy and I needed help.
  • Alienvault USM can be a bit too "chatty" , alerting you to so many things out of the box it seems like a full time person is needed just to manage the alerts. It takes a while after implementation to finally get the alerts down to the correct level.
  • Alienvault USM "Plug Ins" are sometimes a little flaky
Alienvault USM is well suited for anyone looking to aggregate all of there security systems into one place. You should have a seasoned Security person on staff to manage it though, because its complicated. Its not suited for smaller businesses without a dedicated security person on staff.
Alienvault USM is very effective at helping detect security threats. It has plugins for hundreds of different firewall, IPS, Router, switch, PC's, Laptops, etc ... from almost any conceivable manufacturer. Theses plugins allow Ailenvault USM to catch threats from anywhere on your network, and all of the alerts are delivered to a central place, so you don't have to keep checking each of your security products manually, thereby making sure the alerts aren't missed .
Read this authenticated review
No photo available
April 13, 2019

Review: "AlienVault USM - A worthwhile SIEM platform that delivers value in the first days of usage"

Score 8 out of 10
Vetted Review
Verified User
Review Source
AlienVault USM is being used in a phased approach to build an internal SoC function. We initially used it to collect server and device logs centrally for retention. This was then expanded to allow for security alerting and threat intelligence. Through the use of the platform we are able to prove our security processes and working practices are effective in mitigating company risk. Additionally, this solution is making up part of our ongoing accreditation for Cyber Essential Plus by enabling us to evidence good practice with regards to security and compliance.
  • Threat intelligence
  • Centralisation of logs and events
  • Event management
  • Integration into SaaS first ITSM platforms for better workflow
  • GDPR compliance dashboard (to show potential breaches and resolution specific to sensitive data that has been classified and tagged)
  • Native integration with SMS services for event alerting (such as a detected cyber attack)
Well suited where a platform is needed to be rapidly deployed into an environment and then gradually matured with regards to usage. Very good to get into place to capture logs which can help with forensic investigation of security issues to resolve problem and evidence the issue and steps taken to resolve. If you are a very small support team it can (as with any platform in the same category) be overwhelming to deploy and manage due to its potential complexity and overhead to manage alerting.
The platform is very good at detecting. We are not yet using the full offering, but we are allowing it to centralise reports from other services with additional threat detection built in. This is acting as the point of initial alert and response along with the benefit of a validation of the potential issue vs another threat provider making actions to be taken worth while (due to the risk being validated).
Read this authenticated review
No photo available
April 11, 2019

AlienVault USM Review: "AlienVault For The Win"

Score 9 out of 10
Vetted Review
Verified User
Review Source
Currently, we are just setting it up and it will be used by our IT department. It will allow us to monitor different events and log ins as we have a lot of users and guests.
  • Alerts
  • Events
  • Monitoring traffic
  • Filtering capabilities are little overwhelming
  • Rules can get clogged
  • Dashboard sometimes seems too simple
Alienvault is perfect with O365 as they work flawlessly together. Threat detection is top notch and allows us to have a really good incident response time, so anything O365 related is great so far for us.
As this is the only product of the sort we have used so far, it is great so far.
Read this authenticated review
No photo available
March 27, 2019

AlienVault USM Review: "Solutions within your finger tips"

Score 8 out of 10
Vetted Review
Verified User
Review Source
Jameco Electronics is strictly using AlienVault USM for PCI compliance.
  • AlientVault can provide a lot of detailed information on each incident and can verify live from AT&T Labs.
  • The detailed information that the system provides makes it much easier task to pin down the issues and resolve them accurately.
  • HIPPA and PCI compliance with AlienVault is a much easier implementation than other products on the market currently.
  • Assets discovery from static has to improve.
  • Tagging, labeling, and remote agent install needs to improve.
AlienVault is truly a PCI and HIPPA compliance product. Suitable for any company that deals with credit cards, eCommerce, or healthcare.
AlientVault's intelligence ratings are very useful when analyzing the incident. Each event is important, however, having ratings allows us to pick and choose what to work on as well as setting the .priority per event/incident.
Read this authenticated review
No photo available
January 15, 2019

AlienVault USM Review: "Great for small organizations!"

Score 8 out of 10
Vetted Review
Verified User
Review Source
We are currently using AlienVault to collect logging data from all major applications used by the institution, especially G Suite. We are using it to get a better understanding of what is happening in our environment from a security standpoint. The best part for our institution is that all data is kept in a central location off-site.
  • Log monitoring
  • Centralized Reporting
  • Notifications
  • While it is fairly good, the integration with various IT systems could always improve - support more products and provide better documentation for tying them to AlienVault.
  • The cost does jump quickly. While we've found AlienVault to be affordable for our small size, I would hope that the product continues to be within our reach for everyone's benefit.
  • AT&T's ownership remains a concern. They do not have the best track record.
We found AlienVault especially suited for our relatively small organization. We also maintain a small IT department, so we all have to be experts in everything. AlienVault provides us with a single tool to accomplish our needs, instead of requiring several tools that in turn require very specialized knowledge. Because we are lower budget though, we use lower budget products, which are not all supported by AlienVault yet.
Unfortunately AlienVault is the only tool in this arena we have used because it is the only affordable one. Therefore I have nothing to compare it to. It far exceeds the capabilities of just doing nothing at all.
Read this authenticated review
No photo available
April 11, 2019

AlienVault USM Review: "AlienVault is engineering friendly"

Score 9 out of 10
Vetted Review
Reseller
Review Source
We use AlienVault to monitor client networks for security alerts and relay that to the client in an informed way due to the vast amount of information gathered by AlienVault. We deploy an AIO to a client and that feeds to our fed server to get all alarms centralised to one place for analysis by our SOC.
  • It clearly displays all information in an alarm/event
  • Very customisable for any needs you may have
  • Great support team who are easy to contact and great when helping
  • You need a high level of Linux knowledge to be able to use AlienVault to it's fullest potential
  • The USM can be quite fragile and crash unpredictably
  • Multiple bugs in the backend mean you need to bypass some functions/actions
It is easy for engineers to work on. All the information provided to the SOC is clear allowing them more time to research alarms and be informed when informing a client. It scales well as we grow our client base and company and very easy to adapt to the evolving technologies.
Read this authenticated review
No photo available
February 12, 2019

AlienVault USM Review: "Aliens - our friends!"

Score 10 out of 10
Vetted Review
Reseller
Review Source
Our organization is a reseller of AlienVault products. So we use AlienVault for testing and studying.
  • Vulnerability Scanning is a great feature of AlienVault USM. It is a very powerful tool for securing your infrastructure, and it is comparable with other very big solutions in this market.
  • Great view, great AlienVault Labs, a huge number of plugins and correlation rules, and it grows every day.
  • NIDS - great module with up to date rules for almost all types of malware.
  • Source IP = 0.0.0.0 The biggest hole in AlienVault. If in Syslog, there is no IP address, but hostname - in events we don't see src IP, just 0.0.0.0. This is really bad, it needs to be reconfiguring regex in all plugins.
  • No information about AlienApps is provided in AlienVault USM anywhere in Essentials. We know that in the standard license we have all, but there is no info about it in Essential.
  • More features for availability, monitoring. More dashboards that we can use in this module. We have Nagios on board, so let's use it with a graphical interface!
SIEM. Vulnerability scanning, building a SOC - great scenarios for AlienVault.
Infrastructure monitoring, UEBA, correlation with time periods - [not well suited for AlienVault.]
OTX - the best free community for threats exchange. It's great for implementing in every infrastructure for deep analysis of events in network and infrastructure. Great updates every two weeks from AlienVault Labs. These guys are trying to keep users safe and up to date.
Read this authenticated review
Erlon Sousa Pinheiro profile photo
September 11, 2018

AlienVault USM Review: "A complete security framework that works on multiple layers."

Score 9 out of 10
Vetted Review
Verified User
Review Source
Originally AlienVault was a product we sought to meet requirements for GDPR, but soon in our initial review, we realized that it would deliver much more than we needed. We currently have a solution that provides us with information for decision-making and proactive action in the security context of our environment. The solution proved to be so well thought out, with an excellent technical background that personally, I invested heavily in an apprenticeship and became an AlienVault USM certified engineer.
  • AlienVault enables integration with external technologies, thereby broadening its scope and possibilities.
  • AlienVault has a dashboard customization and reporting scheme that makes it flexible to query your data, allowing you to model the tool according to your needs.
  • AlienVault will make you forget the need to consult some information on AWS Cloudtrail. It extracts the data from there and delivers in a much more efficient way.
  • With a single tool you can monitor your cloud and on-premises environment.
  • Their commercial policy on stored data makes you need to filter out some information before it is stored.
  • Their new agent does not allow you to create local filters, which can easily lead to the overrun of monthly contracted storage limits.
  • It does not allow you to create log analysis plugins. If it were allowed, it would be possible, for example, to create a plugin for analyzing the logs of an application created by your company.
Since AlienVault is a versatile tool, having versions for various cloud providers as well as virtualization frameworks, it adheres to the most diverse scenarios. Another strong point to be highlighted is how the company is constantly improving the product. AlienVault is famous for the effort the company puts behind the tool, and it is being improved constantly by adding new resources.
Especially since AlienVault has its own security research lab, recent threats are quickly added to the database. It is even common to see in the security-related community the presence of AlienVault researchers reporting security breaches detected by them.
Read Erlon Sousa Pinheiro's full review
Patrick Noc profile photo
June 07, 2018

AlienVault USM Review: "AlienVault after 1 year"

Score 9 out of 10
Vetted Review
Verified User
Review Source
My organization used AV in the cloud mostly with AWS. In one place we can monitor all systems. This could also be done with free tools but it can be hard to get all in one place and it would take much more time to do all of the checks daily.
  • All in one view where you can see all of your assets.
  • Logs and alarms.
  • Detecting systems in your environment.
  • Control of updates - nice to do it in maintenance window.
  • More custom dashboards.
It helped us to detect some anomalies in the configuration of servers, which were just simple human mistakes. Also, helped with daily detection of any scans and attacks. Viewing logs from all systems in one place is a big help for us to check any problems.
It simplified our AWS checks and adding new servers, it's very intuitive. It consolidated logs in one place so it was very helpful for us as earlier we had to check most of them separately. Seeing and getting information about alarms is now faster and we 'see' more in our aws network and all is in one nice dashboard.
Read Patrick Noc's full review
Vladimir Finkinshtein profile photo
June 22, 2018

AlienVault USM Review: "Тhere is room for improvement"

Score 6 out of 10
Vetted Review
Verified User
Review Source
We are utilizing USM Anywhere as SIEM system for a logs aggregation and further analysis by creating correlation rules, manual monitoring of events and alerts sent through notifications to e-mail and Slack channel.
  • Deployment and Integration pretty easy and straightforward whether in AWS (Cloud) or the on-prem environment.
  • Log aggregation, collection rules/Jobs easy to create.
  • Notification s component working very well
  • AWS Integration: in particular, monitoring of AWS resources is far away from ideal
  • Vulnerabilities scanner requires root and administrative privilege in localhost, which is not acceptable.
  • The sensors themselves generate millions of requests, which creates a lot of unnecessary noise to the systems and eventually "eating" traffic and expensive storage space
To fill compliance requirement to implement SIEM system.
Read Vladimir Finkinshtein's full review
No photo available
June 27, 2018

AlienVault USM Review: "AlienVault is a game changer for us!"

Score 9 out of 10
Vetted Review
Verified User
Review Source
AlienVault USM has helped us gain great insights into our operations, as well as the way our users utilize our environment. It is simple to track complex issues, and quite convenient to have a single interface to do so. Management has been pleased with the internal reports we've created using AlienVault, and it has become a critical part of our environment in a short amount of time. The security, alerting, and logging have allowed us to grow as an organization without worrying about whether or not we are secure and up-to-date. This is a fantastic product, and while initially a hard sell due to the price, has proven its worth over the year or so we've used it. I love being able to say to management "yes, I can get you that information" knowing full well that I will be able to, in an easy and timely fashion.
  • SIEM - logging. AlienVault is easy to configure on the client side, and with a couple scripts, makes deployment a piece of cake.
  • Vulnerability scanning. AlienVault helps us track which systems are most vulnerable to security issues so we can prioritize patching.
  • Reporting. AlienVault generates useful and attractive reports.
  • Some of the documentation could be improved and go more into depth, but support is helpful when the documentation falls short.
AlienVault is suitable for any company with more than a few servers or services. Keeping track of updates, vulnerabilities, logs, etc., can be very time consuming and frustrating, and AlienVault takes care of this in a very clear and concise way. It is easy to use and "just works".
The ability to set up rules and notifications has allowed me to sleep at night knowing that I will be alerted anytime an unauthorized SSH login occurs in our environment. Additionally, being able to track zero-day vulnerabilities on a server-by-server basis has upped our security game immensely. We can run bulk updates on our environment and go back and run a scan in AlienVault and see that the vulnerabilities are no longer an issue. Game changer!
Read this authenticated review

Feature Scorecard Summary

Centralized event and log data collection (1)
8
Correlation (1)
8
Event and log normalization (1)
8
Deployment flexibility (1)
7
Custom dashboards and views (1)
6
Host and network-based intrusion detection (1)
7

About AlienVault USM

AlienVault USM Anywhere is a cloud-based security management solution that promises to accelerate and centralize threat detection, incident response, and compliance management for cloud, hybrid cloud, and on-premises environments. The vendor says that USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physical IT infrastructure.

USM Anywhere aims to help you rapidly deploy sensors into your cloud and on-premises environments while centrally managing data collection, security analysis, and threat detection from the AlienVault Secure Cloud.

Five Essential Security Capabilities in a Single SaaS Platform

AlienVault says that USM Anywhere provides five essential security capabilities, giving you everything you need for threat detection, incident response, and compliance management, within one platform. With USM Anywhere, you can focus on finding and responding to threats, not managing software. USM Anywhere can readily scale to meet your threat detection needs as your hybrid cloud environment changes and grows.

  1. Asset Discovery
  2. Vulnerability Assessment
  3. Intrusion Detection
  4. Behavioral Monitoring
  5. SIEM

Try USM Anywhere in your environment—free for the first 14 days.
www.alienvault.com/products/usm-anywhere/free-trial

AlienVault USM Features

Security Information and Event Management (SIEM) Features
Has featureCentralized event and log data collection
Has featureCorrelation
Has featureEvent and log normalization
Has featureDeployment flexibility
Has featureIntegration with Identity and Access Management Tools
Has featureCustom dashboards and views
Has featureHost and network-based intrusion detection
Additional Features
Has featureAlienVault Open Threat Exchange

AlienVault USM Screenshots

AlienVault USM Videos (2)

Watch AlienVault USM Anywhere: Five Essential Cloud Security Capabilities in a Single SaaS Platform

Watch See How We're Pushing the Outer Limits of Security

AlienVault USM Downloadables

Pricing

Has featureFree Trial Available?Yes
Has featureFree or Freemium Version Available?Yes
Has featurePremium Consulting/Integration Services Available?Yes
Entry-level set up fee?Optional

AlienVault USM Support Options

 Free VersionPaid Version
Phone
Email
Forum/Community
FAQ/Knowledgebase
Social Media
Video Tutorials / Webinar

AlienVault USM Technical Details

Deployment Types:SaaS
Operating Systems: Unspecified
Mobile Application:No
Supported Countries:Global