AlienVault USM Reviews

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener noreferrer'>Customer Verified: Read more.</a>
618 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 7.7 out of 100

Do you work for this company? Manage this listing

TrustRadius Top Rated for 2019

Overall Rating

Reviewer's Company Size

Last Updated

By Topic

Industry

Department

Experience

Job Type

Role

Reviews (1-25 of 358)

Matthew Stacks | TrustRadius Reviewer
November 27, 2019

AlienVault USM Anywhere

Score 6 out of 10
Vetted Review
Verified User
Review Source
Our organization provides multiple security services to clients. These services fall into three broad categories: Offensive consulting services, such as penetration tests and vulnerability assessments; Defensive consulting services, like digital forensics and incident response; and security operations, which consist of continuous network and endpoint security monitoring and threat detection. AlienVault USM is one of the many solutions used to perform security operations for our clients.
  • AlienVault USM is simple and easy to deploy. Sensors can be deployed in as little as 15 minutes through the setup wizard.
  • The USM UI is easy to understand. I've trained multiple analysts who are able to perform their duties on their first day, in part because of USM Anywhere's ease of use.
  • Top-notch built-in compliance templates and reporting features.
  • Filtering using built-in search statements is difficult to pick up and run with.
  • When creating custom rules for reports, there can be too many options, and often have little use for the task at hand.
  • You sometimes need product-specific knowledge, like AlienVault field names, to find the information you're after.
AlienVault Unified Security Management (USM) Anywhere is a cloud-based security information and event management solution that provides effective and affordable threat detection, incident response, and compliance management capabilities.

USM Anywhere is well suited to mid-size enterprise environments operating in the cloud. USM Anywhere is also well suited to enterprises whose operations teams require easy deployment and management. Last, USM Anywhere is considered a highly affordable option compared to competitors.

USM Anywhere lags competitors in several areas, such as application monitoring, database monitoring, and integrations with third-party solutions such as cloud access security brokers (CASB), DAM, DAP, and DLP.
Read Matthew Stacks's full review
Christian Holton | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We use AlienVault across the org, with accumulator appliances in two offices and in our cloud infrastructure. These devices are syslog targets and are used to scan traffic in each location. In addition, I also have deployed the AlientVault USM agent script to all servers and user systems. AlienVault sometimes notifies me of problems within integrated systems such as Sophos before that service itself. Notifications as simple as an improperly configured SSH config or something as significant as signs of SPECTRE traffic are delivered to my inbox so I may deal with these alerts ASAP.
  • Alienvault USM is THOROUGH. We have a highly integrated workspace that's most SAAS, and I monitor those integrations and their security with AV. If I am trying to track the uptime of a laptop, I don't go to VPN or our Directory Services... I go to AV.
  • As I mentioned before, we use Sophos to protect our laptops. If a questionable file shows up on someones laptop, I hear about it from AlienVault before I hear about it from our Sophos service.
  • The OTX Pulse feature is a built-in feature that lets you subscribe to industries and you are notified about new threats that affect that industry on a daily basis. The pulse alerts are added to your AV watchlist.
  • Personally, I've wished I could purchase a service that would configure AV for my environment. I get a lot of traffic on a daily basis and I almost need to hire an analyst that just works on AV.
  • Some of the filters when looking for a specific alert aren't that easy to use.
AlienVault is an amazing product. The only reason my rating isn't higher is that most of my colleagues work for smaller businesses where the IT staff is less than 5 people. There are a lot of moving parts to AlienVault and it is almost another job. Folks in my circle of colleagues, for the most part, don't have the bandwidth that AlienVault demands.
Read Christian Holton's full review
Anthony Guynes | TrustRadius Reviewer
January 28, 2020

AlienVault USM Review

Score 8 out of 10
Vetted Review
Verified User
Review Source
We use USM to monitor our organization and we deploy it to our customers so we can monitor them with our NSOC.
  • It does a great job of correlating the traffic that it sees and compares it to Open Threat Exchange.
  • It's easy to read and set-up.
  • When looking at events from a destination IP, the USM doesn't show you the total number of these until you find the last page. It just says "XXXX of 4,000,000".
For the price, AlienVault has a lot of reporting dashboards and plugins that make it a very valuable SIEM. It also has very good scalability, so whether you have a large organization or a small business, there is a solution for you. The USM is also very user-friendly which lets you be able to start monitoring right away.
Read Anthony Guynes's full review
John Keenan | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
We use AlienVault USM as the SIEM for a large healthcare organization with numerous disparate sites and a small security team. We also employ a SOCaaS to help optimize and monitor for 24x7 operations.
  • Lots of ability to generate reports.
  • Solid appliances ingest many sources.
  • Default settings are a bit esoteric and require outside expertise for optimization.
  • AI isn’t really catching as much as I thought it would.
This is well suited to small organizations that need a SIEM but can’t justify Splunk or LogRhythm.
Read John Keenan's full review
Mpho Lekota | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
AlienVault USM also enables you to centralize the storage of all your log data in the AlienVault Secure Cloud, a certified compliant environment. This alleviates the burden of having to manage and secure logs on-premises, while providing a compliance-ready log management environment. SIEM software solutions and log management tools provide valuable security information, but often require expensive and time-consuming integration efforts to bring in log files from disparate sources such as asset inventory, vulnerability assessment, endpoint agents, and IDS products. Once you have the data, you then must research and write correlation rules to identify threats in your environment.Advantages of using all-in-one security essentials is Save Time and Money in Integrating Multiple Third-Party Security Tools and Start Detecting Threats on Day One with Pre-Written Correlation Rules.
  • The USM platform provides the essential security capabilities that work together for a fast and cost-effective way for organizations to have complete visibility into the security of their environment.
  • With the information gathered during asset discovery, USM will correlated that information with known vulnerabilities for continuous vulnerability awareness. In addition, USM contains an active scanner capable of scanning for over 30,000 known vulnerabilities.
  • To give better visibility into your network, and possibly detect intrusions that don’t follow behavioral patterns, we offer Netflow information, bandwidth monitoring, and traffic capture, all part of our behavioral monitoring capabilities built into USM.
  • External threats — Coming from external attackers.
  • The value of the asset associated with the event
AlienVault USM is well suited for any small/medium businesses as well as big corporations. The reporting and dashboard alone are something I always look for in a USM because it makes it easier for me to gather and find the information I am required to have. If detailed reports are what you are looking for or an easy-to-navigate dashboard this is the software for you.
Read Mpho Lekota's full review
Nathan Manzi | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Reseller
Review Source
As an MSSP our company utilizes AlienVault USM Anywhere to provide our customers with best-in-class threat monitoring and response services.
  • With the Open Threat Exchange, AlienVault USM Anywhere is able to quickly identify emerging indicators of compromise and alert on threats as they arise.
  • We've found the improvements in the authenticated vulnerability scanning engine to reduce the number of false positives and increase the integrity of vulnerability reports.
  • Speed of deployment is a strength, particularly with the AlienVault agent which utilizes os query to collect typically important data.
  • Alien apps provide us with the ability to integrate third party security packages and swiftly take action on alarms.
  • More Alien app integrations with emerging EDR solutions would be useful.
  • A catalogue of commonly filtered events would make on-boarding much quicker and easier.
AlienVault USM Anywhere is well-suited for the mid-market to enterprise space, providing a mature suite of cybersec solutions in a single package.
Read Nathan Manzi's full review
Jeremy Cejka | TrustRadius Reviewer
Score 4 out of 10
Vetted Review
Verified User
Review Source
The business problem it addresses is derived from governance and compliance set by the USG and the DFARS regulations to have a SEIM. I have experience with paid products such as QRADAR and Splunk, and open source products such as Graylog/Elk/Wazah/security_onion. This is a department tool to consume the whole organization's security related data. We currently use it as the SEIM.
  • It's a decent log aggregator.
  • Does correlation between events well, if set up correctly.
  • Control on attribute mapping within USM Anywhere or fully disclose the mappings between ingested raw logs and attributes those values map to, in order to be searchable, and give power to the end user to create meaningful alerts and queries for the right content.
  • Notifications for alerts tend to lack the essentials to make a determination off of the email. Often times alerts within cloud products are benign and part of the user experience and behavior, but get classified as violations, because they meet the criteria of equivalent alerts that are actionable.
To be honest, AlienVault is run of the mill. I can get more power out of Gralyog/ ELK and pay for the threat exchanges they have, and still have complete control over how my SIEM works for me. AlienVault USM isn't a bad product, but as an end user you give up too much control and get little back from the company when it comes to attribute mapping. Also not a fan of the updates the break my appliance for a couple days. Which falls in the category of control. I think USM is a good starter for small companies needing SIEM where resources otherwise prohibit having someone/something better. As businesses grow and compliance becomes more instituted, the businesses need may be very unique where AlienVault may not be able to satisfy the burden of their specific SIEM needs.
Read Jeremy Cejka's full review
Babak Oskouian | TrustRadius Reviewer
November 06, 2019

AlienVault Review

Score 7 out of 10
Vetted Review
Verified User
Review Source
We use it across the organization but not every plan is included mainly because of limited storage. We do vulnerability scanning, traffic analysis, and SIEM.
  • Integration with G-suite and AD
  • AlienVault agents that come free of extra charge are valuable
  • Automated scans
  • Updating the agents is not straight forward
  • Agents some time go offline for no apparent reason
Because of the price and the fact that it does much more than just SIEM, it has been very valuable to us, however, a redo of the GUI might be in order as it is old and somewhat not very intuitive.
Read Babak Oskouian's full review
Ranjith R | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
We have procured AlienVault USM Anywhere for Monitoring and Triggering alarms/notification on the suspicious traffic and attacks. It is being used within the infosec/infra department to take necessary actions on the security events. It majorly helps us to find the real-time attack and traffic events to our organisational assets and also it helps us on finding the vulnerabilities on a specific asset.
  • AlienVault USM has the potential to identify the attack patterns by the traffic events through their sensors which is already built-in with their own correlation rules.
  • USM Anywhere sensor reduces the load for SOC analyst on writing the new set of rules.
  • And also provides an option for slack integration which myself felt very nice for an immediate action.
  • When we talk about the forensics investigation the user interface and experience is not that great as expected, when we sent an alarm/event for investigation it doesn't provide any investigation results.
  • The USM sensor doesn't have the capability of handling more jobs, It does restarts the sensor if certain limit of jobs are configured
  • The log reports are not getting downloaded when we try to attempt via safari browser
It is well suited for a Cloud environment like AWS and Azure, since GCP is a new player in cloud, AlienVault has to improve a lot in terms of support with the data and log sync of instance asset mapping and sensor capability to handle more jobs to get out of unavailability issue among other competitors like Splunk, Sumo Logic and LogRhythm
Read Ranjith R's full review
Cory Watson | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We use it to monitor security logs across our various SaaS apps. It is the central hub for our security incident program. It is primarily being used by our Information Security Department. This tool addresses our need to be able to make actionable decisions, across various SaaS platforms, from a single pane of glass.
  • Correlate logs from different sources into actionable intelligence.
  • Provide an easy to use interface to interact with Alarms and Events.
  • Integrate with our alerting tools to make sure when an incident is happening, the right people know about it quickly.
  • Being able to make custom plugins for internal tools.
  • Being able to have a webhook plugin to send logs directly to the cloud appliance.
  • Make the management of suppression rules better. Maybe include a suppression rule visualizer to make sure your suppression rule is doing exactly what you would like it to do.
It is well suited for a small security team that does not have all the time in the world to set it up, tune it, and babysit it.

It is not appropriate if you are looking to easily be able to customize the tool. A lot of the options you have with tools like Splunk are just not here.
Read Cory Watson's full review
Fintan O'Meara | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
Alienvault USM is used by the internal IT department to monitor activity from lots of different sources across the organisation. From O365 and Azure, AWS, on-premises servers and network equipment, and others we track vulnerability status, correlate unusual activity and monitor for IOCs from Alienvault's Intelligent Cloud.
  • Intelligence updates from the Alienvault community and security pros.
  • Writing of threat detection rules and ingestion parsing for different devices.
  • Vulnerability scanning.
  • Asset management is done purely by IP unless using the agent.
  • Agent installs and updates can be a bit flakey, and on occasion use lots of resources.
Good out of the box product, not a huge amount of configuration required to get up and running, though constant tuning is and should be required. Good integrations available, though if you have a lot of experience security analysts in your organisation there are probably more powerful tools out there, they just require you do most of the correlation and detection rules yourself.
Read Fintan O'Meara's full review
Mario Martinez | TrustRadius Reviewer
September 27, 2019

AlienVault does the job

Score 9 out of 10
Vetted Review
Verified User
Review Source
We use AlienVault USM to monitor our AWS cloud environment and the individual assets within that environment. AV also provides us with alerting and reporting that helps us attain and maintain compliance with several standards, but, more importantly, helps me sleep better at night as our Information Security Officer. An easy to overlook benefit is that It makes it easier for us to shore up process deficiencies. We can more easily audit that we documented and approved all non-emergency configuration changes within our cloud before they are applied. We also use the AV agent to monitor individual instances for vulnerabilities and the software they run.

This all gives us confidence that we are keeping our systems as secure as possible and meeting promises to keep our customer’s data secure.
  • Internal vulnerability scans
  • Monitor firewall and security group changes
  • Monitor and alert on suspicious system logs
  • Monitor and alert on suspicious cloud watch logs
  • False alarms occur occasionally
  • There is no report for only displaying vulnerabilities with an available patch. Specter class issues can only be mitigated but will remain active until we are all on next-generation processors.
AlienVault is well suited for cloud environments and sprawling internal networks. Log ingestion and analysis across your instances and, in our case, AWS, coupled with File Integrity Monitoring and other features are well worth having. It takes some time to get things right and I would suggest, like every tool, that you periodically test its different components to remain confident in its abilities. Smaller systems likely would not benefit as much and it might be a cost/benefit analysis whether to audit changes by hand or monitor them for changes.
Read Mario Martinez's full review
Mark Taghap | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
We have deployed AlienVault USM throughout the entire organization. The IT department is responsible for monitoring and making necessary configurations. This has immensely improved our visibility in regards to the daily activities of all networks and devices. It has recognized anomalies and notifies my IT department.
  • Centralization of data logs makes it easier to analyze the many application logs throughout our organization. (ie. Windows logs, PLC logs, Antivirus logs, Exchange server logs, etc).
  • Easy maneuvering with AlienVault pages as well as easy to bookmark alerts.
  • Creating SOC on a budget especially with a smaller IT dept.
  • Incident response.
  • Threat detection.
  • Compliance management.
  • AlientVault OTX is a user community that is very helpful especially when you are curious about the alerts or to help mitigate issues that arise.
  • I would like more detailed ways to mitigate issues.
AlienVault is perfect for all organizations, especially for smaller-staffed IT departments. The installation was relatively easy, especially with AlienVault's vendor partners. We did not need to integrate and monitor multiple point solutions b/c AlienVault does the automatically. Just make sure you test the data flow for PLC devices as it may disrupt the flow of data on these types of devices.
Read Mark Taghap's full review
Agustin Larrarte | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
We have used Alienvault USM in our PCI environment to detect the most common threats. We have discovered it added extra value to our organization by creating visibility on security issues we didn't know of before. On the downside, the on-premise version of Alienvault USM can get slow after loading it with a lot of machines (when doing big queries) and doesn't adapt very well to dynamic environments, but their on cloud version is definitely making that better.
  • Reports most common threats, real-time and take immediate automatic actions. I think this is strong if you don't have a team monitoring 24/7.
  • Connects with signature providers and keeps up-to-date well with 0 vulnerabilities. I don't need to explain why you may want to be protected against the newest threats.
  • The UI is very easy to get used to, which will make you adapt to its use quickly.
  • This tool will become slower and slower as you start adding devices to it, the on-premise version has a lot of room for improvement here, the database is slow.
  • The on-premise version of Alienvault USM will not support dynamic environments where people is constantly removing/adding new virtual machines and doesn't cope with puppet management.
  • Only the most common hypervisors supported, it could be good to have an image for XEN.
The on-premise version of Alienvault will be very good for environments that don't change a lot over time, it will provide good information about security issues on your premises. I would not recommend using this if you have a big private cloud where a lot of changes are being made. Go with the cloud version if that's your case.
Read Agustin Larrarte's full review
Jesse Bickel | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
Alienvault was used to provide security monitoring, alerting for our AWS and on-premise systems. This was deployed to all environments locally and in the cloud. It was deployed and managed by the IT team and assisted us in gaining compliance for PHI, HIPAA and other requirements on top of ensuring integrity for our environments. This assisted in addressing our security needs and proactive monitoring.
  • AlienVault USM was quick to deploy and the configuration was pretty straight forward.
  • The AlienVault USM product has great documentation and service support. Very knowledgeable and readily available. Highly recommend their support package.
  • The AlienVault UI is very comprehensive and deep tool-sets. You can monitor just about anything anywhere from anywhere. This flexibility was incredibly useful.
  • While their UI was comprehensive, it takes a while to understand how to group and tag the resources you want to monitor and how and on what schedule. The tools are deep but the usability is a bit complex. You will need to read the documentation.
  • Their pricing model for through-put was a bit challenging. I would like to see a different pricing structure. I would much prefer to see site licenses.
  • Sometimes the assessments where vague. While this shouldn't be relied upon as the only source for assessments, there were often descriptions that did not associate with the vulnerability or required us to deploy other tools to verify such as AWS Inspector, was not a big deal but some added overhead.
If you have a network that is cloud-based and you are scaling the deployable sensors are simple and fast. Security is not the hump it used to be. I believe their model is truly agile and scalable with ease. I believe if you have a fully on-prem network while this solution is still viable, we found our self relying on our local Meraki and Cisco security tools more so then USM. I believe this was out of comfort and experience more so than functionality.
Read Jesse Bickel's full review
Erich Barlow, MIS | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
We are using it in IT security for vulnerability management and for IDS. It is just focused as part of our IT security management process. For us, it addresses the vulnerabilities that we see all the time and it allows us to prioritize those assets based on the risk they pose to the business.
  • Scanning network assets for vulnerabilities.
  • Heuristics in determining behavior and alerts accordingly.
  • Lots of false positives for vulnerabilities, Linux malware on Windows systems????
  • Lack of third-party app support or integration.
  • Being charged based on the amount of data.
It is well suited if you are looking to identify vulnerabilities within your network environment or need to show that you are actively managing them in a meaningful manner. The application will provide a visible manner in which this can be documented for compliance and regulatory requirements. It is not as well suited for identifying potential threats as it provides a LOT of false positives and alerts.
Read Erich Barlow, MIS's full review
Todd Fletcher | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
I have implemented USM Anywhere as our company SIEM. Additionally, I as working to extend it's functionality with Gartner's SOAR principles. The primary business drivers (problems) include controlling costs, mitigation of risk, and supporting agile business initiatives. It is utilitzed by the security team to monitor all business information systems.
  • Deployment is quick
  • Normalization of log data and threat identification is effective and simple to understand.
  • Vulnerability analysis along with CVE identification is better than Nessus
  • Investigations feature is robust
  • Cloud sensor depoyment and capabilities is robust
  • Custom Plugin creation/modification by the user is missing. If log data is unknown to the platform, the processing of getting a new plugin developed is lengthy. It would be ideal if the user could create custom plugins for their own platform.
  • Asset discovery adds every IP address in a subnet even if no host is present. The detection method is flawed. I don't have this issue on the same network with other asset discovery tools.
  • SaaS performance can be slow. When listing items more than 20 at a time, the UI refresh can be painfully slow.
For an organization around 300 to 500 in size, it is a great tool. I feel that adding some network topology scanning and configuration features would allow it to deal with more complex networks better.
Read Todd Fletcher's full review
Atul Jain | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
AlienVault has been implemented across the whole organization. We monitor and raise the alarms/alerts and reach out to the end user/business for mitigation. It addresses all kinds of network-related activities, not limited to third-party chat applications, torrent connectivity, P2P connections, etc.
  • It raises the alarms/notifications at the same moment it happens.
  • The correlation job is wonderful. It correlates all the events and checks with the vuln also.
  • The pcap is not available in USM Anywhere, where it was available in the USM appliance.
  • I feel at times that the correlation is quite slow.
AlienVault USM Anywhere is easy to handle. The event logging, alarms, etc. are perfectly logged. Raising alerts is handy.
Read Atul Jain's full review
Adam Nield | TrustRadius Reviewer
September 05, 2019

Picking up AlienVault USM

Score 8 out of 10
Vetted Review
Verified User
Review Source
We currently use AlienVault primarily for the SIEM and vulnerability scanner. We use the intrusion detection agents across our servers and are in the process of setting up the system to use other features available through AlienVault, such as availability monitoring and creating custom plugins to monitor our bespoke systems. This is all maintained by our infosec, cybersecurity and infrastructure teams.
  • SIEM is great for monitoring and maintaining our systems and networks, and with the right tuning the system becomes an incredibly powerful tool by being able to identify the difference between a high priority event and false positive.
  • The vulnerability scanning is a very useful part of the system, especially as after finding any vulnerabilities it provides lots of detail on what was found along with a solution.
  • User management has a good level of modularity, allowing us to restrict access for certain users to only certain areas.
  • The system can be a little over-complicated to set-up to perform what I would think to be simple tasks. For example, sending an email notification on a certain alarm being created.
  • The reporting module does not offer much visual customization, only allowing you to add your company logo and color scheme as a template.
For what we have the system for AlienVault ticks all the boxes, and there are still more areas for us to explore within the system. It is great as a SIEM tool, being able to not only record and log events but also correlate events, meaning it recognizes where lots of the same events are occurring and depending on how you set up the system it can react accordingly.
Read Adam Nield's full review
Pankaj KC | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use it to detect network risks and vulnerabilities to a reasonable and appropriate level. Using across the whole organization. It's also being used to comply with current legislation (security related logs should be recorded).
  • As for us, it casually integrated to AWS cloud and local infrastructures, in simple words easy to implement
  • Processes different types to logs using its very own inbuilt plugins and display it in an understandable manner for the non-technical users as well
  • Has its own very accurate correlation rules to generate alarms from the processed logs
  • Has an open threat intelligence community which can be integrated with the AlienVault account
  • In order to collect the system logs from various servers, it has an AlienVault agent that can be installed on the windows, MAC and Linux. It collects the various types of logs such as user activity, shell history, file integrity, etc., logs
  • Any suspicious alarm can be added as a ticket on its console and can be processed according to severity type.
  • Server and Network vulnerabilities details can be scanned through the USM.
  • Customizable dashboards view in the console makes easy to monitor logs from the different sources.
  • Events view can be customized according to the data source plugins.
  • USM has a feature of suppressing and filtering out the logs from the console. Suppression hides the logs from the console dashboard whereas filtering block the similar type of log entering the alienvault console which helps to reduce the storage usage
  • Asset Discovery: Maintains and scans dynamic asset inventory and software inventory for large scale organization
  • Security & Compliance Reporting: contains customizable reports for regulation standards and compliance frameworks
  • It uses sensors to collect data from different sources which results in extra cost for the sensor server
  • Support is very poor
  • It would be great if there was document to study on how can we identify and monitor suspicous logs
If you have a bigger organization that has a bigger network infrastructure which needs to be monitored in every aspect, then AlienVault USM is perfect for it. It automatically detects threats and sends out email notifications from which necessary actions can be taken. It has a correlation engine, which quickly detects and alerts on different variants of malware that can affect your organization. It provides full details on the attack method and strategy, the systems in the network involved in the attack (source and destination)with the geo-location, and the associated event that comprised the attack, along with response guidance.

Since it is very expensive I do not recommend it for small organizations it requires additional infrastructures to implement the AlienVault within the premise.
Read Pankaj KC's full review
Ariel Lucas Sandor | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We used AlienVault for 5 years in our PCI and non-PCI environment. AlienVault USM does nearly everything we need to detect threats we didn't know of. The setup was very easy with little deployment time. The price point is very competitive. The tools for data filtering that the appliance has been very powerful. It also comes with predefined PCI-DSS reports. The main problem we addressed is that sometimes the appliance gets slow when doing some particular queries.
  • Very easy to use. The UI is very intuitive.
  • Out of the box predefined reports that make the initial filtering easy.
  • Very easy to setup.
  • Sometimes it gets slow with large queries.
  • When the upgrading fails you have to debug extensively to know what happened.
  • When we massively add hosts, sometimes some of them are not added so you have to be careful.
It's a very nice solution for small and medium deployment scenarios (at least the on-premise version) with slow changes, also is very easy and fast to deploy. On bigger scenarios, it gets slow and a little bit hard to maintain. It's affordable so I would recommend it for small companies.
Read Ariel Lucas Sandor's full review
Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We're using the USM product as its intended use case of a SIEM. Sensors are deployed into our hybrid cloud at various points and push logs to the USM dashboard. With our MSSP monitoring, AlienVault USM meets our needs of 24/7 security monitoring
  • It is easy to deploy and get logs into the dashboard
  • Integrations with Office 365 is pretty seamless and provides great context.
  • Super easy to increase storage tiers if you find yourself adding more and more log sources.
  • USM Anywhere doesn't allow you to multi-home sensors. So if you have non-routable networks, you'll need to investigate the on-premise solution too.
  • You have to be on top of tuning else a constant stream of alerts will cause your SOC staff to begin ignoring alarms.
  • You have to be on top of tuning else you'll eat your allotment of storage for that month. It is really easy to exceed your storage quota if you don't proactively monitor log sources. USM could do a better job letting you know if a log source is too chatty.
AlienVault USM is a good SIEM product for shops that don't have dedicated content creators. If your log source volume is at the TB level on a daily basis, it's not for you. However if you are on a TB level at the monthly level then it's worth looking into. The AT&T purchase has seen a good bit of new development being put into the product around investigation frameworks and integrations. We've gone to a TB tier and have renewed our subscription.
Read this authenticated review
Anonymous | TrustRadius Reviewer
January 27, 2020

AlienVault USM Review

Score 9 out of 10
Vetted Review
Verified User
Review Source
AlienVault is used as a SIEM with ATT managed security services assisting with monitoring and creating alerts for potential incidents.
  • Easy to use rules, events will pre-populate fields for alarm rules allowing for quick creation
  • Friendly interface with logical layout of settings and options
  • Some room to improve the scaling of sensors. Sensors struggle to handle millions or events which results in dropped events in large environments
  • USM is upgraded automatically and there is no way to control when your instance is upgraded. This can result in bugs in features without any way to test and control
It is great for those just getting started with a SIEM. Offers a lot of out of the box functionality and integrations. ATT managed services are also helpful for managing the services.
Read this authenticated review
Anonymous | TrustRadius Reviewer
January 24, 2020

USM Anywhere Review

Score 8 out of 10
Vetted Review
Verified User
Review Source
USM anywhere is extensively used by the IT Security Dept to meet the regulatory compliance requirements and as part of SOC operations.
  • Co-relation engine helps where we don't have to spend hours writing rules.
  • As a SaaS solution we don't worry about maintaining the system.
  • OTX integration
  • Having more parsers and AlienVault app. Also, updates the log parsers continuously.
  • Option to the users to purge selective data.
  • Better Reporting & GUI interface.
AlienVault has not kept up with the industry with respect to Next-Gen SIEM capabilities such as UEBA (user-based analytics) or SOAR capabilities along with ML. Also, the parser/s never seem to parse the logs accurately. Customer service can be improved.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We currently use USM Anywhere inside of our organisation and are planning to sell the service to other companies. Overall it is easy to use and setup, with this ease of use come some limitations to how much you can customize it. If you want an application that requires little to no effort to manage and setup, I recommend USM Anywhere. If you want more control I would advise to go for USM Appliance.
  • Ease of use.
  • Cloud based.
  • Limitations to customisation.
USM Anywhere is great when you want a quick and easy deployment on standard applications. But if you want to monitor your own business application then you need to either make a request to AlienVault to create a new plugin or implement another USM program like USM Appliance. Overall, great solution.
Read this authenticated review

Feature Scorecard Summary

Centralized event and log data collection (1)
8
Correlation (1)
8
Event and log normalization (1)
8
Deployment flexibility (1)
7
Custom dashboards and views (1)
6
Host and network-based intrusion detection (1)
7

About AlienVault USM

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.

Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.

Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.

Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.

AlienVault USM Features

Security Information and Event Management (SIEM) Features
Has featureCentralized event and log data collection
Has featureCorrelation
Has featureEvent and log normalization
Has featureDeployment flexibility
Has featureIntegration with Identity and Access Management Tools
Has featureCustom dashboards and views
Has featureHost and network-based intrusion detection
Additional Features
Has featureAlienVault Open Threat Exchange

AlienVault USM Screenshots

AlienVault USM Videos (2)

Watch AlienVault USM Anywhere: Five Essential Cloud Security Capabilities in a Single SaaS Platform

Watch See How We're Pushing the Outer Limits of Security

AlienVault USM Downloadables

AlienVault USM Competitors

Pricing

  • Has featureFree Trial Available?Yes
  • Has featureFree or Freemium Version Available?Yes
  • Has featurePremium Consulting/Integration Services Available?Yes
  • Entry-level set up fee?Optional

AlienVault USM Support Options

 Free VersionPaid Version
Phone
Email
Forum/Community
FAQ/Knowledgebase
Social Media
Video Tutorials / Webinar
Live Chat

AlienVault USM Technical Details

Deployment Types:SaaS
Operating Systems: Unspecified
Mobile Application:No
Supported Countries:Global