Skip to main content
TrustRadius
AlienVault USM

AlienVault USM

Overview

What is AlienVault USM?

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…

Read more
Recent Reviews

TrustRadius Insights

Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network …
Continue reading

MSSP Review

8 out of 10
October 04, 2021
AlienVault offers a different experience as opposed to other SIEM tools where it can be set up and configured properly in a shorter amount …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 7 features
  • Centralized event and log data collection (8)
    8.5
    85%
  • Correlation (8)
    8.5
    85%
  • Event and log normalization/management (8)
    8.0
    80%
  • Custom dashboards and workspaces (8)
    7.0
    70%

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing

Essentials

$1,075

Cloud
per month

Standard

$1,695

Cloud
per month

Premium

$2,595

Cloud
per month

Entry-level set up fee?

  • Setup fee optional
For the latest information on pricing, visithttps://www.alienvault.com/products/pri…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services
Return to navigation

Features

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

8
Avg 7.8
Return to navigation

Product Details

What is AlienVault USM?

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.

Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.

Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.

Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.

AlienVault USM Features

Security Information and Event Management (SIEM) Features

  • Supported: Centralized event and log data collection
  • Supported: Correlation
  • Supported: Event and log normalization/management
  • Supported: Deployment flexibility
  • Supported: Integration with Identity and Access Management Tools
  • Supported: Custom dashboards and workspaces
  • Supported: Host and network-based intrusion detection

Additional Features

  • Supported: AlienVault Open Threat Exchange

AlienVault USM Screenshots

Screenshot of USM Anywhere NIDS Dashboard

AlienVault USM Videos

AlienVault USM Competitors

AlienVault USM Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo
Supported CountriesGlobal

Frequently Asked Questions

Splunk Cloud and Fortinet on IBM Cloud are common alternatives for AlienVault USM.

Reviewers rate Deployment flexibility highest, with a score of 8.6.

The most common users of AlienVault USM are from Mid-sized Companies (51-1,000 employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(735)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.

AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.

AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.

The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.

Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.

Based on user recommendations, AlienVault USM receives the following common recommendations:

  1. AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.

  2. Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.

  3. To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.

Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.

Attribute Ratings

Reviews

(101-125 of 390)
Companies can't remove reviews or game the system. Here's why
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use AlienVault to look for security alarms and user events. We have used it to report to managers across the company for user behavior analytics, login times, VPN usage, etc. It is helpful for Internet usage reports as well, our current Web filter does not have very good reporting capability but allows users to send the Syslog W3C data to our USM sensor which allows us to run much better investigations in an easier to use interface.
  • Collecting data in an easy to understand timeline for investigations.
  • Correlating attack events and alarms with the NIDS data.
  • Providing asset vulnerability scanning for internal assets and remediation strategies straight from the USM portal.
  • Adding asset information to investigations.
  • Currently there is an issue with not being able to see event details from an investigation page.
  • It doesn't make me coffee when I come into the office first thing in the morning!
It is great to use for a NOC environment with a small staff. It's easy to automate scanning network ranges to auto pickup new assets and check for vulnerabilities. This system is great for building an entire security program out of as the central system.
Score 6 out of 10
Vetted Review
Verified User
Incentivized
AlienVault USM is being used as an on location network security appliance. It monitors all outgoing, incoming, and internal network traffic within our main office. We also use AlienVault USM to monitor our cloud platform. It allows us to fulfill compliance requirements and secure our network more easily than running several different solutions at a time.
  • Gets pretty regular updates
  • Appears to monitor all network traffic
  • Has appliances for many different situations
  • Pretty costly
  • Local appliance requires a little more hands on maintenance to keep it updated and running
If your business doesn't have the resources to dedicate to a full-time employee handling network monitoring, or wants an all in one solution, this one does pretty well if you have the money. If you plan to have a more dedicated security team, you may still consider this, but there may also be cheaper options if you have the manpower at that point.
Magdiel Hernandez | TrustRadius Reviewer
Score 5 out of 10
Vetted Review
Verified User
Incentivized
We use AlienVault as our primary SIEM tool. Our SOC uses the tool to create alerts, monitor suspicious patterns, receive alerting, and investigate security incidents.
  • Creation of dashboards.
  • Creation of metrics that we utilize in our monthly reports.
  • We like the way alerts are being sent to us and the information they provide.
  • Their customer supports is the worst, and sadly this has been consistent every time we've had to reach out to them.
  • The account execs have ZERO flexibility regarding making deals and meeting us halfway.
  • The features do not work as advertised.
While is well suited if you are small organization starting a security practice, AlienVault fails to deliver when it comes to medium or large corporations, as there is very little flexibility from the tool to create alerts. Also, plugins in this time are definitely not the way to go.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use it to monitor just about every piece of equipment at our company. USM has helped us finally have a centralized log collection site. Not only does it allow us to monitor what is happening, but address new problems that we weren't able to ever know about. Finding out some weaknesses with certain network equipment and have a clear vision on not just why we might be struggling to get max performance but how to get to that desired goal.
  • Data integration pieces - The many and constantly growing data plugins for different pieces of software and equipment so you have better log collection
  • Threat intelligence - showing where your equipment stands against new patches and the visibility to see where you are lacking and how it can put your network at risk.
  • Maybe have more of a more sophisticated scanning option. A little bit more of a possible PEN test capability. Simple attacks to try to harvest basic information.
If you have a somewhat complex network spread across multiple locations I think that AlienVault is the perfect scenario. It gives a very detailed insight into each location. With the dynamic asset group, you are able to clump many different locations together and no matter where you are, there is an ability to view what is happening and if that is a trend not just in one spot but across the entirety of the network.
July 29, 2019

Better than Splunk

Ryan Hart, MBA | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We used to monitor our web application, firewall, and our G Suite logs. AlienVault USM solves the problem of manually monitoring logs. We were able to filter our alerts to ignore known non-threatening behaviours. AlienVault USM also gave us a more efficient way to search our logs rather than viewing the raw log files in our data provider.
  • Easy to Install
  • Good use of filters
  • Great training
  • Good support documentation
  • Paying per GB of usage is not ideal
AlienVault USM provides good overall value and support. I am not a fan of on-prem monitoring hardware. Alien Vault USM has fantastic cloud-based monitoring solutions which we host in our cloud environment.
July 27, 2019

Fantastic Product!

Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use AlienVault for our entire organization for SIEM, Vulnerability Scanning, as well as Asset Discovery. It's one system that covers functions which normally would require multiple tools. It's a fantastic product and fits exactly what we need.
  • Multiple functions in one tool (SIEM, Vulnerability Scanning, etc).
  • Very intuitive interface.
  • Great reporting functionality.
  • Deployment was a bit complex.
  • Reporting is useful but hard to set up.
  • The instructions for how to set up SIEM and import logs from other tools were hard to follow.
Great for organizations without a large security operations team, and where using one tool instead of many is helpful in the day to day. It comes with preset reports and dashboards that are extremely useful for those without the full capacity to build everything out of scratch. It's potentially less appropriate for extremely large organizations that need granular customization.
Score 5 out of 10
Vetted Review
Verified User
Incentivized
Security uses it as an SIEM and an investigations tool.
  • SaaS Log Management: it is easy to ingest logs from SaaS providers like G-Suite, Okta, and more.
  • Ease of use: I don't need a lot of engineering work to get AlienVault to a usable place.
  • Log Management: it's hard to ingest and organize logs in AlienVault.
  • Searching and Querying: the query language is difficult to use and impossible to copy between screens.
  • Threat Intelligence: there's no way to get external threat intel into AlienVault to make automatic detections.
Splunk is the easy winner in this space, but they have a couple of barriers to entry, including price and the engineering effort required to run an incident detection engineering team successfully on Splunk. I’ve found AlienVault to be the cheaper, simpler winner in the space, but their platform leaves a lot to be desired (but I still haven’t found anything better).
Things I look for in next-generation SIEMs are unique searching and rules languages (Python or SQL would be so much better than a Splunk query), unique log collection mechanisms (Splunk UF still seems like the best, but some endpoint verification would be nice), and unique integrations with other security software or platforms (integration with Okta, G-Suite, and AWS).
Score 10 out of 10
Vetted Review
Verified User
Incentivized
AlienVault USM was used in partnering with our outside MSP as a part of our overall information security strategy. We had several password breaches before implementing AlienVault that would have been seen and responded to much sooner if we had a tool like AlienVault. We were able to respond to passwords being compromised much sooner simply because Alienvault gave us real time alerts. We were able to review so much more data and catch potential issues much sooner because Alienvault was implemented.
  • Intrusion Detection
  • Automated Action Response
  • Asset Discovery
  • Printer bug: Asset scan would make printers randomly spit out pages and pages of random text.
If you're a small company and only have a single person for IT or outsource, Alienvault is a great tool to add to the arsenal. Implementing it allowed me to hold our outside MSP accountable and have a more accurate picture of what was going on inside the company's network.
Score 7 out of 10
Vetted Review
Verified User
Incentivized
AlienVault is a great SIEM for organizations who are either new to security operational logging, and wish to purchase a sound solution at a lower price point, or those with a smaller staff and potentially IT budget that wishes to buy a solution that can accomplish many different tasks. Our use of the platform extends across the global organization. We have documented multiple use cases that we are working through within the AlienVault platform such as vulnerability management and scanning, malware detection on clients and servers, malicious network traffic moving laterally and vertically throughout our environment, etc. As is the case with any SIEM, they are only as effective as the log sources that they ingest allow them to be. We are pulling in Windows client and server event logs (filtered to specific EventID's), DNS, DHCP, AWS CloudTrail/CloudWatch logs, NIDS sensor logs, firewall logs, and are also working to integrate the solution with other corporate systems to extend its capability, such as our ITSM. AlienVault is pretty featured rich compared to other SIEM solutions, but those features are mostly good, not great. There is also a growing list of 3rd party integrations as well, which can make the solution even stronger. With that said, there are other SIEM solutions that offer more flexible deployment models, have more 3rd party integrations, and offer more extensibility in terms of holistically supporting the incident response process. Our organization has found AlienVault to work pretty well for us, as this is the first SIEM the business has deployed. Additionally, we are early on in the process of cybersecurity program development, so AlienVault's inclusion of features such as vulnerability scanning and file integrity monitoring extend its value.
  • Feature-rich includes functionality not typically present in other SIEM's such as vulnerability scanning, UEBA, file integrity monitoring, NIDS
  • Simple to configure and deploy.
  • Relatively inexpensive compared to other enterprise SIEM solutions.
  • While there are many features, many of them are not very advanced. Vulnerability scanning as an example is extremely simplistic and almost unusable for an enterprise organization. It's just enough to get a program off the ground.
  • Cloud-only deployment model (SaaS) may not fit all organizations. Not all organizations are "cloud friendly".
  • Reporting capabilities out of the box are lack luster. Vulnerability management reporting as an example does not include a single canned report.
AlienVault USM is well suited for smaller organizations or organizations of any size that are just lifting their security operations or security monitoring program off the ground.

AlienVault USM is less appropriate for more mature organizations who have the staff to support more advanced security operational capabilities or engage in advanced threat hunting. Also, organizations who like more ability to add internally developed functionality into their SIEM through scripting or other automated response activities.
Score 5 out of 10
Vetted Review
Verified User
Incentivized
One department is using AlienVault as a HIDS, NIDS, FIM, and security alerting system. It was selected as having the integrated feature sets to accomplish unique certification and security requirements for that department.
  • Has a range of features in one package. HIDS, NIDS, FIM, reporting, and alerting.
  • Report templates for SOC, NIST, ISO 27000.
  • The support since the recent purchase by AT&T has really dropped off. Answers to questions are much slower and sometimes wildly inaccurate. Asking the same question multiple times of different support will yield totally different answers.
  • Some of the features that existed in the on-prem version has still not made it into the cloud version.
  • Asset scanning has become buggy in the latest updates, and bugs are getting fixed much slower than our previous experience before the AT&T purchase.
Right now it is a product in transition. While the features are there for a solid security package, both the on-prem and cloud versions are in a state of transition. I hope the new owners continue to invest and stabilize what should be an amazing security package.
Matthew White | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
AlienVault USM Anywhere provides us with SIEM, at a low price point and with a great array of functionality. SIEM is critical to our security operations and feeds incident response efforts. We use it to monitor logs and events from our applications and server platforms, integrating many of our other security products into the flow of data into USM Anywhere, for centralized logging and event management.
  • AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the cloud) is quick and easy.
  • Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response.
  • USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice.
  • With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon CloudWatch Logs.
  • We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.
  • More data tiers - something between 250GB and 500GB tiers, maybe break it down into 100GB tiers?
  • Integration with OpsGenie would be great.
AlienVault USM Anywhere is a great SIEM and if you need to deploy a SaaS solution then it is suited very well. It works very well for us being 100% AWS and integrates well with our toolset and AWS features. The AT&T Alien Labs Open Threat Intelligence (OTX) is perfect for providing context on events and feeding our incident response processes.
Score 7 out of 10
Vetted Review
Verified User
Incentivized
AlienVault USM is a SIEM solution we utilize to centralize and search log data from a large number of network attached devices. Currently, devices across our entire network send log data to this service, easing analyst requirements and workflow surrounding incident response and log management.
  • Asset Management
  • Log searchability
  • Built-in plugins
  • Plug-in Development for new services
  • Vulnerability scanning
  • UI tweaks - i.e. asset detail lists
AlienVault USM Is great for small-medium sized business with relatively immature security posture. As the amount of data being ingested (i.e. posture maturation) increases; however, AlienVault USM can get rather pricey, quick.
Score 7 out of 10
Vetted Review
Verified User
Incentivized
Currently, it is used by the IT Security team. Before it, we didn´t know exactly who was doing what and when in our infrastructure since we work with a lot of providers with access to our servers and cloud services. Now, we get alerts for suspicious login, modifications, cyberattacks, among others.
  • Logs collection
  • Cloud-aware
  • Suspicious events detection
  • Dynamic infrastructure detection (e.g. autoscaled instances are not detected when terminated).
  • File integrity monitoring rules cannot be customized.
  • Agents are manually deployed.
  • Agents get disconnected from time to time.
It is well suited for logs parsing, events generation and threat detection coming from SaaS products. It doesn't seem to integrate very well with cloud servers since it depends on servers IPs (which is a problem when servers get created from an image/template) and still requires manual scans to discover new or non-existent assets.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
It's used by the Engineering department but the entire organization benefits from AlienVault USM since we need to ensure the safety of our own environment. No vulnerability can be ignored and authenticated scans are perfect to give us the whole picture. Due to a non-disclosure agreement, I am unable to talk about business problems.
  • Authenticated scans.
  • Cloud friendly.
  • Supports multiple cloud providers.
  • Very limited storage quota.
  • UI could be more user friendly.
  • UI is slow.
While it is great to identify vulnerabilities in packages and OS. I couldn't find a way to scan my code.
Score 7 out of 10
Vetted Review
Verified User
Incentivized
We use AlienVault USM across our whole organisation. We monitor network traffic and asset vulnerabilities in both our company network and on multiple public cloud provider accounts. We're also tracking Office365 usage. Moreover, several logs (audit, web servers, etc.) are forwarded via syslog to the sensors allowing us to detect attacks.
  • Vulnerability scans on several different OS.
  • Intrusion/Attack detection.
  • No customisable patterns for log analysis.
  • Not friendly with autoscaling resources with no possibility to have auto-deletion of assets no more present after a certain amount of time.
It's quite appropriate for scanning and detecting possible attacks via logs/events. Also, it's good for vulnerabilities analysis. It's not suited for docker container vulnerability scans as there is no easy way to do that. For that scenario, it is currently better to use offline scanning of the docker images.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use it to monitor our environment to ensure our security policies are kept up to date and that no breaches have been made.
  • Fast.
  • Neat.
  • Powerful.
  • Might be a bit complex.
  • We could use a map with the story of the events and how they're linked together.
It's well suited to analyze security events and investigate them. It also helps with the patching, by scanning what assets haven't the latest security patches installed. It also integrates well with other 3rd-party tools.
It is less appropriate for a deep scan of network packets, or to have a visual representation of the events.
July 05, 2019

So far so good

Score 7 out of 10
Vetted Review
Verified User
Incentivized
Currently, we use it for all of our log shipping. Also, we use the port mirror function for all of our network traffic.
  • Vulnerability lists.
  • Log storage.
  • Integrations.
  • Tech support.
  • Releasing unstable agents.
  • Did I mention support?
It's best for smaller companies who don't have the time to see a 10,000 view of their network.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
It's deployed on a PCI environment and managed by our SOC team. It's used mainly for access and network control.
  • Good UI
  • Easy to deploy
  • PCI compliant
  • Compatibility
AlienVault USM is excellent for PCI environments.
July 03, 2019

AV USM review

Score 10 out of 10
Vetted Review
Verified User
Incentivized
It is used as a service offering for customers wanting insight into the security state of their networks. It addresses security concerns among businesses.
  • Ease of installation
  • Ease of setting up logs
  • Web interface is user friendly
  • Ability to scale or handle a high load of events per day
Customers looking to implementing a SIEM for security monitoring with a manageable amount of EPD's and not appropriate for larger organizations with higher loads of EPD's.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use AlienVault to provide alerts for any irregular login activity along with other network behavior that is outside normal expectations. AlienVault also aggregates all our log files from network and edge devices into a single, searchable database. It corroborates events from various systems to better report on any unusual activity.
  • Alerts on login activity from unexpected locations (countries)
  • Aggregating log files for easy searching
  • Better interpretation of errors into more natural language
  • Easier grouping or categorization of alerts in order to assign them more efficiently to appropriate users/groups
AlienVault is well suited for environments with multiple locations and multiple internet connections. The more complicated the network topology, the better AlienVault shines. That's not to say that it is not well suited to smaller organizations with fewer links, it works fine there as well. It also is well suited in complex environments where a variety of equipment is used and where little, if any, synergy exists between disparate systems. AlienVault easily takes from, and understands, log entries from various types of systems and interprets them as a whole.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use AlienVault as an integral part of our information security program. It is being used by the whole organization for threat detection, incident response, and compliance management. Helping us maintain NIST Cybersecurity compliance, the main features we use are asset discovery, vulnerability scanning, and intrusion detection. It has also helped implement forensics, log management, and user activity monitoring. AV helps us take a proactive approach to security as it automatically detects threats and keeps us updated so we can focus on mitigating risk and managing responses.
  • Easily integrates with AWS cloud infrastructure.
  • Provides an intuitive interface to analyze raw logs and investigate potential threats.
  • Automates vulnerability scanning.
  • Alerts to potential threats and intrusions.
  • Raw logs are only available via the UI for the last 30 days. It would be great if you could choose to load archives into the system for investigation when needed.
  • It would be awesome to have an implementation checklist to see how the different features map to various compliance frameworks like NIST.
  • They were recently purchased by AT&T, so there is some confusion as to what serves are offered by AlienVault and what is AT&T Cybersecurity, who to contact about your account, etc. Growing pains. :)
  • The documentation can be hard to use for security newbies. It covers the technical pieces, but not the why or how to use the different features and functionality. It could benefit from practical examples of AV in action.
AlienVault is a great tool to help small organizations achieve security compliance quickly and affordable. It's relatively quick to set up and start using immediately. If you are looking to check off many boxes in your infosec program, AV can fit the bill. For very small and lean organizations, the price might be an issue as the software currently starts at over $1k per month.
Score 6 out of 10
Vetted Review
Verified User
Incentivized
AlienVault is our corporate SIEM. It is used to collect and analyze logs for security events.
  • Collects AWS CloudTrail logs
  • Collects OS logs
  • Has many integrations with other security products
  • The technical support is not good.
  • It is a closed system and it is not easy to search raw logs like in Splunk.
  • If it is missing a particular integration one needs to have a backup solution (e.g. Splunk or similar).
AlienVault is well suited for cloud infrastructures such as AWS. AlienVault will struggle with collecting logs from in-house developed apps.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use USM anywhere to have a dashboard overlook of all the servers in our environment. It provides insight with event/alert counts, as we can use those to determine if there is something out of the ordinary happening with a server. The reports are very helpful in providing us this information.
  • Reporting.
  • Integrations.
  • Customer Support.
  • More descriptions of events.
  • Easier sorts.
  • Easier Updates.
If you are using AlienVault USM to provide yourself with an overview of your environment, it is the right product for you. The countless integrations allow you to have a one-stop shop for all of your servers/services. If you only have a few servers or are not dealing with too much data, it might not be as effective.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Our Information Security group has implemented AlienVault USM throughout our worldwide organization to help us monitor and track all activities going on in our network. We currently have 4 sensors deployed and are working on getting more sensors deployed into more markets globally. AlienVault has helped us in many ways including NIDS, HIDS, Asset Inventory, and Tracking, and as a log consolidation tool. Being able to see all of our logs in one place has helped us get a better feel for when something negative is impacting our network traffic, and AlienVault helps provide the tools to remediate quickly and effectively.
  • Log Consolidation
  • Asset Discovery
  • Alarm and Event Tracking
  • Website can be slow and unresponsive at times.
  • Asset configuration can be tricky with DHCP.
  • Asset credentials can be difficult to set up.
AlienVault is a great tool for companies that have a lot of log data coming from different sources and want to consolidate it in a single point of reference. Being able to see all log and event files, and how different events and alerts correlate to each other has made identifying and resolving network issues much easier for our company.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We started using AlienVault USM two years ago. We choose AlienVault as IDS device to monitor network activity and security on one of the two company locations. Last year we tested the integration with our Antimalware solution and monitoring some logs that come from Linux server. Initially, we used it on the premises. Currently, we migrate to Saas, adding the second company location and we are evaluating to replace other SIEM solutions. The solution is used by the IT department (Networking and Information Security areas).
  • Existent connectors for common IT infrastructure equipment (brands) simplify initial configuration a lot.
  • Dashboarding and reporting capabilities permits that you can see relevant information in a single view.
  • Availability to train in Spanish would really help us a lot.
Correlation of events with different tools like firewall, web filtering, and anti-malware, is very valuable. Integration of other kinds of logs. Monitoring Linux logs in our case.
Return to navigation