Overview
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…
TrustRadius Insights
Empowering Security Zenith with Unified Vigilance.
will I continue to use USM, Yes I would
Excellent security for your machine
MSSP Review
Great product but out of the box it needs a lot of work.
AlienVault is about as user-friendly as it gets for threat detection
Great if you can deploy and manage on-premises SIEMs
AlienVault - Not Worth the Price
AlienVault USM Anywhere, a SIEM that is easy on your pocket.
Unbeatable Security Machine
AlienVault USM Provides Heightened Security Awareness in the Legal Services Industry
Best product I've seen for a smaller enterprise network.
Great SIEM for enterprise environments
AlienVault USM is a really beneficial SIEM solution.
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (8)8.585%
- Correlation (8)8.585%
- Event and log normalization/management (8)8.080%
- Custom dashboards and workspaces (8)7.070%
Reviewer Pros & Cons
Pricing
Essentials
$1,075
Standard
$1,695
Premium
$2,595
Entry-level set up fee?
- Setup fee optional
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Features
Security Information and Event Management (SIEM)
Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools
- 8.5Centralized event and log data collection(8) Ratings
Effectiveness of real-time centralized event and log data collection
- 8.5Correlation(8) Ratings
Correlation of logs and events to pinpoint significant threats
- 8Event and log normalization/management(8) Ratings
Ability to normalize event syntax so that logs can be compared and are machine-understandable
- 8.6Deployment flexibility(7) Ratings
Ability to tune system to maximize threat detection and minimize false positives
- 7.3Integration with Identity and Access Management Tools(5) Ratings
Integration with access control tools like Active Directory and LDAP
- 7Custom dashboards and workspaces(8) Ratings
dashboards that can be customized to meet the needs of specific groups
- 8Host and network-based intrusion detection(5) Ratings
Ability to detect both endpoint intrusion and network ingress detection
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Features
Security Information and Event Management (SIEM) Features
- Supported: Centralized event and log data collection
- Supported: Correlation
- Supported: Event and log normalization/management
- Supported: Deployment flexibility
- Supported: Integration with Identity and Access Management Tools
- Supported: Custom dashboards and workspaces
- Supported: Host and network-based intrusion detection
Additional Features
- Supported: AlienVault Open Threat Exchange
AlienVault USM Screenshots
AlienVault USM Videos
AlienVault USM Competitors
AlienVault USM Technical Details
Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
---|---|
Operating Systems | Unspecified |
Mobile Application | No |
Supported Countries | Global |
AlienVault USM Downloadables
- Unified Security Management vs. SIEM: a Technical Comparison
- AlienVault USM Anywhere: Datasheet
- AlienVault Fast Facts
- AlienVault USM Anywhere: Datasheet
- Beginner’s Guide to Open Source Intrusion Detection Tools
- SIEM for Beginners: Everything You Wanted to Know About Log Management But Were Afraid to Ask
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(735)Community Insights
- Business Problems Solved
- Recommendations
Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.
AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.
AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.
The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.
Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.
Based on user recommendations, AlienVault USM receives the following common recommendations:
-
AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.
-
Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.
-
To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.
Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.
Attribute Ratings
- 7.2Likelihood to Renew18 ratings
- 6.4Availability3 ratings
- 7.3Performance3 ratings
- 6.7Usability34 ratings
- 7.3Support Rating25 ratings
- 8.3Online Training6 ratings
- 4.5In-Person Training1 rating
- 6.4Implementation Rating38 ratings
- 8Configurability3 ratings
- 6.3Product Scalability3 ratings
- 7.3Ease of integration3 ratings
- 8.2Vendor pre-sale3 ratings
- 7.6Vendor post-sale3 ratings
Reviews
(101-125 of 390)AlienVault USM - The Core of Your Security Program
- Collecting data in an easy to understand timeline for investigations.
- Correlating attack events and alarms with the NIDS data.
- Providing asset vulnerability scanning for internal assets and remediation strategies straight from the USM portal.
- Adding asset information to investigations.
- Currently there is an issue with not being able to see event details from an investigation page.
- It doesn't make me coffee when I come into the office first thing in the morning!
AlienVault USM local appliance
- Gets pretty regular updates
- Appears to monitor all network traffic
- Has appliances for many different situations
- Pretty costly
- Local appliance requires a little more hands on maintenance to keep it updated and running
AlienVault USM, missing the versatility of the golden days.
- Creation of dashboards.
- Creation of metrics that we utilize in our monthly reports.
- We like the way alerts are being sent to us and the information they provide.
- Their customer supports is the worst, and sadly this has been consistent every time we've had to reach out to them.
- The account execs have ZERO flexibility regarding making deals and meeting us halfway.
- The features do not work as advertised.
Easy, Breezy AlienVault
- Data integration pieces - The many and constantly growing data plugins for different pieces of software and equipment so you have better log collection
- Threat intelligence - showing where your equipment stands against new patches and the visibility to see where you are lacking and how it can put your network at risk.
- Maybe have more of a more sophisticated scanning option. A little bit more of a possible PEN test capability. Simple attacks to try to harvest basic information.
Better than Splunk
- Easy to Install
- Good use of filters
- Great training
- Good support documentation
- Paying per GB of usage is not ideal
Fantastic Product!
- Multiple functions in one tool (SIEM, Vulnerability Scanning, etc).
- Very intuitive interface.
- Great reporting functionality.
- Deployment was a bit complex.
- Reporting is useful but hard to set up.
- The instructions for how to set up SIEM and import logs from other tools were hard to follow.
- SaaS Log Management: it is easy to ingest logs from SaaS providers like G-Suite, Okta, and more.
- Ease of use: I don't need a lot of engineering work to get AlienVault to a usable place.
- Log Management: it's hard to ingest and organize logs in AlienVault.
- Searching and Querying: the query language is difficult to use and impossible to copy between screens.
- Threat Intelligence: there's no way to get external threat intel into AlienVault to make automatic detections.
Things I look for in next-generation SIEMs are unique searching and rules languages (Python or SQL would be so much better than a Splunk query), unique log collection mechanisms (Splunk UF still seems like the best, but some endpoint verification would be nice), and unique integrations with other security software or platforms (integration with Okta, G-Suite, and AWS).
AlienVault: Great Tool
- Intrusion Detection
- Automated Action Response
- Asset Discovery
- Printer bug: Asset scan would make printers randomly spit out pages and pages of random text.
- Feature-rich includes functionality not typically present in other SIEM's such as vulnerability scanning, UEBA, file integrity monitoring, NIDS
- Simple to configure and deploy.
- Relatively inexpensive compared to other enterprise SIEM solutions.
- While there are many features, many of them are not very advanced. Vulnerability scanning as an example is extremely simplistic and almost unusable for an enterprise organization. It's just enough to get a program off the ground.
- Cloud-only deployment model (SaaS) may not fit all organizations. Not all organizations are "cloud friendly".
- Reporting capabilities out of the box are lack luster. Vulnerability management reporting as an example does not include a single canned report.
AlienVault USM is less appropriate for more mature organizations who have the staff to support more advanced security operational capabilities or engage in advanced threat hunting. Also, organizations who like more ability to add internally developed functionality into their SIEM through scripting or other automated response activities.
Very promising, but immature product.
- Has a range of features in one package. HIDS, NIDS, FIM, reporting, and alerting.
- Report templates for SOC, NIST, ISO 27000.
- The support since the recent purchase by AT&T has really dropped off. Answers to questions are much slower and sometimes wildly inaccurate. Asking the same question multiple times of different support will yield totally different answers.
- Some of the features that existed in the on-prem version has still not made it into the cloud version.
- Asset scanning has become buggy in the latest updates, and bugs are getting fixed much slower than our previous experience before the AT&T purchase.
- AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the cloud) is quick and easy.
- Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response.
- USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice.
- With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon CloudWatch Logs.
- We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.
- More data tiers - something between 250GB and 500GB tiers, maybe break it down into 100GB tiers?
- Integration with OpsGenie would be great.
AlienVault USM Review
- Asset Management
- Log searchability
- Built-in plugins
- Plug-in Development for new services
- Vulnerability scanning
- UI tweaks - i.e. asset detail lists
AV is ready for cloud?
- Logs collection
- Cloud-aware
- Suspicious events detection
- Dynamic infrastructure detection (e.g. autoscaled instances are not detected when terminated).
- File integrity monitoring rules cannot be customized.
- Agents are manually deployed.
- Agents get disconnected from time to time.
AlienVault USM Review
- Authenticated scans.
- Cloud friendly.
- Supports multiple cloud providers.
- Very limited storage quota.
- UI could be more user friendly.
- UI is slow.
- Vulnerability scans on several different OS.
- Intrusion/Attack detection.
- No customisable patterns for log analysis.
- Not friendly with autoscaling resources with no possibility to have auto-deletion of assets no more present after a certain amount of time.
Alien Technology for humans
- Fast.
- Neat.
- Powerful.
- Might be a bit complex.
- We could use a map with the story of the events and how they're linked together.
It is less appropriate for a deep scan of network packets, or to have a visual representation of the events.
So far so good
- Vulnerability lists.
- Log storage.
- Integrations.
- Tech support.
- Releasing unstable agents.
- Did I mention support?
Well designed and easy to deploy
- Good UI
- Easy to deploy
- PCI compliant
- Compatibility
AV USM review
- Ease of installation
- Ease of setting up logs
- Web interface is user friendly
- Ability to scale or handle a high load of events per day
AlienVault USM - Threat detection done right
- Alerts on login activity from unexpected locations (countries)
- Aggregating log files for easy searching
- Better interpretation of errors into more natural language
- Easier grouping or categorization of alerts in order to assign them more efficiently to appropriate users/groups
- Easily integrates with AWS cloud infrastructure.
- Provides an intuitive interface to analyze raw logs and investigate potential threats.
- Automates vulnerability scanning.
- Alerts to potential threats and intrusions.
- Raw logs are only available via the UI for the last 30 days. It would be great if you could choose to load archives into the system for investigation when needed.
- It would be awesome to have an implementation checklist to see how the different features map to various compliance frameworks like NIST.
- They were recently purchased by AT&T, so there is some confusion as to what serves are offered by AlienVault and what is AT&T Cybersecurity, who to contact about your account, etc. Growing pains. :)
- The documentation can be hard to use for security newbies. It covers the technical pieces, but not the why or how to use the different features and functionality. It could benefit from practical examples of AV in action.
- Collects AWS CloudTrail logs
- Collects OS logs
- Has many integrations with other security products
Very good SIEM solution
- Reporting.
- Integrations.
- Customer Support.
- More descriptions of events.
- Easier sorts.
- Easier Updates.
AlienVault USM Review
- Log Consolidation
- Asset Discovery
- Alarm and Event Tracking
- Website can be slow and unresponsive at times.
- Asset configuration can be tricky with DHCP.
- Asset credentials can be difficult to set up.
- Existent connectors for common IT infrastructure equipment (brands) simplify initial configuration a lot.
- Dashboarding and reporting capabilities permits that you can see relevant information in a single view.
- Availability to train in Spanish would really help us a lot.