AlienVault USM Reviews

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener noreferrer'>Customer Verified: Read more.</a>
610 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 7.9 out of 100

Do you work for this company? Manage this listing

TrustRadius Top Rated for 2019

Overall Rating

Reviewer's Company Size

Last Updated

By Topic

Industry

Department

Experience

Job Type

Role

Reviews (101-125 of 353)

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We're using USM Anywhere as our security monitoring and SIEM platform. We have two AWS accounts with about 150 servers (Linux & Window). The USM is used to monitor the servers, virtual firewalls, other various virtual appliances, and the AWS VPC network itself. There are virtual AlienVault sensor appliances hosted within the AWS accounts, to collect log data.
  • Deployment and management of the product is much simpler than other SIEM platforms, making it ideal for small IT teams who don't have a bunch of SIEM gurus on staff.
  • It does a very good job of providing useful, meaningful, and relevant alerts.
  • Searching through log & event data is fast and easy using all the built-in query tools.
  • I love the OTX (Open Threat Exchange) integration, identifies malicious IPs communicating with your systems.
  • I'm not a fan of the shady sales tactics and price increases. We originally signed a one-year contract. Our account rep contacted us about 6 months into the contract, saying that there would be a big price increase in the coming months, but he could get us last years pricing on our renewal if we signed the renewal within 30 days (with Net30 payment terms).
  • Translation - we sold you a 12 month subscription, but you have to pay for another 12 month subscription after only 8 months if you don't want to price to go up.
  • The exact same thing happened the following year, so this was not one-time thing. During the most recent yearly renewal, the price was going to nearly double if we didn't do early renewal. These type of sales shenanigans feel an awful lot like extortion to me.
  • Tech support isn't that great. Thankfully we haven't had many problems with the product, but when we have had issues, support can take a long time to address the problems.
Well suited for smaller organizations who don't have SIEM specialists on staff. The product can be deployed and maintained by general network administrators, or IT security generalists. It does however require a significant amount of time and IT expertise to get any benefit out of the product. So it wouldn't be well suited to organizations that don't have any capable IT professionals on staff. We use the product in AWS and it works quite well in the AWS environment.
AlienVault has been very effective at helping us detect real threats. Much more so than any other product we've used. But that's the whole purpose of a SIEM, and we haven't used any other SIEMs in our environment. The product detects a much more broad range of threats than something like an anti-malware or IDS/IPS product.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
AlienVault USM Anywhere is a perfect fit for the protective monitoring of our organisation's web facing services. It was important for us to have a real-time monitoring solution in place which could be accessed remotely by analysts such as myself. Our offices are geographically separated from our data centre so we do not have direct access to the network infrastructure. AlienVault USM helps to keep us informed of anything suspicious or unexpected which may require further investigation and more recently, with the launch of the new Investigations function, it has become even more useful as a tool for cataloguing and responding to potential incidents.
  • Alarms - These are one of the products strengths in that they provide detailed breakdowns of the information that a security analyst is looking for in order to understand what is happening on the network
  • Investigations - The best feature of the product is the ability to create investigations, assign events and alarms to them, and then gather evidence, make a determination and react/respond based on the nature of the incident
  • Dashboard - This gives a useful at-a-glance summary of the current security posture and recent trends in alarms
  • The main criticism I had with USM Anywhere was that initially it was lacking the Investigations functionality which often meant that alarms were investigated but there was no record of this work that could serve for audit purposes or to look at long term trends. Now that this has been added I have very little to criticise about the product and I use it more than ever.
If you have complex systems deployed in a variety of environments then you should consider using AlienVault USM Anywhere to integrate your security view into a single pane, where you can investigate suspicious activity, get a high-level view of your security posture and generate reports about compliance and vulnerabilities across your systems.
It is a very effective tool in the detection of real security threats to our environment. The majority of the alarms and events we see come from false positives such as the temporary disabling of logging services in order to perform routine patching, or a developer in need of a password reset may appear to be carrying out a brute force attack but even though these tend not to be genuine threats, it serves to show that we are poised to detect similar activity if it was malicious.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
Our organisation did not previously use a SIEM product. What we wanted was a service that provided current information on threats in the context of our environment, and produced a sensible and manageable level of alerts without needing a lot of tuning - to increase security visibility without overburdening a small operations team.
  • Easy to set up quickly and get results
  • Works well with AWS
  • Alerting can integrate with third party systems, e.g. Pagerduty
  • Low lock-in
  • Sluggish performance means that we try to avoid using their GUI in routine processes
  • Small feature set and opaque development roadmap leave us frustrated with their minimal query language and lack of reporting customisations
  • User and professional services community appears to be heavily Windows-focused
A good fit if you're looking for up-to-date visibility of known threats. There's no AI in the product - complex attacks may produce alerts and good contextual information, but triaging, detecting and tracing the threats is still mostly a manual effort. You'll want another tool for any serious data analysis, as the GUI and API are feature-limited and slow.
USM has identified a couple of minor external threats we were previously unaware of, in addition to picking up on some anomalous behaviour from our customers and internal users. The out-of-the-box triaging has not needed much tweaking, and the contextual information given has made it straightforward to understand alerts quickly when they occur.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
AlienVault USM is used primarily by our network engineering staff in our infrastructure department. The application is used for log collection from VMware, Active Directory, Microsoft applications such as MS Exchange 2010/2016, and some of our specialized insurance applications. We also use it for NIDS and Palo Alto firewall log collection. Vulnerability scanning helps us to identify possible security issues on our systems for which we can then patch and upgrade accordingly. We generate quarterly security reports for management staff to review as well.
  • Vulnerability scanning
  • Network Intrusion Detection
  • Log collection from a variety of products
  • Support is not very fast to respond and their resolutions are weak.
  • NIDS support with Cisco UCS
  • Feature Request: automatic report processing for which the report is emailed
Our organization is an insurance brokerage and we require log storage of all systems up to 3 years per compliance. We love the ability to generate vulnerability reports for which we can identify security and patching issues on our systems. Asset management reports are fantastic when our security auditors are on site.
AlienVault USM has an excellent vulnerability and asset scanner for which identifies security threats on systems. The application scans each system, including the applications installed on each system and identifies missing patches and lists each individual vulnerability with detailed information. This is single handedly the best feature that comes with AlienVault USM and I highly recommend AlienVault USM.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
Ailienvault USM was used by our law firm to monitor for security threats, vulnerabilities and reconnaissance. We wanted to legally protect ourselves by employing security products that were robust enough to withstand a legal challenge in the event we were compromised and AlienVault USM fit those requirements.
  • AlienVault is great at providing a single dashboard to view into all of your security products in one place
  • Alienvault has a powerful intrusion detection system
  • Alienvault does a great job of collecting security data from a hundreds of different sources/vendors
  • Alienvault is complicated. To install and configure it properly you will need to be a seasoned security professional. I am a Sys Admin guy and I needed help.
  • Alienvault USM can be a bit too "chatty" , alerting you to so many things out of the box it seems like a full time person is needed just to manage the alerts. It takes a while after implementation to finally get the alerts down to the correct level.
  • Alienvault USM "Plug Ins" are sometimes a little flaky
Alienvault USM is well suited for anyone looking to aggregate all of there security systems into one place. You should have a seasoned Security person on staff to manage it though, because its complicated. Its not suited for smaller businesses without a dedicated security person on staff.
Alienvault USM is very effective at helping detect security threats. It has plugins for hundreds of different firewall, IPS, Router, switch, PC's, Laptops, etc ... from almost any conceivable manufacturer. Theses plugins allow Ailenvault USM to catch threats from anywhere on your network, and all of the alerts are delivered to a central place, so you don't have to keep checking each of your security products manually, thereby making sure the alerts aren't missed .
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
AlienVault is being used by our IT department to monitor and control network and server access, as well as our internal security audit tool (using the vulnerability scanning functions that comes built-in).
I also use the vulnerability scanner to keep track of how my update process is behaving, as well as track software on the system that is not allowed by the company.
  • Network monitoring -- all activity is logged, and you can have as many or as little alerts as you need.
  • The vulnerability scanner is great and can be scheduled!
  • The dashboard when you log in is outstanding and very clear, so you can see issues easily.
  • Out of the box there is a lot of "noise," and it requires a significant effort to reduce that down to a manageable level.
  • The interface can be a bit clunky at times.
  • Results from forensics info are difficult to locate, as they register as events. This should pop up in a window when you send the command, or email you when done, so that you can go retrieve it, ideally from a dedicated section on the interface.
AlienVault is a very good NIDS and HIDS system and it is suited for a fairly small security team (as long as someone can put the effort into removing or reducing the noise and non-relevant notifications).
I also like the fact that you can view any and all events on the network.
Once all the noise is eliminated, the product is great. It integrates out of the box with my antivirus solution (Sophos+EDR) and is a great security center in a box for a company with small IT teams.
It managed to pick up IMAP scans from registered bad IP addresses, which we have since addressed. It has also managed to flag unwanted software running on workstations, and a few other smaller bits and pieces.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 5 out of 10
Vetted Review
Verified User
Review Source
One department is using AlienVault as a HIDS, NIDS, FIM, and security alerting system. It was selected as having the integrated feature sets to accomplish unique certification and security requirements for that department.
  • Has a range of features in one package. HIDS, NIDS, FIM, reporting, and alerting.
  • Report templates for SOC, NIST, ISO 27000.
  • The support since the recent purchase by AT&T has really dropped off. Answers to questions are much slower and sometimes wildly inaccurate. Asking the same question multiple times of different support will yield totally different answers.
  • Some of the features that existed in the on-prem version has still not made it into the cloud version.
  • Asset scanning has become buggy in the latest updates, and bugs are getting fixed much slower than our previous experience before the AT&T purchase.
Right now it is a product in transition. While the features are there for a solid security package, both the on-prem and cloud versions are in a state of transition. I hope the new owners continue to invest and stabilize what should be an amazing security package.
Cisco FirePower has a NIDS, but no HIDS or scanning. Qualys has asset scanning capabilities, but no real-time HIDS or NIDS. Rapid 7 has more of a complete package, but at a considerably higher cost.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
AlienVault USM is a SIEM solution we utilize to centralize and search log data from a large number of network attached devices. Currently, devices across our entire network send log data to this service, easing analyst requirements and workflow surrounding incident response and log management.
  • Asset Management
  • Log searchability
  • Built-in plugins
  • Plug-in Development for new services
  • Vulnerability scanning
  • UI tweaks - i.e. asset detail lists
AlienVault USM Is great for small-medium sized business with relatively immature security posture. As the amount of data being ingested (i.e. posture maturation) increases; however, AlienVault USM can get rather pricey, quick.
The threat intelligence model in AlienVault USM is a bit underwhelming to be honest. In order to receive additional feeds, you have to subscribe to users in OTX (Open Threat Exchange) and there is no way to view which feeds you are subscribed to within the USM GUI; you are forced to log into OTX to view this information. This is a clunky process and could be smoothed out.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
Currently, it is used by the IT Security team. Before it, we didn´t know exactly who was doing what and when in our infrastructure since we work with a lot of providers with access to our servers and cloud services. Now, we get alerts for suspicious login, modifications, cyberattacks, among others.
  • Logs collection
  • Cloud-aware
  • Suspicious events detection
  • Dynamic infrastructure detection (e.g. autoscaled instances are not detected when terminated).
  • File integrity monitoring rules cannot be customized.
  • Agents are manually deployed.
  • Agents get disconnected from time to time.
It is well suited for logs parsing, events generation and threat detection coming from SaaS products. It doesn't seem to integrate very well with cloud servers since it depends on servers IPs (which is a problem when servers get created from an image/template) and still requires manual scans to discover new or non-existent assets.
We haven't faced a lot of risk situations but when required, AlienVault has been able to detect, alert and provide the information needed for forensics.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
It's used by the Engineering department but the entire organization benefits from AlienVault USM since we need to ensure the safety of our own environment. No vulnerability can be ignored and authenticated scans are perfect to give us the whole picture. Due to a non-disclosure agreement, I am unable to talk about business problems.
  • Authenticated scans.
  • Cloud friendly.
  • Supports multiple cloud providers.
  • Very limited storage quota.
  • UI could be more user friendly.
  • UI is slow.
While it is great to identify vulnerabilities in packages and OS. I couldn't find a way to scan my code.
We didn't have any specific tool before, I heavily relied on manually check the security advisory. the most evident case was related to centos 7. while checking for security updates, it would say that none were available but when we started using AlienVault we learned that were potentially exposed to literally hundreds of vulnerabilities.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
We use AlienVault USM across our whole organisation. We monitor network traffic and asset vulnerabilities in both our company network and on multiple public cloud provider accounts. We're also tracking Office365 usage. Moreover, several logs (audit, web servers, etc.) are forwarded via syslog to the sensors allowing us to detect attacks.
  • Vulnerability scans on several different OS.
  • Intrusion/Attack detection.
  • No customisable patterns for log analysis.
  • Not friendly with autoscaling resources with no possibility to have auto-deletion of assets no more present after a certain amount of time.
It's quite appropriate for scanning and detecting possible attacks via logs/events. Also, it's good for vulnerabilities analysis. It's not suited for docker container vulnerability scans as there is no easy way to do that. For that scenario, it is currently better to use offline scanning of the docker images.
We've not used other threat intelligence tools for attack/intrusion detection before AlienVault USM. For what concerns the vulnerability scans, we've created processes to maintain & keep our servers up to date based on the results of the scans with recurrent server maintenance windows.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use it to monitor our environment to ensure our security policies are kept up to date and that no breaches have been made.
  • Fast.
  • Neat.
  • Powerful.
  • Might be a bit complex.
  • We could use a map with the story of the events and how they're linked together.
It's well suited to analyze security events and investigate them. It also helps with the patching, by scanning what assets haven't the latest security patches installed. It also integrates well with other 3rd-party tools.
It is less appropriate for a deep scan of network packets, or to have a visual representation of the events.
It is highly effective in picking up events and related them to generate alerts. Integrating with Slack helps us to get more real-time notifications.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 6 out of 10
Vetted Review
Verified User
Review Source
AlienVault is our corporate SIEM. It is used to collect and analyze logs for security events.
  • Collects AWS CloudTrail logs
  • Collects OS logs
  • Has many integrations with other security products
  • The technical support is not good.
  • It is a closed system and it is not easy to search raw logs like in Splunk.
  • If it is missing a particular integration one needs to have a backup solution (e.g. Splunk or similar).
AlienVault is well suited for cloud infrastructures such as AWS. AlienVault will struggle with collecting logs from in-house developed apps.
The Threat intelligence integration did not work well for us. The tech support was not able to help much, unfortunately.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use USM anywhere to have a dashboard overlook of all the servers in our environment. It provides insight with event/alert counts, as we can use those to determine if there is something out of the ordinary happening with a server. The reports are very helpful in providing us this information.
  • Reporting.
  • Integrations.
  • Customer Support.
  • More descriptions of events.
  • Easier sorts.
  • Easier Updates.
If you are using AlienVault USM to provide yourself with an overview of your environment, it is the right product for you. The countless integrations allow you to have a one-stop shop for all of your servers/services. If you only have a few servers or are not dealing with too much data, it might not be as effective.
Our environment is pretty secure, so not much gets through, but from what I can tell it has done a good job.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
Our Information Security group has implemented AlienVault USM throughout our worldwide organization to help us monitor and track all activities going on in our network. We currently have 4 sensors deployed and are working on getting more sensors deployed into more markets globally. AlienVault has helped us in many ways including NIDS, HIDS, Asset Inventory, and Tracking, and as a log consolidation tool. Being able to see all of our logs in one place has helped us get a better feel for when something negative is impacting our network traffic, and AlienVault helps provide the tools to remediate quickly and effectively.
  • Log Consolidation
  • Asset Discovery
  • Alarm and Event Tracking
  • Website can be slow and unresponsive at times.
  • Asset configuration can be tricky with DHCP.
  • Asset credentials can be difficult to set up.
AlienVault is a great tool for companies that have a lot of log data coming from different sources and want to consolidate it in a single point of reference. Being able to see all log and event files, and how different events and alerts correlate to each other has made identifying and resolving network issues much easier for our company.
AlienVault has been very effective in helping us detect real security threats. It has helped us catch more network issues than just having Window Defender on every user device. This, coupled with all of our logs feeding into the system, makes finding and resolving the issue even easier. AlienVault also does a great job of giving advice on how to remediate alerts and why it flags certain activities as issues.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
We started using AlienVault USM two years ago. We choose AlienVault as IDS device to monitor network activity and security on one of the two company locations. Last year we tested the integration with our Antimalware solution and monitoring some logs that come from Linux server. Initially, we used it on the premises. Currently, we migrate to Saas, adding the second company location and we are evaluating to replace other SIEM solutions. The solution is used by the IT department (Networking and Information Security areas).
  • Existent connectors for common IT infrastructure equipment (brands) simplify initial configuration a lot.
  • Dashboarding and reporting capabilities permits that you can see relevant information in a single view.
  • Availability to train in Spanish would really help us a lot.
Correlation of events with different tools like firewall, web filtering, and anti-malware, is very valuable. Integration of other kinds of logs. Monitoring Linux logs in our case.
AlienVault let us improve monitoring tasks. AlienVault reduces the time involved in the detection of security issues and increases the effectiveness of detecting real threats and false positives.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 1 out of 10
Vetted Review
Verified User
Review Source
We used AlienVault for a few years and were very satisfied with the product. Then, they got bought by AT&T and we are now in contractual and legal hell. In the past, both companies made changes to the operating agreements to meet our needs; AlienVault was good at helping us with regulatory requirements. This time during the contract renewal, they made promises about updating agreements again, but somewhere this got lost when both or customer manager and sales representative changed three times in short succession. Then, the legal team refused to even speak with us even after they originally agreed to during the negotiation. So, we've been ignored for months by multiple groups with no meeting scheduled all because their legal team is busy updating legal agreements due to the merger, which is exactly what we want! Another thing to consider: more marketing emails from all the other companies in the AT&T family, get your spam filters ready. Overall: good product, but we've spent more effort on managing the relationship than this is worth. We will consider other, even more expensive options, whose TCO will, in the end, be lower.
  • Your Points of Contact will change a lot
  • Your requests will be ignored
  • If you have unique requirements, you may be out of luck under the new AT&T regime
  • We pay you, you work for us, remember that
  • Get your house in order and don't leak the damage to your clients
  • Get more staff if you cannot handle the post-merger load
  • Retain your current employees
If you have a basic solution with no special requirements, legal or technical, you can probably use AlienVault out of the box. If you need something slightly out of the ordinary, look elsewhere.
It works. It can work very well if you custom configure it to your environment. I highly recommend that for any SIEM solution.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
AlientVault is our SIEM solution across our AWS infrastructure (300+ appliances) as well as our desktop workstations in our Kathmandu, Nepal location which houses 300 employees.
  • Intrusion detection
  • DDOS detection
  • Storage allocation vs price.
  • Support for customers not purchasing dedicated services.
  • Performance of Monitors.
I think AV works well in THE AWS environment but we had a long road to get it where we needed it to be. Could be better at support customers who are purely cloud-based in planning and sizing based on their environment.
AV has been great at detecting threats and helping us identify paths for mitigation. We've been happy with the service from that perspective.
Read this authenticated review
Anonymous | TrustRadius Reviewer
June 19, 2019

Best SIEM around!

Score 9 out of 10
Vetted Review
Verified User
Review Source
AlienVault is implemented in the organization to closely monitor and alert the Information Security Team on activity to address regarding threats and vulnerabilities.
  • Alarms and email alerts on potential threats and compromises.
  • Vulnerability scans allow a view of the risks from each asset.
  • Integration with Anitvirus, Office 365, and file monitoring software (Varonis).
  • AlienVault agent appears offline at times for assets that are known to be online.
  • AlienVault agent does not update on its own.
It is good for large organizations utilizing a number of systems and remote locations/users. It is less appropriate for organizations that may still be utilizing Windows 7 and Windows Server 2008 environments
AlienVault supersedes the detection of real security threats when compared to the other products that have been used or demoed. The use of OTX within AlienVault is of great benefit to the assistance of security analysts.
Read this authenticated review
Anonymous | TrustRadius Reviewer
June 17, 2019

SIEM at its best!

Score 9 out of 10
Vetted Review
Verified User
Review Source
We currently use AlienVault USM anywhere across the corporation and it does what it's supposed to do 99.9% of the time. The deployment option (on-Prem/SaaS) could be a factor performance-wise and in terms of custom plugins and rule-set but otherwise it meets all our business requirements. Most importantly support is great and always ready to help where possible.
  • Correlation
  • Constant feature updates
  • Support
  • Ability to build custom plugins in all deployment models
  • Roll back the decision to halt creating custom plugins
  • Ability to modify correlation rules
Basically, this has worked well for almost all our use cases.
AlienVault is a great tool and just like every other tool out there, there will always be false positives but it all depends on the environment and the engineers/analysts involved to tune it effectively/efficiently. With so many tools in the modern enterprise, AlienVault aggregates and presents meaningful information from a single pane in little time.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
In our organization, AlienVault USM Anywhere is being used as our SIEM. We have all of our SaaS solutions feeding logs to it. The business problem that it addresses is that it provides a "single pane of glass" for all of our logging purposes. Instead of having multiple admin consoles for log reporting on each system, we can just login to AlienVault USM Anywhere to see all logs from all systems.
  • Supports many connectors
  • Provides a single pane of glass for all logging
  • Easy sensor configuration
  • Their support could be more helpful
  • The UI is not very user-friendly
  • The name sounds unprofessional
AlienVault USM Anywhere is well suited in cloud-based environments. They do offer an on-prem solution, but I do not have experience with that. Without prior SIEM knowledge or training, the platform can be challenging to implement. If you do not have the in-house resources for this, I would strongly recommend professional services to ensure that the deployment goes smoothly.
AlienVault USM Anywhere leverages OTX for their Threat Detection Effectiveness. OTX stands for Open Threat Exchange. To my knowledge, they own this platform. It is an open source way for the community to share and learn about new threats as soon as they are discovered. This is a unique platform to AlienVault and very valuable.
Read this authenticated review
Anonymous | TrustRadius Reviewer
June 12, 2019

Alien Vault Review

Score 9 out of 10
Vetted Review
Verified User
Review Source
We are an MSSP and use AlienVault to make sure our client's networks are secure and to confirm that all network access is approved and merited. AlienVault provides great visibility into network events and allows the operations team to confirm and take action on activities that may be considered rouge.
  • Dashboarding.
  • Alert monitoring.
  • Ease of installation.
  • Agent Installs.
  • System updating.

Alien Vault is best suited in environments that have an infrastructure capable of SPAN ports and infrastructure that has the ability for logging.

In smaller environments, the benefits can still be attained but the overall value of the internal data may not be the level of detail that may have been needed.

AlienVault has done a great job at identifying threats. Much of this is done with the initial triage and determining what is normal. Once complete AlienVault appears to be doing a great job at finding all the new things that come up or when systems are accessed without prior approval.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We are using AlienVault USM as the cornerstone of our layered security model. We use it for Incident Management, Event Logging and Anomaly Detection.

We have a Global Security Operations Centre and are deploying AlienVault globally. We want to standardize our security incident responses globally to ensure that we can implement a true 'follow the sun' model. AlienVault has a global presence and we want to leverage that capability to support our security teams.
  • Excellent feedback and reviews from external organisations and in-house experience
  • Good value for money
  • A reliable, all-round tool to avoid duplication / overlap with other products
  • Allowed us to build a security tool-set without wasting money on duplicated (and unused) functions
  • Global presence
  • Other products, like Darktrace, provide exceptional automatic isolation and intrusion protection. I want AlienVault to provide equivalent protection / isolation to protect environments out of working hours (public holidays etc)
  • External threat monitoring is a great way to identify threats mobilizing before they attack (horizon monitoring). Intsights (https://intsights.com/) provides this for a fee, but I would like to see a capability for monitoring key assets, such as domain names, C-Suite personnel etc.
  • Some simple mechanisms to reduce white noise. We are gradually improving our filtering, but machine learning (aka Darktrace) would be helpful to allow the system to 'learn' behaviours and then allow to be filtered by an administrator. Full AI learning is difficult (hence the costs for Darktrace) but a configuration dashboard to reduce 'noise' should be easy to deliver, rather than having to edit and apply filters individually.
  • Dashboards for ISO27001 and PCI. ISO27001 KPIs such as Threats Detected, Threats automatically prevented, Threats requiring human intervention etc are simple and should be easy to provide.
  • Anything you can do to link with Vulnerability Management, such as Nessus, Cyberark DNA etc would be helpful. Currently these are managed separately, but would be great if these could be integrated for running routine scans from a single dashboard, or reporting on a dashboard.
Anomaly detection seems good, but there are a lot of false positives until the filtering is perfected. Unfortunately the filtering management is a huge overhead on teams until it is fine tuned. Anything to assist with bulk filter changes would help.

Off network monitoring would be helpful - a selectable client which allowed activity to be tracked could be useful, particularly where split horizon networks exist. This could just provide a summary of traffic / sites visited which may be inadvertently bypassing corporate controls (such as Corporate Cloud Storage, Webmail etc). This would help us provide awareness and training for users to explain the associated risks.

Alienvault created lots of white noise and false positives until the filtering is mature. AI in this space (as per Darktrace) eliminates a lot of human effort. On a few instances recently, AlienVault has not detected security incidents - but this is more to do with sensor deployment. Effective tools for learning about traffic and topology are needed to avoid parts of the network being missed.

This might be consultation or machine learning tools for configuration (such as NMAP)
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We are currently deploying AlienVault to all our offices across midtown. We have it in 4 out of 8 offices so far. We use it to monitor the security health of our company.
  • Easy to implement into a company.
  • Deep insights into company assets and the vulnerabilities these assets have.
  • The online Dashboard is easy to navigate and able to be accessed anywhere online.
  • Provides the ability to coordinate with team members more easily in terms of handling fixes.
  • The online dashboard seems sluggish at times, and could be faster.
  • More tutorials about setting up personalized alarms and actions.
Alien Vault USM is good for small companies, in that it is affordable yet powerful. It does what we need in terms of security. It also allows us to expand and grow as a product as necessary.
This is our first major security product. AlienVault certainly has improved our overall insight into the health of company's assets. We have been able to eliminate many vulnerabilities as a result.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We use AlienVault across the whole organization. AlienVault USM creates an all in one security solution where we are able to correlate events from different source types, such as server events, but also the complete cloud trail from our public cloud provider Amazon Web Services. All the security logic, which is part of the offer, has really relieved our operations team.
  • Many event sources, including public cloud!
  • Setup is easy.
  • Filtering options for browsing events is convenient.
  • Reporting cannot be automated currently. Every month we need to open the web console and generate them ourselves.
  • MFA authentification cannot be forced.
  • The license fee for each sensor is costly when you have a multi-account cloud setup at AWS.
AlienVault USM is well suited when your assets live in the public AWS cloud because of the available integrations they've made.
Alienvault USM offers a convenient dashboard which indicates at which level a security threat occurs. From just "Informational" to "System Compromise". You cannot check all security events ourselves so this feature is why we like Alienvault USM so much. Some competitors do offer something equals but lack in quality. Based on the level engineers get notified only when required.
Read this authenticated review

Feature Scorecard Summary

Centralized event and log data collection (1)
8
Correlation (1)
8
Event and log normalization (1)
8
Deployment flexibility (1)
7
Custom dashboards and views (1)
6
Host and network-based intrusion detection (1)
7

About AlienVault USM

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.

Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.

Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.

Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.

AlienVault USM Features

Security Information and Event Management (SIEM) Features
Has featureCentralized event and log data collection
Has featureCorrelation
Has featureEvent and log normalization
Has featureDeployment flexibility
Has featureIntegration with Identity and Access Management Tools
Has featureCustom dashboards and views
Has featureHost and network-based intrusion detection
Additional Features
Has featureAlienVault Open Threat Exchange

AlienVault USM Screenshots

AlienVault USM Videos (2)

Watch AlienVault USM Anywhere: Five Essential Cloud Security Capabilities in a Single SaaS Platform

Watch See How We're Pushing the Outer Limits of Security

AlienVault USM Downloadables

AlienVault USM Competitors

Pricing

  • Has featureFree Trial Available?Yes
  • Has featureFree or Freemium Version Available?Yes
  • Has featurePremium Consulting/Integration Services Available?Yes
  • Entry-level set up fee?Optional

AlienVault USM Support Options

 Free VersionPaid Version
Phone
Email
Forum/Community
FAQ/Knowledgebase
Social Media
Video Tutorials / Webinar
Live Chat

AlienVault USM Technical Details

Deployment Types:SaaS
Operating Systems: Unspecified
Mobile Application:No
Supported Countries:Global