Reviews (101-125 of 353)
- Deployment and management of the product is much simpler than other SIEM platforms, making it ideal for small IT teams who don't have a bunch of SIEM gurus on staff.
- It does a very good job of providing useful, meaningful, and relevant alerts.
- Searching through log & event data is fast and easy using all the built-in query tools.
- I love the OTX (Open Threat Exchange) integration, identifies malicious IPs communicating with your systems.
- I'm not a fan of the shady sales tactics and price increases. We originally signed a one-year contract. Our account rep contacted us about 6 months into the contract, saying that there would be a big price increase in the coming months, but he could get us last years pricing on our renewal if we signed the renewal within 30 days (with Net30 payment terms).
- Translation - we sold you a 12 month subscription, but you have to pay for another 12 month subscription after only 8 months if you don't want to price to go up.
- The exact same thing happened the following year, so this was not one-time thing. During the most recent yearly renewal, the price was going to nearly double if we didn't do early renewal. These type of sales shenanigans feel an awful lot like extortion to me.
- Tech support isn't that great. Thankfully we haven't had many problems with the product, but when we have had issues, support can take a long time to address the problems.
- Alarms - These are one of the products strengths in that they provide detailed breakdowns of the information that a security analyst is looking for in order to understand what is happening on the network
- Investigations - The best feature of the product is the ability to create investigations, assign events and alarms to them, and then gather evidence, make a determination and react/respond based on the nature of the incident
- Dashboard - This gives a useful at-a-glance summary of the current security posture and recent trends in alarms
- The main criticism I had with USM Anywhere was that initially it was lacking the Investigations functionality which often meant that alarms were investigated but there was no record of this work that could serve for audit purposes or to look at long term trends. Now that this has been added I have very little to criticise about the product and I use it more than ever.
- Easy to set up quickly and get results
- Works well with AWS
- Alerting can integrate with third party systems, e.g. Pagerduty
- Low lock-in
- Sluggish performance means that we try to avoid using their GUI in routine processes
- Small feature set and opaque development roadmap leave us frustrated with their minimal query language and lack of reporting customisations
- User and professional services community appears to be heavily Windows-focused
- Vulnerability scanning
- Network Intrusion Detection
- Log collection from a variety of products
- Support is not very fast to respond and their resolutions are weak.
- NIDS support with Cisco UCS
- Feature Request: automatic report processing for which the report is emailed
- AlienVault is great at providing a single dashboard to view into all of your security products in one place
- Alienvault has a powerful intrusion detection system
- Alienvault does a great job of collecting security data from a hundreds of different sources/vendors
- Alienvault is complicated. To install and configure it properly you will need to be a seasoned security professional. I am a Sys Admin guy and I needed help.
- Alienvault USM can be a bit too "chatty" , alerting you to so many things out of the box it seems like a full time person is needed just to manage the alerts. It takes a while after implementation to finally get the alerts down to the correct level.
- Alienvault USM "Plug Ins" are sometimes a little flaky
I also use the vulnerability scanner to keep track of how my update process is behaving, as well as track software on the system that is not allowed by the company.
- Network monitoring -- all activity is logged, and you can have as many or as little alerts as you need.
- The vulnerability scanner is great and can be scheduled!
- The dashboard when you log in is outstanding and very clear, so you can see issues easily.
- Out of the box there is a lot of "noise," and it requires a significant effort to reduce that down to a manageable level.
- The interface can be a bit clunky at times.
- Results from forensics info are difficult to locate, as they register as events. This should pop up in a window when you send the command, or email you when done, so that you can go retrieve it, ideally from a dedicated section on the interface.
I also like the fact that you can view any and all events on the network.
It managed to pick up IMAP scans from registered bad IP addresses, which we have since addressed. It has also managed to flag unwanted software running on workstations, and a few other smaller bits and pieces.
- Has a range of features in one package. HIDS, NIDS, FIM, reporting, and alerting.
- Report templates for SOC, NIST, ISO 27000.
- The support since the recent purchase by AT&T has really dropped off. Answers to questions are much slower and sometimes wildly inaccurate. Asking the same question multiple times of different support will yield totally different answers.
- Some of the features that existed in the on-prem version has still not made it into the cloud version.
- Asset scanning has become buggy in the latest updates, and bugs are getting fixed much slower than our previous experience before the AT&T purchase.
- Logs collection
- Suspicious events detection
- Dynamic infrastructure detection (e.g. autoscaled instances are not detected when terminated).
- File integrity monitoring rules cannot be customized.
- Agents are manually deployed.
- Agents get disconnected from time to time.
- Vulnerability scans on several different OS.
- Intrusion/Attack detection.
- No customisable patterns for log analysis.
- Not friendly with autoscaling resources with no possibility to have auto-deletion of assets no more present after a certain amount of time.
It is less appropriate for a deep scan of network packets, or to have a visual representation of the events.
- Collects AWS CloudTrail logs
- Collects OS logs
- Has many integrations with other security products
- Existent connectors for common IT infrastructure equipment (brands) simplify initial configuration a lot.
- Dashboarding and reporting capabilities permits that you can see relevant information in a single view.
- Availability to train in Spanish would really help us a lot.
- Your Points of Contact will change a lot
- Your requests will be ignored
- If you have unique requirements, you may be out of luck under the new AT&T regime
- We pay you, you work for us, remember that
- Get your house in order and don't leak the damage to your clients
- Get more staff if you cannot handle the post-merger load
- Retain your current employees
- Alarms and email alerts on potential threats and compromises.
- Vulnerability scans allow a view of the risks from each asset.
- Integration with Anitvirus, Office 365, and file monitoring software (Varonis).
- AlienVault agent appears offline at times for assets that are known to be online.
- AlienVault agent does not update on its own.
Alien Vault is best suited in environments that have an infrastructure capable of SPAN ports and infrastructure that has the ability for logging.
In smaller environments, the benefits can still be attained but the overall value of the internal data may not be the level of detail that may have been needed.
We have a Global Security Operations Centre and are deploying AlienVault globally. We want to standardize our security incident responses globally to ensure that we can implement a true 'follow the sun' model. AlienVault has a global presence and we want to leverage that capability to support our security teams.
- Excellent feedback and reviews from external organisations and in-house experience
- Good value for money
- A reliable, all-round tool to avoid duplication / overlap with other products
- Allowed us to build a security tool-set without wasting money on duplicated (and unused) functions
- Global presence
- Other products, like Darktrace, provide exceptional automatic isolation and intrusion protection. I want AlienVault to provide equivalent protection / isolation to protect environments out of working hours (public holidays etc)
- External threat monitoring is a great way to identify threats mobilizing before they attack (horizon monitoring). Intsights (https://intsights.com/) provides this for a fee, but I would like to see a capability for monitoring key assets, such as domain names, C-Suite personnel etc.
- Some simple mechanisms to reduce white noise. We are gradually improving our filtering, but machine learning (aka Darktrace) would be helpful to allow the system to 'learn' behaviours and then allow to be filtered by an administrator. Full AI learning is difficult (hence the costs for Darktrace) but a configuration dashboard to reduce 'noise' should be easy to deliver, rather than having to edit and apply filters individually.
- Dashboards for ISO27001 and PCI. ISO27001 KPIs such as Threats Detected, Threats automatically prevented, Threats requiring human intervention etc are simple and should be easy to provide.
- Anything you can do to link with Vulnerability Management, such as Nessus, Cyberark DNA etc would be helpful. Currently these are managed separately, but would be great if these could be integrated for running routine scans from a single dashboard, or reporting on a dashboard.
Off network monitoring would be helpful - a selectable client which allowed activity to be tracked could be useful, particularly where split horizon networks exist. This could just provide a summary of traffic / sites visited which may be inadvertently bypassing corporate controls (such as Corporate Cloud Storage, Webmail etc). This would help us provide awareness and training for users to explain the associated risks.
This might be consultation or machine learning tools for configuration (such as NMAP)
- Easy to implement into a company.
- Deep insights into company assets and the vulnerabilities these assets have.
- The online Dashboard is easy to navigate and able to be accessed anywhere online.
- Provides the ability to coordinate with team members more easily in terms of handling fixes.
- The online dashboard seems sluggish at times, and could be faster.
- More tutorials about setting up personalized alarms and actions.
- Many event sources, including public cloud!
- Setup is easy.
- Filtering options for browsing events is convenient.
- Reporting cannot be automated currently. Every month we need to open the web console and generate them ourselves.
- MFA authentification cannot be forced.
- The license fee for each sensor is costly when you have a multi-account cloud setup at AWS.
AlienVault USM Scorecard Summary
Feature Scorecard Summary
About AlienVault USM
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Screenshots
AlienVault USM Videos (2)
AlienVault USM Downloadables
AlienVault USM Competitors
- Has featureFree Trial Available?Yes
- Has featureFree or Freemium Version Available?Yes
- Has featurePremium Consulting/Integration Services Available?Yes
- Entry-level set up fee?Optional
AlienVault USM Support Options
|Free Version||Paid Version|
|Video Tutorials / Webinar|
AlienVault USM Technical Details