Overview
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…
TrustRadius Insights
Empowering Security Zenith with Unified Vigilance.
will I continue to use USM, Yes I would
Excellent security for your machine
MSSP Review
Great product but out of the box it needs a lot of work.
AlienVault is about as user-friendly as it gets for threat detection
Great if you can deploy and manage on-premises SIEMs
AlienVault - Not Worth the Price
AlienVault USM Anywhere, a SIEM that is easy on your pocket.
Unbeatable Security Machine
AlienVault USM Provides Heightened Security Awareness in the Legal Services Industry
Best product I've seen for a smaller enterprise network.
Great SIEM for enterprise environments
AlienVault USM is a really beneficial SIEM solution.
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (8)8.585%
- Correlation (8)8.585%
- Event and log normalization/management (8)8.080%
- Custom dashboards and workspaces (8)7.070%
Reviewer Pros & Cons
Pricing
Essentials
$1,075
Standard
$1,695
Premium
$2,595
Entry-level set up fee?
- Setup fee optional
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Features
Security Information and Event Management (SIEM)
Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools
- 8.5Centralized event and log data collection(8) Ratings
Effectiveness of real-time centralized event and log data collection
- 8.5Correlation(8) Ratings
Correlation of logs and events to pinpoint significant threats
- 8Event and log normalization/management(8) Ratings
Ability to normalize event syntax so that logs can be compared and are machine-understandable
- 8.6Deployment flexibility(7) Ratings
Ability to tune system to maximize threat detection and minimize false positives
- 7.3Integration with Identity and Access Management Tools(5) Ratings
Integration with access control tools like Active Directory and LDAP
- 7Custom dashboards and workspaces(8) Ratings
dashboards that can be customized to meet the needs of specific groups
- 8Host and network-based intrusion detection(5) Ratings
Ability to detect both endpoint intrusion and network ingress detection
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Features
Security Information and Event Management (SIEM) Features
- Supported: Centralized event and log data collection
- Supported: Correlation
- Supported: Event and log normalization/management
- Supported: Deployment flexibility
- Supported: Integration with Identity and Access Management Tools
- Supported: Custom dashboards and workspaces
- Supported: Host and network-based intrusion detection
Additional Features
- Supported: AlienVault Open Threat Exchange
AlienVault USM Screenshots
AlienVault USM Videos
AlienVault USM Competitors
AlienVault USM Technical Details
Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
---|---|
Operating Systems | Unspecified |
Mobile Application | No |
Supported Countries | Global |
AlienVault USM Downloadables
- Unified Security Management vs. SIEM: a Technical Comparison
- AlienVault USM Anywhere: Datasheet
- AlienVault Fast Facts
- AlienVault USM Anywhere: Datasheet
- Beginner’s Guide to Open Source Intrusion Detection Tools
- SIEM for Beginners: Everything You Wanted to Know About Log Management But Were Afraid to Ask
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(735)Community Insights
- Business Problems Solved
- Recommendations
Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.
AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.
AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.
The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.
Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.
Based on user recommendations, AlienVault USM receives the following common recommendations:
-
AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.
-
Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.
-
To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.
Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.
Attribute Ratings
- 7.2Likelihood to Renew18 ratings
- 6.4Availability3 ratings
- 7.3Performance3 ratings
- 6.7Usability34 ratings
- 7.3Support Rating25 ratings
- 8.3Online Training6 ratings
- 4.5In-Person Training1 rating
- 6.4Implementation Rating38 ratings
- 8Configurability3 ratings
- 6.3Product Scalability3 ratings
- 7.3Ease of integration3 ratings
- 8.2Vendor pre-sale3 ratings
- 7.6Vendor post-sale3 ratings
Reviews
(126-150 of 390)AlienVault USM Anywhere - A One-Man-SOC
- Cloud based solution which minimises the need to maintain additional on premise servers.
- Among the cheapest SIEM solution on the market with features comparable to the other bigger players.
- Great dashboard and UI which makes it super easy to use.
- Packed with many features and integrates with many major off the shelf brands.
- The SaaS based model makes the pricing very dependent on the storage capacity subscribed to. Compared to other on premise solutions, it can be really hard to deal with once the log storage has reached or maxed out the monthly storage capacity.
- After AT&T took over Alienvault, their customer service has deteriorated and they don’t give as much care as they did earlier with their customers.
- After AT&T took over, the product pricing has been increasing steadily and soon this solution may not be as affordable as it used to be.
AlienVault is pretty dope
- log management
- vulnerability management
- correlation alerts
- Policy Reports
- Your Points of Contact will change a lot
- Your requests will be ignored
- If you have unique requirements, you may be out of luck under the new AT&T regime
- We pay you, you work for us, remember that
- Get your house in order and don't leak the damage to your clients
- Get more staff if you cannot handle the post-merger load
- Retain your current employees
Cloud-based Healthcare Analytics Company
- Intrusion detection
- DDOS detection
- Storage allocation vs price.
- Support for customers not purchasing dedicated services.
- Performance of Monitors.
- The integration setup for syslog forwarding and native web apps partnered with the platform is a very simple setup.
- Deploying sensors in cloud systems usually follow a pre-defined build flow for ease of sensor deployments and scaling.
- For perimeter defense, as long as your defended organizational structure uses Active Directory or another LDAP replication type service, vuln scanning and KIDS is a breeze.
- For highly distributed workforce issues, the system requires a lot of third-party integrations to collect data for automation.
- Customization can be lacking in areas without significant help from their support teams.
- Building rules for filtering, suppression, and custom alarms can be a steep learning curve, although this is slightly offset by their training offerings.
AlienVault Is a Success
- Deployment with the sensors for USM anywhere.
- Support
- Responsive UI
- Alien Apps
- Agents offline
- Easier agent deployment on host.
- Quicker response from engineers and not just send engineers a document for the fix.
Best SIEM around!
- Alarms and email alerts on potential threats and compromises.
- Vulnerability scans allow a view of the risks from each asset.
- Integration with Anitvirus, Office 365, and file monitoring software (Varonis).
- AlienVault agent appears offline at times for assets that are known to be online.
- AlienVault agent does not update on its own.
SIEM at its best!
- Correlation
- Constant feature updates
- Support
- Ability to build custom plugins in all deployment models
- Roll back the decision to halt creating custom plugins
- Ability to modify correlation rules
Initial review
- Centralized dashboard
- Training
- Response from sales reps
- Support is not quickly responded to.
- Escalation for support takes a lot of steps.
- API's need to be expanded.
AlienVault USM Anywhere Review
- Supports many connectors
- Provides a single pane of glass for all logging
- Easy sensor configuration
- Their support could be more helpful
- The UI is not very user-friendly
- The name sounds unprofessional
- Simple and understandable User Interface (UI)
- Capable of performing multiple network security functions
- Good price point for SMB and mid-market tier SIEM
- Log collection sensors can be difficult to install and configure
- Not all functions are intuitive or simple to set up
- AlienVault outsources professional services, with mixed results
- Documentation is not always up-to-date, increasing time to troubleshoot and resolve issues
USM Anywhere does what it says.
- VMWare Sensor deployment is very easy.
- Dashboards are nice and clean.
- Network monitoring and Syslog collector just work.
- USM Anywhere does not support Netflow or any variation. SPAN and RSPAN are currently the only methods to monitor IP flows.
- USM Anywhere tech support is lackluster. I have opened two tickets and struggled to receive knowledgeable technical assistance.
- USM Anywhere does not do scheduled report delivery in any format. Reports are run on demand and must be printed to pdf for distribution.
Alien Vault Review
- Dashboarding.
- Alert monitoring.
- Ease of installation.
- Agent Installs.
- System updating.
Alien Vault is best suited in environments that have an infrastructure capable of SPAN ports and infrastructure that has the ability for logging.
In smaller environments, the benefits can still be attained but the overall value of the internal data may not be the level of detail that may have been needed.
USM Anywhere, the easy SIEM.
- Find security issues such as malware.
- PCI compliance reporting.
- Deep dive into various issues in the environment.
- UI could be streamlined some.
AlienVault and an honest comparison to Darktrace
We have a Global Security Operations Centre and are deploying AlienVault globally. We want to standardize our security incident responses globally to ensure that we can implement a true 'follow the sun' model. AlienVault has a global presence and we want to leverage that capability to support our security teams.
- Excellent feedback and reviews from external organisations and in-house experience
- Good value for money
- A reliable, all-round tool to avoid duplication / overlap with other products
- Allowed us to build a security tool-set without wasting money on duplicated (and unused) functions
- Global presence
- Other products, like Darktrace, provide exceptional automatic isolation and intrusion protection. I want AlienVault to provide equivalent protection / isolation to protect environments out of working hours (public holidays etc)
- External threat monitoring is a great way to identify threats mobilizing before they attack (horizon monitoring). Intsights (https://intsights.com/) provides this for a fee, but I would like to see a capability for monitoring key assets, such as domain names, C-Suite personnel etc.
- Some simple mechanisms to reduce white noise. We are gradually improving our filtering, but machine learning (aka Darktrace) would be helpful to allow the system to 'learn' behaviours and then allow to be filtered by an administrator. Full AI learning is difficult (hence the costs for Darktrace) but a configuration dashboard to reduce 'noise' should be easy to deliver, rather than having to edit and apply filters individually.
- Dashboards for ISO27001 and PCI. ISO27001 KPIs such as Threats Detected, Threats automatically prevented, Threats requiring human intervention etc are simple and should be easy to provide.
- Anything you can do to link with Vulnerability Management, such as Nessus, Cyberark DNA etc would be helpful. Currently these are managed separately, but would be great if these could be integrated for running routine scans from a single dashboard, or reporting on a dashboard.
Off network monitoring would be helpful - a selectable client which allowed activity to be tracked could be useful, particularly where split horizon networks exist. This could just provide a summary of traffic / sites visited which may be inadvertently bypassing corporate controls (such as Corporate Cloud Storage, Webmail etc). This would help us provide awareness and training for users to explain the associated risks.
AlienVault, the right product at the right price.
- Easy to implement into a company.
- Deep insights into company assets and the vulnerabilities these assets have.
- The online Dashboard is easy to navigate and able to be accessed anywhere online.
- Provides the ability to coordinate with team members more easily in terms of handling fixes.
- The online dashboard seems sluggish at times, and could be faster.
- More tutorials about setting up personalized alarms and actions.
All In One SIEM Solution
- Many event sources, including public cloud!
- Setup is easy.
- Filtering options for browsing events is convenient.
- Reporting cannot be automated currently. Every month we need to open the web console and generate them ourselves.
- MFA authentification cannot be forced.
- The license fee for each sensor is costly when you have a multi-account cloud setup at AWS.
AlienVault USM Review
- Vulnerability reporting - This gives administrators a holistic view of persisting threat before going for a vulnerability scan.
- Visibility to multiple devices and environments - Firewalls, Windows Servers, AWS, Azure, etc.
- No mobile application - most of the competitors have a mobile application, which gives administrator flexibility over the weekend.
- Need more features in terms of alerting.
- There is a lag in Alienvault updating the log results to the dashboard and sometimes the filters won't work as expected.
- Many false positives.
AlienVault Review
- Comprehensive tooling.
- Easy to construct alerts.
- Strong reporting.
- Ability to get emailed reports.
- Ability to integrate internal networking logs.
- Improved support.
AlienVault--The SEIM for people that wear many hats.
- Has an effective dashboard. The classification of alarms by intent is a favorite.
- Being able to drill into specific details and get actionable information is crucial. AlienVault makes this easy.
- Having an integrated vulnerability reference is very nice to have. It may not be as full-featured as point solutions, but for quick references it is nice.
- The deployment instructions could be written better.
- Vulnerability scanning and setup could be updated.
Easy, Efficient, Smart, and Incredibly Time-Saving
- Monitoring and Alerting.
- Visual display of all information security-related events and actions.
- Detailed alarms for suspicious events.
- Incorporation of the MITRE ATT&CK framework.
- Automatic updates for AV agents. Currently, we have to manually redeploy an agent in order to apply the latest update... this takes precious time.
- More detailed insight into identified vulnerabilities from the internal scanning tool.
- Incorporation of SOC 2 - Type II compliance template - similar to the templates for PCI DSS and ISO27001.
- FIM with limits.
- Vulnerability scans (with agents installed as opposed to "NXlog").
- Dashboards.
- Need to be able to comment on issues flagged by AlienVault so that other users may know what has been done for triage.
- Single pane of glass, need to have a shared dashboard that is customizable.
The ability to comment on issues within the application is rather important as now I can 'label' an issue and assign to myself or others but cannot include what steps have been taken thus far. That means a separate email communication is necessary.
- It is exceptional at finding vulnerabilities in workstations and servers.
- The reporting is simple, yet powerful.
- Detailed alerts to IT staff has been extremely helpful in identifying threats.
- Would like to use AlienVault to effectively find vulnerabilities in users' workstations, however, each machine is identified by IP instead of the computer name. Not DHCP friendly.
- Not really a con, but it seems to collect ALL of the events that occur in your environment(s). There are ways to filter those events out, but without setting up rules, it can very easily become overwhelming.
- Quite pricey.
- Easy to get started
- Very proactive account executive
- Plugins are not configurable by the user. If they don't have what you use, you're in a long queue for custom development.
- Support is very transactional and often needs several touches to resolve issues
- Some quality issues were encountered
On the other hand it is much less suited for anything more nice, complex or requires flexibility, such as parsing application logs. We ended up building our own solution for those.
Production systems are monitored using agents and a sensor.
- Effective correlation of various log sources to provide useful alerts.
- An agent provides detailed logs of events on every system, be it Windows, Linux, or MacOS, to the point you do not have to log in to each machine to review security logs.
- Provides auto detection of log sources and effective mapping of the log data to key fields.
- Pre-built alerts allow AlienVault to be effective right away. There's no need to spend days creating alerts for it to be usable.
- Has powerful search capabilities once the logs are in AlienVault.
- Has the ability to run queries on agent systems based on an alert trigger (eg. list of logged on users).
- The biggest challenge is the deployment of the Agent. It requires logging onto each system and running the install script manually. You need a GPO or a scriptable way to push the agent.
- We would like the ability to limit access to specific sensors for users that have been given access to AlienVault. Currently, if an analyst has access to AlienVault, they can see all data sources and logs.
- We saw a lot of false positive results in the beginning, requiring a bit of tuning to suppress some rules.
- There's no ability to suppress Vulnerabilities identified in the vulnerability scanning component.