AlienVault USM: Simplifying Security with Cost-Effective Threat Detection.
Our organization uses AlienVault USM to enhance the security posture and streamline our clients' threat detection and response. The …
Starting at $1,075 per month
View PricingOverview
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (8)8.585%
- Correlation (8)8.585%
- Event and log normalization/management (8)8.080%
- Custom dashboards and workspaces (8)7.070%
Reviewer Pros & Cons
Pricing
Essentials
$1,075
Cloud
per month
Standard
$1,695
Cloud
per month
Premium
$2,595
Cloud
per month
Entry-level set up fee?
- Setup fee optional
For the latest information on pricing, visithttps://www.alienvault.com/products/pri…
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Features
Return to navigation
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Features
Security Information and Event Management (SIEM) Features
- Supported: Centralized event and log data collection
- Supported: Correlation
- Supported: Event and log normalization/management
- Supported: Deployment flexibility
- Supported: Integration with Identity and Access Management Tools
- Supported: Custom dashboards and workspaces
- Supported: Host and network-based intrusion detection
Additional Features
- Supported: AlienVault Open Threat Exchange
AlienVault USM Screenshots
AlienVault USM Videos
AlienVault USM Competitors
AlienVault USM Technical Details
| Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
|---|---|
| Operating Systems | Unspecified |
| Mobile Application | No |
| Supported Countries | Global |
AlienVault USM Downloadables
Frequently Asked Questions
Splunk Cloud and Fortinet on IBM Cloud are common alternatives for AlienVault USM.
Reviewers rate Deployment flexibility highest, with a score of 8.6.
The most common users of AlienVault USM are from Mid-sized Companies (51-1,000 employees).
Comparisons
Compare with
Reviews and Ratings
(735)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Recommendations
Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.
AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.
AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.
The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.
Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.
Based on user recommendations, AlienVault USM receives the following common recommendations:
-
AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.
-
Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.
-
To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.
Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.
Attribute Ratings
Reviews
(176-200 of 390)Companies can't remove reviews or game the system. Here's why
USM being used for our whole organization. It is deployed via sensor on various regions to capture in/out data for monitoring potential risk. We use USM as a centered logger and analysis system also collecting data from firewall/VPN, Office365, Crowstrike and others. It's convenient to integrate various plugins for gathering data/alert from different clouds/platforms. The whole system setup is pretty straightforward and not difficult to use
- Risk analysis is accurate. Cloud-based rule update means less hassle.
- Integrated plugins help centralize log/alert into one system.
- Filter/suppress rule is very easy to set. Easy to fit to our current traffic pattern.
- It's a pain to check each individual alert for detail, I wish there was a popup window or something similar to quickly go through each unusual alert.
- The UI seems not that efficient, and a little bit slow in my opinion.
- I wish we had a Kibana-like quick search criteria change function, click and go.
April 26, 2019
AlienVault does it all!
It is being used across the whole organization to fulfill our IDS/FIM/SIEM/Vulnerability management/Asset discovery.
- It does very well at monitoring all activity in AWS.
- It does very well with authenticated vulnerability scans.
- It is easy to tune so that only the important events throw alerts.
- It would be great if there were SOC2 and HITRUST compliance reports.
- It would be great if there were a standard plugin for pfsense routers/firewalls.
AlienVault USM is being used by the IT department for its vulnerability scanning, intrusion detection, and event correlation. It's a fairly new product for us and we're still getting acclimated to it but so far it's been very useful in giving us greater visibility into our environment.
- Vulnerability assessment is very good. Especially with the software on servers and workstations.
- Event correlation has helped tremendously by centralizing all the data into one feed that we can filter easily.
- Support, training, and implementation were top notch. Very helpful people who answered questions clearly and concisely.
- For a company that is on the smaller side as far as the number of employees and computer systems, the storage available in our tier could get eaten up quite quickly. It wasn't that easy for us to know where to go from a storage tier startup standpoint.
April 25, 2019
Effective for small teams
We use AlienVault USM internally to view what kind of security events are going on in our PCI/DSS infrastructure. Additionally, we have an MSSP that has access to AlienVault to keep an eye on things for us after hours. As a merchant, having real-time updates to what is going on in our infrastructure is crucial.
- Alerting.
- Log aggregation.
- Cloud management.
- Slow when viewing lots of logs.
- Buggy when removing assets.
- Cannot automate reports.
- Vulnerability scanning does not work.
April 25, 2019
AlienVault Review
AlienVault USM is being used across the entire organization, and it gives our team insights on threats. It also allows us to see the data across the entire ecosystem of devices.
- User Experience - it is incredible.
- The ability to drill into any metric with ease.
- Seeing the entire organization and devices from various levels.
- When parsing logs and data, we'd love to see the ability to add in custom fields from JSON or other structured data sets, as being available.
- When you add in syslog or other data sets, it should allow for encryption and keys that can come from 3rd parties.
April 25, 2019
Small org upping security visibility - a good first SIEM
Our organisation did not previously use a SIEM product. What we wanted was a service that provided current information on threats in the context of our environment, and produced a sensible and manageable level of alerts without needing a lot of tuning - to increase security visibility without overburdening a small operations team.
- Easy to set up quickly and get results
- Works well with AWS
- Alerting can integrate with third party systems, e.g. Pagerduty
- Low lock-in
- Sluggish performance means that we try to avoid using their GUI in routine processes
- Small feature set and opaque development roadmap leave us frustrated with their minimal query language and lack of reporting customisations
- User and professional services community appears to be heavily Windows-focused
April 25, 2019
Pretty good at what it does, but could be improved.
We use AlienVault USM to satisfy PCI DSS requirements. Namely event logging and audit, change audit, and Intrusion Prevention services.
- Lots of built-in out of the box functionality.
- Easily satisfies several PCI DSS requirements.
- Event logging is easy to navigate and presented well.
- Initial setup is quite tedious.
- Network setup for IDS caused us to bring our network down a couple of times.
- Reports aren't very good.
April 23, 2019
AlienVault USM works well for us
We use AlienVault USM to monitor all our production servers. We mostly use it for the automatic threat detection and vulnerability scanning features.
- Setup was actually super easy, we had it more or less done in a couple of days.
- Once it's set up, it's pretty hands-off. Just respond to the alerts it sends you. We've had to invest very little time and effort into our set up.
- Documentation is fantastic.
- I do wish it was easier to set up custom monitoring for logs that are specific to our organization.
April 19, 2019
AlienVault proved itself after one day.
Currently it's only being used by the IT department to identify suspicious network activity, which we did not monitor prior to implementing AlienVault. One day after implementing AlienVault, we were notified of a bitcoin miner on our FTP site. Sure enough, when I logged into that machine and ran a malware scan, it picked up a Bitcoin Miner.
- Report suspicious network activity.
- Display all threats in a nice dashboard.
- Notify me of what other people have encountered with "Pulses."
- Make initial setup easier.
- Make their certification test not so ridiculously tedious with oddly specific questions.
- Provide better remediation steps.
April 13, 2019
AlienVault USM - A worthwhile SIEM platform that delivers value in the first days of usage
AlienVault USM is being used in a phased approach to build an internal SoC function. We initially used it to collect server and device logs centrally for retention. This was then expanded to allow for security alerting and threat intelligence. Through the use of the platform we are able to prove our security processes and working practices are effective in mitigating company risk. Additionally, this solution is making up part of our ongoing accreditation for Cyber Essential Plus by enabling us to evidence good practice with regards to security and compliance.
- Threat intelligence
- Centralisation of logs and events
- Event management
- Integration into SaaS first ITSM platforms for better workflow
- GDPR compliance dashboard (to show potential breaches and resolution specific to sensitive data that has been classified and tagged)
- Native integration with SMS services for event alerting (such as a detected cyber attack)
April 12, 2019
Alien Vault USM goods and not so goods
We are 200 employees strong and have presence in 5 states. We utilize AlienVault (AV) across our entire MPLS network. It addresses the issue of visibility of our servers and workstations to analyze potential threats and less common issues with auditing we wouldn’t otherwise catch but can cause major issues if not resolved.
- AlienVault is very customizable. We can set up many built-in rules and alerts which saves time but can also be extremely granular to properly scan our unique network.
- Great technical support. When I need assistance setting up a new sensor or target scan, AlienVault engineers are there to assist and get me on track.
- Although the interface shows a lot of development and thought put into it, there are some buggy issues at times with simple form submission and web navigation.
- Initially setting up Alien Vault in our environment was challenging and there was a lack of support around the “hardware level” meaning our VMWare environment.
April 12, 2019
AlienVault USM is wonderful!
AlienVault USM is used primarily by our network engineering staff in our infrastructure department. The application is used for log collection from VMware, Active Directory, Microsoft applications such as MS Exchange 2010/2016, and some of our specialized insurance applications. We also use it for NIDS and Palo Alto firewall log collection. Vulnerability scanning helps us to identify possible security issues on our systems for which we can then patch and upgrade accordingly. We generate quarterly security reports for management staff to review as well.
- Vulnerability scanning
- Network Intrusion Detection
- Log collection from a variety of products
- Support is not very fast to respond and their resolutions are weak.
- NIDS support with Cisco UCS
- Feature Request: automatic report processing for which the report is emailed
April 11, 2019
AlienVault is engineering friendly
We use AlienVault to monitor client networks for security alerts and relay that to the client in an informed way due to the vast amount of information gathered by AlienVault. We deploy an AIO to a client and that feeds to our fed server to get all alarms centralised to one place for analysis by our SOC.
- It clearly displays all information in an alarm/event
- Very customisable for any needs you may have
- Great support team who are easy to contact and great when helping
- You need a high level of Linux knowledge to be able to use AlienVault to it's fullest potential
- The USM can be quite fragile and crash unpredictably
- Multiple bugs in the backend mean you need to bypass some functions/actions
April 11, 2019
AlienVault For The Win
Currently, we are just setting it up and it will be used by our IT department. It will allow us to monitor different events and log ins as we have a lot of users and guests.
- Alerts
- Events
- Monitoring traffic
- Filtering capabilities are little overwhelming
- Rules can get clogged
- Dashboard sometimes seems too simple
April 11, 2019
AlienVault OSSIM SaaS Review
This is currently being used across our corporate environment to help monitor our firewalls that process all associate traffic, active directory, O365, etc. This product has helped us to gain more visibility into the traffic that is being sent across our network and help identify threats quicker. Currently, the Security department is in charge of all that is AlienVault, and have given read access to a few neighborliness departments.
- Ability to tune alarms and events to your liking. Very easy to get rid of false positives that are known in your environment, and create actionable alerts for legitimate alerts.
- The simplicity of the dashboard. Everything within AlienVault USM Anywhere is easy to navigate and configure. From sorting logs to creating new users, the layout is natural and easy to figure out.
- The Architecture of the SaaS deployment went smoothly and is very simple and expandable. Very little to worry about on our side with great results.
- Support response time and incident handling have some room to improve. We had major issues with a sensor, and it took several days to get a response. Once we got a response the issue was corrected, it just took a while to get our engineer on the phone.
- Small bugs in the way that the syslog packets are read and normalized. Reading the time in the packet wrong has been the biggest issue we have found so far that is without a solution.
- Complicated Architecture to fully use the product. Requiring port mirroring to use the IDS portion of Alienvault is quite challenging when dealing with a large network size and diverse locations such as ours.
April 07, 2019
Things to think about
It is being used by the IT department for internal vulnerability scans and log collection. It also plays a role in providing information to our internal and external auditors.
- It is good at doing internal scans of end-user devices to find vulnerabilities without the need of installing an agent or client on each device.
- It is good at being a log server. A place to send logs for all of your networking devices, such as switches, firewalls, and other solutions that accept log servers.
- Its ability to collect logs from Barracuda solutions needs heavy improvement. How it collects and organizes the data isn't very useful.
- The end device client, which is optional, and can be installed on any device you want to collect more data from, has compatibility issues with quite a few products we use, and anti-virus software in-particular doesn't like it. We have also had some performance issues with devices the client is installed on.
- The way collected data from all devices and locations is presented to the user in the web portal is not as user-friendly or as clean as it could be. It tends to show too much useless data and too many categories, making it easy to miss the important parts.
April 04, 2019
AlienVault USM: better than expected and a convenient way to maintain security compliance
We use AlienVault USM to monitor and secure our AWS, Azure, and Office 365 environments. The primary use of the product is to maintain PCI compliance. The various PCI reports save a significant amount of time each year during our security audits. We use it to collect logs from Windows, Linux, and cloud environments into one convenient location.
- The integrations are very end-user friendly.
- The user interface is fairly intuitive.
- The PCI reports are extremely time-saving.
- The cross-platform compatibility makes hybrid environment management much easier.
- The "Agent" has caused many problems in our environment.
- The AlienVault server seems to get overwhelmed quickly and could use an option for greater scaling for larger installations.
- The documentation is often lacking on details. The documentation often covers what specific steps to take but does not cover why or how certain items work.
- The user interface is missing many features for bulk/large-scale operations. Such as the ability to close more than one page of alarms at once.
- The "report false positive" does not provide a way to easily remove items so they still show up in audits.
- There is no way to reconfigure many checks to avoid false positives.
- The system lacks transparency for many security or infrastructure operations.
March 28, 2019
Solutions within your finger tips
Jameco Electronics is strictly using AlienVault USM for PCI compliance.
- AlientVault can provide a lot of detailed information on each incident and can verify live from AT&T Labs.
- The detailed information that the system provides makes it much easier task to pin down the issues and resolve them accurately.
- HIPPA and PCI compliance with AlienVault is a much easier implementation than other products on the market currently.
- Assets discovery from static has to improve.
- Tagging, labeling, and remote agent install needs to improve.
March 25, 2019
A review of AlienVault USM
Ailienvault USM was used by our law firm to monitor for security threats, vulnerabilities and reconnaissance. We wanted to legally protect ourselves by employing security products that were robust enough to withstand a legal challenge in the event we were compromised and AlienVault USM fit those requirements.
- AlienVault is great at providing a single dashboard to view into all of your security products in one place
- Alienvault has a powerful intrusion detection system
- Alienvault does a great job of collecting security data from a hundreds of different sources/vendors
- Alienvault is complicated. To install and configure it properly you will need to be a seasoned security professional. I am a Sys Admin guy and I needed help.
- Alienvault USM can be a bit too "chatty" , alerting you to so many things out of the box it seems like a full time person is needed just to manage the alerts. It takes a while after implementation to finally get the alerts down to the correct level.
- Alienvault USM "Plug Ins" are sometimes a little flaky
March 15, 2019
No matter how vast your environment is, AlienVault USM can make you feel like home in.
I love that it integrates with everything and at different levels. I wish ISO27k was implemented as PCI-DSS for the "Compliance-scoped assets", but so far I love the product. It's the best of both worlds - having opensource stuff as well as support.
- AWS integration.
- Google integration.
- Asset grouping.
- Incident-automation with ServiceNow.
- Knowing software versions and asset information, we should be able to know the vulnerabilities as they come out without having to rescan the inventory. A rescan could be done to validate the info is still true (about versions and stuff), but instead of va-scan being the vulnerability "informer", you could check when a new vulnerability comes out - if we had this software/service configured somewhere.
- Malware protection? I'm honestly not sure as there's not a lot that AlienVault doesn't do :)
February 12, 2019
Aliens - our friends!
Our organization is a reseller of AlienVault products. So we use AlienVault for testing and studying.
- Vulnerability Scanning is a great feature of AlienVault USM. It is a very powerful tool for securing your infrastructure, and it is comparable with other very big solutions in this market.
- Great view, great AlienVault Labs, a huge number of plugins and correlation rules, and it grows every day.
- NIDS - great module with up to date rules for almost all types of malware.
- Source IP = 0.0.0.0 The biggest hole in AlienVault. If in Syslog, there is no IP address, but hostname - in events we don't see src IP, just 0.0.0.0. This is really bad, it needs to be reconfiguring regex in all plugins.
- No information about AlienApps is provided in AlienVault USM anywhere in Essentials. We know that in the standard license we have all, but there is no info about it in Essential.
- More features for availability, monitoring. More dashboards that we can use in this module. We have Nagios on board, so let's use it with a graphical interface!
February 09, 2019
Down, Dirty, And Honest.
AlienVault is currently being used first and foremost to monitor vulnerabilities and audit assets/events received from within our network.
As the Chief AlienVault engineer within the company the product has had its ups and downs, And requires a good amount of knowledge with regards to Linux, and the many smaller components which make AlienVault what it is (e.g. rabbitmq, MySQL, openvas, ossec, NAGIOS, Ansible, NMAP, etc. etc.). To really get any worth beyond what AlienVault provides "out of the box", And you may find your head against a wall occasionally with support as they may be slightly inexperienced in some regards (but this can be said about any product if you support it long enough).
With that said, It excels in every single possible task you may throw at it as a security appliance, There really isn't much else like this SIEM that gives you a nice top-down view of what's going on within your network. Very good value if you're just using something simple like this for basic necessities such as raw log management, and event escalation.
As the Chief AlienVault engineer within the company the product has had its ups and downs, And requires a good amount of knowledge with regards to Linux, and the many smaller components which make AlienVault what it is (e.g. rabbitmq, MySQL, openvas, ossec, NAGIOS, Ansible, NMAP, etc. etc.). To really get any worth beyond what AlienVault provides "out of the box", And you may find your head against a wall occasionally with support as they may be slightly inexperienced in some regards (but this can be said about any product if you support it long enough).
With that said, It excels in every single possible task you may throw at it as a security appliance, There really isn't much else like this SIEM that gives you a nice top-down view of what's going on within your network. Very good value if you're just using something simple like this for basic necessities such as raw log management, and event escalation.
- Log management - Out of the box, Alienvault already comes with a ton of plugins for a lot of industry standard names (VMware, Cisco, Brocade, Microsoft... ) with automatic categorization.
- Vulnerability Scanning - With a consistently updated threat-Intelligence database, this is invaluable to highlight some of the weaker points within your network. Maybe that newbie you hired left the default credentials? Maybe a new patch was pushed out for a piece of hardware or software you use that is a serious issue?
- OTX - The Open Threat Exchange which AlienVault manages and updates is fairly consistent with making sure that outside of the updated directives events which are available to the appliance to correlate with the data you receive from the devices you are monitoring from within your network. For example, checking if an outbound firewall log has information on an asset communication with a known malicious server, or if you have files on that very asset or another asset which match hashed values showing that the server may have been potentially compromised.
- Support - The support is the *WORST*!, They take a *VERY* long time to respond, and half the time they're just skimming over the issue instead of actually asking questions to be better informed!
- Buggy Updates - I've had my fair share of issues with the USM Appliance that have either been through updates or oversights from AlienVault's end that have either left the appliance in a degraded or broken state. The most recent 5.6 Update left a lot of people hanging due to failed database upgrades. YOU WILL NEED LINUX KNOWLEDGE IF YOU PLAN TO TAME THIS BEAST.
- Complexity - A lot of people start out with AlienVault and stare like a deer in headlights at the amount of drop-downs and different pages and menus available. While, Yes, AlienVault is a very technically complex package as it's based on many different working components that work with each other. A lot of this data can be more easily presented to the end user. And quite a bit of the documentation on their website is actually out-dated. But then again, managing a SIEM is a full-time job - you hire one person to do *Just That*.
January 15, 2019
Great for small organizations!
We are currently using AlienVault USM Anywhere to collect logging data from all major applications used by the institution, especially G Suite. We are using it to get a better understanding of what is happening in our environment from a security standpoint. The best part for our institution is that all data is kept in a central location off-site.
- Log monitoring
- Centralized Reporting
- Notifications
- While it is fairly good, the integration with various IT systems could always improve - support more products and provide better documentation for tying them to AlienVault.
- The cost does jump quickly. While we've found AlienVault to be affordable for our small size, I would hope that the product continues to be within our reach for everyone's benefit.
- AT&T's ownership remains a concern. They do not have the best track record.
November 13, 2018
AlienVault USM ...A decent SIEM tool..
Score 8 out of 10
Vetted Review
Verified User
AlienVault USM Anywhere is one of the best tools I have experienced because it is not only SIEM but also it gives us other functionality as well, like asset discovery, vulnerability assessment, and file integrity etc. So we are using it for Network infrastructure monitoring as well as for vulnerability assessment too. It is a pane of glass tool and it is used by the SOC department.
- Single pane of glass solution for on-premises as well as for cloud environment.
- In-built Vulnerability Assessment.
- AlienVault's OTX community direct coNnectivity and sync for tool.
- New End point threat hunter by OTX.
- Process speed
- Have a better NetFlow visibility
AlienVault USM is used as the Central Alert, notification and was implemented within a short time frame to fulfill audit purposes. It was relatively easy to setup and implement, and has been a great addition to our suite of tools.
- Enables integration with readily available software currently in use.
- Easily customizable to allow reporting for different functions and users within the organization.
- Reporting function for vulnerabilities as a check and balance with other tools utilized.
- Further integration with Enterprise tools.
- Rapid growth of product has led to some issues with implementation of alerts and false positives.
- Ability to report as needed takes some time for focusing and testing of reports.