Overview
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…
TrustRadius Insights
Empowering Security Zenith with Unified Vigilance.
will I continue to use USM, Yes I would
Excellent security for your machine
MSSP Review
Great product but out of the box it needs a lot of work.
AlienVault is about as user-friendly as it gets for threat detection
Great if you can deploy and manage on-premises SIEMs
AlienVault - Not Worth the Price
AlienVault USM Anywhere, a SIEM that is easy on your pocket.
Unbeatable Security Machine
AlienVault USM Provides Heightened Security Awareness in the Legal Services Industry
Best product I've seen for a smaller enterprise network.
Great SIEM for enterprise environments
AlienVault USM is a really beneficial SIEM solution.
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (8)8.585%
- Correlation (8)8.585%
- Event and log normalization/management (8)8.080%
- Custom dashboards and workspaces (8)7.070%
Reviewer Pros & Cons
Pricing
Essentials
$1,075
Standard
$1,695
Premium
$2,595
Entry-level set up fee?
- Setup fee optional
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Features
Security Information and Event Management (SIEM)
Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools
- 8.5Centralized event and log data collection(8) Ratings
Effectiveness of real-time centralized event and log data collection
- 8.5Correlation(8) Ratings
Correlation of logs and events to pinpoint significant threats
- 8Event and log normalization/management(8) Ratings
Ability to normalize event syntax so that logs can be compared and are machine-understandable
- 8.6Deployment flexibility(7) Ratings
Ability to tune system to maximize threat detection and minimize false positives
- 7.3Integration with Identity and Access Management Tools(5) Ratings
Integration with access control tools like Active Directory and LDAP
- 7Custom dashboards and workspaces(8) Ratings
dashboards that can be customized to meet the needs of specific groups
- 8Host and network-based intrusion detection(5) Ratings
Ability to detect both endpoint intrusion and network ingress detection
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Features
Security Information and Event Management (SIEM) Features
- Supported: Centralized event and log data collection
- Supported: Correlation
- Supported: Event and log normalization/management
- Supported: Deployment flexibility
- Supported: Integration with Identity and Access Management Tools
- Supported: Custom dashboards and workspaces
- Supported: Host and network-based intrusion detection
Additional Features
- Supported: AlienVault Open Threat Exchange
AlienVault USM Screenshots
AlienVault USM Videos
AlienVault USM Competitors
AlienVault USM Technical Details
Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
---|---|
Operating Systems | Unspecified |
Mobile Application | No |
Supported Countries | Global |
AlienVault USM Downloadables
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(735)Community Insights
- Business Problems Solved
- Recommendations
Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.
AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.
AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.
The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.
Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.
Based on user recommendations, AlienVault USM receives the following common recommendations:
-
AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.
-
Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.
-
To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.
Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.
Attribute Ratings
- 7.2Likelihood to Renew18 ratings
- 6.4Availability3 ratings
- 7.3Performance3 ratings
- 6.7Usability34 ratings
- 7.3Support Rating25 ratings
- 8.3Online Training6 ratings
- 4.5In-Person Training1 rating
- 6.4Implementation Rating38 ratings
- 8Configurability3 ratings
- 6.3Product Scalability3 ratings
- 7.3Ease of integration3 ratings
- 8.2Vendor pre-sale3 ratings
- 7.6Vendor post-sale3 ratings
Reviews
(176-200 of 390)- Risk analysis is accurate. Cloud-based rule update means less hassle.
- Integrated plugins help centralize log/alert into one system.
- Filter/suppress rule is very easy to set. Easy to fit to our current traffic pattern.
- It's a pain to check each individual alert for detail, I wish there was a popup window or something similar to quickly go through each unusual alert.
- The UI seems not that efficient, and a little bit slow in my opinion.
- I wish we had a Kibana-like quick search criteria change function, click and go.
AlienVault does it all!
- It does very well at monitoring all activity in AWS.
- It does very well with authenticated vulnerability scans.
- It is easy to tune so that only the important events throw alerts.
- It would be great if there were SOC2 and HITRUST compliance reports.
- It would be great if there were a standard plugin for pfsense routers/firewalls.
- Vulnerability assessment is very good. Especially with the software on servers and workstations.
- Event correlation has helped tremendously by centralizing all the data into one feed that we can filter easily.
- Support, training, and implementation were top notch. Very helpful people who answered questions clearly and concisely.
- For a company that is on the smaller side as far as the number of employees and computer systems, the storage available in our tier could get eaten up quite quickly. It wasn't that easy for us to know where to go from a storage tier startup standpoint.
Effective for small teams
- Alerting.
- Log aggregation.
- Cloud management.
- Slow when viewing lots of logs.
- Buggy when removing assets.
- Cannot automate reports.
- Vulnerability scanning does not work.
AlienVault Review
- User Experience - it is incredible.
- The ability to drill into any metric with ease.
- Seeing the entire organization and devices from various levels.
- When parsing logs and data, we'd love to see the ability to add in custom fields from JSON or other structured data sets, as being available.
- When you add in syslog or other data sets, it should allow for encryption and keys that can come from 3rd parties.
Small org upping security visibility - a good first SIEM
- Easy to set up quickly and get results
- Works well with AWS
- Alerting can integrate with third party systems, e.g. Pagerduty
- Low lock-in
- Sluggish performance means that we try to avoid using their GUI in routine processes
- Small feature set and opaque development roadmap leave us frustrated with their minimal query language and lack of reporting customisations
- User and professional services community appears to be heavily Windows-focused
Pretty good at what it does, but could be improved.
- Lots of built-in out of the box functionality.
- Easily satisfies several PCI DSS requirements.
- Event logging is easy to navigate and presented well.
- Initial setup is quite tedious.
- Network setup for IDS caused us to bring our network down a couple of times.
- Reports aren't very good.
AlienVault USM works well for us
- Setup was actually super easy, we had it more or less done in a couple of days.
- Once it's set up, it's pretty hands-off. Just respond to the alerts it sends you. We've had to invest very little time and effort into our set up.
- Documentation is fantastic.
- I do wish it was easier to set up custom monitoring for logs that are specific to our organization.
AlienVault proved itself after one day.
- Report suspicious network activity.
- Display all threats in a nice dashboard.
- Notify me of what other people have encountered with "Pulses."
- Make initial setup easier.
- Make their certification test not so ridiculously tedious with oddly specific questions.
- Provide better remediation steps.
Not well suited: for people who expect an easy plug-and-play solution.
AlienVault USM - A worthwhile SIEM platform that delivers value in the first days of usage
- Threat intelligence
- Centralisation of logs and events
- Event management
- Integration into SaaS first ITSM platforms for better workflow
- GDPR compliance dashboard (to show potential breaches and resolution specific to sensitive data that has been classified and tagged)
- Native integration with SMS services for event alerting (such as a detected cyber attack)
Alien Vault USM goods and not so goods
- AlienVault is very customizable. We can set up many built-in rules and alerts which saves time but can also be extremely granular to properly scan our unique network.
- Great technical support. When I need assistance setting up a new sensor or target scan, AlienVault engineers are there to assist and get me on track.
- Although the interface shows a lot of development and thought put into it, there are some buggy issues at times with simple form submission and web navigation.
- Initially setting up Alien Vault in our environment was challenging and there was a lack of support around the “hardware level” meaning our VMWare environment.
AlienVault USM is wonderful!
- Vulnerability scanning
- Network Intrusion Detection
- Log collection from a variety of products
- Support is not very fast to respond and their resolutions are weak.
- NIDS support with Cisco UCS
- Feature Request: automatic report processing for which the report is emailed
AlienVault is engineering friendly
- It clearly displays all information in an alarm/event
- Very customisable for any needs you may have
- Great support team who are easy to contact and great when helping
- You need a high level of Linux knowledge to be able to use AlienVault to it's fullest potential
- The USM can be quite fragile and crash unpredictably
- Multiple bugs in the backend mean you need to bypass some functions/actions
AlienVault For The Win
- Alerts
- Events
- Monitoring traffic
- Filtering capabilities are little overwhelming
- Rules can get clogged
- Dashboard sometimes seems too simple
AlienVault OSSIM SaaS Review
- Ability to tune alarms and events to your liking. Very easy to get rid of false positives that are known in your environment, and create actionable alerts for legitimate alerts.
- The simplicity of the dashboard. Everything within AlienVault USM Anywhere is easy to navigate and configure. From sorting logs to creating new users, the layout is natural and easy to figure out.
- The Architecture of the SaaS deployment went smoothly and is very simple and expandable. Very little to worry about on our side with great results.
- Support response time and incident handling have some room to improve. We had major issues with a sensor, and it took several days to get a response. Once we got a response the issue was corrected, it just took a while to get our engineer on the phone.
- Small bugs in the way that the syslog packets are read and normalized. Reading the time in the packet wrong has been the biggest issue we have found so far that is without a solution.
- Complicated Architecture to fully use the product. Requiring port mirroring to use the IDS portion of Alienvault is quite challenging when dealing with a large network size and diverse locations such as ours.
Things to think about
- It is good at doing internal scans of end-user devices to find vulnerabilities without the need of installing an agent or client on each device.
- It is good at being a log server. A place to send logs for all of your networking devices, such as switches, firewalls, and other solutions that accept log servers.
- Its ability to collect logs from Barracuda solutions needs heavy improvement. How it collects and organizes the data isn't very useful.
- The end device client, which is optional, and can be installed on any device you want to collect more data from, has compatibility issues with quite a few products we use, and anti-virus software in-particular doesn't like it. We have also had some performance issues with devices the client is installed on.
- The way collected data from all devices and locations is presented to the user in the web portal is not as user-friendly or as clean as it could be. It tends to show too much useless data and too many categories, making it easy to miss the important parts.
Our environment is complex and stretched across many physical offices. This limited how we were able to use AlienVault. We are not currently able to use or enable all of its features. In a simple network infrastructure, AlienVault would do much better.
Note that the cost of the AlienVault product itself will most likely not be your only costs. It will require your network engineer(s) to spend multiple hours configuring or re-configuring your infrastructure to make some of its features work, such as mirror ports and virtual hosts to collect all network traffic from your core.
AlienVault USM: better than expected and a convenient way to maintain security compliance
- The integrations are very end-user friendly.
- The user interface is fairly intuitive.
- The PCI reports are extremely time-saving.
- The cross-platform compatibility makes hybrid environment management much easier.
- The "Agent" has caused many problems in our environment.
- The AlienVault server seems to get overwhelmed quickly and could use an option for greater scaling for larger installations.
- The documentation is often lacking on details. The documentation often covers what specific steps to take but does not cover why or how certain items work.
- The user interface is missing many features for bulk/large-scale operations. Such as the ability to close more than one page of alarms at once.
- The "report false positive" does not provide a way to easily remove items so they still show up in audits.
- There is no way to reconfigure many checks to avoid false positives.
- The system lacks transparency for many security or infrastructure operations.
Solutions within your finger tips
- AlientVault can provide a lot of detailed information on each incident and can verify live from AT&T Labs.
- The detailed information that the system provides makes it much easier task to pin down the issues and resolve them accurately.
- HIPPA and PCI compliance with AlienVault is a much easier implementation than other products on the market currently.
- Assets discovery from static has to improve.
- Tagging, labeling, and remote agent install needs to improve.
A review of AlienVault USM
- AlienVault is great at providing a single dashboard to view into all of your security products in one place
- Alienvault has a powerful intrusion detection system
- Alienvault does a great job of collecting security data from a hundreds of different sources/vendors
- Alienvault is complicated. To install and configure it properly you will need to be a seasoned security professional. I am a Sys Admin guy and I needed help.
- Alienvault USM can be a bit too "chatty" , alerting you to so many things out of the box it seems like a full time person is needed just to manage the alerts. It takes a while after implementation to finally get the alerts down to the correct level.
- Alienvault USM "Plug Ins" are sometimes a little flaky
No matter how vast your environment is, AlienVault USM can make you feel like home in.
- AWS integration.
- Google integration.
- Asset grouping.
- Incident-automation with ServiceNow.
- Knowing software versions and asset information, we should be able to know the vulnerabilities as they come out without having to rescan the inventory. A rescan could be done to validate the info is still true (about versions and stuff), but instead of va-scan being the vulnerability "informer", you could check when a new vulnerability comes out - if we had this software/service configured somewhere.
- Malware protection? I'm honestly not sure as there's not a lot that AlienVault doesn't do :)
Aliens - our friends!
- Vulnerability Scanning is a great feature of AlienVault USM. It is a very powerful tool for securing your infrastructure, and it is comparable with other very big solutions in this market.
- Great view, great AlienVault Labs, a huge number of plugins and correlation rules, and it grows every day.
- NIDS - great module with up to date rules for almost all types of malware.
- Source IP = 0.0.0.0 The biggest hole in AlienVault. If in Syslog, there is no IP address, but hostname - in events we don't see src IP, just 0.0.0.0. This is really bad, it needs to be reconfiguring regex in all plugins.
- No information about AlienApps is provided in AlienVault USM anywhere in Essentials. We know that in the standard license we have all, but there is no info about it in Essential.
- More features for availability, monitoring. More dashboards that we can use in this module. We have Nagios on board, so let's use it with a graphical interface!
Down, Dirty, And Honest.
As the Chief AlienVault engineer within the company the product has had its ups and downs, And requires a good amount of knowledge with regards to Linux, and the many smaller components which make AlienVault what it is (e.g. rabbitmq, MySQL, openvas, ossec, NAGIOS, Ansible, NMAP, etc. etc.). To really get any worth beyond what AlienVault provides "out of the box", And you may find your head against a wall occasionally with support as they may be slightly inexperienced in some regards (but this can be said about any product if you support it long enough).
With that said, It excels in every single possible task you may throw at it as a security appliance, There really isn't much else like this SIEM that gives you a nice top-down view of what's going on within your network. Very good value if you're just using something simple like this for basic necessities such as raw log management, and event escalation.
- Log management - Out of the box, Alienvault already comes with a ton of plugins for a lot of industry standard names (VMware, Cisco, Brocade, Microsoft... ) with automatic categorization.
- Vulnerability Scanning - With a consistently updated threat-Intelligence database, this is invaluable to highlight some of the weaker points within your network. Maybe that newbie you hired left the default credentials? Maybe a new patch was pushed out for a piece of hardware or software you use that is a serious issue?
- OTX - The Open Threat Exchange which AlienVault manages and updates is fairly consistent with making sure that outside of the updated directives events which are available to the appliance to correlate with the data you receive from the devices you are monitoring from within your network. For example, checking if an outbound firewall log has information on an asset communication with a known malicious server, or if you have files on that very asset or another asset which match hashed values showing that the server may have been potentially compromised.
- Support - The support is the *WORST*!, They take a *VERY* long time to respond, and half the time they're just skimming over the issue instead of actually asking questions to be better informed!
- Buggy Updates - I've had my fair share of issues with the USM Appliance that have either been through updates or oversights from AlienVault's end that have either left the appliance in a degraded or broken state. The most recent 5.6 Update left a lot of people hanging due to failed database upgrades. YOU WILL NEED LINUX KNOWLEDGE IF YOU PLAN TO TAME THIS BEAST.
- Complexity - A lot of people start out with AlienVault and stare like a deer in headlights at the amount of drop-downs and different pages and menus available. While, Yes, AlienVault is a very technically complex package as it's based on many different working components that work with each other. A lot of this data can be more easily presented to the end user. And quite a bit of the documentation on their website is actually out-dated. But then again, managing a SIEM is a full-time job - you hire one person to do *Just That*.
Great for small organizations!
- Log monitoring
- Centralized Reporting
- Notifications
- While it is fairly good, the integration with various IT systems could always improve - support more products and provide better documentation for tying them to AlienVault.
- The cost does jump quickly. While we've found AlienVault to be affordable for our small size, I would hope that the product continues to be within our reach for everyone's benefit.
- AT&T's ownership remains a concern. They do not have the best track record.
AlienVault USM ...A decent SIEM tool..
- Single pane of glass solution for on-premises as well as for cloud environment.
- In-built Vulnerability Assessment.
- AlienVault's OTX community direct coNnectivity and sync for tool.
- New End point threat hunter by OTX.
- Process speed
- Have a better NetFlow visibility
- Enables integration with readily available software currently in use.
- Easily customizable to allow reporting for different functions and users within the organization.
- Reporting function for vulnerabilities as a check and balance with other tools utilized.
- Further integration with Enterprise tools.
- Rapid growth of product has led to some issues with implementation of alerts and false positives.
- Ability to report as needed takes some time for focusing and testing of reports.