AlienVault USM: Simplifying Security with Cost-Effective Threat Detection.
Our organization uses AlienVault USM to enhance the security posture and streamline our clients' threat detection and response. The …
Starting at $1,075 per month
View PricingOverview
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (8)8.585%
- Correlation (8)8.585%
- Event and log normalization/management (8)8.080%
- Custom dashboards and workspaces (8)7.070%
Reviewer Pros & Cons
Pricing
Essentials
$1,075
Cloud
per month
Standard
$1,695
Cloud
per month
Premium
$2,595
Cloud
per month
Entry-level set up fee?
- Setup fee optional
For the latest information on pricing, visithttps://www.alienvault.com/products/pri…
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Features
Return to navigation
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Features
Security Information and Event Management (SIEM) Features
- Supported: Centralized event and log data collection
- Supported: Correlation
- Supported: Event and log normalization/management
- Supported: Deployment flexibility
- Supported: Integration with Identity and Access Management Tools
- Supported: Custom dashboards and workspaces
- Supported: Host and network-based intrusion detection
Additional Features
- Supported: AlienVault Open Threat Exchange
AlienVault USM Screenshots
AlienVault USM Videos
AlienVault USM Competitors
AlienVault USM Technical Details
| Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
|---|---|
| Operating Systems | Unspecified |
| Mobile Application | No |
| Supported Countries | Global |
AlienVault USM Downloadables
- Unified Security Management vs. SIEM: a Technical Comparison
- AlienVault USM Anywhere: Datasheet
- AlienVault Fast Facts
- AlienVault USM Anywhere: Datasheet
- Beginner’s Guide to Open Source Intrusion Detection Tools
- SIEM for Beginners: Everything You Wanted to Know About Log Management But Were Afraid to Ask
Frequently Asked Questions
Splunk Cloud and Fortinet on IBM Cloud are common alternatives for AlienVault USM.
Reviewers rate Deployment flexibility highest, with a score of 8.6.
The most common users of AlienVault USM are from Mid-sized Companies (51-1,000 employees).
Comparisons
Compare with
Reviews and Ratings
(735)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Recommendations
Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.
AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.
AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.
The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.
Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.
Based on user recommendations, AlienVault USM receives the following common recommendations:
-
AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.
-
Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.
-
To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.
Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.
Attribute Ratings
Reviews
(201-225 of 390)Companies can't remove reviews or game the system. Here's why
October 29, 2018
Great Product, Great Value
As a product-agnostic Managed Security Services Provider (MSSP), AlienVault USM is one of several SIEM solutions we utilize in our Security Operation Center (SOC). We deploy, manage, and monitor the solution for other clients, and we use it for ourselves. As do most SIEMs, AlienVault allows us a central location to monitor the cybersecurity of an IT environment. It's impossible to avoid 100% of attacks, so after setting up defenses, the next best thing is to have 24/7 eyes-on-glass to be able to quickly respond to incidents as they happen.
- AlienVault USM Anywhere has a modern, user-friendly, and intuitive GUI, making it easy to use.
- AlienVault USM Anywhere is a cloud-based solution that is easy to deploy and easy to scale as well.
- On top of having built-in support with several technologies, AlienVault USM Anywhere has an API that allows you to develop additional plugins if necessary.
- Although they use machine learning, the algorithms that they use are graph-based. Their AI/ML capabilities could be improved a bit.
- The solution provides some compliance reports, but it does not generate reports with information such as... how many of what type of event happened this month. You can see this information on the dashboard, but it would be nice to be able to generate a report automatically.
We utilize AlienVault USM for the below categories
Vulnerability Assessment and Remediation.
Threat and Malware Detection.
Log Management, Monitoring, and Archiving.
Managed SIEM.
Compliance Monitoring & Reporting
Being able to cover all the above aspects in one screen considerably reduces time and, let's not forget, money to quickly and effectively solve security issues within the company and implement fixes and reports as needed.
Vulnerability Assessment and Remediation.
Threat and Malware Detection.
Log Management, Monitoring, and Archiving.
Managed SIEM.
Compliance Monitoring & Reporting
Being able to cover all the above aspects in one screen considerably reduces time and, let's not forget, money to quickly and effectively solve security issues within the company and implement fixes and reports as needed.
- SIEM - Real time logs allow you to quickly drill down into current issues in your network and filter out any noise
- Alarms - The alarms page shows all the current environmental awareness on the network and a quick report and ticketing system allows for ease of use. This again saves time and make you more effective at resolving issues and the ability to pass the tickets to the relevant department.
- OTX - The open threat exchange integrations enables the USM to use all the latest threat indicators to correlate against incoming threats without the need to manually add rules to your USM.
- Apps - AlienVault integrate with many apps already but there are plenty more to be added to allow further integration with other products.
- More ability to filter logs form other security platforms
September 28, 2018
Effectiveness at Detecting Security Threats
AlienVault USM is used as a Cloud-Hosted Service by my organization. It is being used by some departments. It has the features like Vulnerability assessment, Intrusion detection, behavioral monitoring, log management etc.
- AlienVault Unified Security Management (USM) delivers a unified, simple and affordable solution for threat detection and compliance. Powered by the latest AlienVault Labs Threat Intelligence and the Open Threat Exchange the largest crowd-sourced threat intelligence exchange, USM enables mid-size organizations to defend against modern threats.
- It is free. The best free SIEM out there. Possibly the only one.
- Every upgrade is a possible chance for re-building the system. About 80% of the time, the upgrade will break something so badly, you need to re-install and start from scratch.
- The system slows down considerably when a large number of events are fed in.
- The community is weak and there is rarely any input from the developers on the community to help out. So a lot of people try it out and then go somewhere else.
- While I think it is a great product, it seems to me like it is falling behind in the last few years. There are some more usable and better products in recent years that would make me buy them instead of AV USM.
September 11, 2018
A complete security framework that works on multiple layers.
Originally AlienVault was a product we sought to meet requirements for GDPR, but soon in our initial review, we realized that it would deliver much more than we needed. We currently have a solution that provides us with information for decision-making and proactive action in the security context of our environment. The solution proved to be so well thought out, with an excellent technical background that personally, I invested heavily in an apprenticeship and became an AlienVault USM certified engineer.
- AlienVault enables integration with external technologies, thereby broadening its scope and possibilities.
- AlienVault has a dashboard customization and reporting scheme that makes it flexible to query your data, allowing you to model the tool according to your needs.
- AlienVault will make you forget the need to consult some information on AWS Cloudtrail. It extracts the data from there and delivers in a much more efficient way.
- With a single tool you can monitor your cloud and on-premises environment.
- Their commercial policy on stored data makes you need to filter out some information before it is stored.
- Their new agent does not allow you to create local filters, which can easily lead to the overrun of monthly contracted storage limits.
- It does not allow you to create log analysis plugins. If it were allowed, it would be possible, for example, to create a plugin for analyzing the logs of an application created by your company.
June 27, 2018
AlienVault is a game changer for us!
AlienVault USM has helped us gain great insights into our operations, as well as the way our users utilize our environment. It is simple to track complex issues, and quite convenient to have a single interface to do so. Management has been pleased with the internal reports we've created using AlienVault, and it has become a critical part of our environment in a short amount of time. The security, alerting, and logging have allowed us to grow as an organization without worrying about whether or not we are secure and up-to-date. This is a fantastic product, and while initially a hard sell due to the price, has proven its worth over the year or so we've used it. I love being able to say to management "yes, I can get you that information" knowing full well that I will be able to, in an easy and timely fashion.
- SIEM - logging. AlienVault is easy to configure on the client side, and with a couple scripts, makes deployment a piece of cake.
- Vulnerability scanning. AlienVault helps us track which systems are most vulnerable to security issues so we can prioritize patching.
- Reporting. AlienVault generates useful and attractive reports.
- Some of the documentation could be improved and go more into depth, but support is helpful when the documentation falls short.
June 22, 2018
Тhere is room for improvement
We are utilizing USM Anywhere as SIEM system for a logs aggregation and further analysis by creating correlation rules, manual monitoring of events and alerts sent through notifications to e-mail and Slack channel.
- Deployment and Integration pretty easy and straightforward whether in AWS (Cloud) or the on-prem environment.
- Log aggregation, collection rules/Jobs easy to create.
- Notification s component working very well
- AWS Integration: in particular, monitoring of AWS resources is far away from ideal
- Vulnerabilities scanner requires root and administrative privilege in localhost, which is not acceptable.
- The sensors themselves generate millions of requests, which creates a lot of unnecessary noise to the systems and eventually "eating" traffic and expensive storage space
June 15, 2018
Better for enterprise than SME
AlienVault helps us collect and log from a variety of sources. We use that information to generate security events using its built-in functionality. We run AlienVault in a cloud deployment, and use it to monitor all of our production services across the organization. The alerts it generates are used throughout the company.
- Parsing logs in a variety of formats
- Training was very useful
- Set up is challenging
- Debugging log ingestion issues is difficult
- Limited alerting out of the box
June 14, 2018
Good product for the price
It is being used by the I.T Department to help get a handle on the number of intrusion attempts. It is helping secure our organization's critical servers.
- Intrusion detection
- Correlation
- Log based eventing
- The appliance can only handle so much SPAN port traffic. We need more but are making do with what we have.
June 07, 2018
AlienVault after 1 year
Score 9 out of 10
Vetted Review
Verified User
My organization used AV in the cloud mostly with AWS. In one place we can monitor all systems. This could also be done with free tools but it can be hard to get all in one place and it would take much more time to do all of the checks daily.
- All in one view where you can see all of your assets.
- Logs and alarms.
- Detecting systems in your environment.
- Control of updates - nice to do it in maintenance window.
- More custom dashboards.
We are using AlienVault for log aggregation, analysis and alerting and for scheduled vulnerability scans.
AlienVault ingests logs from our switches, routers, firewalls, servers and essential workstations. It combines uses the analysis of all of these elements using its correlation engine.
It also does a scan on a regular basis to identify vulnerabilities that exist on the network.
It has an integrated ticket system and asset management system but they are both, kind of, lacking in features.
AlienVault ingests logs from our switches, routers, firewalls, servers and essential workstations. It combines uses the analysis of all of these elements using its correlation engine.
It also does a scan on a regular basis to identify vulnerabilities that exist on the network.
It has an integrated ticket system and asset management system but they are both, kind of, lacking in features.
- AlienVault's correlation engine is really well designed and it understands a large number of log types.
- AlienVault's open threat exchange is a great way to use the community to report new signatures for issues that are being seen in their environment.
- AlienVault's main screen UI is well designed and makes it very clear as to what issues need to be addressed first.
- AlienVaults published development to-do-list is a great feature that more companies need to employ. It is great seeing that features are being worked on and they do take input as to what features need to be added next.
- AlienVault's on-premise and cloud platforms use a completely separate software base and they don't seem to be getting the same attention from developers. They need to bring the two platforms together into one code base.
- AlienVault needs to enable integration with third-party utilities for ticketing and asset management. Neither the ticket system nor the asset management system is well featured, as such, they need to be able to integrate with other systems that have more features.
- AlienVault needs to add a true compliance scanner like Openscap.
- AlienVault needs to get their cloud solution Fedramp compliant.
April 17, 2018
AlienVault ~6 Month Review
AlienVault is currently being used in my organization to provide visibility on the activities we cannot see from the edge firewalls such as user to server or server to server traffic. Combined with the HIDs we are able to identify security vulnerabilities down to the source machine and or user, and either at the top (egress) or bottom (client/endpoint) most point in our network infrastructure. This overall helps with the tightening of the policies on the network security assets as we now have data showing endpoint and activity correlations.
- Up to this point, I have had no issues integrating with a system we currently have in production. while AlienVault stays on top with plugin updates.
- Te dashboard is very informative when you figure out how to navigate around it and tweaked to your organization needs.
- Correlation of events is probably my favorite as I normally only need to jump on the AlienVault dashboard to hammer down on network traffic/activity details.
- At times I do find navigating the dashboard for very specific functions to be difficult.
- For entry level security analysts or administrators I feel can get overwhelmed with the amount of data available from a single platform (in a good way)
- helpful to understand Linux for certain tasks
April 05, 2018
Excellent USM
Currently used in my company for IDS, vulnerability scanning, monitoring of uptime, notification of when a server or device is disconnected, detection of assets in the network, malware monitoring, traffic monitoring, suspicious activity alert, etc. .
- It is easy to understand and use
- AlienVault USM is a product that works well for companies that do not have personal security insurance
- The system processes them in real time, correlates events and alerts
- The best thing about AlienVault USM is that it has all the tools in one place, vulnerability scanner, netflow, hides ..
- Unable to obtain information sometimes
- The limitation of reports
March 27, 2018
AlienVault USM Anywhere
​We are an MSP and we utilize an AlienVault USM Anywhere solution for threat detection in client networks. The new cloud-based panel is excellent both for client review as well as for our SOC to review and respond to threats. It is much easier to configure and use than the previous solution from AlienVault.
- Ease of Initial Installation
- Range of products covered
- Cloud Alert Console
- Relevancy of Data/Alerting
- Adding additional plugins and applications can be difficult
- Extensive customization required to clear out white noise
March 27, 2018
AlienVault USM Review
We are an MSSP. We use AlienVault USM internally to monitor our data center and deploy it to remote customer locations and use it as our main security monitoring software. We use it to provide network and host intrusion detection as well as vulnerability scanning and more. AlienVault helps address security visibility and threat detection.
- Threat detection. AlienVault uses respected open source tools to detect threats.
- Threat intelligence. AlienVault constantly updates their threat intelligence feeds so they are never out of date.
- Complete visibility. AlienVault helps monitor the main 5 areas of security visibility.
- User interface can be very buggy and difficult to use.
- Many features seem unrefined as if they were implemented to be functioning good enough to use but are not fully tested or refined.
- Reporting is very underwhelming. They are not very configurable in terms of useful data and the design can be difficult to look at.
March 27, 2018
AlienVault USM Review
We are an MSSP and use AlienVault to monitor customer networks for malicious activity.
- SIEM
- Easy to navigate UI
- Training classes to get you up to speed fast on the product
- Value "progress over perfection" seen very prominently in bugs while using the software
- Training classes do not properly prepare for the ASCE exam that is recommended for MSSPs to take
- Technical questions about deployment in a distributed environment not easily available. Normally have to schedule technical calls that can take a week to resolve.
March 23, 2018
AlienVault a stronger solution
AlienVault is used by the Southfield office of Equain LLC. We needed a SIEM for our HITRUST compliance and I purchased the entire suite. I had used OSSINC a few years back in conjunction with Splunk to create a SIEM solution for a retail chain. I followed OSSINC and when I read that AlienVault had taken the product and enhanced it along with added capabilities, I was comfortable with the purchase. I am impressed with the Nmap capabilities, very quick and non-invasive. The vulnerability scanning gives a user options such as a quick non-invasive look at a network. I also do a deep scan that takes more time but very comprehensive. One more item I like is the HIDS deployment capability, this not only protects our workstations but most of our servers. The added data to the network data gathered by the SIEM is invaluable.
- The SIEM does a good job of correlating network data from multiple sources along with the Data from deployed HIDS
- The Nmap scan is fast and non-invasive that defines devices on your network.
- The vulnerability scanning has several options and reports to enable data to be available for compliance purposes.
- Walking through all the devices after a Nmap or device discovery scan can be tedious to get the data correct
- When deploying HIDS, it would be better if the system gave more detail as to the deployment error
- Offline updating of licenses can be a little time-consuming
March 23, 2018
AlienVault Review
We are using AlienVault as a collection point for our security and appliance logging to take advantage of its correlation engine to identify security concerns we might not otherwise notice.
We are able to run various reports as needed or schedule them to provide insight into various metrics such as account lockouts, vpn connectivity, etc.
- Log Correlation - continuously growing list of correlation rules to catch network and security concerns.
- Log searching - quick sorting / searching through all of our security events.
- HIDS - It is nice to be able to track multiple specific metrics or logs against servers using the HIDS agent.
- Difficult to configure.
- They include training when you purchase AlienVault - which I feel is necessary. The downside is the training is really split between implementation and use, where the value for end users is really just use. Staff probably need this training to get most out of implementation.
March 15, 2018
AlienVault Locks it Down
Sword & Shield is an AlienVault MSSP focusing on security for medium to large businesses. We believe it is the best security management and SIEM platform out there for the cost and value you get. We have a 24/7 managed SOC centered around this platform and also use it to monitor activities within our corporate environment.
- Provides a simple, customizable dashboard to easily see the most important things going on in your environment.
- Goes beyond traditional SIEM by providing things like File Integrity Monitoring, IDS and Asset Management.
- Very simple integration with common cloud services (AlienVault USM Anywhere only).
- From a volume perspective, if you have a ton of log data, it isn't the best tool for traditional SIEM activities.
- There is no migration from USM Appliance to USM Anywhere. You basically have to start over if you move some things to the cloud and want to capture that information.
March 12, 2018
AlienVault USM for the win!
AlienVault USM gets used to track events coming from assets and we also use it to track availability. Since we are also a reseller of this product, we use it as a test bed to deploy strategies, correlation directives and event plugins to our customers' production environment. We also use it for showing a demo of the product, to facilitate the sales process.
- Compliance: For each compliance aspect in each standard, there's an AlienVault USM feature which helps compliance. For instance, in PCI DSS Compliance you require File Integrity Monitoring, and AlienVault USM has it. Every component of the standard gets covered by the product.
- Data handling: Event management can become cumbersome if not well handled. AlienVault USM classifies event information properly where it belongs to the data it's useful to you. When you export a report, you can filter out easily what you don't need, so you only extract valuable information.
- Asset availability: It is really handy to cover every aspect of your asset classification, events to come in, services each asset has, location, all of the information really helps to draw alarms properly.
- Vulnerability Scanner reporting: The reporting from the integrated scanner (OpenVAS) are really difficult to read. They could have done a better job by scraping the report or creating a custom report from the data of the scan. However, leaving the default report template from OpenVAS makes the report somewhat useless.
- Sometimes the local integration fails because of the scope of the tool. Let me elaborate on that: The OpenVAS scanner has certificated that expire within a year, and that makes the USM fail scans if you don't renew certificates yourself. They should have made them last at least 10 years. Same with Nagios, sometimes the integration fails and one doesn't know why unless you jailbreak it and find out in the logs for sure.
- They do not provide a standalone installation of the product, because they modified so much the Linux distribution, that it must always be deployed as a virtual machine or appliance, but not on your own server.
January 19, 2018
More than SIEM: A whole Security Ecosystem which is easy to integrate, operate and use
While a decision had to be made, which SIEM system would be the best fit for a "from-scratch" project, AlienVault USM had been chosen due to its easy and fast implementation path, as well as its rich feature set. The customer had been under a lot of time pressure and therefore an all-in-one solution had to be found and put in place. As the classical SIEM approach is missing the complete surrounding ecosystem, such as NIDS, HIDS, FIM, Vulnerability Scans, Availability Monitoring etc, you get everything in one solution here. Also AlienVault as a company was very helpful during the planning and implementation phase. Their documentation is pretty good and their service representatives are very helpful. This is definitively a big pro if you want to deliver fast results in getting it up and running to see your customer happy. Not to forget their pricing is very competitive too and most probably the most cost-efficient solution you can find in the marketplace by today. After the project became a real success, AlienVault USM is used subsidiary-wide and has already proven several times that is was the right decision.
- AlienVault USM is based on well-known Open Source components, which each for itself, represents a quasi industry standard
- Integration into the existing infrastructure works like a charm. Basically you just need to roll-out an OSSEC client to each server or PC and you have already a pretty high coverage of security information and events. They immediately show up in the AlienVault Webinterface
- Due to the countless plugins, it is very easy to add network devices like firewalls, router, switches, but also servers running apache and the alike. You will just need to forward syslog and it will all appear in your AlienVault Webinterface
- The modular design of AlienVault USM in form of "deployable sensors", allows you to easily integrate different network segments, such as remote sites.
- As regular vulnerability scans are a must to understand which CVEs your infrastructure is exposed at, this becomes an easy task with AlienVault. They provide you with a set-and-forget approach for running regular scans. Additionally there are helpful hints to how to get more secure.
- Because AlienVault USM combines several well know components, you have to life with the fact, that they are not in their latest version, i.e. the integrated OSSEC, which should be replaced with the OSSEC-Wazuh fork instead.
- Due to the all-in-one approach, the solution is quite resource hungry. You have to have a decent machine to run it.
- The reporting module is nice, but sometimes it is quite a challenge to configure a custom report as you will only get the results you want after a trial and error run.
January 18, 2018
AlienVault USM
Score 8 out of 10
Vetted Review
Verified User
We use AlienVault USM in AWS and onsite. It's a nice way of viewing everything what is happening there in one place. Clear and nice picture of what is happening on the network. Dashboards view is missing customization of view profiles as they are very limited and unfortunately you can't control when updates are done. We have tested view of IDS in cloud and this was the best choice for us.
- Shows all issues, vulnerabilities and attack on servers.
- More customized dashboard view.
January 03, 2018
This is no Area 51, AlienVault exposes the hidden threats!
AlienVault USM is use throughout our organization. It was put in place to resolve two issues. One was for vulnerability scans for audit compliance. It was also used for monitoring critical systems in our network. We also use to to parse syslog and other logging. An added bonus was the ability to track AD changes.
The vulnerability scans are the best bar none that we tested. The monitoring is great too, however the only thing we found lacking was hard drive monitoring, we had to put another solution in place for that, however that was 6 months ago, so things may have changed.
The vulnerability scans are the best bar none that we tested. The monitoring is great too, however the only thing we found lacking was hard drive monitoring, we had to put another solution in place for that, however that was 6 months ago, so things may have changed.
- Vulnerability scanning
- Up to date security definitions
- Open Threat Exchange
- Range or product sizes to fit any size of organization
- Hard drive monitoring
- Slightly higher learning curve
January 02, 2018
AlienVault USM Implementation Review
We use AlienVault USM to monitor our data center, network traffic, and key workstations. Our goal is to protect the systems from loss of PII, from malware, and from intrusion.
- Alerts are emailed to us for many types of configurable concerns. Such as intrusion attempts.
- Network traffic can be monitored for PII that may be transferred across the network or off-site that is not authorized or that is sent unencrypted properly.
- Key systems can be monitored for malware, intrusions, and network traffic.
- The menu structure could be broken down by categories that make it easier to locate sub-menus.
December 28, 2017
Aliens to the rescue!
We are primarily using the product as our SIEM system to correlate logs across our infrastructure and provide useful analysis on potential threats and anomalies. We also use the built in vulnerability scanning, IDS and asset management functions as a complement to our existing vulnerability/IDS/asset management systems. With this level of intelligence, it helps us determine what course of action to take to an incident and assists us in prioritization.
- Log correlation is excellent and on par with other more expensive solutions.
- Ease of use is a big plus.
- Initial setup was simple and quick.
- The OTX threat intelligence is a great complement to our other threat intelligence feeds to ensure we have as many 'eyes' out there informing us of all the potentially malicious threat actors out there.
- There are a couple of things that can only be done through the CLI and unless you're familiar with the CLI, there may be a large learning curve for some.
- The vulnerability scanner lacks a number of advanced features that other solutions have which make it simpler and more efficient to manage.
- Plugins are limited (although they are adding more as time goes on). If you need a plugin that is not available you will need to create one on your own which requires modification of a number of files and can be daunting for someone new to the platform.
December 15, 2017
AlienVault is no Alien when it comes to Security
AlienVault Unified Security Management is being used across the whole organisation for event logging and monitoring, threat/vulnerability management and IDS.
- Alerting on correlated events - this has allowed us to capture malware ahead of time.
- Ease of device logging - once the logs are sent through, the data is available instantly.
- Actively reviewing and responding to vulnerabilities through an easy to use interface and schedule task format.
- More functionality pushed through the web interface would be useful.
- Asset management can be a little restricted when applying changes across a rule set.