Reviews (26-50 of 348)
- VMWare Sensor deployment is very easy.
- Dashboards are nice and clean.
- Network monitoring and Syslog collector just work.
- USM Anywhere does not support Netflow or any variation. SPAN and RSPAN are currently the only methods to monitor IP flows.
- USM Anywhere tech support is lackluster. I have opened two tickets and struggled to receive knowledgeable technical assistance.
- USM Anywhere does not do scheduled report delivery in any format. Reports are run on demand and must be printed to pdf for distribution.
- It is easy to deploy and get logs into the dashboard
- Integrations with Office 365 is pretty seamless and provides great context.
- Super easy to increase storage tiers if you find yourself adding more and more log sources.
- USM Anywhere doesn't allow you to multi-home sensors. So if you have non-routable networks, you'll need to investigate the on-premise solution too.
- You have to be on top of tuning else a constant stream of alerts will cause your SOC staff to begin ignoring alarms.
- You have to be on top of tuning else you'll eat your allotment of storage for that month. It is really easy to exceed your storage quota if you don't proactively monitor log sources. USM could do a better job letting you know if a log source is too chatty.
- Reporting is made Simple with AlienVault USM
- AlientVault USM inform us of urgent security holes or issues with our environment
- AlientVault USM is useful for monitoring who has accessed your data
- I find the agent can report incorrect data from time to time, so improvements in the AlienVault USM agent is advised.
- I don't like how AlientVault USM prevents you from fully removing (Unnecessary) vulnerabilities, which you already flagged as (NOT important), you should have the option to fully remove these if you want.
- Easy to set up/use
- Interface is slow and quirky
- Lacks functionality compared to other products
- Documentation (both troubleshooting and informative) is lacking detail
- Ease of use also has downfalls in that when detailed information is needed it's harder to obtain when investigating/troubleshooting
- Alienvault USM does a good job presenting the data collected in a concise and actionable manner.
- AlienVault USM lacks good technical documentation, documentation needs more detail, more substances, and background information. The current documentation is frustrating for first-time users and assumes the user is already familiar with how and why USM works the way it does.
- AlienVault USM would benefit greatly from a simpler onboarding process. One situation I remember well has to do with adding the credentials for vulnerability scanning. We knew the credentials were accurate, however, they worked for some systems and didn't work for others. Very frustrating.
- Another area of major improvement for AlienVault USM is technical support. Technical support basically does not exists, if the documentation was comprehensive and detailed, with examples and scenarios, this would not be such a big issue. The first time my team experienced this, I knew we would not renew our contract.
- PCI compliance scanning: AlienVault USM gives you the ability to scan assets using different variations of PCI policies.
- Event log management: AlienVault USM allows you to easily collect and search event log data across multiple systems of different variations.
- The event log filter rules are another strong feature of AlienVault USM. It allows for easy filtering of non-essential data.
- I would like to have the ability to restore a deleted sensor. I ran into an issue where a sensor was deleted and we had to rebuild our setup.
- A nice feature to have would be the ability to create read-only users with a custom view built for them.
- When a vulnerability is found, you are directed to an external site for (OTX and others) more information. Suggested fixes and patches should work directly in the USM interface.
- Through the open threat exchange, I get the latest indicators of bad actors and can, on the other hand, add my own indicators if I feel something is missing.
- Filter-/Alarm-rules are easy to set up, so I can distinguish the important bits from noise in the logs
- Deploying the agents is very easy through the provided PowerShell scripts.
- Setting up a working stream of the windows-event-log (not using local agents) seems impossible, and AlienVault's support wasn't very helpful in this matter. We finally decided to drop this (it ran for a while, then stopped for no apparent reason, seemingly a problem with certificates) and use local agents instead.
- Sometimes agents don't update themselves, and it's hard to diagnose what causes this.
- Also, the updater of the sensor-appliances doesn't seem to run very reliably. From time to time I have to re-install the sensor-appliance, as it doesn't want to update itself.
- Threat Detection
- Scanning for Vulnerabilities in servers
- Event handling
- Integration with other product like Google Suite to create security reports.
- When handling alarms, I'd like to be able to select all the resulting alarms at once after filtering and not by groups of 100 like it's possible now.
- I think filtering could be improved in the Alarms and Events sections.
- Very easy to read the logs.
- This tool has been relatively easy to deploy and maintain.
- It's a good tool to use for monitoring assets.
- Several times we lost connectivity and didn't know it. It would be helpful if there was better support when this happens.
- It would be helpful if there was a better way to ensure line of sight into the entire network. We were never 100 percent confident that we were seeing everything. Discovery tools would help with this...i.e., set it and forget it.
- An "out of the box" recommendation on what are the most important things for us to look at would be helpful.
It is primarily used by the security team.
- Alerts on login activity from unexpected locations (countries)
- Aggregating log files for easy searching
- Better interpretation of errors into more natural language
- Easier grouping or categorization of alerts in order to assign them more efficiently to appropriate users/groups
- Easily integrates with AWS cloud infrastructure.
- Provides an intuitive interface to analyze raw logs and investigate potential threats.
- Automates vulnerability scanning.
- Alerts to potential threats and intrusions.
- Raw logs are only available via the UI for the last 30 days. It would be great if you could choose to load archives into the system for investigation when needed.
- It would be awesome to have an implementation checklist to see how the different features map to various compliance frameworks like NIST.
- They were recently purchased by AT&T, so there is some confusion as to what serves are offered by AlienVault and what is AT&T Cybersecurity, who to contact about your account, etc. Growing pains. :)
- The documentation can be hard to use for security newbies. It covers the technical pieces, but not the why or how to use the different features and functionality. It could benefit from practical examples of AV in action.
- Scanning our servers for vulnerabilities.
- Monitoring our infrastructure for any changes to our security.
- Monitoring our infrastructure for any unusual activity on the servers or attacks.
- The cloud formation template uses an older instance type and should be updated.
- Some of the settings are a little had to find.
- Cloud based solution which minimises the need to maintain additional on premise servers.
- Among the cheapest SIEM solution on the market with features comparable to the other bigger players.
- Great dashboard and UI which makes it super easy to use.
- Packed with many features and integrates with many major off the shelf brands.
- The SaaS based model makes the pricing very dependent on the storage capacity subscribed to. Compared to other on premise solutions, it can be really hard to deal with once the log storage has reached or maxed out the monthly storage capacity.
- After AT&T took over Alienvault, their customer service has deteriorated and they don’t give as much care as they did earlier with their customers.
- After AT&T took over, the product pricing has been increasing steadily and soon this solution may not be as affordable as it used to be.
- Easy and straightforward implementation.
- Comprehensive logging solution with good notifications.
- Easy tuning, based on received events/alarms.
- Customization/creation of plugins
- Custom parsing of specific fields of the raw message
- Customization of FIM folders/files
- The integration setup for syslog forwarding and native web apps partnered with the platform is a very simple setup.
- Deploying sensors in cloud systems usually follow a pre-defined build flow for ease of sensor deployments and scaling.
- For perimeter defense, as long as your defended organizational structure uses Active Directory or another LDAP replication type service, vuln scanning and KIDS is a breeze.
- For highly distributed workforce issues, the system requires a lot of third-party integrations to collect data for automation.
- Customization can be lacking in areas without significant help from their support teams.
- Building rules for filtering, suppression, and custom alarms can be a steep learning curve, although this is slightly offset by their training offerings.
- Simple and understandable User Interface (UI)
- Capable of performing multiple network security functions
- Good price point for SMB and mid-market tier SIEM
- Log collection sensors can be difficult to install and configure
- Not all functions are intuitive or simple to set up
- AlienVault outsources professional services, with mixed results
- Documentation is not always up-to-date, increasing time to troubleshoot and resolve issues
- Monitoring Azure logs, such as events where users log in from multiple countries. No need to trawl through the Azure audit trails.
- Easy visibility on AD account lockouts which are common in our organization due to beta software.
- Nice visuals and reporting on AWS, 365 and Windows.
- The console is a little sluggish to refresh and navigate to different pages.
- Add some more color to the filters rather than all grey.
- It's pretty easy to get rid of the access noise without losing any logs.
- Ability to create customizable views. Allows you to view the type of information quickly.
- The alerts that are sent, and the information in them, are helpful.
- If the assets are put in groups, you seem to have to run separate vulnerability scans per group. In comparison to the appliance, you have the ability to add all groups in one scan.
- The results of the vulnerability scan feel scattered. The appliance layout of the results is easier to deal with.
- More help with deployment and initial setup. Depending on the setup, discussing what needs to be done and how to do it killed a lot of time.
- Main strength is the OTX community and all the IOC provided through this.
- Transparent upgrades of the product.
- Plugins and parser creation and updates handled by AlienVault so there's no need to develop our own parsers.
- NIDS and vulnerabilities scanner already included in the license with no additional cost.
- Many correlation rules (maybe too many) and we don't know what the real coverage of the risks is.
- Any ability to customize log parsers.
- Investigation system not really easy to use.
- No backups available so if I want to change the SIEM or have a problem with my licensing, I lose everything.
Less suitable for environment with a high volume of data and who already have IPS and vulnerabilities scanners. The network scanned is not easy to deploy in multiple data centers.
- Being a SIEM solution, AlienVault does an excellent job at pulling together all of our alert data and presenting it in a single console with excellent search and correlation abilities.
- The vulnerability assessment feature is invaluable as it gives us insight into new and existing threats against our server infrastructure.
- AlienVault's third party platform integrations allow us to pull down our Office365 logging as well as our endpoint next gen AV alerts so everything is visible together in the same platform. This allows for the best possible correlation when performing threat hunting.
- I would love to see event data search wizards that allow you to type in what you are looking without always knowing the event ids in windows or Linux. Almost like a google search assistant for AlienVault event data.
AlienVault USM Scorecard Summary
Feature Scorecard Summary
About AlienVault USM
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Screenshots
AlienVault USM Videos (2)
AlienVault USM Downloadables
AlienVault USM Competitors
AlienVault USM Support Options
|Free Version||Paid Version|
|Video Tutorials / Webinar|
AlienVault USM Technical Details