AlienVault USM Reviews

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener noreferrer'>Customer Verified: Read more.</a>
600 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 7.9 out of 101

Do you work for this company? Manage this listing

TrustRadius Top Rated for 2019

Overall Rating

Reviewer's Company Size

Last Updated

By Topic

Industry

Department

Experience

Job Type

Role

Reviews (26-50 of 348)

Jeremy Wilkins profile photo
Score 7 out of 10
Vetted Review
Verified User
Review Source
Alienvault USM is being used to aggregate, inspect, and correlate both Windows/Linux logs and our Data Center network traffic. It is used exclusively by the SOC team for threat hunting and EDR.
  • VMWare Sensor deployment is very easy.
  • Dashboards are nice and clean.
  • Network monitoring and Syslog collector just work.
  • USM Anywhere does not support Netflow or any variation. SPAN and RSPAN are currently the only methods to monitor IP flows.
  • USM Anywhere tech support is lackluster. I have opened two tickets and struggled to receive knowledgeable technical assistance.
  • USM Anywhere does not do scheduled report delivery in any format. Reports are run on demand and must be printed to pdf for distribution.
Well suited for smaller SOC teams or lean IT departments. A self-driven admin with experience in networking and server administration can find all the resources needed online.
I started receiving actionable event and alarm data immediately upon deployment of my first sensor and a few agents. Root cause analysis is simplified by being able to drill down into Alarms and associated events.
Read Jeremy Wilkins's full review
Aaron Hodges profile photo
July 05, 2019

So far so good

Score 7 out of 10
Vetted Review
Verified User
Review Source
Currently, we use it for all of our log shipping. Also, we use the port mirror function for all of our network traffic.
  • Vulnerability lists.
  • Log storage.
  • Integrations.
  • Tech support.
  • Releasing unstable agents.
  • Did I mention support?
It's best for smaller companies who don't have the time to see a 10,000 view of their network.
Between AlienVault and our antivirus software, we have a solid foundation.
Read Aaron Hodges's full review
Tyler Frazer profile photo
Score 8 out of 10
Vetted Review
Verified User
Review Source
We are using AlienVault as a SIEM, Log Manager, FIM, and Vulnerablility Management tool. It is used across the whole organization. We need to be HIPAA compliant, so it addresses the need for a log manager, vulnerability scanner, policy report generator, and FIM.
  • log management
  • vulnerability management
  • correlation alerts
  • Policy Reports
Where people need multiple tools, but would prefer using one vendor.
AlienVault is very effective at finding and remediating vulnerabilities. Finding the needed patch or needed changes are now much easier.
Read Tyler Frazer's full review
Jason LeBlanc profile photo
Score 9 out of 10
Vetted Review
Verified User
Review Source
USM is the SIEM used to collect data across the entire environment, that data is used to report to the QSA for PCI compliance. It has greatly helped find problems as well as streamline our PCI compliance reporting. What was once very manual and time consuming is not simply pulling reports.
  • Find security issues such as malware.
  • PCI compliance reporting.
  • Deep dive into various issues in the environment.
  • UI could be streamlined some.
USM is a good catch all SIEM with a price point well below the competition.
We catch at least once malware event each week.
Read Jason LeBlanc's full review
No photo available
Score 8 out of 10
Vetted Review
Verified User
Review Source
We're using the USM product as its intended use case of a SIEM. Sensors are deployed into our hybrid cloud at various points and push logs to the USM dashboard. With our MSSP monitoring, AlienVault USM meets our needs of 24/7 security monitoring
  • It is easy to deploy and get logs into the dashboard
  • Integrations with Office 365 is pretty seamless and provides great context.
  • Super easy to increase storage tiers if you find yourself adding more and more log sources.
  • USM Anywhere doesn't allow you to multi-home sensors. So if you have non-routable networks, you'll need to investigate the on-premise solution too.
  • You have to be on top of tuning else a constant stream of alerts will cause your SOC staff to begin ignoring alarms.
  • You have to be on top of tuning else you'll eat your allotment of storage for that month. It is really easy to exceed your storage quota if you don't proactively monitor log sources. USM could do a better job letting you know if a log source is too chatty.
AlienVault USM is a good SIEM product for shops that don't have dedicated content creators. If your log source volume is at the TB level on a daily basis, it's not for you. However if you are on a TB level at the monthly level then it's worth looking into. The AT&T purchase has seen a good bit of new development being put into the product around investigation frameworks and integrations. We've gone to a TB tier and have renewed our subscription.
I don't believe AlienVault USM's OTX threat feed best of breed or anything like that. The feed is useful though and there are big names in the security world that contribute. So I find value in how well OTX is built into USM.
Read this authenticated review
No photo available
Score 8 out of 10
Vetted Review
Verified User
Review Source
AlienVault USM is currently being used to monitor our PCI (Private) environment within AWS, we use it to assist in security patching and monitoring.
  • Reporting is made Simple with AlienVault USM
  • AlientVault USM inform us of urgent security holes or issues with our environment
  • AlientVault USM is useful for monitoring who has accessed your data
  • I find the agent can report incorrect data from time to time, so improvements in the AlienVault USM agent is advised.
  • I don't like how AlientVault USM prevents you from fully removing (Unnecessary) vulnerabilities, which you already flagged as (NOT important), you should have the option to fully remove these if you want.
AlientVault USM is well suited to secure sites, which you want to actively keep monitored and keep reports on. Well suited to small/medium enterprises.
AlientVault USM is very effective with our threat intelligence, as you go down to a very granular level of the security detail, allowing you see the logs and solutions you need to put in place, to resolve the security risk at hand.
Read this authenticated review
No photo available
Score 5 out of 10
Vetted Review
Verified User
Review Source
It is being used by our Network Operations Center to monitor potential security alerts and suspicious activity. It is also used as an additional investigation tool if users or customers report potentially malicious activity.
  • Easy to set up/use
  • Cost-effective
  • Interface is slow and quirky
  • Lacks functionality compared to other products
  • Documentation (both troubleshooting and informative) is lacking detail
  • Ease of use also has downfalls in that when detailed information is needed it's harder to obtain when investigating/troubleshooting
If you're looking for something easy to set up and cheap while hitting the checkboxes, this will suffice. In order to get real functionality out of it, you need to tweak things. During the sale that was a big selling point, but once we implemented the "out of the box" solution, it all needed to be configured. And it wasn't like we could configure them because most of the issues found during implementation required development work. It was disappointing to learn these things once we already signed the contract.
Every SIEM solution comes plagued with false positives. AlienVault was no different but it has yet to pro-actively defend/alert us of an incident to this date. Based on the services that we provide I find that hard to believe so I'm not sure if it's our environment or AlienVault that's the culprit.
Read this authenticated review
No photo available
October 31, 2019

AlienVault Review

Score 5 out of 10
Vetted Review
Verified User
Review Source
We are using AlienVault USM across the whole organization as a SIEM solution, vulnerability management, HIDS, NIDS, and compliance reporting.
  • Alienvault USM does a good job presenting the data collected in a concise and actionable manner.
  • AlienVault USM lacks good technical documentation, documentation needs more detail, more substances, and background information. The current documentation is frustrating for first-time users and assumes the user is already familiar with how and why USM works the way it does.
  • AlienVault USM would benefit greatly from a simpler onboarding process. One situation I remember well has to do with adding the credentials for vulnerability scanning. We knew the credentials were accurate, however, they worked for some systems and didn't work for others. Very frustrating.
  • Another area of major improvement for AlienVault USM is technical support. Technical support basically does not exists, if the documentation was comprehensive and detailed, with examples and scenarios, this would not be such a big issue. The first time my team experienced this, I knew we would not renew our contract.
Alientvault provides basic SIEM functionality pretty well, however, when it comes to implementing all the features that the marketing solution boasts you will have a hard time. I wish this was not true since it can really be a great product.
AlienVault USM did a good job on vulnerability management but not so much with threat intelligence.
Read this authenticated review
No photo available
Score 10 out of 10
Vetted Review
Verified User
Review Source
AlienVault is used to monitor and assess corporate resources to help maintain system integrity and PCI compliance. We use it to monitor critical system files and resources and to help analyze multiple event logs in a single user easy to manage interface. It gives our administrators the ability to set up alerts so that we are notified of potential security vulnerabilities.
  • PCI compliance scanning: AlienVault USM gives you the ability to scan assets using different variations of PCI policies.
  • Event log management: AlienVault USM allows you to easily collect and search event log data across multiple systems of different variations.
  • The event log filter rules are another strong feature of AlienVault USM. It allows for easy filtering of non-essential data.
  • I would like to have the ability to restore a deleted sensor. I ran into an issue where a sensor was deleted and we had to rebuild our setup.
  • A nice feature to have would be the ability to create read-only users with a custom view built for them.
  • When a vulnerability is found, you are directed to an external site for (OTX and others) more information. Suggested fixes and patches should work directly in the USM interface.
AlienVault USM is essential when managing multiple servers across physical and virtual locations. With an easily deployable on-premise virtual appliance or cloud offering, it allows those limited resources multiple choices of implementation. For a small team managing multiple servers, the centralized management and user control makes a difficult task easy to manage.
Although we are fairly new to the AlienVault USM family, we have already begun taking advantage of its powerful features. The ability to have scheduled security scans with alerts have allowed us to be proactive with potential security issues rather than being reactive.
Read this authenticated review
No photo available
Score 6 out of 10
Vetted Review
Verified User
Review Source
AlienVault is used to monitor traffic in our offices and the VPN for suspicious activity. Additionally, deployed agents monitor event-logs and several streams from our Syslog to ensure we can see any bad-auths. AlienVault helps to identify bad traffic, suspicious user behavior and outdated software on those hosts with the agent deployed.
  • Through the open threat exchange, I get the latest indicators of bad actors and can, on the other hand, add my own indicators if I feel something is missing.
  • Filter-/Alarm-rules are easy to set up, so I can distinguish the important bits from noise in the logs
  • Deploying the agents is very easy through the provided PowerShell scripts.
  • Setting up a working stream of the windows-event-log (not using local agents) seems impossible, and AlienVault's support wasn't very helpful in this matter. We finally decided to drop this (it ran for a while, then stopped for no apparent reason, seemingly a problem with certificates) and use local agents instead.
  • Sometimes agents don't update themselves, and it's hard to diagnose what causes this.
  • Also, the updater of the sensor-appliances doesn't seem to run very reliably. From time to time I have to re-install the sensor-appliance, as it doesn't want to update itself.
It does a good job of monitoring office-networks with user traffic. As there's still a bunch of false-positives, it likely won't do as good of a job in protecting applications in a datacenter. That would most likely generate too much noise and require too much work, setting up all those custom rules, to actually catch what you want to see. For making sure there's no C&C-traffic and no suspicious authentication behavior, it's working very well. Also, monitoring the software-stack through the local agents works well.
AlienVault finds malicious traffic and suspicious authentication behavior. Through its various plugins, we can also hook it up to 3rd party tools, like anti-virus scanners and other end-point-protection. Syslog analysis works reliably, and they support most of the industries' log-formats out of the box without the need to manually craft log-parsers. That's probably the biggest advantage compared to their open-source-version (OSSIM).
Read this authenticated review
No photo available
Score 8 out of 10
Vetted Review
Verified User
Review Source
In our organization we use AlienVault USM for threat detection and to keep up to date with patches needed to cover for known vulnerabilities in our servers.
  • Threat Detection
  • Scanning for Vulnerabilities in servers
  • Event handling
  • Integration with other product like Google Suite to create security reports.
  • When handling alarms, I'd like to be able to select all the resulting alarms at once after filtering and not by groups of 100 like it's possible now.
  • I think filtering could be improved in the Alarms and Events sections.
I think it's well suited when you when you need to tackle host intrusion detection from scratch and there's not a security specialist in your organization. AlienVault is pretty straightforward and easy to understand. You get support to implement and then you can get training. Once implemented it's easy and intuitive to navigate.
I think AlienVault USM is effective in detecting real security threats as long as you configure the rules properly. If not it could create a lot of false positives and it would create a culture of ignoring alters among your employees. So training and good rules setting is mandatory for AV effectiveness.
Read this authenticated review
No photo available
October 25, 2019

Get it!!

Score 8 out of 10
Vetted Review
Verified User
Review Source
It is used by the Security Team in IT Department for log collection and correlation. Currently we feed logs from all our security devices including on-cloud, cloudtrail, cloudwatch, s3 access and Load balancer event logs, we've also incorporated other external vendor sources e.g end point protection, web content filtering logs using proxies.
  • great search and filtering capabilities
  • Alarm filtering capabilities
  • Easy deployment
  • Multiple plugins
  • For SaaS deployments, it would be nice to give customers the capability to create custom plugins
It is well suited for log collection and rule correlation, regular syslog ingestion is great except where you have scenarios where the event logs come in a different format, sometimes it's hard to find the appropriate plugin for specific logs, most times it's a matter of trying multiple plugins until the right one is identified
Deploy and let it do its work...we didn't have to tweak any of the rules, it also provides the ability to create custom alarm signatures which is great
Read this authenticated review
No photo available
Score 8 out of 10
Vetted Review
Verified User
Review Source
Only used with Information Security. We use [it] to monitor various segments of our network. We have used this to aggregate logs and monitor assets.
  • Very easy to read the logs.
  • This tool has been relatively easy to deploy and maintain.
  • It's a good tool to use for monitoring assets.
  • Several times we lost connectivity and didn't know it. It would be helpful if there was better support when this happens.
  • It would be helpful if there was a better way to ensure line of sight into the entire network. We were never 100 percent confident that we were seeing everything. Discovery tools would help with this...i.e., set it and forget it.
  • An "out of the box" recommendation on what are the most important things for us to look at would be helpful.
I think AlienVault USM is well suited for an IT/IS department that has more than three information security professionals to assist with the deployment and operations of the product. We are a lean shop and are not in a position to stand up a security operations center. I felt that this product was too much for us.
We particularly enjoyed the functionality of the product....however felt that there was too much overlap with our NGFW. We preferred in the end, to look to our firewall logs for the information rather than in AlienVault USM.
Read this authenticated review
No photo available
October 25, 2019

Good for startups

Score 7 out of 10
Vetted Review
Verified User
Review Source
We use alienvault as our SIEM, by collecting all events coming from the physical network and the cloud one, allowing us to overview everything (from a server, a firewall down to an endpoint).
It is primarily used by the security team.
  • integration with the cloud providers
  • ability to manage big log files
  • threat intelligence
  • support is not so great
  • plugins are not always up to date
if you got a small security team, alienvault OTX would greatly help in providing a strong centralized dashboard to overview everything. With a bigger team there could be more specialised tool.
Read this authenticated review
No photo available
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use AlienVault to provide alerts for any irregular login activity along with other network behavior that is outside normal expectations. AlienVault also aggregates all our log files from network and edge devices into a single, searchable database. It corroborates events from various systems to better report on any unusual activity.
  • Alerts on login activity from unexpected locations (countries)
  • Aggregating log files for easy searching
  • Better interpretation of errors into more natural language
  • Easier grouping or categorization of alerts in order to assign them more efficiently to appropriate users/groups
AlienVault is well suited for environments with multiple locations and multiple internet connections. The more complicated the network topology, the better AlienVault shines. That's not to say that it is not well suited to smaller organizations with fewer links, it works fine there as well. It also is well suited in complex environments where a variety of equipment is used and where little, if any, synergy exists between disparate systems. AlienVault easily takes from, and understands, log entries from various types of systems and interprets them as a whole.
AlienVault has provided the most insight into our network and given us the best view of potential security threats of any application we've used to date. It gives us timely alerts on odd behavior, notifies us when user accounts are used in unexpected places and gives us an easy way to search across multiple log files from disparate vendors in order to more easily discover threats.
Read this authenticated review
No photo available
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use AlienVault as an integral part of our information security program. It is being used by the whole organization for threat detection, incident response, and compliance management. Helping us maintain NIST Cybersecurity compliance, the main features we use are asset discovery, vulnerability scanning, and intrusion detection. It has also helped implement forensics, log management, and user activity monitoring. AV helps us take a proactive approach to security as it automatically detects threats and keeps us updated so we can focus on mitigating risk and managing responses.
  • Easily integrates with AWS cloud infrastructure.
  • Provides an intuitive interface to analyze raw logs and investigate potential threats.
  • Automates vulnerability scanning.
  • Alerts to potential threats and intrusions.
  • Raw logs are only available via the UI for the last 30 days. It would be great if you could choose to load archives into the system for investigation when needed.
  • It would be awesome to have an implementation checklist to see how the different features map to various compliance frameworks like NIST.
  • They were recently purchased by AT&T, so there is some confusion as to what serves are offered by AlienVault and what is AT&T Cybersecurity, who to contact about your account, etc. Growing pains. :)
  • The documentation can be hard to use for security newbies. It covers the technical pieces, but not the why or how to use the different features and functionality. It could benefit from practical examples of AV in action.
AlienVault is a great tool to help small organizations achieve security compliance quickly and affordable. It's relatively quick to set up and start using immediately. If you are looking to check off many boxes in your infosec program, AV can fit the bill. For very small and lean organizations, the price might be an issue as the software currently starts at over $1k per month.
Prior to AlienVault, we didn't have a great method of detecting real security threats in our environments. AlienVault connects to our infrastructure and assets to provide automated ongoing vulnerability scanning and threat detection. Rather than a human needing to look for suspicious activity and misconfiguration, AV will alert us and help speed up our time to respond.
Read this authenticated review
No photo available
Score 10 out of 10
Vetted Review
Verified User
Review Source
AlienVault is being used to monitor our Cloud environment. It scans and alerts us for any know vulnerabilities or activity on our servers. Monitoring the cloud permissions and any changes to our security is extremely helpful to us for auditing purposes as well.
  • Scanning our servers for vulnerabilities.
  • Monitoring our infrastructure for any changes to our security.
  • Monitoring our infrastructure for any unusual activity on the servers or attacks.
  • The cloud formation template uses an older instance type and should be updated.
  • Some of the settings are a little had to find.
I think it does a great job of monitoring our AWS account. From the internal users, servers, configuration, and threat detection, it does a good job of monitoring it all and allows you to configure how many or how few alerts you receive.
Read this authenticated review
No photo available
Score 7 out of 10
Vetted Review
Verified User
Review Source
AlienVault is used by the cybersecurity unit of the organization to monitor and correlate security logs from other systems within the organization. Also, AlienVault acts as a log management system or repository of logs for the organization. We chose AlienVault as it is one of the few SaaS-based SIEM in the market and it was in line with our organization’s direction of going with a cloud-based solution.
  • Cloud based solution which minimises the need to maintain additional on premise servers.
  • Among the cheapest SIEM solution on the market with features comparable to the other bigger players.
  • Great dashboard and UI which makes it super easy to use.
  • Packed with many features and integrates with many major off the shelf brands.
  • The SaaS based model makes the pricing very dependent on the storage capacity subscribed to. Compared to other on premise solutions, it can be really hard to deal with once the log storage has reached or maxed out the monthly storage capacity.
  • After AT&T took over Alienvault, their customer service has deteriorated and they don’t give as much care as they did earlier with their customers.
  • After AT&T took over, the product pricing has been increasing steadily and soon this solution may not be as affordable as it used to be.
Great UI and ease of functionality makes it easy to use and get up to speed with. Does not require coding knowledge to create rules and filters, compared to its competitors.
AlienVault managed to correlate and analyze the logs within our environment very well. Bundled together with its OTX threat intelligence engine, it managed to find threats that had been missed by our other security systems. The SaaS subscription also came bundled with a subscription to SpyCloud, a dark web account exposure monitoring service, which really added extra value to the whole solution.
Read this authenticated review
No photo available
Score 9 out of 10
Vetted Review
Verified User
Review Source
AlienVault USM is being used as a SIEM solution in our organization for internal use within the company. It's helping us to easily identify security incidents happening across our infrastructure and helps us comply with PCI-DSS compliance requirements.
  • Easy and straightforward implementation.
  • Comprehensive logging solution with good notifications.
  • Easy tuning, based on received events/alarms.
  • Customization/creation of plugins
  • Custom parsing of specific fields of the raw message
  • Customization of FIM folders/files
Very appropriate for easy and fast implementation where compliance is required, not that suitable for an MSSP that needs to meet different customization requirements from their customers.
Provides really good insight on what has happened, over a specific time period with very useful search function as part of the reviewing of events/alarms, which helps a lot for forensic investigations and providing RCAs.
Read this authenticated review
No photo available
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use the USM Anywhere SIEM for our corporate security program currently, separate from our application security team in charge of our cloud environments our SaaS offering is hosted on. This solves the compliance and security issues we face as an organization for forensically sound log storage as well as data aggregation for correlation.
  • The integration setup for syslog forwarding and native web apps partnered with the platform is a very simple setup.
  • Deploying sensors in cloud systems usually follow a pre-defined build flow for ease of sensor deployments and scaling.
  • For perimeter defense, as long as your defended organizational structure uses Active Directory or another LDAP replication type service, vuln scanning and KIDS is a breeze.
  • For highly distributed workforce issues, the system requires a lot of third-party integrations to collect data for automation.
  • Customization can be lacking in areas without significant help from their support teams.
  • Building rules for filtering, suppression, and custom alarms can be a steep learning curve, although this is slightly offset by their training offerings.
The system works very well for 'legacy' perimeter defense based networks that rely on centralized network traffic and remote management solutions for the internal networking and endpoint devices. For architectures adopting a zero-trust/BeyondCorp mentality, the system can still be useful but requires either investment in third-party tools to collect information otherwise unavailable to the system, or significant custom infrastructure tools to support many orchestration functionalities.
The USM system is built with certain data ingress engines that work really well to identify and correlate suspicious activity. Since the company runs a threat intelligence feed in the form of the Open Threat Exchange, the IOCs they detect and report on are then built into the detection engine to give solid threat data. This can create a large amount of false positive during initial deployment depending on your environment, but the majority of noise can be effectively suppressed with their rule creation wizard that automatically brings in the fields on an alarm or event.
Read this authenticated review
No photo available
Score 8 out of 10
Vetted Review
Verified User
Review Source
We are a small company and needed to satisfy requirements for log management and vulnerability scanning and AlienVault USM Anywhere was selected. AlienVault USM Anywhere is being used across the entire company and is gathering logs from our local office and from our Azure cloud provider subscriptions.
  • Simple and understandable User Interface (UI)
  • Capable of performing multiple network security functions
  • Good price point for SMB and mid-market tier SIEM
  • Log collection sensors can be difficult to install and configure
  • Not all functions are intuitive or simple to set up
  • AlienVault outsources professional services, with mixed results
  • Documentation is not always up-to-date, increasing time to troubleshoot and resolve issues
For a smaller company that needs to achieve multiple security functions, AlienVault is uniquely poised to help these customers. They need to do a better job of estimating time to install and configure sensors and to get the system up and running. Fours hours of Professional Services time is nowhere near enough help to get this simple SIEM and security tool working properly. This can cause misunderstandings and frustration between the client and the professional services company.
Another great advantage of AlienVault USM Anywhere is their free OTX threat intelligence service, which you hook up to your SIEM by simply creating a free online account and using the API key to access this data. Other vendors may have a capability like this, but they may cost extra, while some don't have a threat intelligence feature at all.
Read this authenticated review
No photo available
Score 9 out of 10
Vetted Review
Verified User
Review Source
AlienVault USM is being used throughout our organization to monitor our multiple AWS VPCs and limited internal infrastructure. It provides us with a central management console where we can see everything from our hardware firewalls' traffic, to our Azure AD logs to AWS activity such as GuardDuty, Security Group and IAM events. It has helped us identify threats without which would have gone unidentified and is extremeely useful as part of our IT security and compliance standards.
  • Monitoring Azure logs, such as events where users log in from multiple countries. No need to trawl through the Azure audit trails.
  • Easy visibility on AD account lockouts which are common in our organization due to beta software.
  • Nice visuals and reporting on AWS, 365 and Windows.
  • The console is a little sluggish to refresh and navigate to different pages.
  • Add some more color to the filters rather than all grey.
It is well suited to an organization that is growing and there is a need to monitor security events across the board—Office 365, along with AD or any other cloud infrastructure like AWS or Azure. It makes it really easy to administer and bring everything into one place.
It helped us to narrow down the source of DGA requests coming from a client, which was picked up by AWS GuardDuty. We identified the source thanks to AlienVault.
Read this authenticated review
No photo available
Score 7 out of 10
Vetted Review
Verified User
Review Source
It is used by our entire organization.
  • It's pretty easy to get rid of the access noise without losing any logs.
  • Ability to create customizable views. Allows you to view the type of information quickly.
  • The alerts that are sent, and the information in them, are helpful.
  • If the assets are put in groups, you seem to have to run separate vulnerability scans per group. In comparison to the appliance, you have the ability to add all groups in one scan.
  • The results of the vulnerability scan feel scattered. The appliance layout of the results is easier to deal with.
  • More help with deployment and initial setup. Depending on the setup, discussing what needs to be done and how to do it killed a lot of time.
It's very helpful when you want to view what's happening, all in one spot.
This is the first product I have used. It does seem pretty accurate in the detection and alerts.
Read this authenticated review
No photo available
Score 6 out of 10
Vetted Review
Reseller
Review Source
I am working for an MSSP as a managed SOC for my clients. AlienVault USM is addressing all security events of my customers.
  • Main strength is the OTX community and all the IOC provided through this.
  • Transparent upgrades of the product.
  • Plugins and parser creation and updates handled by AlienVault so there's no need to develop our own parsers.
  • NIDS and vulnerabilities scanner already included in the license with no additional cost.
  • Many correlation rules (maybe too many) and we don't know what the real coverage of the risks is.
  • Any ability to customize log parsers.
  • Investigation system not really easy to use.
  • No backups available so if I want to change the SIEM or have a problem with my licensing, I lose everything.
Perfectly suited for small environments with limited resources because it is a kind of UTM. The product is very easy to deploy and maintain. Very suitable for a cloud environment. AlienVault USM support is also very reactive.

Less suitable for environment with a high volume of data and who already have IPS and vulnerabilities scanners. The network scanned is not easy to deploy in multiple data centers.
Threat intelligence is usually an extra license or product to add to other products. With AlienVault it is automatically integrated at no cost. Other products usually don't have the ability to interact with infected devices. The sysmon integration and the FIM integration let you have a very powerful tool to stop an attack in real-time.
Read this authenticated review
No photo available
Score 10 out of 10
Vetted Review
Verified User
Review Source
We use AlienVault USM across the entire organization to gain full visibility on everything happening in our server and network infrastructure. We also depend on it to keep up to speed on new and existing vulnerabilities discovered by the software thanks to the built in vulnerability assessment feature.
  • Being a SIEM solution, AlienVault does an excellent job at pulling together all of our alert data and presenting it in a single console with excellent search and correlation abilities.
  • The vulnerability assessment feature is invaluable as it gives us insight into new and existing threats against our server infrastructure.
  • AlienVault's third party platform integrations allow us to pull down our Office365 logging as well as our endpoint next gen AV alerts so everything is visible together in the same platform. This allows for the best possible correlation when performing threat hunting.
  • I would love to see event data search wizards that allow you to type in what you are looking without always knowing the event ids in windows or Linux. Almost like a google search assistant for AlienVault event data.
AlienVault USM is the perfect SIEM solution regardless of company size or complexity. With the proper training, any IT department whether small or large can benefit from having this solution in their arsenal.
AlienVault USM gives us an unimpeded view of everything coming and going across our network and server infrastructure. This allows us to know what's going on at any point in time. We can then search for IOCs, setup automated alerting to suspicious activity, and even automated actions when such activity is detected.
Read this authenticated review

Feature Scorecard Summary

Centralized event and log data collection (1)
8
Correlation (1)
8
Event and log normalization (1)
8
Deployment flexibility (1)
7
Custom dashboards and views (1)
6
Host and network-based intrusion detection (1)
7

About AlienVault USM

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.

Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.

Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.

Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.

AlienVault USM Features

Security Information and Event Management (SIEM) Features
Has featureCentralized event and log data collection
Has featureCorrelation
Has featureEvent and log normalization
Has featureDeployment flexibility
Has featureIntegration with Identity and Access Management Tools
Has featureCustom dashboards and views
Has featureHost and network-based intrusion detection
Additional Features
Has featureAlienVault Open Threat Exchange

AlienVault USM Screenshots

AlienVault USM Videos (2)

Watch AlienVault USM Anywhere: Five Essential Cloud Security Capabilities in a Single SaaS Platform

Watch See How We're Pushing the Outer Limits of Security

AlienVault USM Downloadables

AlienVault USM Competitors

Pricing

Has featureFree Trial Available?Yes
Has featureFree or Freemium Version Available?Yes
Has featurePremium Consulting/Integration Services Available?Yes
Entry-level set up fee?Optional

AlienVault USM Support Options

 Free VersionPaid Version
Phone
Email
Forum/Community
FAQ/Knowledgebase
Social Media
Video Tutorials / Webinar
Live Chat

AlienVault USM Technical Details

Deployment Types:SaaS
Operating Systems: Unspecified
Mobile Application:No
Supported Countries:Global