Overview
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…
TrustRadius Insights
Empowering Security Zenith with Unified Vigilance.
will I continue to use USM, Yes I would
Excellent security for your machine
MSSP Review
Great product but out of the box it needs a lot of work.
AlienVault is about as user-friendly as it gets for threat detection
Great if you can deploy and manage on-premises SIEMs
AlienVault - Not Worth the Price
AlienVault USM Anywhere, a SIEM that is easy on your pocket.
Unbeatable Security Machine
AlienVault USM Provides Heightened Security Awareness in the Legal Services Industry
Best product I've seen for a smaller enterprise network.
Great SIEM for enterprise environments
AlienVault USM is a really beneficial SIEM solution.
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (8)8.585%
- Correlation (8)8.585%
- Event and log normalization/management (8)8.080%
- Custom dashboards and workspaces (8)7.070%
Reviewer Pros & Cons
Pricing
Essentials
$1,075
Standard
$1,695
Premium
$2,595
Entry-level set up fee?
- Setup fee optional
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Features
Security Information and Event Management (SIEM)
Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools
- 8.5Centralized event and log data collection(8) Ratings
Effectiveness of real-time centralized event and log data collection
- 8.5Correlation(8) Ratings
Correlation of logs and events to pinpoint significant threats
- 8Event and log normalization/management(8) Ratings
Ability to normalize event syntax so that logs can be compared and are machine-understandable
- 8.6Deployment flexibility(7) Ratings
Ability to tune system to maximize threat detection and minimize false positives
- 7.3Integration with Identity and Access Management Tools(5) Ratings
Integration with access control tools like Active Directory and LDAP
- 7Custom dashboards and workspaces(8) Ratings
dashboards that can be customized to meet the needs of specific groups
- 8Host and network-based intrusion detection(5) Ratings
Ability to detect both endpoint intrusion and network ingress detection
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Features
Security Information and Event Management (SIEM) Features
- Supported: Centralized event and log data collection
- Supported: Correlation
- Supported: Event and log normalization/management
- Supported: Deployment flexibility
- Supported: Integration with Identity and Access Management Tools
- Supported: Custom dashboards and workspaces
- Supported: Host and network-based intrusion detection
Additional Features
- Supported: AlienVault Open Threat Exchange
AlienVault USM Screenshots
AlienVault USM Videos
AlienVault USM Competitors
AlienVault USM Technical Details
Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
---|---|
Operating Systems | Unspecified |
Mobile Application | No |
Supported Countries | Global |
AlienVault USM Downloadables
- Unified Security Management vs. SIEM: a Technical Comparison
- AlienVault USM Anywhere: Datasheet
- AlienVault Fast Facts
- AlienVault USM Anywhere: Datasheet
- Beginner’s Guide to Open Source Intrusion Detection Tools
- SIEM for Beginners: Everything You Wanted to Know About Log Management But Were Afraid to Ask
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(735)Community Insights
- Business Problems Solved
- Recommendations
Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.
AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.
AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.
The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.
Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.
Based on user recommendations, AlienVault USM receives the following common recommendations:
-
AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.
-
Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.
-
To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.
Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.
Attribute Ratings
- 7.2Likelihood to Renew18 ratings
- 6.4Availability3 ratings
- 7.3Performance3 ratings
- 6.7Usability34 ratings
- 7.3Support Rating25 ratings
- 8.3Online Training6 ratings
- 4.5In-Person Training1 rating
- 6.4Implementation Rating38 ratings
- 8Configurability3 ratings
- 6.3Product Scalability3 ratings
- 7.3Ease of integration3 ratings
- 8.2Vendor pre-sale3 ratings
- 7.6Vendor post-sale3 ratings
Reviews
(301-325 of 390)Reseller Review
- The OTX integration, allowing other users to share their business concerns and how they were detected then addressed.
- The multiple capabilities of the product, by offering integration of common security platforms into a single product.
- The ease of installation and setup, especially used as a VM.
- Whilst the initial support from AlienVault was good to start with, whilst we were looking to having an ACSE certified engineer, this has deteriorated over time.
- The investment made by my company has not paid off. We were initially to become resellers, and then move to becoming a service provider and partner. The promotion of our business through the AlienVault website, was non-existent for 8 months, which for the market of client, was difficult to promote ourselves without not seeming bona fide.
As close to "Turn Key" as possible
- Easy to Deploy
- Easy to Maintain
- Rockstar Support
- Documentation, while expansive, is highly technical and less technical users may have issues appropriately utilizing the resources.
- The AlienVault community of users is quiet but still contains good content.
- AlienVault is less traditional and more "startup" this may or may not be a negative.
AlienVault USM - The SEIM has landed.
- The price point is amazing.
- Directives are highly customizable.
- The open threat exchange is quite valuable as an open threat and IOC exchange.
- The UI has a bit of a learning curve.
- I would recommend a strong Linux background if you are going to do any custom plugins or directives.
- Some events are fairly generic in terms of naming convention, which can require more hands on investigation.
AlienVault Provides the Best Unified Solution in a Single Tool
- Real time reporting
- Everything in one pane of glass
- Threat intelligence
- USM Anywhere lacks compliance reports
AlienVault USM Appliance Review
- AlienVault shows intrusion attempts, where they're coming from, what device they're attempting to attack, and what account they're attempting to use.
- The configuration was not the easiest.
- Adding customization usually requires an experienced AlienVault consultant to complete.
AlienVault is the great choice for any SOC Analyst
- Knowledge
- Community Driven
- Smart
- Reliable
- Mobile App Access to USM
Best threat focused SIEM out there
- Clear and concise detections
- Easy navigation
- Heatmaps, great UI
- Easy, customizable integration with current environment
- Network activity like Qradar
Mighty Threat Defense for SMEs.
- Behavioral monitoring is mature and enables deep insights.
- Customization-friendly.
- Raw log.
- Could have more analytics to support BYOD environments.
AlienVault USM .....more than Just a SIEM
- Host and Network IDS
- Security Information and Events Management
- Asset Discovery
- Vulnerability Assessment
- File Integrity Monitoring
- Security Threat Intelligence via OTX
- Security Intelligence
- Netflow
- Executive Dashboard
- Reporting
AlienVault - so far so good.
- Simple and easy to read user interface.
- Customization of Threat Intel Alerts.
- Ability to search direct raw logs.
- Their documentation for setup and administration needs to be more detailed and more encompassing.
- Setting up for emailing alerts via gmail is difficult.
- The deployment status should link you directly to the assets/devices that need to be configured in visibility.
good option¡¡¡
- Cheaper
- Many funcional security tools to use
- Includes Vulnerability Scanner
- All in one
- Poor Documentation
- High system requeriments
- Can't associate alarms
No Security Admin needed
- Displays alarms in a manner that is easily interpreted out of the box. We do not have a security admin so ease of use is important to us. The alarm panel is very easy to read and dig into when needed.
- Easy implementation. They give all sorts of resources when implementing, but it is intuitive and easy to deploy.
- Asset groupings are easy to manage.
- Even though the AlienVault documentation is good, I would like to see documentation on security strategy. This product is focused on smaller companies that may not have a security admin so simple general practice strategy would be helpful.
- This may be repetitive, but documentation on what to do or how to interpret alarms would be helpful. For example, what are the varying degrees of response to a nmap port scan.
Alien Vault USM Review
- Adaptability - you can tailor the system to whatever needs you have.
- Vulnerability - Provides useful information to ensure all aspects of security are covered.
- Monitoring - you can have additional users so eyes are on the system at all time.
- Need to advertise more as they may get overlooked by some businesses.
- Need to make more plugins although you can request a plugin to be created on your behalf.
- Make the ticket system easier to work with on a daily basis.
AlienVault - Can't do without!
- We are able to run a vulnerability assessment and review any potential exploits and quickly resolve them.
- IDS allows constant monitoring against malicious traffic on our network.
- We are able to gather all the logs in one central location using SIEM and analyze all events.
- We are still quite new in utilizing the product and don't have any enhancements at this time
Increase cyber threat visibility with AlienVault USM
- Easy to deploy - USM can be deployed in a few hours. After that, you should configure endpoints to send events to it, and work on a baseline (e.g. filter false positives).
- Behavioral analysis - USM has more than ~2.5k directives, and they are regularly updated. The product provides an easy-to-use and intuitive interface for monitoring and managing alarms.
- Network Intrusion Detection - USM has a large signature database and also uses data from other sources to assess events' risk (e.g. the Open Thread eXchange). This helps increase visibility over network threats.
- A handful of tools for cyber security - USM combines different tools in a single product to help you have more control on your environment and analyze possible risks.
- Reports - Although USM has thousands of reports by default, most of them are very detailed and, therefore, lengthy. We would like to have executive reports for standards compliance, for example.
ATC AlienVault Review
It gives us full visibility in our infrastructure and all threats in our organization.
- Assets Managment
- Risk Analysis
- Log Analysis
- Integration with external application
- Back end engagement tools
AlienVault USM: A quality SIEM available in Quebec!
- More services out of the box (vulnerabilities, IDS, logs, asset inventory, FIM and more)
- Reasonable pricing structure.
- OTX is a great source of up to date threat intelligence.
- Reports' look and design could use some work.
- A testing period prior to a version release to ensure the AV community can test before updating its customers would be beneficial.
- Technical support knowledge level can be hit or miss.
Alien Vault has been a great choice
- Built in correlation and directive rules. This fits the out of the box need.
- Ease of use. Of the four SIEM tools we investigated, Alien Vault was the only one to show in a demo how easy it was to use. Others made promises but Alien Vault showed proof. That has continued in our experience as well.
- Solid 3rd party monitoring and professional services. The company that performed the install was excellent. They helped us work through some configuration issues in our environment. We also decided to utilize a 3rd party for 24/7 monitoring and they have been excellent and responsive as well.
- Frequent improvements. Alien Vault appears dedicated to improving its product. In the relatively short time we've had it in place we have received several updates to features and functionality.
- The ad hoc search feature doesn't always return relevant results. Some of this may be a learning curve but some default queries would be helpful.
- Nothing else to really add. We've been very impressed with it so far.
AV USM - give it a few tasks and let it be!
- It has a good dashboard that provides a good sense of our overall security posture.
- It ties in well with emerging threats via its Open Threat Exchange system.
- It does a good job finding users out of compliance with our external VPN/Proxy policies.
- USM is great at identifying malicious network behavior.
- There is a big learning curve to the user interface. Once learned, its complexity makes it powerful.
- There are no alerts for system configuration alerts - such as full disks of the USM itself.
- There is no automatic offloading and archiving of old logs from the USM to an archival disk system. I have to manually SCP old logs off monthly.
AlienVault Unified Securtiy Management Review
- Excellent scan reports.
- Identifies vulnerabilities and provides solutions to them.
- Notifies immediately of any potential outside threats.
- Threat detection alerts not as easy to read as scan/vulnerability reports.
AlienVault, great tool for small and medium size business. It works!
- Monitoring of Windows devices with host based intrusion detection.
- Correlation of network based events using NIDS and SIEM.
- Knowledge of what is on your networks and what is occurring within them.
- Linux and UNIX based host agents. Only basic functions are available at this time.
- Tracking moving assets such as laptops.
AlienVault Can Work For You if You Have the Time to Work For It.
- The depth of what it can discover is vast. If set up to monitor network traffic in the proper place, it can detect any aberrant (and possibly malicious) network traffic.
- It's very easy to install the HIDS agent via the management interface, as long as the systems are Windows based.
- There are a ton of correlation directives already set up to help make sense of all the data coming into this box.
- Process for installing the HIDS agent on Linux could be easier. It's currently a manual process, and nowhere near as convenient as its Windows counterpart.
- WAY too many false positive alerts right out of the box. Without consultants to help fine-tune the rules, it would be useless, as any legitimate alert would be lost in a sea of false positive alerts.
- The inventory process needs to be better at tracking DHCP assigned hosts. Once a host gets inventoried, it doesn't take well to IP address changes. After that moment, anything with that IP address, whether it's the same host or not, will be identified as the original inventoried host.
USM All-In-One
Alien Vault's USM took care of most our concerns right out of the box - correlation logging, intrusion detection, network IDS, host IDS, network vulnerability testing and more. Setup was painless and quick.
A couple of areas I would like to see some improvement around are:
1. Seamless monitoring of both SQL and Web Server logs.
2. Security updates are manually downloaded and installed. The option to make this automatic would be nice.
- Event Correlation
- Incident Response
- Reporting and Alarms
- User Interface
- Log configuration for SQL and Web Servers
- 2FA
AlienVault: A SIEM That's Out of this World
- Centralizing and aggregating logs from sources of all types
- Searching through real-time and long-term events
- Flexibility and customization (Linux OS with open source tools, open for whatever hacking you desire)
- Performance is not great at more than 300 EPS; bottleneck appears to be the MySQL disk I/O
- Dashboards are decent to customize, but are lacking
- UI and services aren't always stable or predictable; when adding a new plugin it sometimes takes things like a reconfig command at CLI in order for the change to stick
AlienVault review
- User interface
- Ease of set up
- Open Threat Exchange resource
- None I can think of