Skip to main content
TrustRadius
AlienVault USM

AlienVault USM

Overview

What is AlienVault USM?

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…

Read more
Recent Reviews

TrustRadius Insights

Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network …
Continue reading

MSSP Review

8 out of 10
October 04, 2021
AlienVault offers a different experience as opposed to other SIEM tools where it can be set up and configured properly in a shorter amount …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 7 features
  • Centralized event and log data collection (8)
    8.5
    85%
  • Correlation (8)
    8.5
    85%
  • Event and log normalization/management (8)
    8.0
    80%
  • Custom dashboards and workspaces (8)
    7.0
    70%

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing

Essentials

$1,075

Cloud
per month

Standard

$1,695

Cloud
per month

Premium

$2,595

Cloud
per month

Entry-level set up fee?

  • Setup fee optional
For the latest information on pricing, visithttps://www.alienvault.com/products/pri…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services
Return to navigation

Features

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

8
Avg 7.8
Return to navigation

Product Details

What is AlienVault USM?

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.

Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.

Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.

Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.

AlienVault USM Features

Security Information and Event Management (SIEM) Features

  • Supported: Centralized event and log data collection
  • Supported: Correlation
  • Supported: Event and log normalization/management
  • Supported: Deployment flexibility
  • Supported: Integration with Identity and Access Management Tools
  • Supported: Custom dashboards and workspaces
  • Supported: Host and network-based intrusion detection

Additional Features

  • Supported: AlienVault Open Threat Exchange

AlienVault USM Screenshots

Screenshot of USM Anywhere NIDS Dashboard

AlienVault USM Videos

AlienVault USM Competitors

AlienVault USM Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo
Supported CountriesGlobal

Frequently Asked Questions

Splunk Cloud and Fortinet on IBM Cloud are common alternatives for AlienVault USM.

Reviewers rate Deployment flexibility highest, with a score of 8.6.

The most common users of AlienVault USM are from Mid-sized Companies (51-1,000 employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(735)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.

AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.

AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.

The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.

Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.

Based on user recommendations, AlienVault USM receives the following common recommendations:

  1. AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.

  2. Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.

  3. To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.

Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.

Attribute Ratings

Reviews

(301-325 of 390)
Companies can't remove reviews or game the system. Here's why
February 14, 2017

Reseller Review

Score 3 out of 10
Vetted Review
Verified User
Incentivized
We were previously a reseller of AlienVault USM, and we were working towards becoming a partner offering a service to clients within the UK. It is used for demonstration purposes across the whole of the organisation and is to demonstrate to prospective clients how the product exposes threats and how to overcome these within the USM.
  • The OTX integration, allowing other users to share their business concerns and how they were detected then addressed.
  • The multiple capabilities of the product, by offering integration of common security platforms into a single product.
  • The ease of installation and setup, especially used as a VM.
  • Whilst the initial support from AlienVault was good to start with, whilst we were looking to having an ACSE certified engineer, this has deteriorated over time.
  • The investment made by my company has not paid off. We were initially to become resellers, and then move to becoming a service provider and partner. The promotion of our business through the AlienVault website, was non-existent for 8 months, which for the market of client, was difficult to promote ourselves without not seeming bona fide.
AlienVault is well suited for businesses that are hosted over multiple sites, and I believe it is aimed primarily at the larger organisations. Although I believe the product would be beneficial to SMEs (especially as security is a concern for all businesses, the pricing structure would be a cause for concern for many of these. Our vision was to provide these smaller businesses the opportunity of having the protection, but taking away the need for an internal security officer, which many businesses would not be able to constitute in their budget.
Score 9 out of 10
Vetted Review
ResellerIncentivized
Alienvault's USM SIEM tool is currently in use for several clients of the MSP/MSSP I work for as a security engineer. While I have not been involved in all stages of deployment for all clients my role requires my involvement in all aspects of the product's lifecycle. As with many deployments, we utilize AlienVault USM as a SIEM tool and for SIEM related tasks.
  • Easy to Deploy
  • Easy to Maintain
  • Rockstar Support
  • Documentation, while expansive, is highly technical and less technical users may have issues appropriately utilizing the resources.
  • The AlienVault community of users is quiet but still contains good content.
  • AlienVault is less traditional and more "startup" this may or may not be a negative.
I would consider the AlienVault USM to be a market leader, especially in SMB. There may be other options that may be better in certain areas, however, AlienVault is very good at everything it attempts unlike many solutions that specialize in one area but lack in others. If you're looking for one aspect of the product, rather than the whole package you may sell yourself short.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Alienvault USM is being used as our main log collection and correlation engine. As we are a relatively small company, IT resources from all parts of the company feed into the USM. The main business problem it solved is insight into network and user activity along with the benefit of having applied threat intelligence through the OTX.
  • The price point is amazing.
  • Directives are highly customizable.
  • The open threat exchange is quite valuable as an open threat and IOC exchange.
  • The UI has a bit of a learning curve.
  • I would recommend a strong Linux background if you are going to do any custom plugins or directives.
  • Some events are fairly generic in terms of naming convention, which can require more hands on investigation.
Since we are a relatively small company, cost is a huge factor. When we were looking into entering the SEIM market, the price point of AlienVault couldn't be beat. Out of the several solutions we looked at, AlienVault was by far the most reasonably priced. From my experiences thus far, AlienVault would be most appropriate in a small to medium size environment, as it won't cause your finance department to run away screaming when compared to the price point of competitors.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
It's being used to provide security monitoring for the whole company as part of various compliance requirements and to provide a security baseline. The real-time monitoring and vulnerability scanning are excellent.
  • Real time reporting
  • Everything in one pane of glass
  • Threat intelligence
  • USM Anywhere lacks compliance reports
AlienVault USM Anywhere provides a vital insight into the real-time security situation across cloud, local VMware and physical servers as well as the inter-connecting infrastructure equipment. The configurable reports mean that we can tailor the reporting to our specific requirements and the vulnerability scanner and scheduling tools allow us to gather non-realtime information when the network is under less stress.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
I use AlienVault to protect our network from the threats we would otherwise not have known exist.
  • AlienVault shows intrusion attempts, where they're coming from, what device they're attempting to attack, and what account they're attempting to use.
  • The configuration was not the easiest.
  • Adding customization usually requires an experienced AlienVault consultant to complete.
I believe that any IT department would find at least some use for AlienVault. The threats you are unaware of are the ones that cause the most issues and AlienVault helps with that.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
This is being used by our InfoSec department and it addresses our SOC analysis daily operations.
  • Knowledge
  • Community Driven
  • Smart
  • Reliable
  • Mobile App Access to USM
It is well suited for any SOC Analyst to do daily operations.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
[It is being used] across the whole organization. We use it daily for detecting threats that come in or are already within the organization.
  • Clear and concise detections
  • Easy navigation
  • Heatmaps, great UI
  • Easy, customizable integration with current environment
  • Network activity like Qradar
AlienVault is great for threat focused monitoring. Support is also very efficient with helping us address integrations with existing solutions and platforms within the organization.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
At Aleph Tav Technologies, my colleagues in the Security Operations Center used the AlientVault USM procured under AlienVault's MSSP partnership program. The main purpose was enterprise security management, monitoring and incident response for our clients. We also used the features to analyze and examine our internal networks. We also used threat intelligence and vulnerability management to guide us in malware analysis.
  • Behavioral monitoring is mature and enables deep insights.
  • Customization-friendly.
  • Raw log.
  • Could have more analytics to support BYOD environments.
The USM is best-suited for remotely managing security for small and medium-sized organizations that need an integrated, easy to use and efficient solution to understand their threats and weaknesses and also harden their systems with ease and better decision making. It is a great tool for managed security providers since it enables them to give their clients a single-place control and oversight.
Peter Akinyele | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
ResellerIncentivized
The Alienvault USM has improved the security visibility for my clients. It has helped detect malware and network intrusion in these environments. Also, the reporting and alert features are awesome as prompt and understandable information is conveyed to managers, CIOs, CISOs and other senior IT management executives. The solution is great tool for a security operations center as a bird's eye view of the environment is seen and log integration [is available].
  • Host and Network IDS
  • Security Information and Events Management
  • Asset Discovery
  • Vulnerability Assessment
  • File Integrity Monitoring
  • Security Threat Intelligence via OTX
  • Security Intelligence
  • Netflow
  • Executive Dashboard
  • Reporting
AlienVault Unified Security Managment (USM) is best suited for a security operation center. The network and host intrusion detection system enable proper visibility for your environments as security events are well monitored within the environment. Also, the Alienvault USM is best suited for financial institutions in ensuring they are compliant with standards, for example, PCIDSS (payment card industry data security standard).
Score 6 out of 10
Vetted Review
Verified User
Incentivized
AlienVault is used to monitor and alert on events throughout our entire organization. It works to meet the security and logging requirements of PCI and run asset and vulnerability scans.
  • Simple and easy to read user interface.
  • Customization of Threat Intel Alerts.
  • Ability to search direct raw logs.
  • Their documentation for setup and administration needs to be more detailed and more encompassing.
  • Setting up for emailing alerts via gmail is difficult.
  • The deployment status should link you directly to the assets/devices that need to be configured in visibility.
December 16, 2016

good option¡¡¡

Javier Ramirez | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
ResellerIncentivized
We use the SIEM for clients in a SOC for log correlation of different products, vulnerability scanner, IDS and status of the assets. The problem that I have with it is the documentation for self support. We find poor content and lot of things on forums that have been erased that probably help.
  • Cheaper
  • Many funcional security tools to use
  • Includes Vulnerability Scanner
  • All in one
  • Poor Documentation
  • High system requeriments
  • Can't associate alarms
This product can be use for Enterprises that need intelligence detecting threats in the infrastructure, and unifying all security logs from different products (Firewall, Web filter, linux, Windows).
December 15, 2016

No Security Admin needed

Will Armistead | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
AlienVault is being used as a SIEM and IDS at our co-location environment. When I purchased AlienVault I thought I was going to spend a lot of time tweaking it to filter out all the noise. However, that has not been the case. I just let it run and address the very few alarms that come in. We also have not run a lot of scans to this point. Most of the vulnerabilities have been false positives or risks that my company have been willing to accept.
  • Displays alarms in a manner that is easily interpreted out of the box. We do not have a security admin so ease of use is important to us. The alarm panel is very easy to read and dig into when needed.
  • Easy implementation. They give all sorts of resources when implementing, but it is intuitive and easy to deploy.
  • Asset groupings are easy to manage.
  • Even though the AlienVault documentation is good, I would like to see documentation on security strategy. This product is focused on smaller companies that may not have a security admin so simple general practice strategy would be helpful.
  • This may be repetitive, but documentation on what to do or how to interpret alarms would be helpful. For example, what are the varying degrees of response to a nmap port scan.
The main reason I would recommend AlienVault is because of its niche market. This product is perfect for the small to mid size company. Having the USM really simplifies all your tools into one interface. You really don't need a Security Admin to manage this tool. I am just assuming that it would not work well for large companies that have entire security teams that manage different areas of security.
December 08, 2016

Alien Vault USM Review

Adrian Throssell | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
AlienVault is being used on a government contract to monitor and protect the environment in which the system sits. IT monitors all aspects from network traffic to ensuring all servers are available and running. Any attempt or threat is reported. We can run vulnerability scans to see where any work needs carrying out to ensure the system is not vulnerable.
  • Adaptability - you can tailor the system to whatever needs you have.
  • Vulnerability - Provides useful information to ensure all aspects of security are covered.
  • Monitoring - you can have additional users so eyes are on the system at all time.
  • Need to advertise more as they may get overlooked by some businesses.
  • Need to make more plugins although you can request a plugin to be created on your behalf.
  • Make the ticket system easier to work with on a daily basis.
We have an enclosed environment which is separate from the company networks. For this AlienVault USM provides a one stop solution to the needs. It doesn't compromise the system and in fact it has been a great asset to allow the levels of monitoring we have gained since using Alien Vault USM.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
AlienVault is being used for intrusion detection, vulnerability assessment, and SIEM in a PCI compliant environment.
  • We are able to run a vulnerability assessment and review any potential exploits and quickly resolve them.
  • IDS allows constant monitoring against malicious traffic on our network.
  • We are able to gather all the logs in one central location using SIEM and analyze all events.
  • We are still quite new in utilizing the product and don't have any enhancements at this time
AlienVault is great when needing to meet the various components of PCI compliance and AlienVault provides it in one simplified appliance.
Damian Ezequiel Zinni | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
ResellerIncentivized
Our company implements and manages AlienVault USM for external customers. Most of them use the product to help them with standards compliance, particularly log retention and internal vulnerability scanning.
  • Easy to deploy - USM can be deployed in a few hours. After that, you should configure endpoints to send events to it, and work on a baseline (e.g. filter false positives).
  • Behavioral analysis - USM has more than ~2.5k directives, and they are regularly updated. The product provides an easy-to-use and intuitive interface for monitoring and managing alarms.
  • Network Intrusion Detection - USM has a large signature database and also uses data from other sources to assess events' risk (e.g. the Open Thread eXchange). This helps increase visibility over network threats.
  • A handful of tools for cyber security - USM combines different tools in a single product to help you have more control on your environment and analyze possible risks.
  • Reports - Although USM has thousands of reports by default, most of them are very detailed and, therefore, lengthy. We would like to have executive reports for standards compliance, for example.
Customers who would like to better oversee their systems while having a set of tools that can help them analyze events and alarms in detail. The product is not a big data solution. While it can log a considerable [amount] of events and can be scaled-out to increase this, it's not intended to correlate a massive number of events, but rather be "smarter" in what to correlate.
November 23, 2016

ATC AlienVault Review

Bilal Khan, CISSP, CCIE, CRISC, ITIL | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
We have been using AlienVault for the past one year. We use it for log analysis and discovering all assets in our organization.

It gives us full visibility in our infrastructure and all threats in our organization.
  • Assets Managment
  • Risk Analysis
  • Log Analysis
  • Integration with external application
  • Back end engagement tools
It is well suited for environments with small IT footprint as it requires very little overhead.
Marco Estrela, PMP | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
ResellerIncentivized
We have been an MSSP for the province of Quebec for over two years now. SIEMs are just now becoming a topic of conversation in our region. We decided to distribute AlienVault's Unified Security Management solution for several reasons, the main ones being that it's a solution that offers more out of the box than others and for a more reasonable price.
  • More services out of the box (vulnerabilities, IDS, logs, asset inventory, FIM and more)
  • Reasonable pricing structure.
  • OTX is a great source of up to date threat intelligence.
  • Reports' look and design could use some work.
  • A testing period prior to a version release to ensure the AV community can test before updating its customers would be beneficial.
  • Technical support knowledge level can be hit or miss.
AlienVault Unified Security Management is well suited for medium to large companies who are conscious about their level of information security but don't necessarily have the budget to hire qualified personnel. In these cases, the MSSP program is an excellent alternative for them. AlienVault Unified Security Management is less suited for very large organizations who are not as inclined to lean towards a product derived from the open source world.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use Alien Vault USM to perform security log reviews. We have used general log collection software in the past but really needed to move beyond log collection to log inspection with intelligent alerting out of the box. We're a very small shop so we needed a SIEM tool that was easy to install, configure, and use. We also needed relevant alerts out of the box. We are at the point where we do receive alerts with actionable information.
  • Built in correlation and directive rules. This fits the out of the box need.
  • Ease of use. Of the four SIEM tools we investigated, Alien Vault was the only one to show in a demo how easy it was to use. Others made promises but Alien Vault showed proof. That has continued in our experience as well.
  • Solid 3rd party monitoring and professional services. The company that performed the install was excellent. They helped us work through some configuration issues in our environment. We also decided to utilize a 3rd party for 24/7 monitoring and they have been excellent and responsive as well.
  • Frequent improvements. Alien Vault appears dedicated to improving its product. In the relatively short time we've had it in place we have received several updates to features and functionality.
  • The ad hoc search feature doesn't always return relevant results. Some of this may be a learning curve but some default queries would be helpful.
  • Nothing else to really add. We've been very impressed with it so far.
Any small to medium sized business would be a perfect fit if they're in the market for a SIEM tool. It's ease of setup and use make it particularly well suited to those environments. I'm not sure about larger businesses and enterprises simply because we haven't had to scale it that large. But, it's at least worth a look. SIEM tools can be extremely complex to install and manage. With tighter budgets we couldn't afford 2-3 people to manage a SIEM tool for us much less around the clock monitoring. Alien Vault gives a full featured SIEM that we're able to use ourselves when we have time but allows us to afford 3rd party monitoring for the 24/7 security of knowing that critical activities will be seen and responded to.
Score 6 out of 10
Vetted Review
Verified User
Incentivized
We use AlienVault Unified Security Management (USM) to correlate logs from our various departments' own SIEM tools. We do not use USM as our master logger, but to pick out security concerns from all our other log management tools. We also have a few systems logging to USM directly. It provides us visibility into our vulnerabilities by performing scans and by looking for malicious patterns in network traffic.
  • It has a good dashboard that provides a good sense of our overall security posture.
  • It ties in well with emerging threats via its Open Threat Exchange system.
  • It does a good job finding users out of compliance with our external VPN/Proxy policies.
  • USM is great at identifying malicious network behavior.
  • There is a big learning curve to the user interface. Once learned, its complexity makes it powerful.
  • There are no alerts for system configuration alerts - such as full disks of the USM itself.
  • There is no automatic offloading and archiving of old logs from the USM to an archival disk system. I have to manually SCP old logs off monthly.
It's well suited if your environment already has good log collection, and if you have the ability to TAP network traffic for your campus. It can be hard to implement if you have to convince everyone to send your their logs, or if you don't have equipment already in place for network TAPS, as those can be expensive.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use AlienVault Unified Security Management to monitor all our servers and desktops across the entire firm. With AlienVault, we are able to see when an outside threat is trying to gain access to our system and allows us to take appropriate action to stop them. Also, we run a weekly scan on all our desktops which reports any potential software vulnerabilities that may be on a user's desktop. It is a very detailed report. It not only identifies the vulnerabilities, but gives you the solutions to them.
  • Excellent scan reports.
  • Identifies vulnerabilities and provides solutions to them.
  • Notifies immediately of any potential outside threats.
  • Threat detection alerts not as easy to read as scan/vulnerability reports.
Ideal for IT Managers who support remote offices. It is well suited for weekly vulnerability scans, and to report and identify any potential threats on any remote user's desktop or servers in remote offices, that you may support. It's excellent, in identifying any outside threats to your system.
Score 10 out of 10
Vetted Review
Verified User
AlienVault allows us to monitor the network and devices within our organization. Devices are pointed to AlienVault to gather information about their health and whether malicious threats are present or possibly housed there to be exploited at a later time. The information is then examined and alerts and possible threats are given to us to review. We use the tools AlienVault provides to then do correlation and deeper examination of possible threats.
  • Monitoring of Windows devices with host based intrusion detection.
  • Correlation of network based events using NIDS and SIEM.
  • Knowledge of what is on your networks and what is occurring within them.
  • Linux and UNIX based host agents. Only basic functions are available at this time.
  • Tracking moving assets such as laptops.
AlienVault is well suited for small to medium size businesses where they need precise information as resources are minimal. Having four tools within a single dashboard allows for greater viability and decision making capabilities as it is right in front of you. The amount of work AlienVault puts into ensuring that threat signatures are updated gives greater strength of protection faster than other tools that I have used.
Score 6 out of 10
Vetted Review
Verified User
Incentivized
It is monitoring network traffic and host file integrity to identify any potential intrusion or data security compromise. This information is used by Information Technology and Cyber Security only.
  • The depth of what it can discover is vast. If set up to monitor network traffic in the proper place, it can detect any aberrant (and possibly malicious) network traffic.
  • It's very easy to install the HIDS agent via the management interface, as long as the systems are Windows based.
  • There are a ton of correlation directives already set up to help make sense of all the data coming into this box.
  • Process for installing the HIDS agent on Linux could be easier. It's currently a manual process, and nowhere near as convenient as its Windows counterpart.
  • WAY too many false positive alerts right out of the box. Without consultants to help fine-tune the rules, it would be useless, as any legitimate alert would be lost in a sea of false positive alerts.
  • The inventory process needs to be better at tracking DHCP assigned hosts. Once a host gets inventoried, it doesn't take well to IP address changes. After that moment, anything with that IP address, whether it's the same host or not, will be identified as the original inventoried host.
It works well if you have staff to devote to its maintenance and tuning. It is for identification purposes only, but it does not work as a preventative measure.
October 20, 2016

USM All-In-One

Mike Traut | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Incentivized

Alien Vault's USM took care of most our concerns right out of the box - correlation logging, intrusion detection, network IDS, host IDS, network vulnerability testing and more. Setup was painless and quick.

A couple of areas I would like to see some improvement around are:

1. Seamless monitoring of both SQL and Web Server logs.

2. Security updates are manually downloaded and installed. The option to make this automatic would be nice.

  • Event Correlation
  • Incident Response
  • Reporting and Alarms
  • User Interface
  • Log configuration for SQL and Web Servers
  • 2FA
AlienVault USM is an all in one [tool] that works well for small to mid-size companies. It pretty much gives you everything you need to check all the boxes to perform day to day operations with a single pane of glass.
Jon Armani | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We deployed AlienVault to be used by our technical operations groups to log mainly infrastructure components of the company. This includes servers, firewalls, routers, switches, etc. and aggregating logs, then doing some cursory built-in correlation and alarms. Now that we've adapted to the product and my team is expanding, I'm looking to move to providing logging as a service to the rest of the company, such as application and debug-level logging for production and QA dev environments.
  • Centralizing and aggregating logs from sources of all types
  • Searching through real-time and long-term events
  • Flexibility and customization (Linux OS with open source tools, open for whatever hacking you desire)
  • Performance is not great at more than 300 EPS; bottleneck appears to be the MySQL disk I/O
  • Dashboards are decent to customize, but are lacking
  • UI and services aren't always stable or predictable; when adding a new plugin it sometimes takes things like a reconfig command at CLI in order for the change to stick
I've only used AlienVault in an environment monitoring around 1,000 nodes and with the all-in-one appliance. My first thoughts are that this product is great for companies our size and smaller, but with the advanced configurations of branched out sensors and servers (higher cost), it may be scalable for larger companies as well. It does what other SIEMs do but is more hackable and friendly to the power analysts needing to correlate lots of data.
October 18, 2016

AlienVault review

Score 8 out of 10
Vetted Review
Verified User
Incentivized
We use it across the company to detect threats that are occurring on our network and as a resource for new threat prevention. We started using after we got hit with a CryptoLocker virus.
  • User interface
  • Ease of set up
  • Open Threat Exchange resource
  • None I can think of
It is not suited to be used as an antivirus or malware detection and prevention [solution]. What it is good for is discovering new threats on your network, finding those threats and the backdoors it could be using, and closing those doors. Also, the OTX is great for threat prevention and preparation.
Return to navigation