AlienVault USM: Simplifying Security with Cost-Effective Threat Detection.
Our organization uses AlienVault USM to enhance the security posture and streamline our clients' threat detection and response. The …
Starting at $1,075 per month
View PricingOverview
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (8)8.585%
- Correlation (8)8.585%
- Event and log normalization/management (8)8.080%
- Custom dashboards and workspaces (8)7.070%
Reviewer Pros & Cons
Pricing
Essentials
$1,075
Cloud
per month
Standard
$1,695
Cloud
per month
Premium
$2,595
Cloud
per month
Entry-level set up fee?
- Setup fee optional
For the latest information on pricing, visithttps://www.alienvault.com/products/pri…
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Features
Return to navigation
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Features
Security Information and Event Management (SIEM) Features
- Supported: Centralized event and log data collection
- Supported: Correlation
- Supported: Event and log normalization/management
- Supported: Deployment flexibility
- Supported: Integration with Identity and Access Management Tools
- Supported: Custom dashboards and workspaces
- Supported: Host and network-based intrusion detection
Additional Features
- Supported: AlienVault Open Threat Exchange
AlienVault USM Screenshots
AlienVault USM Videos
AlienVault USM Competitors
AlienVault USM Technical Details
| Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
|---|---|
| Operating Systems | Unspecified |
| Mobile Application | No |
| Supported Countries | Global |
AlienVault USM Downloadables
- Unified Security Management vs. SIEM: a Technical Comparison
- AlienVault USM Anywhere: Datasheet
- AlienVault Fast Facts
- AlienVault USM Anywhere: Datasheet
- Beginner’s Guide to Open Source Intrusion Detection Tools
- SIEM for Beginners: Everything You Wanted to Know About Log Management But Were Afraid to Ask
Frequently Asked Questions
Splunk Cloud and Fortinet on IBM Cloud are common alternatives for AlienVault USM.
Reviewers rate Deployment flexibility highest, with a score of 8.6.
The most common users of AlienVault USM are from Mid-sized Companies (51-1,000 employees).
Comparisons
Compare with
Reviews and Ratings
(734)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Recommendations
Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.
AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.
AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.
The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.
Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.
Based on user recommendations, AlienVault USM receives the following common recommendations:
-
AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.
-
Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.
-
To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.
Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.
Attribute Ratings
Reviews
(376-390 of 390)Companies can't remove reviews or game the system. Here's why
November 17, 2015
AlienVault's USM Detects Malicious Traffic Trying to "Phone Home".
AlienVault Unified Security Management has been influential in identifying critical problems within our IT infrastructure and has been a critical asset to our company. We currently use it for the whole organization spanning 6 sites and covering several servers (physical and virtual) and supporting 120+ users. With our file server specifically, we are quickly able to be notified when a user has failed to authenticate and may be attempting to access files they're not supposed to.
- Aggregating information from our firewalls into a readable format allowing us to combat persistent threats to our perimeter.
- Aggregating information from our servers through system logs and other means when installed as a HIDS and displaying the content in a clear manner.
- As a NIDS, it does a wonderful job at analyzing traffic on the network and presenting me with a clear picture of what's traveling through my network that I may not want there.
- Changing the IDS rules seems complex at times. I have alarms that are repeatedly flagging false positives that I find it hard to disable.
November 17, 2015
Great product at a great value!
We currently use the AlienVault Unified Security Management system within our department and plan to expand its use across the entire organization. It has already detected various threats that we were able to quickly resolve. Without the use of this system we would not have known these threats existed. It has proven to be a valuable asset to our organization in a short period of time.
- Detect real-time threats, which allow you to quickly resolve them.
- Provides the necessary reports for management and auditors.
- Is configurable to your specific environment.
- The Traffic Capture in the web interface can only do 180 seconds. We needed to run another application to capture data for a 24 hour period. Would be a nice feature to use the AlienVault Unified Security Management system instead. Due to separation of duties we are not allowed to run this from the command line within the AlienVault Unified Security Management system.
- Be able to setup and receive email alerts based on the top three Alarm Events; System Compromise, Exploitation & Installation and Delivery & Attack. For example; as soon as a Delivery & Attack is detected, regardless of what directive catches it, an email is sent.
- Provide one manual that shows the basic setup of polices, how to modify directives, etc..
November 17, 2015
Senior analyst
We use Alienvault USM as our SIEM tool for event correlation and incident response, as well as asset discovery for active and passive devices on the network.
- great dashboard
- simple interface
- excellent vendor support
- mobile/tablet interface
- improved integration with Active Directory
November 17, 2015
AlienVault frees our team from inefficiencies
We use AlienVault Unified Security in the security operations department. We monitor traffic for the entire university campus and are looking at ways to allow departments to gain access and/or visibility at their level. We use it for asset discovery, SIEM, vulnerability scanning and as an intrusion detection system (IDS).
- The IDS works surprisingly well. Bumping the results up against APT specific devices, AlienVault catches a large percentage of that traffic.
- I love the open threat exchange (OTX). While we use several professional feeds, the OTX is fairly robust and provides a decent threat feed.
- I think the frequency of updates is great as well. I like knowing that there is a team of folks constantly trying to improve the product.
- I think the native reporting for vulnerability scanning is not very clean and does not effectively display the information our analysts are looking for. It's there, just not clear.
- I think the policy rule structure is a little convoluted. It works, but it has a learning curve.
- I wish that scanning was just automatic for assets rather than having to schedule a scan.
November 17, 2015
AlienVault USM With Little Previous Security Software
AlienVault USM is being used by us as a SIEM solution, first and foremost. We are shipping a variety of log files to the AlienVault USM from sources like our servers, switches, routers, firewalls, and basically anything that can send out syslog messages. It parses the log files and correlates them together for us automatically so that we have a visibility that random log review cannot provide. Additionally, we like the added features of vulnerability scanning, up time monitoring, NetFlow, and both network and host based IDS. The combination of solutions that reside together inside AlienVault USM was incredibly attractive to our company.
- Log correlation
- Network and Host IDS
- Vulnerability Scanning
- Certain reporting is difficult to use
- Availability monitoring is not customizable
October 13, 2015
My experience with Aliens - AlienVault USM
AlienVault Unified Security Management is being used by the IT department and IT Security Officer to manage daily IT security tasks and to keep those tasks in compliance with decisions made at the tactical and strategic level. In addition to IT security management AlienVault Unified Security Management is very useful in detecting various infrastructure problems.
- The best part of AlienVault, in my opinion is how USM handles alerts and sorts them to several levels by severity. This gives us an opportunity to do a fast triage between those alarms and to dedicate valuable human resources to the alarms that matter.
- Another thing I love about the AlienVault USM system is that you can check very quickly the external subject in whois database, domain or IP black lists, if they participate in any activity toward honeypot networks etc., from one trusted central point.
- By vulnerability scanning you can check if a company or external resource is vulnerable and with that information forbid an external resource or remove vulnerability. Now we do not just sit in the dark, we can say that we efficiently manage IT security.
- Also AlienVault USM becomes better and better with each new version.
- In my opinion AlienVault has to improve the asset inventory management module and return OCS GUI for easier management. Also detection and deletion of objects that are withdrawn from service should exist.
- Another thing that has a place for further improvement is automatic plugin generation and installation. Those operations are not so intuitive and manual writing and installation consumes lot of time.
- In the future versions of AlienVault USM I would like to see some sandboxing technology and official documentation about integration with honeypots.
October 02, 2015
This is One Alien You Want on Your Team
I have used individual products in previous jobs for log collection, file integrity, and vulnerability scanning. Most were very complicated and time consuming to set up and manage. With AlienVault Unified Security Management, I was intrigued with an all-in-one concept, which so far as proven to be extremely beneficial. It does take time to thoroughly learn and manage correctly, but having it all in one place is better than trying to piece three different components together. For example, I enter all assets / devices once into the system, not three times. Presently I use it across our entire organization, and most definitely for our in scope devices in our PCI compliance effort. Being able to group the specific devices for PCI is helpful, as is the reporting on those devices.
- As far as setting up the product for log collection, it's fairly straight forward and relatively painless. After walking through the setup wizard for the main appliance, pushing out the agents to all your windows devices is quick and easy. Some tweaking needs to be done once deployed, but overall the process is better than what I have experienced in the past with prior companies.
- The vulnerability scanning aspect of AlienVault is once again very straightforward. Since assets are already in the system for SIEM, it's great to be able to immediately run an scan on a single device, a group of devices, a specific network, or the entire organization. It also gives you the ability to run a lighter scan or a deeper scan.
- FIM is a little more involved for getting setup, but once it is, it seems to produce the results you are most likely looking for. Other products provide more in depth analysis, but tend to be too complicated to configure accurately. With AlienVault, it gets the job done without too much hassle.
- Having a dashboard for all components in one place again is extremely helpful. One login to see everything you need from basic events to critical alarms
- Although the wizard for setting up the appliance was good, for me personally, I decided to not push out the agents to all my devices. When it came time to do that, I had to install them one by one. I wish there had been more explanation regarding that. A change has since been made so that you can push the agents out with one click, but I hear that functionality still needs improvement. So I think more detailed documentation during setup would be helpful.
- The way FIM works is a bit different than others, and I had some difficulty initially getting it setup correctly. Again I think more documentation regarding FIM would be helpful, in addition to some examples of best practices on what to monitor
- A lot of my initial concerns have already been addressed or will be addressed in newer versions that are in development. In working closely with professional services, as concerns arise and mentioned, I am usually informed that whatever I have found is a known issue or a feature that is widely needed, and being worked on has we speak.
October 02, 2015
The Good and the Bad with AlienVault
I use AlienVault for log retention and analytics, our SIEM solution. It can address vulnerabilities, issue tracking, net flows, NIDS, HIDS, WIDS, and a few other things that are useful all in one platform. It can admittedly do a lot, but it also takes some work to get things going and keep them working.
- Very customizable
- Forums provide a very active community always willing to help because of the OSSIM (free) offering
- A lot of useful tools all in one place
- Not a lot of documentation
- Support staff is a mix of knowledgable and not so knowledgable in terms of what's going on in the background
- Sometimes it seems that upgrades are released without a lot of QA
October 02, 2015
Much more than just a cool product name!
AlienVault USM is used across the whole organization. As a bank, security is vital. Having the ability to perform weekly internal vulnerability testing, asset management, log correlation and intrusion detection is amazing; however AlienVault USM does much more.
Working in one of the most heavily regulated industries, making sure the products we utilize meet a certain standard of performance and capability. AlienVault USM has been reviewed by our 3rd party and Regulatory Auditors with favorable opinions.
- Vulnerability assessments with vulnerability remediation task management
- Threat Detection with Host and Network based IDS
- Security information event management with log/event correlation
- Reporting and Alarm with ticket tracking
- Automatic updating of threat intelligence updates
October 02, 2015
AlienVault USM - a user's perspective
We use AlientVault Unified Security Management across our entire organization to address PCI compliance and to improve our security posture. We use it to correlate and monitor security logs, for network intrusion detection, and for local host intrusion detection and file integrity monitoring.
- The cross-correlation in the SIEM module is very advanced. It will take in input from as many devices as you can throw at it, and will set up alarms when it sees suspicious activity.
- Having one central web-based location to view all security events and potential threats is incredibly useful.
- AlienVault USM provides an easy way to manage some very difficult, opaque technologies such as Ossec and Snort. These two technologies while powerful, on their own each require a lot of management without great support. AlienVault takes the management hassles out of your hands while still providing the functionality.
- Being able to access IP blacklists and community threats through the OTX functionality allows you to identify known bad external actors and correlate with internal network activity.
- There are a ton of built-in reports, however there is not a lot of guidance available on building customized reports, and the tools are not as robust as I would like.
- Plug-ins are available to parse syslog from different devices, but in my case at least none were available/up-to-date for my particular brand of hardware. Writing your own plug-ins is difficult and time consuming.
- Pre-sales set up support is fantastic, but once the sale is done if you need configuration support instead of technical support you're expected to pay separately. Not enough documentation available for tweaking and problems.
September 30, 2015
Making sense of the logging overload.
We purchased AlienVault Unified Security Management to assist with our efforts to become PCI compliant. AlienVault Unified Security Management rolls up a significant number of the PCI compliance steps into a single package streamlining our compliance and ongoing management.
- Identifying risks and vulnerabilities on systems it is monitoring.
- Log consolidation and analysis.
- Threat correlation between different systems.
- Building customized plugins for systems that do not already have plugins is very daunting. Some tool to help with analyzing the data from new log sources and helping to build the new plugin would be great.
- Wizards to step you through directive creation.
- Support for VM installations on Hyper-V as well as VMWare.
September 29, 2015
AlienVault USM - Surfing with the Alien
We deploy AlienVault sensors across 32 business units in 34 different Countries. We use the platform to gain visibility of the threats present in our network and directed at our critical IT assets. We use the SIEM to collect logs from a variety of systems and analyse them for security information and trends. We do not currently have any compliance requirements addressed by the product.
- The automated reporting and report distribution has been extremely useful, allowing us to schedule reports on things like asset updates, discovered vulnerabilities and systems being attacked. We automate these reports and distribute them by mail without additional intervention.
- The unified view of threats in the network has proven extremely useful in identifying false positives, as well as trends in attacks across the business. We can see if attacks are targeted at a particular business unit, or have been scaled up to impact the group as a whole. This allows us to gauge our response
- The integration of an asset inventory with details such as asset value, OS, location has allowed us to pinpoint areas of threats, and target our incident response much more accurately
- The use of a SEIM to analyse security alerts has reduced the amount of time we spend chasing false positives
- Reporting although good misses some simple enhancements. There are views in the console for example which assets have been scheduled for a vulnerability scan, which can not easily be extracted in to a report. Although there are a large number of canned reports, the addition of a simple report builder would significantly enhance the product's usefulness
- The vulnerability scanner reports are likewise an area where improvements could be made. For example it is difficult to identify a list of hosts that have had a particular vulnerability identified for targeted remediation.
- The asset import / export feature claims to use CSVs but the format is somewhat non-standard, and loading/saving the files in Excel does not result in easily managed files. Again, the asset information lacks some derived information such as alerts, scheduled for vulnerability scans, groups, etc. All of which can be derived elsewhere but with some effort
- The dashboard screens are useful but need to be expanded in to more areas of the products. For example rate of vulnerability remediation, or number of assets actively scanned / detected by the platform
September 29, 2015
Nothing is what it SIEMs
Our USM is primarily used as an importing building block in our Security Operations Center (SOC) and Network Security Monitoring (NSM) activities. It's used by the members of the security team alone, as they are responsible for all these activities. The USM is used to improve security visibility throughout the whole organisation, and to detect security incidents while they are happening.
- USM incorporates different technologies (HIDS, vulnerability scanning, netflow, NIDS...)
- USM is quite open, and you are pretty free to do what you want by using the command line (although that's less and less supported by AlienVault, which is a pity)
- Quite easy to scale up or down
- Not so easy to develop custom plugins compared to other vendors
- Not so easy to set up correlation rules compared to other vendors. For example, you cannot correlate on correlation rules.
- It's difficult to deal with static data (for example, personnel list), USM can only deal well with dynamic data like syslogs, netflow, data captures, etc...
- You can not use netflow in correlation rules.
- Data stored in the "Logger" is difficult and inefficient to query.
- Custom reporting is very limited. For example, it's impossible to create a bar chart to visualize most common attacked ports.
September 23, 2015
AlienVault first review for K-12 education
AlienVault Unified Security Management is used in PGCPS for security management, log management, IDP, etc., for the whole organization. It addresses state audit findings.
- IDP
- Alien Vaut is excellent. We just have 10G worth of traffic at some times of the year and growing. The best appliance though with a 10G NIC can do a best of 5G. This causes some complications on splitting up traffic to meet needs of the appliance.
- Would like to increase the number of events to keep in the database and archive, to keep more history. We are huge enterprise.
September 23, 2015
Distributed Alienvault USM for >5 years
We use AlienVault Unified Security Management as a central SIEM, HIDS, NIDS and vulnerability scanning. Our incident response team uses it daily, while our systems group has automated processes that protect external services.
- Centralized SIEM, even though collectors are distributed within segments.
- Correlation rules between HIDS/NIDS/SIEM is often left out of other products.
- Interface UX is well done and easily traverse-able to pinpoint concerns quickly.
- Upgrade process often leaves a lot to be desired.
- Requires a lot of hardware resources to make web UI load times bearable.