Overview
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…
TrustRadius Insights
Empowering Security Zenith with Unified Vigilance.
will I continue to use USM, Yes I would
Excellent security for your machine
MSSP Review
Great product but out of the box it needs a lot of work.
AlienVault is about as user-friendly as it gets for threat detection
Great if you can deploy and manage on-premises SIEMs
AlienVault - Not Worth the Price
AlienVault USM Anywhere, a SIEM that is easy on your pocket.
Unbeatable Security Machine
AlienVault USM Provides Heightened Security Awareness in the Legal Services Industry
Best product I've seen for a smaller enterprise network.
Great SIEM for enterprise environments
AlienVault USM is a really beneficial SIEM solution.
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (8)8.585%
- Correlation (8)8.585%
- Event and log normalization/management (8)8.080%
- Custom dashboards and workspaces (8)7.070%
Reviewer Pros & Cons
Pricing
Essentials
$1,075
Standard
$1,695
Premium
$2,595
Entry-level set up fee?
- Setup fee optional
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Features
Security Information and Event Management (SIEM)
Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools
- 8.5Centralized event and log data collection(8) Ratings
Effectiveness of real-time centralized event and log data collection
- 8.5Correlation(8) Ratings
Correlation of logs and events to pinpoint significant threats
- 8Event and log normalization/management(8) Ratings
Ability to normalize event syntax so that logs can be compared and are machine-understandable
- 8.6Deployment flexibility(7) Ratings
Ability to tune system to maximize threat detection and minimize false positives
- 7.3Integration with Identity and Access Management Tools(5) Ratings
Integration with access control tools like Active Directory and LDAP
- 7Custom dashboards and workspaces(8) Ratings
dashboards that can be customized to meet the needs of specific groups
- 8Host and network-based intrusion detection(5) Ratings
Ability to detect both endpoint intrusion and network ingress detection
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Features
Security Information and Event Management (SIEM) Features
- Supported: Centralized event and log data collection
- Supported: Correlation
- Supported: Event and log normalization/management
- Supported: Deployment flexibility
- Supported: Integration with Identity and Access Management Tools
- Supported: Custom dashboards and workspaces
- Supported: Host and network-based intrusion detection
Additional Features
- Supported: AlienVault Open Threat Exchange
AlienVault USM Screenshots
AlienVault USM Videos
AlienVault USM Competitors
AlienVault USM Technical Details
Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
---|---|
Operating Systems | Unspecified |
Mobile Application | No |
Supported Countries | Global |
AlienVault USM Downloadables
- Unified Security Management vs. SIEM: a Technical Comparison
- AlienVault USM Anywhere: Datasheet
- AlienVault Fast Facts
- AlienVault USM Anywhere: Datasheet
- Beginner’s Guide to Open Source Intrusion Detection Tools
- SIEM for Beginners: Everything You Wanted to Know About Log Management But Were Afraid to Ask
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(734)Community Insights
- Business Problems Solved
- Recommendations
Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.
AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.
AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.
The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.
Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.
Based on user recommendations, AlienVault USM receives the following common recommendations:
-
AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.
-
Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.
-
To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.
Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.
Attribute Ratings
- 7.2Likelihood to Renew18 ratings
- 6.4Availability3 ratings
- 7.3Performance3 ratings
- 6.7Usability34 ratings
- 7.3Support Rating25 ratings
- 8.3Online Training6 ratings
- 4.5In-Person Training1 rating
- 6.4Implementation Rating38 ratings
- 8Configurability3 ratings
- 6.3Product Scalability3 ratings
- 7.3Ease of integration3 ratings
- 8.2Vendor pre-sale3 ratings
- 7.6Vendor post-sale3 ratings
Reviews
(376-390 of 390)AlienVault's USM Detects Malicious Traffic Trying to "Phone Home".
- Aggregating information from our firewalls into a readable format allowing us to combat persistent threats to our perimeter.
- Aggregating information from our servers through system logs and other means when installed as a HIDS and displaying the content in a clear manner.
- As a NIDS, it does a wonderful job at analyzing traffic on the network and presenting me with a clear picture of what's traveling through my network that I may not want there.
- Changing the IDS rules seems complex at times. I have alarms that are repeatedly flagging false positives that I find it hard to disable.
Great product at a great value!
- Detect real-time threats, which allow you to quickly resolve them.
- Provides the necessary reports for management and auditors.
- Is configurable to your specific environment.
- The Traffic Capture in the web interface can only do 180 seconds. We needed to run another application to capture data for a 24 hour period. Would be a nice feature to use the AlienVault Unified Security Management system instead. Due to separation of duties we are not allowed to run this from the command line within the AlienVault Unified Security Management system.
- Be able to setup and receive email alerts based on the top three Alarm Events; System Compromise, Exploitation & Installation and Delivery & Attack. For example; as soon as a Delivery & Attack is detected, regardless of what directive catches it, an email is sent.
- Provide one manual that shows the basic setup of polices, how to modify directives, etc..
When scanning for assets, is the network performance degraded at all? If so, how much?
Senior analyst
- great dashboard
- simple interface
- excellent vendor support
- mobile/tablet interface
- improved integration with Active Directory
AlienVault frees our team from inefficiencies
- The IDS works surprisingly well. Bumping the results up against APT specific devices, AlienVault catches a large percentage of that traffic.
- I love the open threat exchange (OTX). While we use several professional feeds, the OTX is fairly robust and provides a decent threat feed.
- I think the frequency of updates is great as well. I like knowing that there is a team of folks constantly trying to improve the product.
- I think the native reporting for vulnerability scanning is not very clean and does not effectively display the information our analysts are looking for. It's there, just not clear.
- I think the policy rule structure is a little convoluted. It works, but it has a learning curve.
- I wish that scanning was just automatic for assets rather than having to schedule a scan.
AlienVault USM With Little Previous Security Software
- Log correlation
- Network and Host IDS
- Vulnerability Scanning
- Certain reporting is difficult to use
- Availability monitoring is not customizable
My experience with Aliens - AlienVault USM
- The best part of AlienVault, in my opinion is how USM handles alerts and sorts them to several levels by severity. This gives us an opportunity to do a fast triage between those alarms and to dedicate valuable human resources to the alarms that matter.
- Another thing I love about the AlienVault USM system is that you can check very quickly the external subject in whois database, domain or IP black lists, if they participate in any activity toward honeypot networks etc., from one trusted central point.
- By vulnerability scanning you can check if a company or external resource is vulnerable and with that information forbid an external resource or remove vulnerability. Now we do not just sit in the dark, we can say that we efficiently manage IT security.
- Also AlienVault USM becomes better and better with each new version.
- In my opinion AlienVault has to improve the asset inventory management module and return OCS GUI for easier management. Also detection and deletion of objects that are withdrawn from service should exist.
- Another thing that has a place for further improvement is automatic plugin generation and installation. Those operations are not so intuitive and manual writing and installation consumes lot of time.
- In the future versions of AlienVault USM I would like to see some sandboxing technology and official documentation about integration with honeypots.
I can't say if there are specific scenarios where it is well or less appropriate to use AlienVault Unified Security Management. I can say that in our scenario it is stable and works well. We established a stable, well working system after we answered a few questions during the planning phase:
1. Will we invest into infrastructure or outsource it?
2. What and where are the assets we will manage through AlienVault Unified Security Management?
3. Do we have a supporting infrastructure for AlienVault Unified Security Management at that locations?
4. How many traffic/events managed assets will be produced and will AlienVault Unified Security Management will be able to process them?
5. Do plugins for those assets exist or will we have to create them?
This is One Alien You Want on Your Team
- As far as setting up the product for log collection, it's fairly straight forward and relatively painless. After walking through the setup wizard for the main appliance, pushing out the agents to all your windows devices is quick and easy. Some tweaking needs to be done once deployed, but overall the process is better than what I have experienced in the past with prior companies.
- The vulnerability scanning aspect of AlienVault is once again very straightforward. Since assets are already in the system for SIEM, it's great to be able to immediately run an scan on a single device, a group of devices, a specific network, or the entire organization. It also gives you the ability to run a lighter scan or a deeper scan.
- FIM is a little more involved for getting setup, but once it is, it seems to produce the results you are most likely looking for. Other products provide more in depth analysis, but tend to be too complicated to configure accurately. With AlienVault, it gets the job done without too much hassle.
- Having a dashboard for all components in one place again is extremely helpful. One login to see everything you need from basic events to critical alarms
- Although the wizard for setting up the appliance was good, for me personally, I decided to not push out the agents to all my devices. When it came time to do that, I had to install them one by one. I wish there had been more explanation regarding that. A change has since been made so that you can push the agents out with one click, but I hear that functionality still needs improvement. So I think more detailed documentation during setup would be helpful.
- The way FIM works is a bit different than others, and I had some difficulty initially getting it setup correctly. Again I think more documentation regarding FIM would be helpful, in addition to some examples of best practices on what to monitor
- A lot of my initial concerns have already been addressed or will be addressed in newer versions that are in development. In working closely with professional services, as concerns arise and mentioned, I am usually informed that whatever I have found is a known issue or a feature that is widely needed, and being worked on has we speak.
The Good and the Bad with AlienVault
- Very customizable
- Forums provide a very active community always willing to help because of the OSSIM (free) offering
- A lot of useful tools all in one place
- Not a lot of documentation
- Support staff is a mix of knowledgable and not so knowledgable in terms of what's going on in the background
- Sometimes it seems that upgrades are released without a lot of QA
Much more than just a cool product name!
AlienVault USM is used across the whole organization. As a bank, security is vital. Having the ability to perform weekly internal vulnerability testing, asset management, log correlation and intrusion detection is amazing; however AlienVault USM does much more.
Working in one of the most heavily regulated industries, making sure the products we utilize meet a certain standard of performance and capability. AlienVault USM has been reviewed by our 3rd party and Regulatory Auditors with favorable opinions.
- Vulnerability assessments with vulnerability remediation task management
- Threat Detection with Host and Network based IDS
- Security information event management with log/event correlation
- Reporting and Alarm with ticket tracking
- Automatic updating of threat intelligence updates
It is well suited for a higher security conscious environment. If you have multiple users or one user, the task management and the alarm management tool is a great way to manage tasks.
I would suggest some basic knowledge of Linux and would suggest purchasing a setup review with the AlienVault tech team after your initial installation. This will help to ensure that your settings are correct and are maximized for the best security and performance.
AlienVault USM - a user's perspective
- The cross-correlation in the SIEM module is very advanced. It will take in input from as many devices as you can throw at it, and will set up alarms when it sees suspicious activity.
- Having one central web-based location to view all security events and potential threats is incredibly useful.
- AlienVault USM provides an easy way to manage some very difficult, opaque technologies such as Ossec and Snort. These two technologies while powerful, on their own each require a lot of management without great support. AlienVault takes the management hassles out of your hands while still providing the functionality.
- Being able to access IP blacklists and community threats through the OTX functionality allows you to identify known bad external actors and correlate with internal network activity.
- There are a ton of built-in reports, however there is not a lot of guidance available on building customized reports, and the tools are not as robust as I would like.
- Plug-ins are available to parse syslog from different devices, but in my case at least none were available/up-to-date for my particular brand of hardware. Writing your own plug-ins is difficult and time consuming.
- Pre-sales set up support is fantastic, but once the sale is done if you need configuration support instead of technical support you're expected to pay separately. Not enough documentation available for tweaking and problems.
Making sense of the logging overload.
- Identifying risks and vulnerabilities on systems it is monitoring.
- Log consolidation and analysis.
- Threat correlation between different systems.
- Building customized plugins for systems that do not already have plugins is very daunting. Some tool to help with analyzing the data from new log sources and helping to build the new plugin would be great.
- Wizards to step you through directive creation.
- Support for VM installations on Hyper-V as well as VMWare.
AlienVault USM - Surfing with the Alien
- The automated reporting and report distribution has been extremely useful, allowing us to schedule reports on things like asset updates, discovered vulnerabilities and systems being attacked. We automate these reports and distribute them by mail without additional intervention.
- The unified view of threats in the network has proven extremely useful in identifying false positives, as well as trends in attacks across the business. We can see if attacks are targeted at a particular business unit, or have been scaled up to impact the group as a whole. This allows us to gauge our response
- The integration of an asset inventory with details such as asset value, OS, location has allowed us to pinpoint areas of threats, and target our incident response much more accurately
- The use of a SEIM to analyse security alerts has reduced the amount of time we spend chasing false positives
- Reporting although good misses some simple enhancements. There are views in the console for example which assets have been scheduled for a vulnerability scan, which can not easily be extracted in to a report. Although there are a large number of canned reports, the addition of a simple report builder would significantly enhance the product's usefulness
- The vulnerability scanner reports are likewise an area where improvements could be made. For example it is difficult to identify a list of hosts that have had a particular vulnerability identified for targeted remediation.
- The asset import / export feature claims to use CSVs but the format is somewhat non-standard, and loading/saving the files in Excel does not result in easily managed files. Again, the asset information lacks some derived information such as alerts, scheduled for vulnerability scans, groups, etc. All of which can be derived elsewhere but with some effort
- The dashboard screens are useful but need to be expanded in to more areas of the products. For example rate of vulnerability remediation, or number of assets actively scanned / detected by the platform
Nothing is what it SIEMs
- USM incorporates different technologies (HIDS, vulnerability scanning, netflow, NIDS...)
- USM is quite open, and you are pretty free to do what you want by using the command line (although that's less and less supported by AlienVault, which is a pity)
- Quite easy to scale up or down
- Not so easy to develop custom plugins compared to other vendors
- Not so easy to set up correlation rules compared to other vendors. For example, you cannot correlate on correlation rules.
- It's difficult to deal with static data (for example, personnel list), USM can only deal well with dynamic data like syslogs, netflow, data captures, etc...
- You can not use netflow in correlation rules.
- Data stored in the "Logger" is difficult and inefficient to query.
- Custom reporting is very limited. For example, it's impossible to create a bar chart to visualize most common attacked ports.
AlienVault first review for K-12 education
- IDP
- Alien Vaut is excellent. We just have 10G worth of traffic at some times of the year and growing. The best appliance though with a 10G NIC can do a best of 5G. This causes some complications on splitting up traffic to meet needs of the appliance.
- Would like to increase the number of events to keep in the database and archive, to keep more history. We are huge enterprise.
Distributed Alienvault USM for >5 years
- Centralized SIEM, even though collectors are distributed within segments.
- Correlation rules between HIDS/NIDS/SIEM is often left out of other products.
- Interface UX is well done and easily traverse-able to pinpoint concerns quickly.
- Upgrade process often leaves a lot to be desired.
- Requires a lot of hardware resources to make web UI load times bearable.