AlienVault USM Reviews

<a href='' target='_blank' rel='nofollow noopener noreferrer'>Customer Verified: Read more.</a>
610 Ratings
<a href='' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 7.9 out of 100

Do you work for this company? Manage this listing

TrustRadius Top Rated for 2019

Overall Rating

Reviewer's Company Size

Last Updated

By Topic




Job Type


Reviews (76-100 of 353)

Ryan Collins | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
Alienvault was selected as our SIEM solution to provide cutting-edge monitoring, analytics and alerting, and it has the added benefit of being able to conduct vulnerability assessments and provide endpoint detection and response. There is a lot of noise when deploying any SIEM solution, but Alienvault is unique in that it can be effective, practically right out-of-the-box, and anything required beyond that is satisfied by their great support team and available training. I have found that USM Anywhere can fill a critical gap in your security program, and I would recommend it for both small, medium, and large businesses.
  • Anomaly Detection and Identification
  • Digital Forensics/Incident Response
  • Log Correlation and Built-in Attack Signatures
  • Cloud Security Monitoring
  • Would be nice to have better error messaging, specifically around credential failures.
If you have a new, small company that needs effective monitoring and alerting right out of the box, I would say that AV has a lot less deployment and overhead than many SIEM solutions. That said, it can scale quite well and is particularly nice to operate when dealing with cloud infrastructure.
Due to the predefined correlation and orchestration rules, baked-in dashboards and reports, I would say it is a leader in providing effective threat detection and ROI within a very short period after deployment, from my experience.
Read Ryan Collins's full review
Francis Aghedo | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
The USM is being used by the IT department as a SIEM, giving our organization a 360 view of what's going on in the network infrastructure, and more focus on the critical infrastructures which has been plugged-in to send all their log activities. The AlienVault USM has made it simple by the creation of plugins which makes it easier to express the logs in simple expression for easy understanding.
  • Large plugin base to accommodate different devices.
  • Easy to deploy.
  • Easy management.
  • Makes network monitoring and actionable steps clear and simple.
  • Updating the appliance to a newer version.
  • More control over which devices will be allowed to log into a database and which ones that should just appear, so that the database will not get filled up quickly.
Threat detection both on-premise and external, especially the feature of having the OTX, which comes in handy in giving more insight as to the threat being faced. The OSSIM feature is also a big plus where HIDS for windows and Linux based workstation and servers can be monitored. The correlation rules are made easy for any admin to easily manage.
AlienVault helps in:
- Threat insight through OTX.
- Network Intrusion Detection System.
- Host Based Intrusion Detecting Solution.
- Alienvault gives the ability to monitor up to 5 public IPs, which we use in knowing the hits trends to our network.
- The deployment steps are direct and easy.

Read Francis Aghedo's full review
Kirk Fischer | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We use AlienVault USM across our entire organization. It was purchased to help us improve our ability to respond to cyber security threats by keeping up with patching and tracking down vulnerabilities on our network. We took these steps after paying to have penetration testing done on our network.
  • AlienVault USM helps our IT staff stay on top of patches.
  • AlientVault USM makes it easier for our IT staff to track down vulnerabilities.
  • AlienVault USM provides steps to correct any vulnerabilities that may arise.
  • AlienVault's staff were very helpful in setting up their product on our network. There was plenty of opportunity for training.
  • AlienVault USM can be cumbersome for a small IT staff to manage. We still use AlienVault USM but now pay a third party to help us manage it.
AlienVault USM is appropriate for companies looking to improve cyber-security without investing heavily in additional IT staff. There is a considerable learning curve associated with this product so it's worth considering letting a third party manage it for you.
AlienVault USM is much more comprehensive than other security technology that we had previously used. It allows us to stay up to date on important preventative measures for keeping our network safe and provides detailed directions for addressing issues.
Read Kirk Fischer's full review
Corey Foster | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
AlienVault USM Anywhere is being used across the entire organization, for full network monitoring of all systems including election systems. We also are using AlienVault in our Azure environment for monitoring of applications and virtual machines that are housed in the cloud. This is through firewall logs and the AlienVault Agents.
  • Normalization of logs that it receives
  • Know threat alerts
  • Amount of data it keeps track of
  • Easier connection with the Cisco Umbrella system
  • Better systems integrations
  • Simpler log clean ups and alerts
AlienVault USM Anywhere is well suited in the log normalization, log retrievals, It helps in reviewing logs in one location so you are not bouncing from one server or equipment to the next to view logs and network traffic. It helps to make the job a little bit easier to perform.
Read Corey Foster's full review
XianJiang Cai | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
USM being used for our whole organization. It is deployed via sensor on various regions to capture in/out data for monitoring potential risk. We use USM as a centered logger and analysis system also collecting data from firewall/VPN, Office365, Crowstrike and others. It's convenient to integrate various plugins for gathering data/alert from different clouds/platforms. The whole system setup is pretty straightforward and not difficult to use
  • Risk analysis is accurate. Cloud-based rule update means less hassle.
  • Integrated plugins help centralize log/alert into one system.
  • Filter/suppress rule is very easy to set. Easy to fit to our current traffic pattern.
  • It's a pain to check each individual alert for detail, I wish there was a popup window or something similar to quickly go through each unusual alert.
  • The UI seems not that efficient, and a little bit slow in my opinion.
  • I wish we had a Kibana-like quick search criteria change function, click and go.
It has done very well on a complicated network environment. It detects risk very well. No need to mess with Suricata rules.

We also deploy Suricata + Kibana + Es alone with a USM sensor. Both act pretty much the same. USM does have the advantage of stack or reduce duplicated alerts. We found lots of coin miner programs via USM. That helps a lot. We also fixed some configuration issues based on various attack attempts detected on USM.
Read XianJiang Cai's full review
Tim Valus | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
AlienVault USM is being used by the IT department for its vulnerability scanning, intrusion detection, and event correlation. It's a fairly new product for us and we're still getting acclimated to it but so far it's been very useful in giving us greater visibility into our environment.
  • Vulnerability assessment is very good. Especially with the software on servers and workstations.
  • Event correlation has helped tremendously by centralizing all the data into one feed that we can filter easily.
  • Support, training, and implementation were top notch. Very helpful people who answered questions clearly and concisely.
  • For a company that is on the smaller side as far as the number of employees and computer systems, the storage available in our tier could get eaten up quite quickly. It wasn't that easy for us to know where to go from a storage tier startup standpoint.
AlienVault USM is very well suited for a small to medium-sized business who may have 20+ servers and 50-75+ workstations in use but who may not have a dedicated security person/team, or the security tools that are becoming more and more needed in businesses of almost all sizes these days. There is also an MSP version of AlienVault USM, so even smaller companies could leverage the product through one and still get all the intelligence without the need for a person or department to operate the software.
AlienVault USM is the first security technology that we have used in any sort of formal way here so I can't really compare it to any other products that were used in a production environment. That being said, the very next day following implementation, AlienVault USM alerted me to an attempted breach of one of our systems. So in my mind that says quite a bit about its effectiveness. I would hope other products would be as good, but I know that AlienVault USM is.
Read Tim Valus's full review
Elliott Yau | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We use AlienVault USM to satisfy PCI DSS requirements. Namely event logging and audit, change audit, and Intrusion Prevention services.
  • Lots of built-in out of the box functionality.
  • Easily satisfies several PCI DSS requirements.
  • Event logging is easy to navigate and presented well.
  • Initial setup is quite tedious.
  • Network setup for IDS caused us to bring our network down a couple of times.
  • Reports aren't very good.
AlienVault USM is good for meeting PCI DSS requirements but is not very appropriate if you need only bits and pieces from the application. It's good for bigger companies, although the cost may scare off smaller businesses.
It's pretty good at detecting threats. Although there have been quite a few false positives that we've had to go and whitelist. For example, some of the agents on the DC are extremely noisy, filling our storage with mundane event logs.
Read Elliott Yau's full review
Clint Siebert | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
Currently it's only being used by the IT department to identify suspicious network activity, which we did not monitor prior to implementing AlienVault. One day after implementing AlienVault, we were notified of a bitcoin miner on our FTP site. Sure enough, when I logged into that machine and ran a malware scan, it picked up a Bitcoin Miner.
  • Report suspicious network activity.
  • Display all threats in a nice dashboard.
  • Notify me of what other people have encountered with "Pulses."
  • Make initial setup easier.
  • Make their certification test not so ridiculously tedious with oddly specific questions.
  • Provide better remediation steps.
Well suited: monitoring strange network traffic.
Not well suited: for people who expect an easy plug-and-play solution.
As I mentioned earlier, we had only one day go by and AlienVault detected a bitcoin miner on my FTP server. This thing could have been running indefinitely had AlienVault not notified us of the suspicious activity. We are at a point now where we really need all the help we can get to manage these threats. AlienVault did that for us after one day.
Read Clint Siebert's full review
David Green | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Review Source
We are 200 employees strong and have presence in 5 states. We utilize AlienVault (AV) across our entire MPLS network. It addresses the issue of visibility of our servers and workstations to analyze potential threats and less common issues with auditing we wouldn’t otherwise catch but can cause major issues if not resolved.
  • AlienVault is very customizable. We can set up many built-in rules and alerts which saves time but can also be extremely granular to properly scan our unique network.
  • Great technical support. When I need assistance setting up a new sensor or target scan, AlienVault engineers are there to assist and get me on track.
  • Although the interface shows a lot of development and thought put into it, there are some buggy issues at times with simple form submission and web navigation.
  • Initially setting up Alien Vault in our environment was challenging and there was a lack of support around the “hardware level” meaning our VMWare environment.
AT&T sold us AlienVault as a replacement for penetration testing but before investing do your research. AV is a great tool but ultimately is just. SEIM. It’s the best SIEM on the market but it does have limitations. AT&T needs to be aware of this and how they sell this.
Other security measures like antivirus only find malicious threats after they have infected one or multiple computers. AlienVault's real time scanning can detect these threats are they are attempting to propagate through my network.
Read David Green's full review
Tyler Michels | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
This is currently being used across our corporate environment to help monitor our firewalls that process all associate traffic, active directory, O365, etc. This product has helped us to gain more visibility into the traffic that is being sent across our network and help identify threats quicker. Currently, the Security department is in charge of all that is AlienVault, and have given read access to a few neighborliness departments.
  • Ability to tune alarms and events to your liking. Very easy to get rid of false positives that are known in your environment, and create actionable alerts for legitimate alerts.
  • The simplicity of the dashboard. Everything within AlienVault USM Anywhere is easy to navigate and configure. From sorting logs to creating new users, the layout is natural and easy to figure out.
  • The Architecture of the SaaS deployment went smoothly and is very simple and expandable. Very little to worry about on our side with great results.
  • Support response time and incident handling have some room to improve. We had major issues with a sensor, and it took several days to get a response. Once we got a response the issue was corrected, it just took a while to get our engineer on the phone.
  • Small bugs in the way that the syslog packets are read and normalized. Reading the time in the packet wrong has been the biggest issue we have found so far that is without a solution.
  • Complicated Architecture to fully use the product. Requiring port mirroring to use the IDS portion of Alienvault is quite challenging when dealing with a large network size and diverse locations such as ours.
Has generated many actionable alerts that we chased down and identified as real threats in our environment. The correlation with OTX has proven to be quite useful and saved a lot of time when trying to determine if a specific host is malicious. The integrations with firewalls could be a bit better so that the IDS component in AlienVault can be fully utilized without using port mirroring.
The OTX platform has proven to be instrumental in identifying threats in our environment quickly and accurately. The ability to correlate login events to known malicious hosts, and generate actionable alerts has been the most utilized feature and generated the most actionable alerts. We did not get far enough into testing Exabeam to determine how their product handled these types of identifications, but I am quite impressed with Alienvault's solution.
Read Tyler Michels's full review
Dustin Hannon | TrustRadius Reviewer
April 06, 2019

Things to think about

Score 6 out of 10
Vetted Review
Verified User
Review Source
It is being used by the IT department for internal vulnerability scans and log collection. It also plays a role in providing information to our internal and external auditors.
  • It is good at doing internal scans of end-user devices to find vulnerabilities without the need of installing an agent or client on each device.
  • It is good at being a log server. A place to send logs for all of your networking devices, such as switches, firewalls, and other solutions that accept log servers.
  • Its ability to collect logs from Barracuda solutions needs heavy improvement. How it collects and organizes the data isn't very useful.
  • The end device client, which is optional, and can be installed on any device you want to collect more data from, has compatibility issues with quite a few products we use, and anti-virus software in-particular doesn't like it. We have also had some performance issues with devices the client is installed on.
  • The way collected data from all devices and locations is presented to the user in the web portal is not as user-friendly or as clean as it could be. It tends to show too much useless data and too many categories, making it easy to miss the important parts.
AlienVault was not a replacement for any of our current solutions. It was an addition to them, because it collects some data our other solutions do not. We hoped for AlienVault to be able to replace most if not all of our similar solutions and log servers, but it just doesn't get the job done on that front.
Our environment is complex and stretched across many physical offices. This limited how we were able to use AlienVault. We are not currently able to use or enable all of its features. In a simple network infrastructure, AlienVault would do much better.
Note that the cost of the AlienVault product itself will most likely not be your only costs. It will require your network engineer(s) to spend multiple hours configuring or re-configuring your infrastructure to make some of its features work, such as mirror ports and virtual hosts to collect all network traffic from your core.
AlienVault is a good product for detecting vulnerabilities, but does not replace our other solutions.
For instance, our firewall solutions do a much better job at logging and providing real-time alerts of issue and attacks. Our SAL monitoring solutions provide uptime and performance that is outside the scope of features for AlienVault.
Read Dustin Hannon's full review
Jonathan Bourgeois | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
I love that it integrates with everything and at different levels. I wish ISO27k was implemented as PCI-DSS for the "Compliance-scoped assets", but so far I love the product. It's the best of both worlds - having opensource stuff as well as support.
  • AWS integration.
  • Google integration.
  • Asset grouping.
  • Incident-automation with ServiceNow.
  • Knowing software versions and asset information, we should be able to know the vulnerabilities as they come out without having to rescan the inventory. A rescan could be done to validate the info is still true (about versions and stuff), but instead of va-scan being the vulnerability "informer", you could check when a new vulnerability comes out - if we had this software/service configured somewhere.
  • Malware protection? I'm honestly not sure as there's not a lot that AlienVault doesn't do :)
So far I love the tool. It's backed by a huge company, I would recommend it to my friends working in small to medium-sized companies.
It's easy to deploy. The dashboards accurately represent the risk and attack vector.
Read Jonathan Bourgeois's full review
Aaron Hodges | TrustRadius Reviewer
July 05, 2019

So far so good

Score 7 out of 10
Vetted Review
Verified User
Review Source
Currently, we use it for all of our log shipping. Also, we use the port mirror function for all of our network traffic.
  • Vulnerability lists.
  • Log storage.
  • Integrations.
  • Tech support.
  • Releasing unstable agents.
  • Did I mention support?
It's best for smaller companies who don't have the time to see a 10,000 view of their network.
Between AlienVault and our antivirus software, we have a solid foundation.
Read Aaron Hodges's full review
Tyler Frazer | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We are using AlienVault as a SIEM, Log Manager, FIM, and Vulnerablility Management tool. It is used across the whole organization. We need to be HIPAA compliant, so it addresses the need for a log manager, vulnerability scanner, policy report generator, and FIM.
  • log management
  • vulnerability management
  • correlation alerts
  • Policy Reports
Where people need multiple tools, but would prefer using one vendor.
AlienVault is very effective at finding and remediating vulnerabilities. Finding the needed patch or needed changes are now much easier.
Read Tyler Frazer's full review
Jason LeBlanc | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
USM is the SIEM used to collect data across the entire environment, that data is used to report to the QSA for PCI compliance. It has greatly helped find problems as well as streamline our PCI compliance reporting. What was once very manual and time consuming is not simply pulling reports.
  • Find security issues such as malware.
  • PCI compliance reporting.
  • Deep dive into various issues in the environment.
  • UI could be streamlined some.
USM is a good catch all SIEM with a price point well below the competition.
We catch at least once malware event each week.
Read Jason LeBlanc's full review
Jasmine Martinez | TrustRadius Reviewer
February 09, 2019

Down, Dirty, And Honest.

Score 7 out of 10
Vetted Review
Verified User
Review Source
AlienVault is currently being used first and foremost to monitor vulnerabilities and audit assets/events received from within our network.

As the Chief AlienVault engineer within the company the product has had its ups and downs, And requires a good amount of knowledge with regards to Linux, and the many smaller components which make AlienVault what it is (e.g. rabbitmq, MySQL, openvas, ossec, NAGIOS, Ansible, NMAP, etc. etc.). To really get any worth beyond what AlienVault provides "out of the box", And you may find your head against a wall occasionally with support as they may be slightly inexperienced in some regards (but this can be said about any product if you support it long enough).

With that said, It excels in every single possible task you may throw at it as a security appliance, There really isn't much else like this SIEM that gives you a nice top-down view of what's going on within your network. Very good value if you're just using something simple like this for basic necessities such as raw log management, and event escalation.
  • Log management - Out of the box, Alienvault already comes with a ton of plugins for a lot of industry standard names (VMware, Cisco, Brocade, Microsoft... ) with automatic categorization.
  • Vulnerability Scanning - With a consistently updated threat-Intelligence database, this is invaluable to highlight some of the weaker points within your network. Maybe that newbie you hired left the default credentials? Maybe a new patch was pushed out for a piece of hardware or software you use that is a serious issue?
  • OTX - The Open Threat Exchange which AlienVault manages and updates is fairly consistent with making sure that outside of the updated directives events which are available to the appliance to correlate with the data you receive from the devices you are monitoring from within your network. For example, checking if an outbound firewall log has information on an asset communication with a known malicious server, or if you have files on that very asset or another asset which match hashed values showing that the server may have been potentially compromised.
  • Support - The support is the *WORST*!, They take a *VERY* long time to respond, and half the time they're just skimming over the issue instead of actually asking questions to be better informed!
  • Buggy Updates - I've had my fair share of issues with the USM Appliance that have either been through updates or oversights from AlienVault's end that have either left the appliance in a degraded or broken state. The most recent 5.6 Update left a lot of people hanging due to failed database upgrades. YOU WILL NEED LINUX KNOWLEDGE IF YOU PLAN TO TAME THIS BEAST.
  • Complexity - A lot of people start out with AlienVault and stare like a deer in headlights at the amount of drop-downs and different pages and menus available. While, Yes, AlienVault is a very technically complex package as it's based on many different working components that work with each other. A lot of this data can be more easily presented to the end user. And quite a bit of the documentation on their website is actually out-dated. But then again, managing a SIEM is a full-time job - you hire one person to do *Just That*.
If the receiving/managing engineer is well experienced or willing to learn, then the value AlienVault can provide is understated, it's a must. For a one-man shop, this also provides great value for being able to more accurately gather and assess what may be happening in your network.
In a preventative aspect? You will be relying on vulnerability scans, and hoping you configured the right events and assets to escalate... And it's fairly decent and comprehensive at that.

In a post-threat scenario? AlienVault should give you a good overhead view of whodunnit, it's just the time it may take to piece together that data may take a while depending on what logs you are sending to it, and how chatty it is.
Read Jasmine Martinez's full review
Edward Fuller | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
USM provides a proactive response to intrusions, threat management, and provides a view of the risk.
  • Sensor integration is relatively easy.
  • Technical support for unique situations is extremely helpful.
  • Billing sucks since AT&T bought AlienVault.
  • Accounting takes weeks to do a simple change of address.
  • The administrative side is not customer focused and you feel like you are inconveniencing them.
Works well with security architecture, not so well with flat networks.
Read Edward Fuller's full review
Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use AlienVault to provide alerts for any irregular login activity along with other network behavior that is outside normal expectations. AlienVault also aggregates all our log files from network and edge devices into a single, searchable database. It corroborates events from various systems to better report on any unusual activity.
  • Alerts on login activity from unexpected locations (countries)
  • Aggregating log files for easy searching
  • Better interpretation of errors into more natural language
  • Easier grouping or categorization of alerts in order to assign them more efficiently to appropriate users/groups
AlienVault is well suited for environments with multiple locations and multiple internet connections. The more complicated the network topology, the better AlienVault shines. That's not to say that it is not well suited to smaller organizations with fewer links, it works fine there as well. It also is well suited in complex environments where a variety of equipment is used and where little, if any, synergy exists between disparate systems. AlienVault easily takes from, and understands, log entries from various types of systems and interprets them as a whole.
AlienVault has provided the most insight into our network and given us the best view of potential security threats of any application we've used to date. It gives us timely alerts on odd behavior, notifies us when user accounts are used in unexpected places and gives us an easy way to search across multiple log files from disparate vendors in order to more easily discover threats.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use AlienVault as an integral part of our information security program. It is being used by the whole organization for threat detection, incident response, and compliance management. Helping us maintain NIST Cybersecurity compliance, the main features we use are asset discovery, vulnerability scanning, and intrusion detection. It has also helped implement forensics, log management, and user activity monitoring. AV helps us take a proactive approach to security as it automatically detects threats and keeps us updated so we can focus on mitigating risk and managing responses.
  • Easily integrates with AWS cloud infrastructure.
  • Provides an intuitive interface to analyze raw logs and investigate potential threats.
  • Automates vulnerability scanning.
  • Alerts to potential threats and intrusions.
  • Raw logs are only available via the UI for the last 30 days. It would be great if you could choose to load archives into the system for investigation when needed.
  • It would be awesome to have an implementation checklist to see how the different features map to various compliance frameworks like NIST.
  • They were recently purchased by AT&T, so there is some confusion as to what serves are offered by AlienVault and what is AT&T Cybersecurity, who to contact about your account, etc. Growing pains. :)
  • The documentation can be hard to use for security newbies. It covers the technical pieces, but not the why or how to use the different features and functionality. It could benefit from practical examples of AV in action.
AlienVault is a great tool to help small organizations achieve security compliance quickly and affordable. It's relatively quick to set up and start using immediately. If you are looking to check off many boxes in your infosec program, AV can fit the bill. For very small and lean organizations, the price might be an issue as the software currently starts at over $1k per month.
Prior to AlienVault, we didn't have a great method of detecting real security threats in our environments. AlienVault connects to our infrastructure and assets to provide automated ongoing vulnerability scanning and threat detection. Rather than a human needing to look for suspicious activity and misconfiguration, AV will alert us and help speed up our time to respond.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
AlienVault is used by the cybersecurity unit of the organization to monitor and correlate security logs from other systems within the organization. Also, AlienVault acts as a log management system or repository of logs for the organization. We chose AlienVault as it is one of the few SaaS-based SIEM in the market and it was in line with our organization’s direction of going with a cloud-based solution.
  • Cloud based solution which minimises the need to maintain additional on premise servers.
  • Among the cheapest SIEM solution on the market with features comparable to the other bigger players.
  • Great dashboard and UI which makes it super easy to use.
  • Packed with many features and integrates with many major off the shelf brands.
  • The SaaS based model makes the pricing very dependent on the storage capacity subscribed to. Compared to other on premise solutions, it can be really hard to deal with once the log storage has reached or maxed out the monthly storage capacity.
  • After AT&T took over Alienvault, their customer service has deteriorated and they don’t give as much care as they did earlier with their customers.
  • After AT&T took over, the product pricing has been increasing steadily and soon this solution may not be as affordable as it used to be.
Great UI and ease of functionality makes it easy to use and get up to speed with. Does not require coding knowledge to create rules and filters, compared to its competitors.
AlienVault managed to correlate and analyze the logs within our environment very well. Bundled together with its OTX threat intelligence engine, it managed to find threats that had been missed by our other security systems. The SaaS subscription also came bundled with a subscription to SpyCloud, a dark web account exposure monitoring service, which really added extra value to the whole solution.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use the USM Anywhere SIEM for our corporate security program currently, separate from our application security team in charge of our cloud environments our SaaS offering is hosted on. This solves the compliance and security issues we face as an organization for forensically sound log storage as well as data aggregation for correlation.
  • The integration setup for syslog forwarding and native web apps partnered with the platform is a very simple setup.
  • Deploying sensors in cloud systems usually follow a pre-defined build flow for ease of sensor deployments and scaling.
  • For perimeter defense, as long as your defended organizational structure uses Active Directory or another LDAP replication type service, vuln scanning and KIDS is a breeze.
  • For highly distributed workforce issues, the system requires a lot of third-party integrations to collect data for automation.
  • Customization can be lacking in areas without significant help from their support teams.
  • Building rules for filtering, suppression, and custom alarms can be a steep learning curve, although this is slightly offset by their training offerings.
The system works very well for 'legacy' perimeter defense based networks that rely on centralized network traffic and remote management solutions for the internal networking and endpoint devices. For architectures adopting a zero-trust/BeyondCorp mentality, the system can still be useful but requires either investment in third-party tools to collect information otherwise unavailable to the system, or significant custom infrastructure tools to support many orchestration functionalities.
The USM system is built with certain data ingress engines that work really well to identify and correlate suspicious activity. Since the company runs a threat intelligence feed in the form of the Open Threat Exchange, the IOCs they detect and report on are then built into the detection engine to give solid threat data. This can create a large amount of false positive during initial deployment depending on your environment, but the majority of noise can be effectively suppressed with their rule creation wizard that automatically brings in the fields on an alarm or event.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We are a small company and needed to satisfy requirements for log management and vulnerability scanning and AlienVault USM Anywhere was selected. AlienVault USM Anywhere is being used across the entire company and is gathering logs from our local office and from our Azure cloud provider subscriptions.
  • Simple and understandable User Interface (UI)
  • Capable of performing multiple network security functions
  • Good price point for SMB and mid-market tier SIEM
  • Log collection sensors can be difficult to install and configure
  • Not all functions are intuitive or simple to set up
  • AlienVault outsources professional services, with mixed results
  • Documentation is not always up-to-date, increasing time to troubleshoot and resolve issues
For a smaller company that needs to achieve multiple security functions, AlienVault is uniquely poised to help these customers. They need to do a better job of estimating time to install and configure sensors and to get the system up and running. Fours hours of Professional Services time is nowhere near enough help to get this simple SIEM and security tool working properly. This can cause misunderstandings and frustration between the client and the professional services company.
Another great advantage of AlienVault USM Anywhere is their free OTX threat intelligence service, which you hook up to your SIEM by simply creating a free online account and using the API key to access this data. Other vendors may have a capability like this, but they may cost extra, while some don't have a threat intelligence feature at all.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
AlienVault USM Anywhere has enabled our firm to centrally manage our cybersecurity posture. We appreciate the in-depth insight into our information systems and love the interactive customizable GUI. The platform rulesets are easy to configure and we enjoy the variety of free training offered by AlienVault. Other SIEM's we tried seemed too overtly complex or dysfunctional, and the simplicity of AlienVault USM Anywhere is much welcomed in a world where products and tools all fight for the "simplified user experience" badge.
  • Monitoring and Alerting.
  • Visual display of all information security-related events and actions.
  • Detailed alarms for suspicious events.
  • Incorporation of the MITRE ATT&CK framework.
  • Automatic updates for AV agents. Currently, we have to manually redeploy an agent in order to apply the latest update... this takes precious time.
  • More detailed insight into identified vulnerabilities from the internal scanning tool.
  • Incorporation of SOC 2 - Type II compliance template - similar to the templates for PCI DSS and ISO27001.
AlienVault does a spectacular job when demonstrating our internal security procedures to third-party auditors and compliance/security teams. It is nice being able to simply click a button and show all the assets in our cloud-environment along with a high-level overview regarding several compliance requirements for PCI DSS and ISO 27001. In the past, all this evidence would have to be manually generated but it is amazing how AlienVault bundles all the relevant information into a customizable report.
We do not entirely leverage the threat intelligence center too much at this time. But this information is helpful to keep our security team abreast of new threats and potential zero-day attacks. Overall, we've been able to utilize the SIEM as such that we can better allocate resources previously dedicated to manual procedures...AlienVault takes care of manual log reviews for the most part.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use it to monitor a CDE (card data environment) for PCI compliance.
  • Integrations, like with Azure, Windows, IIS.
  • Notifications/e-mail alerts on changes.
  • How many events/data points are recorded and how you can drill down into them.
  • Our Azure integration broke at some point because some credentials changed. I didn't set it up originally but I had to fix it. It didn't feel easy to get it back up and running. It wasn't completely straightforward.
  • It's sometimes hard to find specific types of events in the reports. Like if I'm looking for all of a specific type of event, it can be hard to know what page to use, what knobs to turn and buttons to push to find what I'm looking for.
  • It's hard to find subscription/billing information, like to know when we last paid, how much it was, for what subscription, what were the details of what we paid for. Is it that I don't have access to see this? Is it hard to get to, or is it just that I don't have access to see it? I don't know which one of those it is. I needed to get this information to my manager recently and wasn't able to do it. I'm not sure if they ever got what they needed. Are we going to try to auto-renew with an expired credit card? Who knows.
If you need absolutely hardcore security monitoring I'd recommend it. Like if you have a CDE and need to know what's going on in there and what, if anything, has changed, it's pretty awesome. We're reducing PCI scope though and may not need it in the future. If there was a more limited and much cheaper version I'd recommend we stick with that just because this is what we know, even if we no longer need all the change controls and alerting in the future.
It seems effective. It definitely alerts us whenever we change anything ourselves that we'd definitely want to know about if it was someone else doing it. We haven't had any problems. I personally haven't used much else. This is the first time using something as sophisticated as this. It's pretty cool.
Read this authenticated review
Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We're using USM Anywhere as our security monitoring and SIEM platform. We have two AWS accounts with about 150 servers (Linux & Window). The USM is used to monitor the servers, virtual firewalls, other various virtual appliances, and the AWS VPC network itself. There are virtual AlienVault sensor appliances hosted within the AWS accounts, to collect log data.
  • Deployment and management of the product is much simpler than other SIEM platforms, making it ideal for small IT teams who don't have a bunch of SIEM gurus on staff.
  • It does a very good job of providing useful, meaningful, and relevant alerts.
  • Searching through log & event data is fast and easy using all the built-in query tools.
  • I love the OTX (Open Threat Exchange) integration, identifies malicious IPs communicating with your systems.
  • I'm not a fan of the shady sales tactics and price increases. We originally signed a one-year contract. Our account rep contacted us about 6 months into the contract, saying that there would be a big price increase in the coming months, but he could get us last years pricing on our renewal if we signed the renewal within 30 days (with Net30 payment terms).
  • Translation - we sold you a 12 month subscription, but you have to pay for another 12 month subscription after only 8 months if you don't want to price to go up.
  • The exact same thing happened the following year, so this was not one-time thing. During the most recent yearly renewal, the price was going to nearly double if we didn't do early renewal. These type of sales shenanigans feel an awful lot like extortion to me.
  • Tech support isn't that great. Thankfully we haven't had many problems with the product, but when we have had issues, support can take a long time to address the problems.
Well suited for smaller organizations who don't have SIEM specialists on staff. The product can be deployed and maintained by general network administrators, or IT security generalists. It does however require a significant amount of time and IT expertise to get any benefit out of the product. So it wouldn't be well suited to organizations that don't have any capable IT professionals on staff. We use the product in AWS and it works quite well in the AWS environment.
AlienVault has been very effective at helping us detect real threats. Much more so than any other product we've used. But that's the whole purpose of a SIEM, and we haven't used any other SIEMs in our environment. The product detects a much more broad range of threats than something like an anti-malware or IDS/IPS product.
Read this authenticated review

Feature Scorecard Summary

Centralized event and log data collection (1)
Correlation (1)
Event and log normalization (1)
Deployment flexibility (1)
Custom dashboards and views (1)
Host and network-based intrusion detection (1)

About AlienVault USM

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.

Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.

Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.

Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.

AlienVault USM Features

Security Information and Event Management (SIEM) Features
Has featureCentralized event and log data collection
Has featureCorrelation
Has featureEvent and log normalization
Has featureDeployment flexibility
Has featureIntegration with Identity and Access Management Tools
Has featureCustom dashboards and views
Has featureHost and network-based intrusion detection
Additional Features
Has featureAlienVault Open Threat Exchange

AlienVault USM Screenshots

AlienVault USM Videos (2)

Watch AlienVault USM Anywhere: Five Essential Cloud Security Capabilities in a Single SaaS Platform

Watch See How We're Pushing the Outer Limits of Security

AlienVault USM Downloadables

AlienVault USM Competitors


  • Has featureFree Trial Available?Yes
  • Has featureFree or Freemium Version Available?Yes
  • Has featurePremium Consulting/Integration Services Available?Yes
  • Entry-level set up fee?Optional

AlienVault USM Support Options

 Free VersionPaid Version
Social Media
Video Tutorials / Webinar
Live Chat

AlienVault USM Technical Details

Deployment Types:SaaS
Operating Systems: Unspecified
Mobile Application:No
Supported Countries:Global