Reviews (76-100 of 353)
- Anomaly Detection and Identification
- Digital Forensics/Incident Response
- Log Correlation and Built-in Attack Signatures
- Cloud Security Monitoring
- Would be nice to have better error messaging, specifically around credential failures.
- Large plugin base to accommodate different devices.
- Easy to deploy.
- Easy management.
- Makes network monitoring and actionable steps clear and simple.
- Updating the appliance to a newer version.
- More control over which devices will be allowed to log into a database and which ones that should just appear, so that the database will not get filled up quickly.
- Threat insight through OTX.
- AlienVault USM helps our IT staff stay on top of patches.
- AlientVault USM makes it easier for our IT staff to track down vulnerabilities.
- AlienVault USM provides steps to correct any vulnerabilities that may arise.
- AlienVault's staff were very helpful in setting up their product on our network. There was plenty of opportunity for training.
- AlienVault USM can be cumbersome for a small IT staff to manage. We still use AlienVault USM but now pay a third party to help us manage it.
- Risk analysis is accurate. Cloud-based rule update means less hassle.
- Integrated plugins help centralize log/alert into one system.
- Filter/suppress rule is very easy to set. Easy to fit to our current traffic pattern.
- It's a pain to check each individual alert for detail, I wish there was a popup window or something similar to quickly go through each unusual alert.
- The UI seems not that efficient, and a little bit slow in my opinion.
- I wish we had a Kibana-like quick search criteria change function, click and go.
- Vulnerability assessment is very good. Especially with the software on servers and workstations.
- Event correlation has helped tremendously by centralizing all the data into one feed that we can filter easily.
- Support, training, and implementation were top notch. Very helpful people who answered questions clearly and concisely.
- For a company that is on the smaller side as far as the number of employees and computer systems, the storage available in our tier could get eaten up quite quickly. It wasn't that easy for us to know where to go from a storage tier startup standpoint.
- Lots of built-in out of the box functionality.
- Easily satisfies several PCI DSS requirements.
- Event logging is easy to navigate and presented well.
- Initial setup is quite tedious.
- Network setup for IDS caused us to bring our network down a couple of times.
- Reports aren't very good.
- Report suspicious network activity.
- Display all threats in a nice dashboard.
- Notify me of what other people have encountered with "Pulses."
- Make initial setup easier.
- Make their certification test not so ridiculously tedious with oddly specific questions.
- Provide better remediation steps.
Not well suited: for people who expect an easy plug-and-play solution.
- AlienVault is very customizable. We can set up many built-in rules and alerts which saves time but can also be extremely granular to properly scan our unique network.
- Great technical support. When I need assistance setting up a new sensor or target scan, AlienVault engineers are there to assist and get me on track.
- Although the interface shows a lot of development and thought put into it, there are some buggy issues at times with simple form submission and web navigation.
- Initially setting up Alien Vault in our environment was challenging and there was a lack of support around the “hardware level” meaning our VMWare environment.
- Ability to tune alarms and events to your liking. Very easy to get rid of false positives that are known in your environment, and create actionable alerts for legitimate alerts.
- The simplicity of the dashboard. Everything within AlienVault USM Anywhere is easy to navigate and configure. From sorting logs to creating new users, the layout is natural and easy to figure out.
- The Architecture of the SaaS deployment went smoothly and is very simple and expandable. Very little to worry about on our side with great results.
- Support response time and incident handling have some room to improve. We had major issues with a sensor, and it took several days to get a response. Once we got a response the issue was corrected, it just took a while to get our engineer on the phone.
- Small bugs in the way that the syslog packets are read and normalized. Reading the time in the packet wrong has been the biggest issue we have found so far that is without a solution.
- Complicated Architecture to fully use the product. Requiring port mirroring to use the IDS portion of Alienvault is quite challenging when dealing with a large network size and diverse locations such as ours.
- It is good at doing internal scans of end-user devices to find vulnerabilities without the need of installing an agent or client on each device.
- It is good at being a log server. A place to send logs for all of your networking devices, such as switches, firewalls, and other solutions that accept log servers.
- Its ability to collect logs from Barracuda solutions needs heavy improvement. How it collects and organizes the data isn't very useful.
- The end device client, which is optional, and can be installed on any device you want to collect more data from, has compatibility issues with quite a few products we use, and anti-virus software in-particular doesn't like it. We have also had some performance issues with devices the client is installed on.
- The way collected data from all devices and locations is presented to the user in the web portal is not as user-friendly or as clean as it could be. It tends to show too much useless data and too many categories, making it easy to miss the important parts.
Our environment is complex and stretched across many physical offices. This limited how we were able to use AlienVault. We are not currently able to use or enable all of its features. In a simple network infrastructure, AlienVault would do much better.
Note that the cost of the AlienVault product itself will most likely not be your only costs. It will require your network engineer(s) to spend multiple hours configuring or re-configuring your infrastructure to make some of its features work, such as mirror ports and virtual hosts to collect all network traffic from your core.
For instance, our firewall solutions do a much better job at logging and providing real-time alerts of issue and attacks. Our SAL monitoring solutions provide uptime and performance that is outside the scope of features for AlienVault.
- AWS integration.
- Google integration.
- Asset grouping.
- Incident-automation with ServiceNow.
- Knowing software versions and asset information, we should be able to know the vulnerabilities as they come out without having to rescan the inventory. A rescan could be done to validate the info is still true (about versions and stuff), but instead of va-scan being the vulnerability "informer", you could check when a new vulnerability comes out - if we had this software/service configured somewhere.
- Malware protection? I'm honestly not sure as there's not a lot that AlienVault doesn't do :)
As the Chief AlienVault engineer within the company the product has had its ups and downs, And requires a good amount of knowledge with regards to Linux, and the many smaller components which make AlienVault what it is (e.g. rabbitmq, MySQL, openvas, ossec, NAGIOS, Ansible, NMAP, etc. etc.). To really get any worth beyond what AlienVault provides "out of the box", And you may find your head against a wall occasionally with support as they may be slightly inexperienced in some regards (but this can be said about any product if you support it long enough).
With that said, It excels in every single possible task you may throw at it as a security appliance, There really isn't much else like this SIEM that gives you a nice top-down view of what's going on within your network. Very good value if you're just using something simple like this for basic necessities such as raw log management, and event escalation.
- Log management - Out of the box, Alienvault already comes with a ton of plugins for a lot of industry standard names (VMware, Cisco, Brocade, Microsoft... ) with automatic categorization.
- Vulnerability Scanning - With a consistently updated threat-Intelligence database, this is invaluable to highlight some of the weaker points within your network. Maybe that newbie you hired left the default credentials? Maybe a new patch was pushed out for a piece of hardware or software you use that is a serious issue?
- OTX - The Open Threat Exchange which AlienVault manages and updates is fairly consistent with making sure that outside of the updated directives events which are available to the appliance to correlate with the data you receive from the devices you are monitoring from within your network. For example, checking if an outbound firewall log has information on an asset communication with a known malicious server, or if you have files on that very asset or another asset which match hashed values showing that the server may have been potentially compromised.
- Support - The support is the *WORST*!, They take a *VERY* long time to respond, and half the time they're just skimming over the issue instead of actually asking questions to be better informed!
- Buggy Updates - I've had my fair share of issues with the USM Appliance that have either been through updates or oversights from AlienVault's end that have either left the appliance in a degraded or broken state. The most recent 5.6 Update left a lot of people hanging due to failed database upgrades. YOU WILL NEED LINUX KNOWLEDGE IF YOU PLAN TO TAME THIS BEAST.
- Complexity - A lot of people start out with AlienVault and stare like a deer in headlights at the amount of drop-downs and different pages and menus available. While, Yes, AlienVault is a very technically complex package as it's based on many different working components that work with each other. A lot of this data can be more easily presented to the end user. And quite a bit of the documentation on their website is actually out-dated. But then again, managing a SIEM is a full-time job - you hire one person to do *Just That*.
In a post-threat scenario? AlienVault should give you a good overhead view of whodunnit, it's just the time it may take to piece together that data may take a while depending on what logs you are sending to it, and how chatty it is.
- Sensor integration is relatively easy.
- Technical support for unique situations is extremely helpful.
- Billing sucks since AT&T bought AlienVault.
- Accounting takes weeks to do a simple change of address.
- The administrative side is not customer focused and you feel like you are inconveniencing them.
- Alerts on login activity from unexpected locations (countries)
- Aggregating log files for easy searching
- Better interpretation of errors into more natural language
- Easier grouping or categorization of alerts in order to assign them more efficiently to appropriate users/groups
- Easily integrates with AWS cloud infrastructure.
- Provides an intuitive interface to analyze raw logs and investigate potential threats.
- Automates vulnerability scanning.
- Alerts to potential threats and intrusions.
- Raw logs are only available via the UI for the last 30 days. It would be great if you could choose to load archives into the system for investigation when needed.
- It would be awesome to have an implementation checklist to see how the different features map to various compliance frameworks like NIST.
- They were recently purchased by AT&T, so there is some confusion as to what serves are offered by AlienVault and what is AT&T Cybersecurity, who to contact about your account, etc. Growing pains. :)
- The documentation can be hard to use for security newbies. It covers the technical pieces, but not the why or how to use the different features and functionality. It could benefit from practical examples of AV in action.
- Cloud based solution which minimises the need to maintain additional on premise servers.
- Among the cheapest SIEM solution on the market with features comparable to the other bigger players.
- Great dashboard and UI which makes it super easy to use.
- Packed with many features and integrates with many major off the shelf brands.
- The SaaS based model makes the pricing very dependent on the storage capacity subscribed to. Compared to other on premise solutions, it can be really hard to deal with once the log storage has reached or maxed out the monthly storage capacity.
- After AT&T took over Alienvault, their customer service has deteriorated and they don’t give as much care as they did earlier with their customers.
- After AT&T took over, the product pricing has been increasing steadily and soon this solution may not be as affordable as it used to be.
- The integration setup for syslog forwarding and native web apps partnered with the platform is a very simple setup.
- Deploying sensors in cloud systems usually follow a pre-defined build flow for ease of sensor deployments and scaling.
- For perimeter defense, as long as your defended organizational structure uses Active Directory or another LDAP replication type service, vuln scanning and KIDS is a breeze.
- For highly distributed workforce issues, the system requires a lot of third-party integrations to collect data for automation.
- Customization can be lacking in areas without significant help from their support teams.
- Building rules for filtering, suppression, and custom alarms can be a steep learning curve, although this is slightly offset by their training offerings.
- Simple and understandable User Interface (UI)
- Capable of performing multiple network security functions
- Good price point for SMB and mid-market tier SIEM
- Log collection sensors can be difficult to install and configure
- Not all functions are intuitive or simple to set up
- AlienVault outsources professional services, with mixed results
- Documentation is not always up-to-date, increasing time to troubleshoot and resolve issues
- Monitoring and Alerting.
- Visual display of all information security-related events and actions.
- Detailed alarms for suspicious events.
- Incorporation of the MITRE ATT&CK framework.
- Automatic updates for AV agents. Currently, we have to manually redeploy an agent in order to apply the latest update... this takes precious time.
- More detailed insight into identified vulnerabilities from the internal scanning tool.
- Incorporation of SOC 2 - Type II compliance template - similar to the templates for PCI DSS and ISO27001.
- Integrations, like with Azure, Windows, IIS.
- Notifications/e-mail alerts on changes.
- How many events/data points are recorded and how you can drill down into them.
- Our Azure integration broke at some point because some credentials changed. I didn't set it up originally but I had to fix it. It didn't feel easy to get it back up and running. It wasn't completely straightforward.
- It's sometimes hard to find specific types of events in the reports. Like if I'm looking for all of a specific type of event, it can be hard to know what page to use, what knobs to turn and buttons to push to find what I'm looking for.
- It's hard to find subscription/billing information, like to know when we last paid, how much it was, for what subscription, what were the details of what we paid for. Is it that I don't have access to see this? Is it hard to get to, or is it just that I don't have access to see it? I don't know which one of those it is. I needed to get this information to my manager recently and wasn't able to do it. I'm not sure if they ever got what they needed. Are we going to try to auto-renew with an expired credit card? Who knows.
- Deployment and management of the product is much simpler than other SIEM platforms, making it ideal for small IT teams who don't have a bunch of SIEM gurus on staff.
- It does a very good job of providing useful, meaningful, and relevant alerts.
- Searching through log & event data is fast and easy using all the built-in query tools.
- I love the OTX (Open Threat Exchange) integration, identifies malicious IPs communicating with your systems.
- I'm not a fan of the shady sales tactics and price increases. We originally signed a one-year contract. Our account rep contacted us about 6 months into the contract, saying that there would be a big price increase in the coming months, but he could get us last years pricing on our renewal if we signed the renewal within 30 days (with Net30 payment terms).
- Translation - we sold you a 12 month subscription, but you have to pay for another 12 month subscription after only 8 months if you don't want to price to go up.
- The exact same thing happened the following year, so this was not one-time thing. During the most recent yearly renewal, the price was going to nearly double if we didn't do early renewal. These type of sales shenanigans feel an awful lot like extortion to me.
- Tech support isn't that great. Thankfully we haven't had many problems with the product, but when we have had issues, support can take a long time to address the problems.
AlienVault USM Scorecard Summary
Feature Scorecard Summary
About AlienVault USM
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Screenshots
AlienVault USM Videos (2)
AlienVault USM Downloadables
AlienVault USM Competitors
- Has featureFree Trial Available?Yes
- Has featureFree or Freemium Version Available?Yes
- Has featurePremium Consulting/Integration Services Available?Yes
- Entry-level set up fee?Optional
AlienVault USM Support Options
|Free Version||Paid Version|
|Video Tutorials / Webinar|
AlienVault USM Technical Details