AlienVault USM: Simplifying Security with Cost-Effective Threat Detection.
Our organization uses AlienVault USM to enhance the security posture and streamline our clients' threat detection and response. The …
Starting at $1,075 per month
View PricingOverview
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (8)8.585%
- Correlation (8)8.585%
- Event and log normalization/management (8)8.080%
- Custom dashboards and workspaces (8)7.070%
Reviewer Pros & Cons
Pricing
Essentials
$1,075
Cloud
per month
Standard
$1,695
Cloud
per month
Premium
$2,595
Cloud
per month
Entry-level set up fee?
- Setup fee optional
For the latest information on pricing, visithttps://www.alienvault.com/products/pri…
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Features
Return to navigation
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Features
Security Information and Event Management (SIEM) Features
- Supported: Centralized event and log data collection
- Supported: Correlation
- Supported: Event and log normalization/management
- Supported: Deployment flexibility
- Supported: Integration with Identity and Access Management Tools
- Supported: Custom dashboards and workspaces
- Supported: Host and network-based intrusion detection
Additional Features
- Supported: AlienVault Open Threat Exchange
AlienVault USM Screenshots
AlienVault USM Videos
AlienVault USM Competitors
AlienVault USM Technical Details
| Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
|---|---|
| Operating Systems | Unspecified |
| Mobile Application | No |
| Supported Countries | Global |
AlienVault USM Downloadables
- Unified Security Management vs. SIEM: a Technical Comparison
- AlienVault USM Anywhere: Datasheet
- AlienVault Fast Facts
- AlienVault USM Anywhere: Datasheet
- Beginner’s Guide to Open Source Intrusion Detection Tools
- SIEM for Beginners: Everything You Wanted to Know About Log Management But Were Afraid to Ask
Frequently Asked Questions
Splunk Cloud and Fortinet on IBM Cloud are common alternatives for AlienVault USM.
Reviewers rate Deployment flexibility highest, with a score of 8.6.
The most common users of AlienVault USM are from Mid-sized Companies (51-1,000 employees).
Comparisons
Compare with
Reviews and Ratings
(735)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Recommendations
Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.
AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.
AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.
The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.
Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.
Based on user recommendations, AlienVault USM receives the following common recommendations:
-
AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.
-
Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.
-
To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.
Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.
Attribute Ratings
Reviews
(76-100 of 390)Companies can't remove reviews or game the system. Here's why
September 23, 2019
Great value for organizations who wish to realize the value of SIEM
We have used Alienvault USM in our PCI environment to detect the most common threats. We have discovered it added extra value to our organization by creating visibility on security issues we didn't know of before. On the downside, the on-premise version of Alienvault USM can get slow after loading it with a lot of machines (when doing big queries) and doesn't adapt very well to dynamic environments, but their on cloud version is definitely making that better.
- Reports most common threats, real-time and take immediate automatic actions. I think this is strong if you don't have a team monitoring 24/7.
- Connects with signature providers and keeps up-to-date well with 0 vulnerabilities. I don't need to explain why you may want to be protected against the newest threats.
- The UI is very easy to get used to, which will make you adapt to its use quickly.
- This tool will become slower and slower as you start adding devices to it, the on-premise version has a lot of room for improvement here, the database is slow.
- The on-premise version of Alienvault USM will not support dynamic environments where people is constantly removing/adding new virtual machines and doesn't cope with puppet management.
- Only the most common hypervisors supported, it could be good to have an image for XEN.
September 20, 2019
AlienVault USM review
AlienVault USM is being used by a single department in my organisation however other security functions do feed in.
AlienVault USM addresses the issues of cyber threats from within as well as external to the organisation. It is a huge help to analysts specially with OTX data that is available to cross reference threats.
AlienVault USM addresses the issues of cyber threats from within as well as external to the organisation. It is a huge help to analysts specially with OTX data that is available to cross reference threats.
- Detecting threats
- OTX data
- Integrated apps
- Better reporting standards
September 16, 2019
Anywhere security! Making security not scary anymore.
Alienvault was used to provide security monitoring, alerting for our AWS and on-premise systems. This was deployed to all environments locally and in the cloud. It was deployed and managed by the IT team and assisted us in gaining compliance for PHI, HIPAA and other requirements on top of ensuring integrity for our environments. This assisted in addressing our security needs and proactive monitoring.
- AlienVault USM was quick to deploy and the configuration was pretty straight forward.
- The AlienVault USM product has great documentation and service support. Very knowledgeable and readily available. Highly recommend their support package.
- The AlienVault UI is very comprehensive and deep tool-sets. You can monitor just about anything anywhere from anywhere. This flexibility was incredibly useful.
- While their UI was comprehensive, it takes a while to understand how to group and tag the resources you want to monitor and how and on what schedule. The tools are deep but the usability is a bit complex. You will need to read the documentation.
- Their pricing model for through-put was a bit challenging. I would like to see a different pricing structure. I would much prefer to see site licenses.
- Sometimes the assessments where vague. While this shouldn't be relied upon as the only source for assessments, there were often descriptions that did not associate with the vulnerability or required us to deploy other tools to verify such as AWS Inspector, was not a big deal but some added overhead.
September 13, 2019
Vulnerability management, maybe?
We are using it in IT security for vulnerability management and for IDS. It is just focused as part of our IT security management process. For us, it addresses the vulnerabilities that we see all the time and it allows us to prioritize those assets based on the risk they pose to the business.
- Scanning network assets for vulnerabilities.
- Heuristics in determining behavior and alerts accordingly.
- Lots of false positives for vulnerabilities, Linux malware on Windows systems????
- Lack of third-party app support or integration.
- Being charged based on the amount of data.
September 12, 2019
AlienVault is easy to deploy and manage
I am working for an MSSP as a managed SOC for my clients. AlienVault USM is addressing all security events of my customers.
- Main strength is the OTX community and all the IOC provided through this.
- Transparent upgrades of the product.
- Plugins and parser creation and updates handled by AlienVault so there's no need to develop our own parsers.
- NIDS and vulnerabilities scanner already included in the license with no additional cost.
- Many correlation rules (maybe too many) and we don't know what the real coverage of the risks is.
- Any ability to customize log parsers.
- Investigation system not really easy to use.
- No backups available so if I want to change the SIEM or have a problem with my licensing, I lose everything.
September 11, 2019
Augmenting Security Effectiveness with a SIEM Automation Platform
I have implemented USM Anywhere as our company SIEM. Additionally, I as working to extend it's functionality with Gartner's SOAR principles. The primary business drivers (problems) include controlling costs, mitigation of risk, and supporting agile business initiatives. It is utilitzed by the security team to monitor all business information systems.
- Deployment is quick
- Normalization of log data and threat identification is effective and simple to understand.
- Vulnerability analysis along with CVE identification is better than Nessus
- Investigations feature is robust
- Cloud sensor depoyment and capabilities is robust
- Custom Plugin creation/modification by the user is missing. If log data is unknown to the platform, the processing of getting a new plugin developed is lengthy. It would be ideal if the user could create custom plugins for their own platform.
- Asset discovery adds every IP address in a subnet even if no host is present. The detection method is flawed. I don't have this issue on the same network with other asset discovery tools.
- SaaS performance can be slow. When listing items more than 20 at a time, the UI refresh can be painfully slow.
September 11, 2019
AlienVault USM gives piece of mind
We use AlienVault USM across the entire organization to gain full visibility on everything happening in our server and network infrastructure. We also depend on it to keep up to speed on new and existing vulnerabilities discovered by the software thanks to the built in vulnerability assessment feature.
- Being a SIEM solution, AlienVault does an excellent job at pulling together all of our alert data and presenting it in a single console with excellent search and correlation abilities.
- The vulnerability assessment feature is invaluable as it gives us insight into new and existing threats against our server infrastructure.
- AlienVault's third party platform integrations allow us to pull down our Office365 logging as well as our endpoint next gen AV alerts so everything is visible together in the same platform. This allows for the best possible correlation when performing threat hunting.
- I would love to see event data search wizards that allow you to type in what you are looking without always knowing the event ids in windows or Linux. Almost like a google search assistant for AlienVault event data.
September 10, 2019
AlienVault USM is a proactive solution to threat monitoring.
AlienVault USM is used as our SIEM to monitor the network for potential threats. We use AlienVault USM to mitigate risk and respond to potential threats.
- The setup of plugins and sensors is not difficult.
- Response from customer service is fairly fast.
- Automatic updates to sensors are nice.
- The SIEM and search queries are nice.
- The vulnerability scans would be better if there was a way to exclude services instead of ports.
- Sometimes when reading the alarms, it's hard to determine which event took place first by the way the alarms are ordered.
September 06, 2019
AlienVault USM Review
AlienVault USM is used in our organization for the purpose of providing us with threat detection and system vulnerabilities. Our day-to-day focus is concentrated on alarms intents and events. It is used in 90% of the organization from our local workstations, VM-host, servers, Azure, routers, etc. It does help us address out of date programs and nodes that were not patched during Windows updates.
- Implementation of agents and sensors are, for the most part, simple and easy. I have applied six sensors in our environment; two in Azure and the four on Hyper-Vs. Straight forward instructions.
- The AlienVault professional service team is very knowledgeable and helpful. We had four sessions with them and each time, we were provided great insights on tips and ways to best utilize the system.
- I believe that the dashboard is well designed. Easy and customizable to your needs and wants.
- A con with AlienVault USM is with false-positive reading with some of the vulnerability scans. Several instances occurred where it reports a computer with a particular vulnerability and requires a patch but the computer was indeed patched.
- Skimming through the logs is not easy. Real-time monitoring could be a lot better.
- Being alerted and emailed over 10x for the same instance of an event that shows up once in USM.
September 05, 2019
Picking up AlienVault USM
We currently use AlienVault primarily for the SIEM and vulnerability scanner. We use the intrusion detection agents across our servers and are in the process of setting up the system to use other features available through AlienVault, such as availability monitoring and creating custom plugins to monitor our bespoke systems. This is all maintained by our infosec, cybersecurity and infrastructure teams.
- SIEM is great for monitoring and maintaining our systems and networks, and with the right tuning the system becomes an incredibly powerful tool by being able to identify the difference between a high priority event and false positive.
- The vulnerability scanning is a very useful part of the system, especially as after finding any vulnerabilities it provides lots of detail on what was found along with a solution.
- User management has a good level of modularity, allowing us to restrict access for certain users to only certain areas.
- The system can be a little over-complicated to set-up to perform what I would think to be simple tasks. For example, sending an email notification on a certain alarm being created.
- The reporting module does not offer much visual customization, only allowing you to add your company logo and color scheme as a template.
September 05, 2019
AlienVault Review
AlienVault USM is used by our organization as a SIEM tool collecting logs for audit-related servers. It is used by IT Governance across the enterprise on our in-scope systems. It helps collect system logs and helps us look for irregularities in logins.
- It is very simple to set up SIEM.
- It provides the basics of a SIEM really well.
- It provides vulnerability analysis.
- Custom reporting could use some improvement.
- SIEM basics such as the last time a system reported in logs are nowhere to be found.
- When entering support tickets, it is really difficult to be able to talk to an engineer about your issues.
- The SaaS version seems to be up and down a lot with all the maintenance done on the system.
- The SaaS version has a difficult time working with logs from midrange systems unless you buy a very expensive 3rd party tool.
September 03, 2019
AlienVault USM appliance is the juice!
We use AlienVault USM as both a SIEM and vulnerability scanner across all departments and location within First Central Group. The alarms are very useful and I often refer to them on a daily basis. With the help of the Cyber Security Analyst we monitor the network for unusual activity. I use the vulnerability reporting function every month to understand the trend of remediated vs current vulnerabilities in our assets.
- OTX is extremely useful and AlienVault does a good job of highlighting known malicious IP addresses and there locations.
- Dashboards are particularly useful; in understanding weaknesses in hosts that would otherwise be particularly tedious without this functionality.
- The detail provided in alarms including a 'whois' is very useful and unique. If users explore all the links within generated alarms there's a host of unparalleled detail provided.
- Threat intelligence could do with more tweaking to help make the creation of policies and directives more user friendly.
August 30, 2019
AlienVault USM: Best SIEMs to use
AlienVault USM also enables you to centralize the storage of all your log data in the AlienVault Secure Cloud, a certified compliant environment. This alleviates the burden of having to manage and secure logs on-premises, while providing a compliance-ready log management environment. SIEM software solutions and log management tools provide valuable security information, but often require expensive and time-consuming integration efforts to bring in log files from disparate sources such as asset inventory, vulnerability assessment, endpoint agents, and IDS products. Once you have the data, you then must research and write correlation rules to identify threats in your environment.Advantages of using all-in-one security essentials is Save Time and Money in Integrating Multiple Third-Party Security Tools and Start Detecting Threats on Day One with Pre-Written Correlation Rules.
- The USM platform provides the essential security capabilities that work together for a fast and cost-effective way for organizations to have complete visibility into the security of their environment.
- With the information gathered during asset discovery, USM will correlated that information with known vulnerabilities for continuous vulnerability awareness. In addition, USM contains an active scanner capable of scanning for over 30,000 known vulnerabilities.
- To give better visibility into your network, and possibly detect intrusions that don’t follow behavioral patterns, we offer Netflow information, bandwidth monitoring, and traffic capture, all part of our behavioral monitoring capabilities built into USM.
- External threats — Coming from external attackers.
- The value of the asset associated with the event
We use it to detect network risks and vulnerabilities to a reasonable and appropriate level. Using across the whole organization. It's also being used to comply with current legislation (security related logs should be recorded).
- As for us, it casually integrated to AWS cloud and local infrastructures, in simple words easy to implement
- Processes different types to logs using its very own inbuilt plugins and display it in an understandable manner for the non-technical users as well
- Has its own very accurate correlation rules to generate alarms from the processed logs
- Has an open threat intelligence community which can be integrated with the AlienVault account
- In order to collect the system logs from various servers, it has an AlienVault agent that can be installed on the windows, MAC and Linux. It collects the various types of logs such as user activity, shell history, file integrity, etc., logs
- Any suspicious alarm can be added as a ticket on its console and can be processed according to severity type.
- Server and Network vulnerabilities details can be scanned through the USM.
- Customizable dashboards view in the console makes easy to monitor logs from the different sources.
- Events view can be customized according to the data source plugins.
- USM has a feature of suppressing and filtering out the logs from the console. Suppression hides the logs from the console dashboard whereas filtering block the similar type of log entering the alienvault console which helps to reduce the storage usage
- Asset Discovery: Maintains and scans dynamic asset inventory and software inventory for large scale organization
- Security & Compliance Reporting: contains customizable reports for regulation standards and compliance frameworks
- It uses sensors to collect data from different sources which results in extra cost for the sensor server
- Support is very poor
- It would be great if there was document to study on how can we identify and monitor suspicous logs
August 27, 2019
Easy event correlations, easy deployment, low price point.
We used AlienVault for 5 years in our PCI and non-PCI environment. AlienVault USM does nearly everything we need to detect threats we didn't know of. The setup was very easy with little deployment time. The price point is very competitive. The tools for data filtering that the appliance has been very powerful. It also comes with predefined PCI-DSS reports. The main problem we addressed is that sometimes the appliance gets slow when doing some particular queries.
- Very easy to use. The UI is very intuitive.
- Out of the box predefined reports that make the initial filtering easy.
- Very easy to setup.
- Sometimes it gets slow with large queries.
- When the upgrading fails you have to debug extensively to know what happened.
- When we massively add hosts, sometimes some of them are not added so you have to be careful.
August 22, 2019
Great product. Detail view of security issues.
Great product. We are MSP and support about 1000 clients. We use AV to monitor their environment. Using AV gives us a really good detailed environment view and really helpful to address vulnerabilities.
- Threat hunting.
- Alerts and events.
- Rules to get notification of certain type of events. And rules to filter events that you dont wanna see and also to create alarms.
- Installation on VMware using nxlogs really takes a long time and involves going to each machine and install it.
- Would be much easier if AV provides .exe or .msi file that we can install through Active directory
We're using AlienVault USM anywhere at our Organization for its network scanning functionality as well as NIDS, and log collection and correlation capabilities. It covers a large range of input sources which works for our disparate environment. It will also help us to stay aware of our newly implemented and expanding cloud architectures' health.
- Ease of Use
- Built in / Updated Correlation Rules
- On Prem and Cloud options
- Host Agent available
- Customization of Agent
- Search Fields name doesn't match event info
August 21, 2019
AlienVault centralizes and automates IT management tasks. Overpromises/underdelivers on SOC 2 reporting.
AlienVault was originally purchased to assist in gathering information required for SOC 2 compliance. Unfortunately, two years later AlienVault still does not have SOC 2 reporting. Windows environment information for all servers in the organization is collected and sent to AlienVault for threat monitoring and system availability. Real-time alerts are sent to inform us of any irregular or anomalous conditions within the environment.
- Easy setup.
- Good user interface.
- Flexible configuration.
- Following through on promised features (still no SOC 2 reporting).
- Less turn-over (4 account managers in 2 years).
- More knowledgeable integration specialists (we accomplished integrations the specialists said were "not possible").
August 19, 2019
AlienVault USM
It addresses the issue of automatic discovery of hardware and software assets across the network, along with automated vulnerability scans of each asset, and integrated threat intelligence. Along with that, information about network activity is gathered and presented in a clear way, with automated integration with the Open Threat Exchange. Fantastic.
- Automatic discovery of hardware
- Automatic discovery of software
- Vulnerability scans
- Network threat intelligence
- Installation issues
- Need more help from staff at customer support rather than insisting everything is fine.
- Problems with the system needing to reboot any time an upgrade happens at AV.
We use it as our SIEM, HIDs and FIM solution for our cloud environment. It ties many of our security controls into one platform.
- SIEM solution for security logs and incident reporting. Great audit trail.
- FIM solution for protecting and monitoring the integrity of our data repositories.
- HIDS solution. Great for monitoring the security on each host and reporting suspicious activity to the SIEM.
- Vulnerability scanning and reporting. The solution would report vulnerabilities (missing patches) for system that already had the Windows patches installed.
- Every now and then agents would stop reporting.
- The UI platform is a little complex for first time users.
August 15, 2019
AlienVault USM solutions for information security
AlienVault USM is being used as a SIEM tool for logging and monitoring security events in our organization. It is being used by our security team. It is helping us to notify and logging HIDS, NIDS events, and network vulnerability.
- The OTX feature helps to find and share new vulnerabilities among the community which is a very significant feature.
- It automates the process of updating the security infrastructure with threat data from any source from that community.
- Also, OTX helps everyone in the community to discuss, research, validate, and share the latest threat data among the security community.
- In the current scope of our work with Alienvault, we are not observing any missing functionalities.
August 15, 2019
First time using AlienVault
AlienVault is being used to analyze network traffic and Windows Event Logs, but we are slowly integrating it to incorporate other things as well. It is being used across one organization currently, but will be deployed across several organizations eventually. This will help us monitor our customers and help keep them protected.
- Ease of filtering out noise (filtering logs) to be able to see what is going on in your network.
- Customizable views, and the ability switch between them quickly and easily. This way I am able to view network-related events, then switch over to Windows Event Logs.
- The training course for AlienVault USM, specifically ANYDC, was very informative and helped me get up to speed quickly on the product.
- Sometimes the HTML report generation can be slow.
- The ability to click on the graph and pull up the events that correspond to that. For example, a spike in events that happened 3 hours ago. I would just be able to click on the graph instead of using the custom date range located under "Created During."
- Some of the plug-ins don't parse everything correctly.
August 15, 2019
A great one-stop-shop security management platform
AlienVault USM is being used for asset discovery, vulnerability management, and security event monitoring across all networks. Sensors are deployed within VMware currently. It solves a number of security challenges: device and software visibility, monitoring for anomalous events on those devices, and making sure that our patches are being applied as we expect them to be.
- It's incredibly easy to get up and running. The sensor is simply a VM download that you link to a console, and away you go. We'd scanned most of our networks within a couple of days.
- The insight it provides into our environment has been invaluable, especially in terms of discovering BYOD and other unmanaged devices in use.
- Having a number of functions (asset discovery, vulnerability management, SIEM) in a single platform gives a great bird's-eye view of security.
- There could be a greater degree of flexibility in terms of roles and permissions management. There is only 'Manager,' 'Analyst,' and 'Read Only,' all with pre-defined permissions.
- All logs, even for cloud services (linked via AlienApps) have to be forwarded to a sensor. For example, if you want to monitor a cloud service such as Box, you need to forward logs to your sensor (which is likely behind your firewall). It would be better if you could forward straight to AlienVault cloud.
- There's not much documentation or recommendations in terms of how much CPU, RAM, etc. your sensor requires in relation to how much scanning and monitoring you'll be doing. Even just 'ballpark' recommendations would be useful.
August 14, 2019
AlienVault USM: one of the best SIEMs
I was put in charge of getting our company NIST-800 compliant and one of the requirements of compliance is to have a security information and event management (SIEM). The company that did our gap analysis highly recommended the AlienVault USM and after a bit of research and reviews, I decided to move forward with AlienVault. I was very impressed with how simple it was to deploy as a virtual machine and how robust the interface is. This USM does everything and more. I can't wait to delve deeper into the functionality of the dashboard. The support team is also very responsive and very knowledgeable of the product.
- The detailed reporting it provides
- Simple to deploy and install
- Great dashboard
- Excellent tech support
- Offer more free training courses, either on-demand or scheduled webinars.
AlienVault is our SIEM tool that addresses the enterprise looking for indications of compromise. This was a finding in an internal audit a few years ago so it follows more of a compliance requirement.
- Active Directory login requests
- Logs on the Domain Controls
- Only showing alerts that have a high indication of compromise and reduces false positives.
- Trimming of log files to stay within limits
- Projecting any future storage costs from AlienVault