MSSP Review
AlienVault offers a different experience as opposed to other SIEM tools where it can be set up and configured properly in a shorter amount …
AlienVault USM
TRUE
AlienVault USM
Starting at $1,075 per month
View PricingOverview
Recent Reviews
Reviewer Sentiment
N/A
Positive ()
N/A
Negative ()
Awards
Popular Features
View all 7 featuresCorrelation (5)
7.1
71%
Centralized event and log data collection (5)
6.8
68%
Event and log normalization/management (7)
6.7
67%
Custom dashboards and workspaces (7)
6.1
61%
Reviewer Pros & Cons
View all pros & consVideo Reviews
Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of AlienVault USM, and make your voice heard!
Pricing
View all pricingEssentials
$1,075
Cloud
per month
Standard
$1,695
Cloud
per month
Premium
$2,595
Cloud
per month
Entry-level set up fee?
- Setup fee optional
For the latest information on pricing, visithttps://www.alienvault.com/products/pri…
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting / Integration Services
Features Scorecard
Security Information and Event Management (SIEM)
6.6
66%
Product Details
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Features
Security Information and Event Management (SIEM) Features
- Supported: Centralized event and log data collection
- Supported: Correlation
- Supported: Event and log normalization/management
- Supported: Deployment flexibility
- Supported: Integration with Identity and Access Management Tools
- Supported: Custom dashboards and workspaces
- Supported: Host and network-based intrusion detection
Additional Features
- Supported: AlienVault Open Threat Exchange
AlienVault USM Screenshots
AlienVault USM Videos
AlienVault USM Downloadables
- Unified Security Management vs. SIEM: a Technical Comparison
- AlienVault USM Anywhere: Datasheet
- AlienVault Fast Facts
- AlienVault USM Anywhere: Datasheet
- Beginner’s Guide to Open Source Intrusion Detection Tools
- SIEM for Beginners: Everything You Wanted to Know About Log Management But Were Afraid to Ask
AlienVault USM Competitors
AlienVault USM Technical Details
| Deployment Types | SaaS |
|---|---|
| Operating Systems | Unspecified |
| Mobile Application | No |
| Supported Countries | Global |
Comparisons
View all alternatives
Frequently Asked Questions
What are AlienVault USM's top competitors?
Splunk Cloud and Fortinet on IBM Cloud are common alternatives for AlienVault USM.
What is AlienVault USM's best feature?
Reviewers rate Correlation highest, with a score of 7.1.
Who uses AlienVault USM?
The most common users of AlienVault USM are from Mid-sized Companies (51-1,000 employees) and the Information Technology & Services industry.
Reviews and Ratings
 (717)
Reviews
(1-25 of 389)- Popular Filters
Companies can't remove reviews or game the system. Here's why
October 04, 2021
MSSP Review
AlienVault offers a different experience as opposed to other SIEM tools where it can be set up and configured properly in a shorter amount of time. The built-in correlation rules are of great quality with little-to-no setup required to switch on. Asset management and scanning is a great feature to keep on top of the list of assets to monitor, as well as dynamic and static asset lists. OTX is one of the best features to implement directly into USM Anywhere, with up-to-date threat intelligence as well as pulses to subscribe to.
- Threat intelligence look-ups
- Asset management
- Vulnerability scanning
- Better UI/workflow for alarms
- Better alarm management (add notes/set status)
August 22, 2021
Great SIEM tool for your cybersecurity needs
We utilize AlienVault USM as a security management solution that accelerates and centralizes incident response, compliance management, and threat detection for our on-premises environments. This tool includes purpose-built controls that natively monitor our AWS—Amazon Web Services and Azure environments—from our on-premises. Our AlienVault runs on lightweight virtual sensors that are installed on Microsoft Hyper-V to monitor both the virtual private network and on-premises physical IT infrastructure.
- Asset discovery
- Intrusion detection
- SIEM
- AI
- Behavioral monitoring
Implemented in a SaaS company with resources in colocation and AWS. All server assets are covered however workstations are not. We like that it provides the opportunity of granular logging on all systems and networks.
- UX/UI responsive and easy to navigate.
- Covers wide variety of systems and devices.
- Ease of getting sensors up and running.
- More simplified dashboards would help not overwhelm new users.
- Use more industry-standard terms for items.
- Tech support that actually reads your questions prior to replying with canned responses.
- Update their KBs to reflect real-world scenarios. We've ran across several places where NxLog's settings in the KB were incorrect and support had no idea, kept telling us that we were wrong despite demonstrating to them the correct settings.
AlienVault is used across the organization, although only select individuals actually know that it is running. The software addresses the protection of mission-critical information and databases. The software is not useful for any other purposes outside of security of the networks.
- AlienVault makes following real-time threats very simple with its graphics interface.
- AlienVault is also easy to work with, and customer support is great.
- AlienVault works mainly automatically, which makes using it easy. If it required too much effort, the software tool would be replaced.
- The logs of AlientVault are harder to read through than other logs.
- Support is good, but not great.
- Resources for using the product could be made easier to search and understand.
March 22, 2021
Great if you can deploy and manage on-premises SIEMs
It is being used department-wide. We offer professional services and deploy it for customers and ensure that the SIEM is configured properly. Our current customers are extremely satisfied with the product; the only drawback is that the absence of a skilled technician experienced in AlienVault USM can have trouble configuring and troubleshooting any problems.
- OTX
- HIDS
- Asset discovery
- Literal terminology used
- UI
- Troubleshooting
November 11, 2020
AlienVault - Not Worth the Price
AlienVault was purchased to provide the security department with a security operations center overview of the infrastructure of our environment. It is currently only being used as a SIEM for the Security Department for client compliance. This is due to the the lack of resources to manage the day to day management of the tool.
- Log collection
- Users cannot share views across an organization.
- Views and reports could be more interchangeable.
- Descriptions of events are based upon each individual asset reporting and not a general grouping of events according to any framework or standards. This makes it difficult for the administrator/user as they would need to know each and every asset and their respective event descriptions.
August 29, 2020
AlienVault USM Anywhere, a SIEM that is easy on your pocket.
We are a reseller of Alienvault USM and provide managed SOC services. We recently deployed for a telecom operator to monitor business-critical services including Windows and Linux. It's not for all departments, mainly for agents deployed on critical servers only to monitor the activities and discover anamolies.
- Deployment is straight forward
- AlienVault USM forensic and response app is great. You can create rules to shut down, disable networking, etc. automatically if Windows becomes infected.
- AlienVault allows seamless integration with third-party products like Cisco, Office365 etc.
- A lot of false-positive alarms
August 07, 2020
Unbeatable Security Machine
AlienVault is one of many security solutions that we utilize in our network. We use it to monitor unusual traffic and behavior to and from our domain controllers, which we combine with endpoint security and network security to have a granular view of activity throughout our network.
- Extremely customizable and versatile product.
- Useful dashboard and UI is easy to navigate.
- Log plugins parse logs from a variety of sources into a readable format
- AlienApps provide out-of-the-box integration with other solutions.
- The product requires a considerable amount of time to set up.
- Setting up log filters in order to prevent USM from quickly running out of space is very time-consuming.
- The product will stop working if the logs run out of space. There is no way to set retention rules to automatically clean up old logs.
AlienVault USM is being used by my entire organization for log aggregation and analysis in support of PCI compliance activities. It allows us to quickly identify security threats for 100+ remote and on-prem users, providing a 'single pane of glass' to view identity, networking, and workstation issues across the enterprise.
- Identifies possible spurious identify (Windows AD) changes and manipulation.
- Identifies installation of possible malware.
- Analyzed all activities and filters for only those with a potential negative security impact.
- Closing an Investigation does not close the attached alarms.
- Vulnerability Scanning interfaces/process is complicated to use.
- Vulnerability Scanning allows far too many assets to be specified at once, resulting in timeouts and ambiguous results.
August 02, 2020
Best product I've seen for a smaller enterprise network.
It is used throughout our organization. It is one part of our security portfolio. It provides insight into network and server events and alarms for potentially dangerous behavior. It provides a central place to manage and correlate logs from our servers, network equipment, firewall, antivirus, and I'm currently rolling it out to the end-user computers.
- Security event correlation.
- Security event alarms
- Security event investigations
- Potential vulnerability identification
July 29, 2020
Great SIEM for enterprise environments
It is our SIEM for the entire firm. It collects logs from various data sources across our network and normalizes the data to make actionable alerts. AlienVault makes it easy to consolidate all information from virtually any data source and make it searchable. It can also recognize anomalous activity and alert on it.
- Consolidation of logs from various sources.
- Alerting on particular activities.
- Alerting on anomalous activities.
- Time consuming implementation that requires professional services.
- Pricing model based on the amount of data can be expensive.
- Training for the product is available, but at additional expense.
July 13, 2020
AlienVault USM is a really beneficial SIEM solution.
We use Alienvault USM internally in our Security Operations Centre as part of our detection and response capabilities. We use it to monitor our on-premise networks and devices, our cloud servers as well as our cloud SaaS services. It allows us good visibility into our entire infrastructure and the events and alarms that we would otherwise miss.
We also implement and manage AlienVault USM deployments for clients as our recommended SIEM solution.
We also implement and manage AlienVault USM deployments for clients as our recommended SIEM solution.
- Ease of deployment and quick to get operating.
- Wide range of plugins and log receivers to ingest logs from many sources.
- Simple interface and dashboard makes daily operation quick and easy.
- Custom notification templates can be limited - it is not easy to get custom email alert content for example.
- Some network configuration on premise is needed to take full advantage of NIDS (port/traffic mirroring for example).
- Vulnerability scanning and reporting can be a bit sparse if you are used to the likes of Nessus.
July 11, 2020
Great tool for medium shops
USM is used across the whole organization and helped us complete and maintain security requirements for an SoC 2 Type 2 compliance. We used USM for Cloud and on-premise for multiple isolated environments. The tool works well but does require much fine-tuning and can be complex without proper training and or guidance.
- Stability
- Content filtering
- Documentation
- Self service onboarding
- In-app recommendations for common configurations.
- Improved error resolution.
July 09, 2020
Aliens are coming! or are they?
We use AlienVault to monitor our servers for malware or attacks against our network. It's a little difficult to set up initially but once you get it dialed in, it's great! It helps us monitor all of our systems and ensure that we are protected.
- Easy to understand what is going on with the server.
- Works on firewalls.
- Alerts are easy to set up.
- Support isn't always the best.
- Hard to initially set up.
Alienvault USM Anywhere touches all endpoints and networks of our organization. Is solves some big problems like:
1) Logging aggregation and actionable insights using log correlation.
2) Threat hunting & intel.
3) Vulnerability management and validation of our separate patch automation software.
4) Security orchestration.
5) Asset discovery and inventory management.
1) Logging aggregation and actionable insights using log correlation.
2) Threat hunting & intel.
3) Vulnerability management and validation of our separate patch automation software.
4) Security orchestration.
5) Asset discovery and inventory management.
- Log Correlation: The engineers at Alienvault/AT&T Cybersecurity have included a great integrated rule set (which continues to grow) to save analysts time on combing through logs and instead executing threat hunts, investigations, and remedial activities.
- Single pane-of-glass for all security activities from the convenience and efficiency of a SaaS web console, being that USM has deep integrations with over a dozen major software platforms (Office 365, GSuite, ZScaler, Box, etc.) and what they call plugins which interpret log and SIEM data from hundreds of vendors and platforms like Meraki, CrowdStrike, Aruba switches and AP's, etc.
- Great value! You can pay the same or more for other big name SIEM vendors that offer less features than this platform. Plus, even if you begin ingesting too much log data, you can filter specifics types of logs (for example, ones that have no impact to security) to bring data ingestion in line with your subscription level. The onboarding team did a great job in right-sizing our subscription plan, so this hasn't been a problem.
- Vulnerability scanning is currently done by authentication into the host over the network, even when the AlienVault USM agent is installed on an endpoint. It would be nice to have near-real-time vulnerability information provided via the agents. This would also delete the need for specially-configured remote-access admin service accounts on endpoints, which is just another account that has to be administered, namely password management and auditing for potential abuse and compromise.
- Endpoint agent support for ARM architecture is just starting to get going -- wide availability across Linux and MS Windows/Server platforms won't be available until possibly circa mid-2021. Fortunately, at least general asset scan info, authenticated vulnerability scans, etc. still provide a good deal of security inspection into these devices.
- Making some UI settings persist across logins on the web console is still lacking. Would also be nice to change a "detailed view" to icons/thumbnails/tiles. UI is very efficient in some aspects but frustrating in others.
July 03, 2020
One of the best SIEMs out there
We use AlienVault USM to monitor our network flow and alert us if any of our alarms are triggered. We integrate our Cisco Umbrella and Meraki solutions so that it saves time, having a single dashboard without having to check each instance. We also like the ability to create custom alarms and us the threat exchange to be notified of any day zero vulnerabilities on the software we run in the office.
- Easy intergration using APIs
- Bespoke alarm configuration
- OTX database
- Needs to be fine tuned to get any valuable insight
- Requires alot of resourses when running in VMs
- Cost makes it hard to sell to smaller buisnesses
July 02, 2020
Honest Opinions Only
It is being used for our entire org as a SIEM and vulnerability management tool. Stretched over 14 locations in the North Americas, we utilize this tool to be our first login in the morning. All of our logs from our on-premise and cloud services flow into this.
- Vulnerability visibility and remediation
- Log management and compilation
- The vulnerability scanner could use some tweaking as I feel it isn't always working
- The integrations could use some more testing
July 02, 2020
Limited Use Feedback
In my current position, I offer AlienVault USM Anywhere to businesses as a managed security service provider. The problem/solution use case is for multiple unrelated point solutions without centralized orchestration or a managed SIEM system in place.
- The system is intuitive and easy to navigate.
- Integration with key services like AWS and other cloud applications is crucial.
- Links to MITRE, root cause, and remediation recommendations is also a very nice feature.
- Difficult to configure for initial set up.
- Key features like alarms for brute force attacks or malware should be automatic instead of needing to be created and configured.
- Remediation should be taken one step further past recommendations to actual solutions able to be purchased or assisted by AlienVault.
May 26, 2020
Solid unified security solution
AlienVault USM is used in our vulnerability management program and endpoint protection program. It addresses the problem of inconsistent patching cadence across organizational units. It is used to perform regular vulnerability scans on our infrastructure and to deliver status reports on progress in program and policy implementation. Some logs are sent to it from servers to help with the SIEM correlation work which is largely outsourced.
- Endpoint detection notification with detailed logs
- Vulnerability detection
- Investigation tracking
- Endpoint protection agent rollout
- Vulnerability management historical tracking
- Endpoint tracking across DHCP infrastructure
May 19, 2020
First use of AlienVault USM
AlienVault USM is being used in our area as a monitoring tool. The main problems are due to the OSSEC agents used.
- Customizable
- Easy installation
- Scalable
- NXLog agent compatibility with the Spanish language.
- OSSEC Agent Compatibility
April 27, 2020
Great introduction to SIEMs
We use AlienVault in our organization to monitor the environment of our clients, all the way from reviewing suspicious activity to performing server health-checks and behavior.
- Great documentation.
- Overall good support.
- Nice UI.
- UI can be wonky at times.
- Log search from the SIEM UI is quite troublesome as every filter applied performs the search again.
- Some features can stop working seemingly out of nowhere, requiring contacting support.
April 24, 2020
AlienVault USM anywhere
It addresses compliance and vulnerability assessments, which are critical in having a holistic view of mission-critical assets. USM also gives the ability to detect network threats before they are exploited by criminals, as well as forensic evidence of what happened when and how it happened. With the help of AlienApps, there is vast integration with existing security solutions.
- Authenticated vulnerability assessment
- Authenticated asset discovery
- Incident response
- Log correlation
- Ability to do an external vulnerability assessment.
- User training awareness through the console for administrators to educate users.
- Allow more remediation options for administrators to endusers.
April 03, 2020
Built with security professionals in mind.
I have used AlienVault in a controlled lab environment to assess its power in solving the security challenges of an organization. AlienVault provides a clear picture of the events and incidents throughout the network infrastructure and provides us with a way to mitigate any issue.
- Great log aggregation and management tool.
- Great intrusion detection and investigation tool.
- Very easy to set up and get it going in a very few steps.
- AlienVault can look into providing log collection methods other than using a sensor.
- AlienVault USM capabilities should be replicated to AlienVault OSSIM except that with OSSIM there wouldn't be any support.
March 18, 2020
AlienVault is amazing
We are using AlienVault USM to monitor our whole network. We then sell to and manage the app for clients.
- Simple UI
- Easy to use, even if you are not used to it
- It makes everything simpler to monitor.
- Difficult to get the files in the forensic area
- The investigations could be more user-friendly, or it could apply some AI to be quicker.
March 13, 2020
Cybersecurity--Not "un"-achievable
Talos Cybersecurity is an MSSP providing Managed Detection and Response services to our clients. For this, we use AlienVault USM on-premises. It is very easy to deploy and setup and starts providing value as soon as it is plugged into the network. All the needs of asset discovery, file integrity, monitoring of critical assets, vulnerability detection, and SIEM ready to plug and play on the initial setup. A long list of plugins helps to integrate SIEM with a variety of products. Also, it is quite easy to develop new plugins and modify the existing plugins. Being an MSSP enables each analyst to handle multiple incidents in a short span of time as the product correlates major information before any need for human intervention.
- Asset Discovery
- Network SPAN monitoring
- Event correlation of out-of-the-box directives and custom directives
- PCI DSS requirements fulfillment and reporting
- Appliance should have APIs so that data can be exported to smart dashboards and reports.
- Limitation of 1000 EPS in All-In-One is very less even for small to medium organizations.
- Email notification should be smarter and customization for better notifications