TrustRadius
https://media.trustradius.com/product-logos/LF/Ap/TPOL9A2198T5.JPEGAliens to the rescue!We are primarily using the product as our SIEM system to correlate logs across our infrastructure and provide useful analysis on potential threats and anomalies. We also use the built in vulnerability scanning, IDS and asset management functions as a complement to our existing vulnerability/IDS/asset management systems. With this level of intelligence, it helps us determine what course of action to take to an incident and assists us in prioritization.,Log correlation is excellent and on par with other more expensive solutions. Ease of use is a big plus. Initial setup was simple and quick. The OTX threat intelligence is a great complement to our other threat intelligence feeds to ensure we have as many 'eyes' out there informing us of all the potentially malicious threat actors out there.,There are a couple of things that can only be done through the CLI and unless you're familiar with the CLI, there may be a large learning curve for some. The vulnerability scanner lacks a number of advanced features that other solutions have which make it simpler and more efficient to manage. Plugins are limited (although they are adding more as time goes on). If you need a plugin that is not available you will need to create one on your own which requires modification of a number of files and can be daunting for someone new to the platform.,9,,The AlienVault USM is reasonable at detecting actual security threats. There is an initial period where you may receive a large amount of false positives or false negatives however with some tweaking these disappear.,With limited budgets and resources, the AlienVault USM has definitely assisted us in reducing the amount of time we need to spend in detecting and reacting to security threats.,4,3,8,Yes,7,Yes,There have been a few times recently when AlienVault support did go out of their way to provide exceptional support. If they keep this up their customer satisfaction rates will no doubt go higher in the future.,8AlienVault is no Alien when it comes to SecurityAlienVault Unified Security Management is being used across the whole organisation for event logging and monitoring, threat/vulnerability management and IDS.,Alerting on correlated events - this has allowed us to capture malware ahead of time. Ease of device logging - once the logs are sent through, the data is available instantly. Actively reviewing and responding to vulnerabilities through an easy to use interface and schedule task format.,More functionality pushed through the web interface would be useful. Asset management can be a little restricted when applying changes across a rule set.,10,LogRythm, Alert Logic and QRadar,Threat management is an excellent feature and allows us an all round vision of our landscape.,With a reduced security team Alienvault's USM allows us to have full SOC capabilities a cost saving to the organisation.,5,2,Determining malware has entered the organisation Communication failures between servers/services Activity on firewalls Changes on AD without the necessary approval authorities in place,Triggering events in other monitoring systems Integrating with other monitoring products to give a more rounded view Utilising into quarter end reporting for excom updates,Allow dashboard use throughout the business support units Centralised view for The SOC Interfacing into other products that fall outside of traditional security products,10,Yes,Price Product Features Product Usability Analyst Reports,Our evaluation process is part of our policy governance therefore the actual process of vendor selection would not change.,8,8,Dashboards Correlation Rule Set up Log Collection Asset Adding Vulnerability Scanning,Creating parsers can be difficult unless regex is understood.,10AlienVault is the best SIEM out there - hands down!I implemented first OSSIM, the community version, to see what type of intelligence it could give me. Before long I was feeding it information from my firewall and network devices. When people talk about a "single pane of glass", this must be the product they are referring too. I purchased the product and have it deployed across the enterprise now. I'm using it for two purposes really - to see what isn't normal - i.e. warn me about potential issues, and I'm using it to see what has happened (historical). The interface really allows you to see what's hot - if a metric, when it changes, doesn't prompt you to get out of your chair and do something, it's a wasted metric. With AlienVault, all I see are metrics that make me do things when they aren't where they are supposed to be. In my environment, I have 18 buildings spread across 72 square miles. We support 13,000 users on a daily basis, with 6,000 owned devices, and a ton of BYOD devices. With only 10 people in the department (including myself and my secretary), I couldn't imagine staying on top of this without AlienVault.,Reporting, reporting, reporting. Setting it up so I get emailed reports has allowed me to know, even when I am not in the office, how my day is going to go. The breadth and depth of the reports, and the ability to customize so you get what you want is awesome. Dashboard. The visual dashboard with the circles (areas of concentration based on number of incidents) is brilliant. All I have to do is show that to people, and they want to install it. Ease of implementation. Turn it on, answer a few questions, point stuff at it, and you're done. Ok, there is a lot more - I mean a lot more - you can do to customize it, but if you're looking to quickly establish a baseline, that's all you need to do. Who else has a fully functional product (OSSIM) you can download and install for FREE to see how it will work in your environment?,If it did a little more with IPFIX data (think NTOP). Otherwise, it's perfect.,10,,So, my environment (a K12 Public School District with 11,000 students) faces two threats. External, and internal (come on, where else are the kids going to try to break things?). AlienVault was a perfect fit because it really allows me to see EVERYTHING. I've used it to stop kids from doing network scans; trying to load bots; everything script kiddies do. I've also used it to detect and shut down traffic from external threat vectors based on attepts to scan and penetrate the network.,Um, hell yes. I have 10 people - no one full-time on security. Without AlienVault I'd feel like we were naked. It allows me to achieve a high-level of visibility without the need to increase staff. It was, and continues to be, a win for the tax payers; the staff; and me.,Yes,I spent several months using OSSIM in a production environment. While the product performed rock solid, it didn't afford me some of the reporting that I needed. I made the decision to upgrade to AlienVault and it has worked out well. The depth of reporting is so much more extensive in AlienVault. The critical aspects of a SIEM are ther in OSSIM, and I'm not saying reporting is the only reason I upgraded, but it was a major factor. I work in an environment where I have a very small staff, so support for the product was also a factor. The documentation, if you print it out, can be a bit overwhelming - it's very, very thorough. The best way to tackle it is to ask a question, then hit the documents to find the specific answer. I'm very, very happy I made the upgrade and if you're using OSSIM in a production environment, you should seriously consider making the switch.,Price Product Features Product Usability Analyst Reports Third-party Reviews,I would not change the evaluation process. Awesome that I can use an OSSIM for as long as I need to, to make sure it works, before purchase.,10,10Great system to meet FINRA's Cyber Security RequirementsWe use AlienVault to be in compliance with FINRA's cyber security regulations. We monitor our traffic, our users logins, and systems to make sure we don't have any unauthorized entries. It is used by our IT Dept primarily, periodically compliance logs in as well. It is a great system and I am happy we went with AlienVault for our cyber security needs.,It has great reports that are able to be generated A lot of functionality The intrusion and detection system is particularly useful for us,It is not easy to use for non IT professionals The set up process is very tedious and difficult,9,,I have not compared this to other software.,We have achieved this benefit but the only issue is unless you are very IT or tech savvy and understand networking professionally, it is very difficult to be able to understand what anything means. For example I took the launch pad training course, I have a legal background not a IT background because of that reason the course was not very helpful for me.,2,2,Meet FINRA Cybersecurity Regulations Network activity monitoring Intrusion detection,We use alienvault as we were trained by the alienvault team,Alienvault is particularly useful when we need to monitor user access and break in attempts.,10,No,We did not use a solution like alienvault before. We went with alienvault because of the capability the software had.,Price Product Features Product Usability Product Reputation Third-party Reviews,There is nothing I would change with our selection process as we are fully satisfied with the decision we made. We did a demo of the software which I believe is the single most important thing that must be done when selecting any kind of provider.,Implemented in-house,Change management was minimal,It had a lot of steps involved that had to do with dealing with our server and data providers Involved a lot of man power to get it fully functional.,7,No,10,No,We had an issue with our intrusion detection system and the support staff identified the issue and suggested a solution on how to resolve it. He even went above and beyond and offered to do a screen share to guide us through what to do on our alienvault platform.,The compliance reports are easy to use. The threat detection system results is easy to understand.,The setup process was difficult When a vulnerability is found, it is difficult to understand what it is.,No,7Big Bang for your BuckETCC uses AlienVault USM as the core of our managed security services practice. AlienVault USM is used together with other RMM tools from SolarWinds (N-Able). We tie AlienVault's ticket system in with AutoTask, our PSA of choice. Our target customers specific to AlienVault include the financial and healthcare sectors. One of the reasons for selecting AlienVault was its position in the Gartner magic quadrant, specific to SIEM.,Log aggregation Single pane of glass via Federation server Event Correlation,Deployment could be simplified or "smarter",9,Azure Log Analytics and Splunk,Too soon to tell. We've been using this for only a short while and our experience with other products and solutions is limited.,The jury is still out on this one.,We receive significant support resources by migrating to USM,5,5This is no Area 51, AlienVault exposes the hidden threats!AlienVault USM is use throughout our organization. It was put in place to resolve two issues. One was for vulnerability scans for audit compliance. It was also used for monitoring critical systems in our network. We also use to to parse syslog and other logging. An added bonus was the ability to track AD changes. The vulnerability scans are the best bar none that we tested. The monitoring is great too, however the only thing we found lacking was hard drive monitoring, we had to put another solution in place for that, however that was 6 months ago, so things may have changed.,Vulnerability scanning Up to date security definitions Open Threat Exchange Range or product sizes to fit any size of organization,Hard drive monitoring Slightly higher learning curve,9,LogRhythm, SolarWinds Log & Event Manager and Splunk Enterprise,AlienVault USM is phenomenal at keeping us up to date with the latest threat. The Open Threat Exchange (OTX) has great integration in their product and allows peers to submit transparent samples and definitions of security threats that they have seen. This allows the wider spread of example networks and thus the products is trusted to deliver.,It is just that good. We recently had a perceived security threat from an internal user and used AlienVault to investigate. I was able to pull reports of that user's workstation(s) and could verify that nothing damaging. I was also able to verify with certainty for my management team that we had not been compromised.,8,10,7AlienVault USM Implementation ReviewWe use AlienVault USM to monitor our data center, network traffic, and key workstations. Our goal is to protect the systems from loss of PII, from malware, and from intrusion.,Alerts are emailed to us for many types of configurable concerns. Such as intrusion attempts. Network traffic can be monitored for PII that may be transferred across the network or off-site that is not authorized or that is sent unencrypted properly. Key systems can be monitored for malware, intrusions, and network traffic.,The menu structure could be broken down by categories that make it easier to locate sub-menus.,10,,We feel it is comparable to it as well as to open source solutions, but easier to implement than open source solutions.,We have achieved this benefit. We have used open source solutions. But, to get the same results we had to use multiple solutions. Also, the open source solutions were more difficult to set up and difficult to maintain. And the AlienVault OTX makes us feel better about the product being up to date as well as us being more informed as to current threats to be aware of.,2,2,IDS Malware FERPA Compliance Monitor PII IPS Ransomware,We have been able to use Custom Written plugins to monitor our off-brand switches and routers. Watch for PII being send across the network or off-site in an unencrypted format. Identify scans on the network from on and off-site in order to proactively block them at the firewall's.,Monitor critical systems, servers, an applications up-time.,10,Yes,We like the fact that USM has log management, provides excellent support, and provided us with a easy to deploy VM All-In-One system.,Price Product Features Product Usability Product Reputation Positive Sales Experience with the Vendor,The eval and selection went well and as we had hoped.,Implemented in-house Professional services company,Yes,Change management was minimal,no significant issues were encountered,10,10,No,Follow up is absolutely amazing.,Monitoring of Alarms Looking at the logs of monitored systems. Install and Setup up of Agents on servers.,Plugins are a bit difficult - but just something that needs to be learned. Some directives setup can be a bit difficult to do the first time - But, it just requires a little hands on practice.,No,10Conspiracy Theory - No Aliens here!We are using AlienVault USM for log monitoring and retention. We also monitor the alarms dashboard to be aware of anything that may be penetrating our network. We have just started using it within the last couple of months so do not have it fully tweaked, but will be creating directives and policies to alert our tier 2 support team of possible incidents that require investigation.,Log capturing and retention. Easily searchable. Behavioral monitoring. AlienVault is able to look at all events and correlate them, taking that workload off of staff. Open Threat exchange. AlienVault is on top of the current threats and updates database regularly to optimize protection. Intrusion detection.,Vulnerability scanning. The reports are horrendous and do not provide an easy way to sort through them. Perhaps there is something I am missing, but I would like to be able to break it down by the vulnerability and list all hosts that have that vulnerability. GUI does not keep track of what page you are on. If you make a change, it refreshes and you are back on page one. Would also be nice to be able to have a GoTo Page option. Vulnerability scanning takes much too long to run. I am running scans with another system and am able to easily scan our entire network over the weekend. It times out a lot with small subsets of our network. It also seems to be locking out the account used for authentication. I verified it has the correct password and used the system to test connectivity, which it passed.,9,EventTracker,I have not used other security technology to speak of. AlienVault has provided us with better insight as to what potential threats may be attempting to breach our network. It was also a valuable tool when going through an audit. We were able to identify when the auditor was open testing our network based on the alarms that were triggered.,Since we did not have any system that was able to provide this service, it has added great value to ensuring our environment is protected. We are able to identify potential breaches of our network and whether the source has an IP reputation based on the Open Threat Exchange. It has been a great addition to our arsenal for fighting off the bad guys.,Set up alerts for when a user has locked out their account. The alert goes to helpdesk so that they can contact the user, sometimes before they even realize they have locked their account. Also provides security in knowing that the user is the one indeed locking out their account. Use the vulnerability scanning to address vulnerabilities so when the auditors scan we have a much cleaner report as well as secured our environment. Set up alerts to go to Sys Admins when domain group memberships change. This provides an audit for privileged groups as soon as they occur.,Yes,Product Features Product Usability,Would not change anything. We did a POC on several solutions to see the results first hand in our own environment rather than just a demo so the value was easy to see when choosing AlienVault over the others.,9,7,8All-in-one, Integrated Security that is Simple and Low-costWe use Alien Vault's USM all-in-one appliance for all of our compliance needs. We went looking for a security product that would meet our compliance needs and found that just one component of our compliance budget, logging, was too expensive for our budget. AlienVault United Security Management allowed us to meet the other needs of SIEM, threat detection, HIDS, and vulnerability management less than most of the other products charge for logging.,Integrated product - AlienVault does a great job of bringing the varied product functionality together and provides a centralized view of security throughout our company. Support and Training - We chose to implement AlienVault ourselves and took the training class with implementation assistance. Both helped in learning the product and allowing us to be able to administer, use and improve our use of it more effectively. Product improvements - I have found issues with the product in the short time I have been using it and then seen product updates shortly thereafter that included the fixes we requested.,Plugins for data could use some improvements. Newer plugins and a more user-friendly way of creating them rather than writing regex would greatly improve the ability to add additional data sources. Documentation can be improved. The knowledge base and help are being redone and they have yet to catch up to the latest version. They provide some help but need to add detail for advanced troubleshooting. Forums can sometimes be helpful and the support also is helpful.,10,LogRhythm, WhatsUp Gold and Splunk,I have not seen another other products that do what AlienVault Unified Security Management does. It is the central view into our security stance and provides an easy to use method for detecting and finding vulnerabilities and threats to our enterprise. We still use firewall and anti-virus but without AlienVault Unified Management we would not know of the threats to our network.,I spend a few minutes each day reviewing the alerts in AlienVault Unified Security Management. I also can respond to any emergencies as they come in to my email. We upgrade the product with the latest threat feeds and any new product updates when they come out. We scan for vulnerabilities monthly, allowing us to patch and fix any known issues. AlienVault Unified Security Management makes security threats and management of them actually enjoyable.,9,9,10AlienVault ReviewSecurity Event Correlation.,Notification Log Monitoring Threat Alerts Inventory Monitoring Vulnerability Scans,System Updates break features, especially Threat Intelligence Policies as well as corresponding Alerts Need to conduct more Customer Education regarding features and system updates Steep initial learning curve on getting the most out of system Getting a Support Technician on the phone when something breaks.,7,LogRhythm,AlienVault is very effective but lacks polish in the event correlation. It throws a lot at you as AlienVault has great features like vulnerability scanning, inventory and asset management, as well as monitoring. But getting the best use out of them can be a task. A better job can be done to test and push out system updates before releasing them. Updating the system sometimes breaks Threat Intelligence Policy as well as their corresponding alerts. Getting support assistance can be a pain but once they respond the technicians are great and very knowledgeable on the product. I feel there needs to be more customer education and webinars on AlienVault USM's features. I don't always feel confident that I'm getting all I can out of the system.,In a sense we have reduced some degree of the work, however AlienVault makes security events easier to manage and filter.,No,7,7,7The One Man SoCAlienvault is used across the whole organization and it addresses log correlation problems and real time threat intelligence visibility,Threat detection Log aggregation Threat exchange and enhanced visibility,Report customization Scalability Ability to easily develop custom plugins,9,HP Arcsight,Alienvault has the best threat intelligence and unified security management compared to other security technologies,The benefit of threat detection simplification was achieved...all in a bit!,Integration of all custom log sources- including txt, xml, and other flat files Correlation of custom log sources,10,9,9Don't be afraid of this Alien.The implementation of AlienVault Unified Security Management was the result of a network wide virus infection and not knowing where the virus originated required that all servers and workstations be scanned for infection. The system was deployed across the entire network for a centralized point of administration verifying network integrity and system security protocols.,Real-time access logs and scanning. Once the system was installed and configured it allowed our company to find that the network was being hit with a continued bruteforce attack. With this discovery we made a few changes for our remote users and reduced the unauthorized outside access attempts. Traffic monitoring. When first starting with the company part of my assignment was to find why the network was so lethargic. With the AlienVault system I was able to see the time periods of heavy internet and data usage. With this information I was able to determine the highs and lows of user access. OTX activity. After getting subscribed to the OTX community I was given frequent updates to the latest security threats and what to look for. To me the best aspect of the OTX activity monitoring is to know when the threat is directly affecting our network and keeping up to date on the threats.,Initial setup and administration. I came into this company after the utility was deployed and what I have found in our setup was that the ESXi environment in our setup does not scan the entire network. Having an initial setup assistance program for the installation. Asset environment. In our current configuration we have all the servers and network appliances running with static ip's or reservations from our dhcp server, this works very well in our environment. What does not work well are the machines that are part of the dhcp pool, if the machines are configured as an asset and the ip address changes the description (identity) does not follow the device. I think that if we have the ability assign assets from the MAC address would eliminate this problem as I see it. Kick-off program. As part of the service we where invited to join a kick-off event that I personally attended (virtual class actually) what I discovered from this class was a more advanced configuration than what I had expected to see. While in provided good information and virtual labs, I think if the class is a kick-off then it should be about the basic installation and configuration of the appliance. The time spent on configuring rules out weighed how to get information to be read from the sensors.,8,,I believe the best aspect of the AlienVault system comes ultimately from the community of users. The OTX activity notifications for myself provides a great wealth of knowledge that I would not get otherwise. This is my first true experience in managing a service such as AlienVault for a long period of time. The community support is a great reference for smaller IT departments that have limited resources to stay up to date with emerging threats.,Having been a product the company purchased after experiencing its first network wide virus infection, yes, most definitely. The company just was not set up for or equipped to properly handle this problem. The AlienVault appliance once configured indicated that the company was experiencing a bruteforce attack. Was this an underlying result of the infection possibly? What I do know is that without the AlienVault software showing this outside access the problem would have never been discovered. We implemented changes to the network that resolved this problem to about 95% with just 1 workstation that continued to have problems with network access and traffic problems. The AlienVault system allowed me to watch in real-time when exactly this workstation was getting hit and from where. The workstation that experienced the network congestion just happened to be the same workstation that infected the network. Without this valuable information and having limited IT department resources, I was able to commit my time in monitoring the network and ultimately finding this problem. Once removed from the network and rebuilt this saved the company hundreds of hours in downtime and loss of productivity. Definitely a saver for the company.,No,Coming into the company I work for they had just experienced a very bad network wide virus. The USM software have been in place would have helped to mitigate the infection and locate the machine faster. This service since being installed has provided valuable information on continued port scans and access vulnerabilities. We found that our AD server and SQL servers had continued port scans. Once identified I was able to make changes to the remote access ports and this stopped the port scans. Ultimately Alienvault USM saved valuable time and increased user productivity.,10,5,No,Not sure if this an AlienVault thing directly or not. Working with our consultant Shawn he was able to create a custom plugin for our QNAP Enclosure to support my sys log from the device. It was crucial for us to read these logs and since all other event logs are going into AlienVault this was an ideal situation. After gathering some info logs from the QNAP device Shane had a plugin created for me in 2 days and deployed. That was an invaluable effort on the part of AlienVault and Shane.,Real-time scanning OTX activity Easy to read dashboard,Configuring the ESXi network adaptors Understanding how to create rules Not knowing what many of the rules meant or what they do.,7AlienVault - Funny name but a great security productWe are an AlienVault Managed Service Security Provider (MSSP). We use the product internally, as well as for customers. AlienVault is a great product because it provider a level of visibility into network activity that is difficult to achieve with traditional infrastructure monitoring tools. Like any good tool, there is a learning curve. I highly recommend working with a partner or a consultant if you are considering implementing AlienVault. Once it's set up properly on a network, it provides excellent data about vulnerabilities and network activity that would otherwise be missed. In every case where we've deployed AlienVault, the tool has exposed risks and/or activity that was unknown prior to the installation. AlienVault support is excellent. In every case where we've had to escalate an incident or problem to support, they have been very responsive initially and in fixing the problem. I highly recommend the AlienVault product for any organization that is looking for a cost-effective and comprehensive security tool.,Identifying network vulnerabilities Alerting on suspicious network traffic Providing a single pane-of-glass for security monitoring,Ticketing - the internal ticketing system is not very good and integration with external ticketing systems is limited to email forwarding Out-of-the-box usefulness. The product requires a significant amount of time and expertise to make it useful. AlienVault could provide better documentation and/or GUI workflows to make setup smoother,9,AlienVault has done a great job of detecting security threats in the environments where we have it deployed. We had a ransomware outbreak on a network with AlienVault deployed and the product detected it and alerted immediately. I was very impressed. It's also done a great job of identifying potential security vulnerabilities, which has helped us lock down our customer networks.,With AlienVault deployed, I feel very confident about the security posture of a given network. Without this tool, we have to run a number of audits and reports, which only yield data about a single point-in-time. AlienVault is continuously monitoring the network for vulnerabilities and threats, which reduces amount of manual work required to maintain a good security posture.,8,825th Century Security on a 20th Century BudgetWe were looking for a solution to enhance our security standing. We quickly found more than a few eager providers willing to help us with this challenge for the right price. The problem was that price was WAY too high for our market and budget as well almost every product we found was little more than an expensive tool for a security technician. We wanted to avoid hiring a new staff member and having to worry about keeping them up to date with expensive training and paying for expensive tools. We found AlienVault through SpiceWorks and began investigating. From there we discovered how badly we needed this product. During the proof of concept we discovered an active breach attempt. Once we purchased AlienVault Unified Security Management we discovered two additional active breach attempts on our most mission critical systems. We have been able to patch, resolve and plug every hole we have found and feel infinitely more secure. We never had visualization into the network like this before and never would have with the competing vendors. I will never work in an environment again that does not have AlienVault.,Visualization into your network traffic! Simplifies the complicated and scary! Gives you a warm and secure feeling over your environment. Provides real time analysis and view into your security.,Creating Filters and Rules will come easier with time but they currently have some room to grow. Integration with existing security and new security products. With all AlienVault has done to improve my network I haven't gotten a raise yet - Not really AlienVault's fault but they could write a letter about how awesome I am.,10,Splunk,There is no other solution that can do what AlienVault does and that is a fact. Others try to make use of the FREE OTX (Open Threat Exchange) and advertise their product "keeps up to date with the latest threats" and tell you it can show you everything on your network and problems before they are a problem but none can truly do what AlienVault does. Is that App you installed on your local network susceptible to HEARTBLEED, or POODLE? What about that program your in house developers built? Not sure how to test since the application is only visible from inside the network? AlienVault. Want to know if it is being breached? AlienVault. Want to know the latest security threats and if you are vulnerable without having to test each threat manually against all your applications? AlienVault. Think that Server isn't visible from the internet? AlienVault. I had multiple servers and applications we didn't think were visible and by all rights they shouldn't have been however for one reason or another we found they were and never would have known people were actively attempting to breach them if it wasn't for AlienVault. We had a Splunk server running and it never alarmed us or caught any of it.,Yes we have achieved this benefit with AlienVault. Minimal effort to setup and learn and I was immediately effective with this product. With some time and effort I was able to clean up my environment and server security dramatically. AlienVault helped me make the argument to management for the need for a new Edge Router and Security training! AlienVault has helped us develop a budget for security training, and prove the need for continued training of our end users, and establish an on boarding security training course for our environment. Thank you AlienVault.,10,10Security Insight Out of the BoxWe deployed AlienVault's USM for a complete view of our network and assets across the company as a whole. We are now able to have a single pane of glass view of assets, services, vulnerabilities, anomalies, or security related alarms.,Initial deployment, during my research on deploying a SIEM solution deployment, seemed to be a nightmare in many of AlienVault's competitors. AlienVault's process was amazingly simple. The readability of log information is great with AlienVault. I am able to review security alerts or events and know exactly what may have occurred and what information is actionable on the network level to address any issues.,Easier to create reports for large sets of data. Better out of the box automation of alarm and ticket responses or actions. Very small but the ability to always view alarms in a grouped view.,10,,AlienVault is my first SIEM product I have worked with in a production environment, but everything seems very straight forward and easy to use and easy to understand summaries of what is occurring on your network.,Yes, definitely we have a much better view and ability to detect what threats or vulnerabilities our network may have.,No,Price Product Features Positive Sales Experience with the Vendor,The only thing I would do differently is schedule/budget more professional services time down the road after using and configuring the AlienVault USM to meet my needs to see how my configuration could be improved, or answer any questions I may have accumulated after using the system for awhile.,8,9Pretty good!We have a large campus with multiple IT support departments spread across it. Using AlienVault Unified Security Management, we are able to collect, interpret, and act upon log information from hundreds of devices all over campus. The ability to get intel on traffic crossing the network allows us to see threats before they cause damage, and the automated actions we can code using correlations (that we can also define ourselves) allows us to address those threats in a timely manner. AlienVault Unified Security Management is highly customizable and we have yet to come across a device or service that we can't interface with it.,Correlations out of disparate data sources. Customizability. Wide range of utilities baked in.,Not scalable to very large networks. Requires lots of tuning to squelch false positives. Is not easily backed up.,8,AlienVault Unified Security Management is good for incident response and automating the prioritization of threats. It cannot detect malicious binaries like FireEye, but it's not meant to. But we have both FireEye and AlienVault, with FireEye's logs feeding into AlienVault and AlienVault using that data to do correlations. AlienVault Unified Security Management by itself is powerful, but the real power lies in its ability to interface with other security products.,AlienVault Unified Security Management has saved us a tremendous amount of work because of its ability to automate security tasks and prioritization of threats. When AlienVault Unified Security Management raises an alarm, it can automatically send out an alert to the appropriate support team without any human intervention from security operations. This allows us to do the work of a team many times our size.,8AlienVault, so advanced that you will think it came from outer space.We are using AlienVault as our central source of all security related information giving the team the visibility of everything that connects to the network. Without having to worry about going over on EPS, like some vendors that charge based on EPS, we are able to send any and all logs to the server allowing us the ability to tune the device for maximum security visibility.,Easy to manage and customize the configuration to match your needs. No limits on EPS (events per second) like other vendors that make you tune out information that might help you identify a threat but due to cost for EPS you have to dump it. All security information in one location and dashboard.,The reports are not very user friendly, seem to be a left over from the 90's era of formatting. Dashboard could also use a good facelift to make it easier to view when on the big screen in an operations center.,10,,AlienVault's threat intelligence feed has greatly improved our security posture. We can now see the known threat actors as they start hitting the outside of out network allowing us time to proactively monitor and block them as needed. In the past we would only get notified after something bad has already happened putting us in firefighting mode all the time.,We have take the time to tune AlienVault to our environment and with the proper correlation we are only being notified of threats that need to be reviewed.,Implemented in-house Professional services company,Yes,Change management was a small part of the implementation and was well-handled,Identification of all network devices and who has access to make changes. Configuration of custom applications or appliances that AlienVault did not have plugins for. This is were Professional Services really helps out. Tuning out of all the noise to get to the data that matters.,10USM for AWS offers best solution on the market.We are using AlienVault Unified Security Management for AWS to meet our PCI compliance for Intrusion detection, vulnerability scans, and problems that might occur. It is being used for all our servers that fall within PCI compliance. It addresses the problem of finding a product that can easily interface with Amazon's AWS servers and load balancers.,Once your Instances are set up to log to CloudWatch, setup is extremely easy in USM interface. USM for AWS is great at logging every kind of event that Windows servers log. USM for AWS facilitates user management to provide access to events for different user levels.,USM for AWS is very slow to load. It can take up to 2 minutes to load some of the pages. Alarms need email notification. The interface caches information forcing the user to hard refresh their browser every time they want to wait. AWS for USM hides assets sometimes making it difficult to see what is being tracked.,8,,Since USM for AWS is the first integrated threat intelligence system we have used, it is difficult to compare. If we log in everyday, it appears to be very effective. If they were to integrate a better system for alerting the user, like emails or texts when a threat is detected, I think it would be very effective. Because we have to log in, it is hard to tell if it is effective in detecting a problem in a timely matter.,In practice, USM for AWS has given us another tool to use to determine if there has been a security threat. Unfortunately since we have to log in to the tool to see if there is a threat; it is hard to say that it reduces the amount of work. Still if we consider the alternatives, USM for AWS helps us immensely. It helps us weed through the logs to find out when a threat or suspicious event is detected. We would recommend this product to anyone.,8A real experience with AlienVault USMWe have centralized log management and now have tools that will consolidate and make sense of critical problems while filtering out needless noise. We also now have host and network IDS.,Active directory management Pin pointing malware virus attacks,More intuitive suggestions upon review of logs,7,,Having threat intelligence gives one a measure of comfort that the device is not simply a stand alone device but is always adapting in zero day threat scenarios.,We have been a little slow on the training and integrating the functionality into our mainstream operations. We plan on doing more in 2016.,7Alienvault - The Answer to Many of our Network Security NeedsAlienVault is used to provide visibility into our network traffic inbound and outbound from/to the Internet as well as traffic between our DMZ, corporate and extranet networks. Prior to AlienVault we configured a layered security design and it was sufficient for most purposes. However, we did not have insight into the actual network traffic to see any viruses, or exploits that were being transmitted within or through our network. AlienVault provided that visibility and also allows us easier vulnerability tracking. We are now able to see when an exploit is present and respond immediately and appropriately.,Exploit detection Vulnerability Scanning SIEM IDS,AlienVault is excellent at finding issues/exploits and providing the information necessary for forensics. It could be nice if instructions for remedies could be provided as well.,10,,AlienVault has been extremely effective in finding threats in my environment. From something as simple as outdated software detection to detecting an exploit or phishing attempt. It provides me with unequaled visibility into the actual network traffic. It finds exploits in transit and will send me an alarm instantly so I can resolve the issue before it has a chance to propagate through our environment. It integrates with our firewall so I gain the visibility at the edge of our network as well.,After the initial configuration and burn-in period it has reduced the amount of time we use to react to issues. We also have a greater sense of awareness and security knowing that the system is constantly scanning network traffic, analyzing server and firewall logs, etc., to provide us with the necessary information to keep the network secure.,3,1,Exploit detection Vulnerability scanning Logging,Great log monitoring.,Vulnerability resolution.,10,No,Product Features Product Usability Positive Sales Experience with the Vendor,N/A,Implemented in-house,Yes,Change management was minimal,Learning the product.,9,No,9,Yes,At one time the AlienVault system was falsely reporting that Adobe Flash Player was outdated on some of our systems. I contacted support and they contacted me the same day. They researched the issue with me and found that the newest AlienVault update would fix the problem. We installed the new update and the problem was resolved, quickly.,Vulnerability scanning Alarm monitoring,Custom logging,8TrustNet Managed Security With AlienVaultTustNet is an AlienVault partner. We use the AlienVault platform to provide managed security services to our clients. We have clients that use the platform across their whole organization, and some that use it in specific departments. AlienVault USM has the tools built into it, that give us great visibility of suspicious activity occurring in our clients networks. TrustNet is also a QSA company. The AlienVault USM platform allows us to provide services to our clients that help them meet their compliance needs. It covers some of the major PCI compliance requirements, for example, Secure Log Management and storage, File Integrity Monitoring, Wireless network protection, and Vulnerability scanning and management.,Log Management - AlienVault USM collects log data from all points in your network, analyzes it for suspicious activity and then stores it securely. This effectively means that you will always have an original copy of the logs in the event that a device is compromised and the logs on that device are altered. Asset Discovery - AlientVault USM make the creation and maintenance of the asset database simple. It auto-discovers devices on the network to build the database and add devices when they are added to the network. There is a passive and active scanning mode to do this. The active scan gives a lot more information about the devices which can include open ports and running operating systems. SIEM - AlienVault USM includes a comprehensive Security Event Management tool that analyzes all network traffic and data. There is a comprehensive rule set that is built into the system, and is updated regularly. The system gives administrators the ability to create custom rules and signatures including the cross-correlation of data from a large number of devices and software applications.,One of the only issues that, we and some of our clients currently have, is the OpenVAS vulnerability scanning engine built into the platform. It has been our experience that the tool is not as reliable as many others on the market. It frequently misses vulnerabilities that other tools, for example Nessus and Nexpose, pick up. The vulnerability reporting also leaves a lot to be desired, and in large part does not include the detail necessary to perform remediation easily. Unfortunately, AlienVault has removed the support and functionality that it had in older versions of the software that enable you to load and use a different scanning engine.,10,Alert Logic, RandomStorm and Clone Systems,AlienVault USM makes our lives as managed security providers a lot easier. It has the tools built into it that automate a huge amount of the analysis that needs to be done to ensure there is nothing malicious going on in our clients networks. When we monitor and review theses networks, we know that we can check the alarms generated on the USM platform, and investigate those as a priority, and can rely on the fact that the platform has weeded out only the events that need to be investigated further.,10,3,Yes,Price Product Features Product Usability Product Reputation Prior Experience with the Product,I wouldn't change the process. We have evaluated a lot of products out there, and for us, the Alienvault USM is a great fit. One lesson we have learned though, is that it is definitely the right way to go to select a vendor that has a presence in your country. Dealing with a vendor that is in a time zone 7-10 hours away can pose serious challenges.,Implemented in-house Professional services company,Yes,Change management was a small part of the implementation and was well-handled,Agent deployment. This has been greatly simplified in newer versions of the platform with the automatic deployment tool. However, if there are a large number of agents that need to be deployed, it is very time consuming as they can still only be done one-at-a-time. There is no ability to create a list of devices with their IP addresses that the system can use to automatically create and deploy the agents. Configuring WIDS can be complicated. The WIDS sensors are not standard or proprietary to AlienVault. We have found the hardware, and developed the imaged that gets deployed to it, to perform this functionality.,10Cost-effective, but you better be comfortable with the Linux command line and vi/nanoWe are primarily using AlienVault Unified Security Management to enable centralized logging and event correlation across hundreds of retail locations, as well as centralized logging and event correlation for servers and network devices in our core data centers. We thought we would also use the vulnerability scanning capabilities, but we have found the vulnerability information incomplete and the scanning capabilities inadequate for canvasing all of our remote locations over VPN.,The deployment of the OSSEC(AlienVault HIDS) agent the basic logging and event generation got us out of the gate quickly. AlienVault has a lot of out of the box parsers for popular network devices to parse system logs. AlienVault has a lot of out of the box correlation sets to generate intelligent security alarms.,The vulnerability scanning feature is basically useless for us. There is not an easy way to see which vulnerabilities are being scanned for, and I've confirmed that monthly Microsoft updates take forever (over 30 days) to get into the definitions. We need to see them in there within a couple of days. The scanning is all done remotely (no local agent-based scanning), which requires superuser credentials to be supplied to the scanner. Because we have a lot of remote locations connected over VPN, the scans repeatedly timeout or error out. We are exploring alternative products for this need. AlienVault documentation is severely lacking. When I have opened tickets with AlienVault regarding missing documentation, I am often referred to the open source project's documentation for the component they've integrated. If AlienVault wants to integrate a component and rebrand it as part of their product, they need to take the ownership of documenting how to use it within their product. AlienVault requires too much "hacking" to do anything custom. The CLI has a "Jailbreak system" mode that is required for anything outside of the most vanilla configurations. In my mind something called "Jailbreak" should not be required on a daily basis. Examples of low level config include having to create custom rsyslog.d conf files to aggregate syslogs from multiple devices to a single log for parsing. Using the Web UIs per asset assignment of a plugin isn't resource efficient. Doing any sort of custom rules or plugins requires CLI modification of multiple files and the OSSIM database. It shouldn't be that hard.,5,,I can say that the SIEM functionality is better than the previous technology I have used. I find the different tiers of Alarms/SIEM Events/Raw Logs to be effective in elevating the signal above all the noise. The alarms that have been generated in our environment have given us valid scenarios to investigate.,I would say we have achieved this benefit, but expanding the capability of the system to include new sources of information is a painful undertaking.,3,2,Centralized logging and retention. Event correlation. Alerting.,Sending syslog events from our network monitoring solution to use in directive correlations for alerting.,If the vulnerability scanning is improved and introduced localized agent based scanning, we would explore that feature again.,5,Yes,Price Product Features Product Usability,I would have wanted to see a more extensive proof of concept or pilot demonstrating how the product would handle particular systems or aspects of our environment.,Professional services company,No,Change management was minimal,The big deliverable was to enable log collection and event generation of our Meraki MX appliances and Cisco SF300 switches, neither of which had a built-in plugin. We spent all of our professional service hours having to build custom rsyslog conf files and plugins for these devices.,5,6,Yes,When we encountered an issue with an upgrade, AlienVault support was able to connect remotely and resolve the package dependency problems to allow us to complete the upgrade.,I can't say any of them are. Documentation is so lacking and there are not a lot of helpful hints within the UI itself.,I would have to say all of them. Again, lack of documentation, tutorials, etc., coupled with the lack of any sort of help indicators within the UI makes this very difficult to use without training. And then there is all of the undocumented command line work...,No,2AlienVault USM- Beginning ThoughtsWe are currently using AlienVault Unified Security Management across our entire enterprise. We are using it to correlate and store logs from all devices to monitor for network and host intrusion detection. We also use it to do our vulnerability assessment, as well as our network inventory. It's part of our layered approach to security monitoring.,The AlienVault NIDS has proven to be very valuable in helping us identify traffic on our network. It has identified unauthorized traffic that was going out of our network. The alarms generated from our realtime events have helped us to respond to and track our responses. It has helped us with change management with realtime updates to any changes in configuration.,Inventory is terrible. Expect to spend some time fixing details on your inventory. This is particularly frustrating as often vulnerabilities are tied to specific versions of Windows or software. I mean there is a world of difference between Windows 7 and Windows 98. Its inability to differentiate is a big issue. I would like to see the alerting functionality improved. Such that if you see an alarm that you want to be notified about every time it happens you can just right click on and say alert me next time this event happens.,8,AccelOps,So far it has been very effective in alerting us to security threats. It has helped us to identify scanning hosts on our network as well as any host which attempts to contact unauthorized outside the host. The continuous monitoring and notifications has helped us to filter out the noise from real issues.,We achieved this benefit almost immediately. The directives that it comes with out of the box have been essential to our network monitoring program. As we continue to customize it to our environment we feel this will only continue.,2,1,Network intrusion detection Host Intrusion detection Malware/Trojan/Etc. detection,We've used it to validate some of our Regulatory requirements. as In we performed this exercise was AlienVault able to detect that activity We've used for network change management. When It makes a change Security is notified and IT has to signoff that they made the change.,IF they ever get the asset discovery to the point where it's accurate, we can see using it for inventory. We would like to use it to alarm us when a new piece of equipment is connected to the network. I suspect that is in there already. Haven't figured out how that would be accomplished yet.,8,No,Product Features Product Usability Third-party Reviews,If I had to redo it again I probably would end up picking AlienVault with all things being the same with AlienVault and it's competitors.,Implemented in-house,No,Change management was minimal,Training and approvals,10,Yes,8,No,I was having an issue where after i Upgraded to 5.1.1 where the video vanished. You would boot up see the bios and nothing after that. It turned out to be a Bug in 5.1.1 and 5.2. I opened a ticket and within an hour I believe i had a tech on the phone and he knew exactly what the issue was and the workaround. The speed to resolution was frankly amazing.,The directive events are fairly easy to adapt to your environment Deployment of HIDS was very simple. This is in a windows environment,The asset discovery is particularly cumbersome as it's inaccurate, and you end up spending lots of time fixing it. Vulnerability assessment caused many issues with our printers. We ended up having to skip our printers and the way to do that is very cumbersome. instead of being able to say exclude these IP's you had to only include the IP's you wanted inventoried by listing the subnets xxx.xxx.xx.xxx/xx you wanted included.. a lot of /32's,No,7I'm Not Saying it's Aliens, but it's AlienVault.We currently use AlienVault as our IDS, HIDS, FIM, vulnerability scanning, log storage, SIEM, and incident response solution at Save Mart Supermarkets. It is also used in a lesser degree for asset inventory within specific areas of our company. It was purchased primarily in order to help us comply with PCI (the main driver behind purchasing AlienVault) and for security in general. The Networking and Security team are the primary users of this tool but it is used to monitor across the entire enterprise.,AlienVault has a broad selection of tools all within the same user interface. We have been able to cover several security needs with one product that previously were done with several different tools. This has made it a lot easier to manage as we have to learn one tool rather than many different tools. It was also much more cost effective than it would have been buying a multitude of point products. AlienVault enabled smoother compliance with PCI because we were able to get many of the required security controls in place more easily. In our particular case this was especially because of using the vulnerability scanning, file integrity/host intrusion detection, and network intrusion detection modules within AlienVault. I have always had excellent experience with AlienVault's support. Any issue I have had they worked with me to resolve quickly. I have also had the opportunity to speak to several individuals within AlienVault to discuss problems I have had with the product or features that I would like to see. They have always listened to me and almost all of the things that I wanted to see have actually been added to the product in the time I have used it. It has improved considerably over the year that I have been using AlienVault. I am quite happy with the ability to give feedback that I know is listened to. In fact I consider this to be one of the best things about this product. It is pretty solid and has quite a bit of usefulness to begin with but no product is ever perfect. We are all aware of products that don't live up to marketing hype. Which of course means having a company that listens to feedback very important so they can constantly improve and refine their solution. Complete access to the underlying OS. I am not particularly fond of products that limit access to all aspects of the product. It is one thing to have proprietary code it is another to limit root or admin access to a box your company paid for. In AlienVault you can get into the command line anytime you want (it is built on a Linux OS). If you need to do some troubleshooting with which the UI is simply not sufficient, you can! There are issues that I have resolved with support that now I can resolve entirely on my own because I retain the capabilities to fix the problem they have (for support issues it is really a lack of knowledge on my part rather than lack of capability). I have had bad experiences with products that require calling support and waiting for them to do something. OTX (Open Threat Exchange) went from something that was merely interesting and possibly useful to something that is extremely interesting and very useful for incident response. It has a lot of really good information on the many threats that you would see out in the world. It is really handy in order to hone in on the threats that actually matter to you (plus ignoring threats that do not matter). In our case POS (point of sale) malware represents the greatest current threat. I now have a good idea of the kind of POS malware there is. AlienVault will correlate all of the data from OTX so you will know if any behavior from any of the threats listed in OTX can be found in your environment.,I have had several "teething" issues with AlienVault. While I have been able to resolve pretty much all of them with support they were irritating to deal with. It has required fixes that had sometimes taken hours to resolve certain issues. None of them were crippling or extremely serious but I have run into enough of them that it was a problem. These ranged from issues with the local backups taking up way too much space because they did not rotate properly to issues with the asset inventory database. Performance issues have been a problem, especially earlier. Sometimes pulling data from the event log is very slow. To the point of being unusable. It has improved considerably as not too long ago they upgraded their back end database that increased performance in a very noticeable way. I personally would like to see a much faster way to look through individual events. It can take a while to look through several of them. It keeps improving but they definitely have some room to grow here. I do not like dealing with the plugins for data. Some of this could be merely my lack of ability in log reading and writing filters but the feature I want to see most improved is how you use plugins within AlienVault. It can definitely be streamlined and made more user friendly. I buy tools like this so I do not have to write my own correlation rules and log interpretation filters. It is certainly usable but kind of clunky.,10,AlienVault is one of the primary tools we have in our environment for detecting security threats. The only other tools we have that really help us find anything are our firewalls and antivirus. The IDS function in AlienVault in particular has helped us find quite a number of issues that we have had to deal with. The very nature of the tool is to monitor your environment and report on potential issues. As a SIEM (plus many other things) it tends to be one of the first indicators of compromise or some other security issue. In addition to that the range of tools within AlienVault has given us a lot of visibility that we did not have before.,We have definitely reduced the workload. Compared to the multitude of point products we had before there is much less work to be done in order to do basic maintenance. While I have had issues with AlienVault I have also had issues with every single other product. Dealing with only one product has made dealing with these issues more streamlined. I also do not need to compare (often incompatible) data across products to correlate security incidents nearly as much.,Yes,6,8Great product for small companies.AlienVault is being used to actively and passively monitor hosts and networks within our organization. We use AlienVault to monitor our business network as well as our operations network. We needed capabilities to passively monitor operations networks and this was a really good fit. It was very easy to set up and configure. We have multiple alarms set up for what we consider significant security issues such as multiple account login failure, insertion/removal of USB devices, network scans from software such as Nmap and Nessus, and when user accounts are created, deleted, locked, and unlocked just to name a few. We are alerted to these alarms through emails. I would recommend this to a colleague who is seeking a solution that is easy to set up and manage. With AlienVault USM being an all in one appliance, everything can be run from one virtual appliance as opposed to some solutions that require setting up 3-4 virtual appliances to correlate information.,Host IDS (HIDS) works very well for collecting information on the client machines and report that information back to the USM appliance. Network IDS (NIDS) works very well as an IDS platform. It catches all or more of the alerts that other IDS sensors that we have within our network. Logging is a very important feature that we utilize. It helps us to alert to changes in user account information as well a changes to the host system that is being monitored.,I feel that AlienVault USM could benefit more from allowing an easier path to setting up specifics about what you would like to alarm on. We have some services that we keep getting alarms opened on that we would like to stop alarming on. This is the main issue I have for now. It would be nice to see a way to send alerts by multiple paths. Such as to a secondary syslog server or to SMS rather than just sending alerts via email. The vulnerability scanner used by USM works nice however, I've used better products to actively scan a host. I believe this could be a functionality that could be addressed.,10,,I find the threat detection effectiveness of AlienVault USM very good as compared to a couple of other products that I have used. One example is that I was able to find a device on my network with AlienVault USM, during my trial set up period, that was attempting to exploit another machine. This was not picked up by two other security systems that we use so I consider the threat detection effectiveness to be very good as compared to my other two systems.,Threat detection simplification is one of the best features that we have with AlienVault USM. I've stated this in some of the previous questions, but it is very easy to set up. I set the USM product up on my own with nothing more than the help of the online manual in a manner of an hour or so whereas other products have taken a day (or longer in some cases). Also, the ability to manage everything from one interface cuts way down on the time and work required needed to manage USM.,No,10,10
Unspecified
AlienVault USM
544 Ratings
Score 8.0 out of 101
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>TRScore

AlienVault USM Reviews

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener noreferrer'>Customer Verified: Read more.</a>
AlienVault USM
544 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 8.0 out of 101

Do you work for this company?

TrustRadius Top Rated for 2019
Show Filters 
Hide Filters 
Showing 37 of 545 AlienVault USM ratings and reviews.
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role

Reviews (1-25 of 37)

Companies can't remove reviews or game the system. Here's why.
Philip Clarke profile photo
Score 10 out of 10
Vetted Review
Verified User
Review Source

Implementation

8

Initial implementation was okay, but we should have gone on the one week course first as an understanding of the features and what to look for would have been of great use. This is especially relevant when fine tuning and correlating events and creating parsers.

Once set up the system is pretty resilient and adding in configuration is quite an easy process. We only had on the odd few occasions had to progress any set up problems to tech support.

There are also some great whitepapers and set up articles on AlienVault's website support.

Read Philip Clarke's full review
Matt Frederickson profile photo
Score 10 out of 10
Vetted Review
Verified User
Review Source

Implementation

10
The one thing to remember is where to place the sensors within your organization. It is one thing to collect and analyze data, but collecting the right data is key. This is where AlienVaults experts really help. Instead of trying to sell you a gazillion sensors, they walk you through your network to make sure he sensors are where they need to be so you can achieve your goal. Implementation works so well because they take the time upfront to know your goals before they help you achieve them.
Read Matt Frederickson's full review
No photo available
Score 9 out of 10
Vetted Review
Verified User
Review Source

Implementation

9
The implementation was very straight forward and was set up quickly. The implementation project was managed well, and the vendor installing and configuring the product was very knowledgeable. As we had done a proof of concept trial, it was trivial to convert our install into production.
Read this authenticated review
No photo available
Score 10 out of 10
Vetted Review
Verified User
Review Source

Implementation

9
The wizard makes AlienVault easy to deploy. Can take a little time since there are so many aspects to the product. Fast Start guides and the Training were very helpful in better understanding the product and deploying and getting the most out of the product.
Read this authenticated review
James Ellsworth profile photo
Score 8 out of 10
Vetted Review
Verified User
Review Source

Implementation

10
The best recommendation I can offer is understand the system that is being installed. Knowing how to configure and specific expectations that you expect from the machine. I would say to watch the tutorials and the online video's, get yourself involved with the community forum and ask the questions if you do not understand.
Our company did not make the best choice on the computer that the service was installed on and it has led to some adverse effects that did not appear until now, almost 2 years later and needing to re-install the entire system all over again.
If you need the help, ask for it. The technical support team at alienvault and community forum members are always there to answer questions.
Read James Ellsworth's full review
Jeremy Wanamaker profile photo
Score 9 out of 10
Vetted Review
Reseller
Review Source

Implementation

8
AlienVault USM is a great improvement on the AlienVault interface. They have streamlined the interface. There are some features that are not yet working, such as reverse-DNS, which I would consider essential to a mature product. If the development team can improve the functionality and maintain the streamlined interface, this will be a very good product.
Read Jeremy Wanamaker's full review
Jacob Lovell profile photo
July 28, 2017

Pretty good!

Score 8 out of 10
Vetted Review
Verified User
Review Source

Implementation

8
The fact that so many things come configured out of the box - Snort based NID, host based detection with deployable clients, self-motivated, automatic network discovery, vulnerability scanning - is the strongest point for AlienVault.
Read Jacob Lovell's full review
Karl Hart, ACSE, CEH, CHFI, CISSP profile photo
Score 10 out of 10
Vetted Review
Verified User
Review Source

Implementation

10
Implementation is easy but having easy access to support and professional services is a great help. Getting it up and running is very easy, getting it configured for your specific environment does take a little more work, when you run into any issues support or your professional services provider is always there.
Read Karl Hart, ACSE, CEH, CHFI, CISSP's full review
Alexi Carey profile photo
Score 8 out of 10
Vetted Review
Verified User
Review Source

Implementation

8
I have been satisfied with the service and the AWS for USM product. I am a bit concerned about the changing of product to the USM Anywhere and its price structure. I am hoping that we can keep our current price structure without any hidden costs. Other than that the sales team has worked very hard to give us a comparable price to the AWS for USM product. I also hope the the USM Anywhere is easy to use but has the same FIM features. Regardless, The USM team is extremely helpful, attentive and persistent. I would recommend them to anyone needing a product like theirs but was not concerned about price.
Read Alexi Carey's full review
Stephen Hockley profile photo
Score 7 out of 10
Vetted Review
Verified User
Review Source

Implementation

7
Implementation will go smoother if you purchase pro services with the product and designate someone in the org as internal threat expert if non already exists. Focus on perimeter device logging first and tier one equipment then once logs are flowing move to less critical infrastructure.
Read Stephen Hockley's full review
No photo available
Score 10 out of 10
Vetted Review
Verified User
Review Source

Implementation

10
AlienVault USM was a very simple to implement and get up and running. We started with a trial version and had that up and going within an hour of receiving email instructions from the sales engineer. We never had to contact support to get the system up and going. It was extremely easy to convert over to a full license once we started with a paid version.
Read this authenticated review

Feature Scorecard Summary

Centralized event and log data collection (1)
8
Correlation (1)
8
Event and log normalization (1)
8
Deployment flexibility (1)
7
Custom dashboards and views (1)
6
Host and network-based intrusion detection (1)
7

About AlienVault USM

AlienVault USM Anywhere is a cloud-based security management solution that promises to accelerate and centralize threat detection, incident response, and compliance management for cloud, hybrid cloud, and on-premises environments. The vendor says that USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physical IT infrastructure.

USM Anywhere aims to help you rapidly deploy sensors into your cloud and on-premises environments while centrally managing data collection, security analysis, and threat detection from the AlienVault Secure Cloud.

Five Essential Security Capabilities in a Single SaaS Platform

AlienVault says that USM Anywhere provides five essential security capabilities, giving you everything you need for threat detection, incident response, and compliance management, within one platform. With USM Anywhere, you can focus on finding and responding to threats, not managing software. USM Anywhere can readily scale to meet your threat detection needs as your hybrid cloud environment changes and grows.

  1. Asset Discovery
  2. Vulnerability Assessment
  3. Intrusion Detection
  4. Behavioral Monitoring
  5. SIEM

Try USM Anywhere in your environment—free for the first 14 days.
www.alienvault.com/products/usm-anywhere/free-trial

AlienVault USM Features

Security Information and Event Management (SIEM) Features
Has featureCentralized event and log data collection
Has featureCorrelation
Has featureEvent and log normalization
Has featureDeployment flexibility
Has featureIntegration with Identity and Access Management Tools
Has featureCustom dashboards and views
Has featureHost and network-based intrusion detection
Additional Features
Has featureAlienVault Open Threat Exchange

AlienVault USM Screenshots

AlienVault USM Videos (2)

Watch AlienVault USM Anywhere: Five Essential Cloud Security Capabilities in a Single SaaS Platform

Watch See How We're Pushing the Outer Limits of Security

AlienVault USM Downloadables

Pricing

Has featureFree Trial Available?Yes
Has featureFree or Freemium Version Available?Yes
Has featurePremium Consulting/Integration Services Available?Yes
Entry-level set up fee?Optional

AlienVault USM Support Options

 Free VersionPaid Version
Phone
Email
Forum/Community
FAQ/Knowledgebase
Social Media
Video Tutorials / Webinar

AlienVault USM Technical Details

Deployment Types:SaaS
Operating Systems: Unspecified
Mobile Application:No
Supported Countries:Global