TrustRadius
https://media.trustradius.com/product-logos/LF/Ap/TPOL9A2198T5.JPEGAlienVault is no Alien when it comes to SecurityAlienVault Unified Security Management is being used across the whole organisation for event logging and monitoring, threat/vulnerability management and IDS.,Alerting on correlated events - this has allowed us to capture malware ahead of time. Ease of device logging - once the logs are sent through, the data is available instantly. Actively reviewing and responding to vulnerabilities through an easy to use interface and schedule task format.,More functionality pushed through the web interface would be useful. Asset management can be a little restricted when applying changes across a rule set.,10,LogRythm, Alert Logic and QRadar,Threat management is an excellent feature and allows us an all round vision of our landscape.,With a reduced security team Alienvault's USM allows us to have full SOC capabilities a cost saving to the organisation.,5,2,Determining malware has entered the organisation Communication failures between servers/services Activity on firewalls Changes on AD without the necessary approval authorities in place,Triggering events in other monitoring systems Integrating with other monitoring products to give a more rounded view Utilising into quarter end reporting for excom updates,Allow dashboard use throughout the business support units Centralised view for The SOC Interfacing into other products that fall outside of traditional security products,10,Yes,Price Product Features Product Usability Analyst Reports,Our evaluation process is part of our policy governance therefore the actual process of vendor selection would not change.,8,8,Dashboards Correlation Rule Set up Log Collection Asset Adding Vulnerability Scanning,Creating parsers can be difficult unless regex is understood.,10Great system to meet FINRA's Cyber Security RequirementsWe use AlienVault to be in compliance with FINRA's cyber security regulations. We monitor our traffic, our users logins, and systems to make sure we don't have any unauthorized entries. It is used by our IT Dept primarily, periodically compliance logs in as well. It is a great system and I am happy we went with AlienVault for our cyber security needs.,It has great reports that are able to be generated A lot of functionality The intrusion and detection system is particularly useful for us,It is not easy to use for non IT professionals The set up process is very tedious and difficult,9,,I have not compared this to other software.,We have achieved this benefit but the only issue is unless you are very IT or tech savvy and understand networking professionally, it is very difficult to be able to understand what anything means. For example I took the launch pad training course, I have a legal background not a IT background because of that reason the course was not very helpful for me.,2,2,Meet FINRA Cybersecurity Regulations Network activity monitoring Intrusion detection,We use alienvault as we were trained by the alienvault team,Alienvault is particularly useful when we need to monitor user access and break in attempts.,10,No,We did not use a solution like alienvault before. We went with alienvault because of the capability the software had.,Price Product Features Product Usability Product Reputation Third-party Reviews,There is nothing I would change with our selection process as we are fully satisfied with the decision we made. We did a demo of the software which I believe is the single most important thing that must be done when selecting any kind of provider.,Implemented in-house,Change management was minimal,It had a lot of steps involved that had to do with dealing with our server and data providers Involved a lot of man power to get it fully functional.,7,No,10,No,We had an issue with our intrusion detection system and the support staff identified the issue and suggested a solution on how to resolve it. He even went above and beyond and offered to do a screen share to guide us through what to do on our alienvault platform.,The compliance reports are easy to use. The threat detection system results is easy to understand.,The setup process was difficult When a vulnerability is found, it is difficult to understand what it is.,No,7AlienVault USM Implementation ReviewWe use AlienVault USM to monitor our data center, network traffic, and key workstations. Our goal is to protect the systems from loss of PII, from malware, and from intrusion.,Alerts are emailed to us for many types of configurable concerns. Such as intrusion attempts. Network traffic can be monitored for PII that may be transferred across the network or off-site that is not authorized or that is sent unencrypted properly. Key systems can be monitored for malware, intrusions, and network traffic.,The menu structure could be broken down by categories that make it easier to locate sub-menus.,10,,We feel it is comparable to it as well as to open source solutions, but easier to implement than open source solutions.,We have achieved this benefit. We have used open source solutions. But, to get the same results we had to use multiple solutions. Also, the open source solutions were more difficult to set up and difficult to maintain. And the AlienVault OTX makes us feel better about the product being up to date as well as us being more informed as to current threats to be aware of.,2,2,IDS Malware FERPA Compliance Monitor PII IPS Ransomware,We have been able to use Custom Written plugins to monitor our off-brand switches and routers. Watch for PII being send across the network or off-site in an unencrypted format. Identify scans on the network from on and off-site in order to proactively block them at the firewall's.,Monitor critical systems, servers, an applications up-time.,10,Yes,We like the fact that USM has log management, provides excellent support, and provided us with a easy to deploy VM All-In-One system.,Price Product Features Product Usability Product Reputation Positive Sales Experience with the Vendor,The eval and selection went well and as we had hoped.,Implemented in-house Professional services company,Yes,Change management was minimal,no significant issues were encountered,10,10,No,Follow up is absolutely amazing.,Monitoring of Alarms Looking at the logs of monitored systems. Install and Setup up of Agents on servers.,Plugins are a bit difficult - but just something that needs to be learned. Some directives setup can be a bit difficult to do the first time - But, it just requires a little hands on practice.,No,10AlienVault USM, a perfect ally for MSSPCable and Wireless offers our customers across the Latin America and Caribbean region a Security Monitoring service which is based on AlienVault USM technologies. We deploy sensors and servers on different customer locations and collect the alarms generated by those devices on a centralized AlienVault Federation Server which is continuously monitored from our SOC. The SOC analysts asses all the generated alarms and based on their knowledge and they provide the customer with the necessary visibility and corresponding information in order to know how to respond to a security threat or security incident. We at C&W also use AlienVault USM technologies in order to monitor our network and datacenter infrastructure across the Latin America and Caribbean region. AlienVault technologies has allowed us to offer a managed SIEM service which is affordable and reliable, and can be provisioned in order to fulfill specific needs as all of our customers have different requirements and necessities.,AlienVault USM provides enough flexibility when collecting logs and monitoring systems that are not supported by default. AlienVault USM has five different security monitoring capabilities that are focused on monitoring the health of a network and network systems and are included by default. Other SIEM vendors need to integrate additional products in order to generate the same visibility, which can make a project more complex and more expensive. OTX has improved significantly the visibility of the existing threats and this information is not only valuable for the operation of the service we offer but it can be a great security ally for any other SOC.,As a young company, the documentation and support knowledgebase are still not completed and they can improve it in order to make an even better product. As AlienVault comes from an open source product (OSSIM) the log collection relies on the use of third part agents (snare, nxlog, ossec), however regarding the professional version, there should be an Alienvault agent that could collect logs from different datasources. This will give our customers piece of mind as they will notice that even the agents are part of the same product they acquired.,9,,By integrating different security monitoring tools and by understanding that the security threats have evolved into a much more complex environment, AlienVault has given us the tools to monitor different aspects of the information security and it helps to detect attacks that normally would not be detected by the traditional SIEM approach. OTX has been a great ally as it delivers visibility and information about the real time threats and it's information has not only be used for the customer with existing AlienVault deployments bu for other SOC customers. The hierarchy architecture also enables us to monitor all customers infrastructure from a single console make it easier for the SOC analyst to detect specifc events or security threats.,We have achieved this by using the AlienVault Federation Server. A single console facilitates our SOC staff not only to detect threats among any customer but also to continue with the incident process once the threat is detected. The correlation directives that are normally updated, give us the power to monitor new security threats without having to reconfigure the product, so the analyst can focused on their job.,25,10,For monitoring customer infrastructure and security. For monitoring datacenter infrastructure and security. For monitoring other critical infrastructure inside the company.,We have been able to focus the service to our customer's business. The flexibility it offers has allowed us to monitor datasources that no other SIEM vendor could offer. We have been able to integrate the AlienVault USM technologies with other services that we already offered in order to come up with an improved version of already existing services. We have been able to offer POC scenarios to our customers of a technology that is somehow difficult to deliver (other vendors do not offers POC and the customers have to buy the product without proving is what they need),We are trying to deliver visibility and reporting from other services which have these features but are somehow limited.,10,9,9Alienvault - The Answer to Many of our Network Security NeedsAlienVault is used to provide visibility into our network traffic inbound and outbound from/to the Internet as well as traffic between our DMZ, corporate and extranet networks. Prior to AlienVault we configured a layered security design and it was sufficient for most purposes. However, we did not have insight into the actual network traffic to see any viruses, or exploits that were being transmitted within or through our network. AlienVault provided that visibility and also allows us easier vulnerability tracking. We are now able to see when an exploit is present and respond immediately and appropriately.,Exploit detection Vulnerability Scanning SIEM IDS,AlienVault is excellent at finding issues/exploits and providing the information necessary for forensics. It could be nice if instructions for remedies could be provided as well.,10,,AlienVault has been extremely effective in finding threats in my environment. From something as simple as outdated software detection to detecting an exploit or phishing attempt. It provides me with unequaled visibility into the actual network traffic. It finds exploits in transit and will send me an alarm instantly so I can resolve the issue before it has a chance to propagate through our environment. It integrates with our firewall so I gain the visibility at the edge of our network as well.,After the initial configuration and burn-in period it has reduced the amount of time we use to react to issues. We also have a greater sense of awareness and security knowing that the system is constantly scanning network traffic, analyzing server and firewall logs, etc., to provide us with the necessary information to keep the network secure.,3,1,Exploit detection Vulnerability scanning Logging,Great log monitoring.,Vulnerability resolution.,10,No,Product Features Product Usability Positive Sales Experience with the Vendor,N/A,Implemented in-house,Yes,Change management was minimal,Learning the product.,9,No,9,Yes,At one time the AlienVault system was falsely reporting that Adobe Flash Player was outdated on some of our systems. I contacted support and they contacted me the same day. They researched the issue with me and found that the newest AlienVault update would fix the problem. We installed the new update and the problem was resolved, quickly.,Vulnerability scanning Alarm monitoring,Custom logging,8Cost-effective, but you better be comfortable with the Linux command line and vi/nanoWe are primarily using AlienVault Unified Security Management to enable centralized logging and event correlation across hundreds of retail locations, as well as centralized logging and event correlation for servers and network devices in our core data centers. We thought we would also use the vulnerability scanning capabilities, but we have found the vulnerability information incomplete and the scanning capabilities inadequate for canvasing all of our remote locations over VPN.,The deployment of the OSSEC(AlienVault HIDS) agent the basic logging and event generation got us out of the gate quickly. AlienVault has a lot of out of the box parsers for popular network devices to parse system logs. AlienVault has a lot of out of the box correlation sets to generate intelligent security alarms.,The vulnerability scanning feature is basically useless for us. There is not an easy way to see which vulnerabilities are being scanned for, and I've confirmed that monthly Microsoft updates take forever (over 30 days) to get into the definitions. We need to see them in there within a couple of days. The scanning is all done remotely (no local agent-based scanning), which requires superuser credentials to be supplied to the scanner. Because we have a lot of remote locations connected over VPN, the scans repeatedly timeout or error out. We are exploring alternative products for this need. AlienVault documentation is severely lacking. When I have opened tickets with AlienVault regarding missing documentation, I am often referred to the open source project's documentation for the component they've integrated. If AlienVault wants to integrate a component and rebrand it as part of their product, they need to take the ownership of documenting how to use it within their product. AlienVault requires too much "hacking" to do anything custom. The CLI has a "Jailbreak system" mode that is required for anything outside of the most vanilla configurations. In my mind something called "Jailbreak" should not be required on a daily basis. Examples of low level config include having to create custom rsyslog.d conf files to aggregate syslogs from multiple devices to a single log for parsing. Using the Web UIs per asset assignment of a plugin isn't resource efficient. Doing any sort of custom rules or plugins requires CLI modification of multiple files and the OSSIM database. It shouldn't be that hard.,5,,I can say that the SIEM functionality is better than the previous technology I have used. I find the different tiers of Alarms/SIEM Events/Raw Logs to be effective in elevating the signal above all the noise. The alarms that have been generated in our environment have given us valid scenarios to investigate.,I would say we have achieved this benefit, but expanding the capability of the system to include new sources of information is a painful undertaking.,3,2,Centralized logging and retention. Event correlation. Alerting.,Sending syslog events from our network monitoring solution to use in directive correlations for alerting.,If the vulnerability scanning is improved and introduced localized agent based scanning, we would explore that feature again.,5,Yes,Price Product Features Product Usability,I would have wanted to see a more extensive proof of concept or pilot demonstrating how the product would handle particular systems or aspects of our environment.,Professional services company,No,Change management was minimal,The big deliverable was to enable log collection and event generation of our Meraki MX appliances and Cisco SF300 switches, neither of which had a built-in plugin. We spent all of our professional service hours having to build custom rsyslog conf files and plugins for these devices.,5,6,Yes,When we encountered an issue with an upgrade, AlienVault support was able to connect remotely and resolve the package dependency problems to allow us to complete the upgrade.,I can't say any of them are. Documentation is so lacking and there are not a lot of helpful hints within the UI itself.,I would have to say all of them. Again, lack of documentation, tutorials, etc., coupled with the lack of any sort of help indicators within the UI makes this very difficult to use without training. And then there is all of the undocumented command line work...,No,2AlienVault USM Smoothing Out PCI-DSSWe are using AlienVault Unified Security Management for PCI compliance purposes. We are monitoring specific systems and network traffic to meet our PCI DSS requirements. It is handling scanning for vulnerabilities on those systems as well as some other key organizational systems and platforms.,Combining many tools in to one nicely packaged system - used OSSEC but it's a real pain to configure and implement. AlienVault Unified Security Management sets up much easier and very powerful out of the box. Event correlation. Alerting of issues.,Tuning out noise - i.e. setup/tear down of sessions in firewall. Would be nice to have a template ready to implement. Documentation pertaining to the actual setup/configuration. Right now, you really need to purchase engineer time to get things set up and running in a timely and efficient manner. UI flow. Recent updates have made great strides but there's still room for improvement.,8,Trend Micro OSSEC,It has been very effective. We quickly found several issues both internal and external. Other tools that have been implemented never raised alerts about many logon failures occurring throughout the day - helped us find that an ex-employee's personal device (phone, tablet, etc.) was still attempting to connect to the mail server.,It has helped. We're still learning AlienVault Unified Security Management. There is some leg work still needed based on alerts - to determine if the alerts are just noise, an application acting up (using changed credentials), or exacting where/what is causing the alert (dig through the logs of the alerting system and then the actual originating system).,3,1,PCI-DSS Compliance Monitoring network traffic Monitoring ADS servers,9AlienVault USM- Beginning ThoughtsWe are currently using AlienVault Unified Security Management across our entire enterprise. We are using it to correlate and store logs from all devices to monitor for network and host intrusion detection. We also use it to do our vulnerability assessment, as well as our network inventory. It's part of our layered approach to security monitoring.,The AlienVault NIDS has proven to be very valuable in helping us identify traffic on our network. It has identified unauthorized traffic that was going out of our network. The alarms generated from our realtime events have helped us to respond to and track our responses. It has helped us with change management with realtime updates to any changes in configuration.,Inventory is terrible. Expect to spend some time fixing details on your inventory. This is particularly frustrating as often vulnerabilities are tied to specific versions of Windows or software. I mean there is a world of difference between Windows 7 and Windows 98. Its inability to differentiate is a big issue. I would like to see the alerting functionality improved. Such that if you see an alarm that you want to be notified about every time it happens you can just right click on and say alert me next time this event happens.,8,AccelOps,So far it has been very effective in alerting us to security threats. It has helped us to identify scanning hosts on our network as well as any host which attempts to contact unauthorized outside the host. The continuous monitoring and notifications has helped us to filter out the noise from real issues.,We achieved this benefit almost immediately. The directives that it comes with out of the box have been essential to our network monitoring program. As we continue to customize it to our environment we feel this will only continue.,2,1,Network intrusion detection Host Intrusion detection Malware/Trojan/Etc. detection,We've used it to validate some of our Regulatory requirements. as In we performed this exercise was AlienVault able to detect that activity We've used for network change management. When It makes a change Security is notified and IT has to signoff that they made the change.,IF they ever get the asset discovery to the point where it's accurate, we can see using it for inventory. We would like to use it to alarm us when a new piece of equipment is connected to the network. I suspect that is in there already. Haven't figured out how that would be accomplished yet.,8,No,Product Features Product Usability Third-party Reviews,If I had to redo it again I probably would end up picking AlienVault with all things being the same with AlienVault and it's competitors.,Implemented in-house,No,Change management was minimal,Training and approvals,10,Yes,8,No,I was having an issue where after i Upgraded to 5.1.1 where the video vanished. You would boot up see the bios and nothing after that. It turned out to be a Bug in 5.1.1 and 5.2. I opened a ticket and within an hour I believe i had a tech on the phone and he knew exactly what the issue was and the workaround. The speed to resolution was frankly amazing.,The directive events are fairly easy to adapt to your environment Deployment of HIDS was very simple. This is in a windows environment,The asset discovery is particularly cumbersome as it's inaccurate, and you end up spending lots of time fixing it. Vulnerability assessment caused many issues with our printers. We ended up having to skip our printers and the way to do that is very cumbersome. instead of being able to say exclude these IP's you had to only include the IP's you wanted inventoried by listing the subnets xxx.xxx.xx.xxx/xx you wanted included.. a lot of /32's,No,7AlienVault USM good for your business?We are currently using AlienVault Unified Security Management for our infrastructure security needs. Both our servers are end users and are being scanned with the OpenVAS integrated scanner. All traffic is being analyzed from our Palo Alto firewalls and all servers have the FIM agent installed. We are also using the system to store net flow data.,Traffic Analysis OTX feed intelligence File Integrity Monitoring Threat Scanning,Asset Management depends too much on DNS Threat scanner could have more functionality,7,McAfee Nitro and RSA enVision,The AlienVault USM is a bit more simplistic in detecting and correlating events. The end user can add more "advanced" functionality, but must do so themselves within the "intelligence" tab. There is currently no easy way for other third party integration, as the API is mostly undocumented.,Once you have created your correlation events, the AlienVault USM can reduce the amount of work needed in detecting security events. A few common problems we have had to overcome was the built in openVAS scanner generating hundreds of alerts from itself. Another large project involved us setting up additional correlation events for products not initially understood by the SIEM.,2,2,Log Analysis File Integrity Management Threat Scanning,Alerting on large file transfers from net flow,Asset Management Enhanced Threat Management,5,Not Sure,Support is great for the USM product. Scalability is the best key feature you receive when official support is purchased. Additionally, if a plugin or an internal process breaks support has the ability and knowledge to update and fix all aspects of the product. This was very useful to us, when a database table needed to be fixed.,Price Product Features Positive Sales Experience with the Vendor,At the time the AlienVault system was the right choice as it provides an easy transition to an SIEM product without the high prices and complicated setup. During our decision process no other vendor provided us with actual techsupport during the POC process. I would not change my decision from a year ago. The newest version of AlienVault 5.x has vastly improved the capabilities of the SIEM with speed and usability improvements.,Implemented in-house,Yes,File Integrity Monitoring -- Agent Rollout Disk IO during logger rollout,6,Online training In-person training Self-taught,5,8,The key to the system is logging sources, enabling the plugins and watching the data flow into the SIEM is quite easy. The asset management setup was easy; just identify your networks and set up a basic asset scan all in a wizard like approach. The other easier setup was an unauthenticated scan of your internal networks, as most of the information provided in the asset scan is used to set up a threat scan.,4,The best recommendation would be to understand the correlation (called intelligence) menu. Without further customization the AlienVault USM will only have limited functionality for alerts. This really isn't a knock on AlienVault as many of the other SIEM vendors require high touch analysis configuration. Another recommendation would be to understand and properly size your AlienVault USM, without doing so could lead to missed or late arriving events. Sensors can help distribute the load.,No - there is no facility to customize the interface,Yes - we have added extensive custom code,We have done some customization via the command line, such as puppet and net flow parsing. This unfortunately means we can not upgrade the system as easily as we would like. This is also true for many of the other SIEM providers, but it would be nice to see the AlienVault USM be more friendly towards customization.,Yes,10,No,We currently have an issue with a firewall sending too many "events per second". The tech support person did a lot of research on how to remediate the problem and took it upon himself to escalate the ticket to the developer team. We now have a phone call lined up with a developer so he can better understand the problems we are facing with a single source of too many "events per second".,Reviewing Alerts Dashboard graphs File Integrity Monitoring Menu systems Threat menu and scheduling OTX maps,Netflow setup Advanced Threat Management Asset Management File Integrity agent setup Correlation Event setup,No,7,3,6,7,SocVue software ELK (elastic search, logstash and kibana),,File import/export API (e.g. SOAP or REST),1,My overall opinion as of AlienVault USM 5.2 is to not integrate with other products. As long as you stay within the painted lines, the AlienVault USM works quite well for most of our needs. For advanced correlation you might need to look elsewhere or put in additional feature requests to get a real documented API in a future release.,9,8,Our terms for training and price were met with very little bartering. It is nice to get some online training thrown in with a large purchase of your AlienVault USM it can help the on-boarding with new employees. The overall purchase was discounted fairly and did not require us to spend weeks haggling over price.,We are completely satisfied with the AlienVault sales team. I would just recommend being honest with them with timelines and prices, I am sure they will work with you to make the AlienVault USM happen. At certain times of the year (year end) the discounts could be higher, so it could be worth the wait!,Yes,Performance Dashboard Log Analysis,Documented API Asset management Better plugin correlation support,Yes,NoAlienVault is a very good investmentIt'a very good product to manage and monitor the network. It's very powerful; it has to be well configured. The support is available to help if needed! It helps to better understand what happens on the network as well.,Monitoring: The possibility to monitor all devices of your network with SNMP management Vulnerability scan: Very simple and powerfull feature. It scans your network and gives you all device vulnerabilities on your LAN. Nagios module: Integrated Tools in AlienVault Unified Security Management Platform. Very useful to have all theses tools in one place.,False positive: there are still too much false positives detected when we use the alarm module. A lot of packets are caught in severity medium or high but are not threats. It is just standard traffic.,9,Nagios,AlienVault has proved today again how effective the threat intelligence tool is. Despite the false positive alerts, AlienVault put the finger on attacks and threats. It gives you details and network captures about the attack. It is very useful and efficient to work with AlienVault.,In our case, it didn't reduce the work, but now we can do things that we couldn't yesterday without AlienVault. Every time there is an attack, with AlienVault we have traces and capture that we can analyse to have more knowledge about what happened and how to prevent future attacks.,2,,Security threats Log tracks Alerts,To generate attack list before the weekly security meeting,Alert every time there is a change in AD or in the firewall,8,No,Price Product Features Product Reputation,No change.,Implemented in-house,Yes,Change management was minimal,Configuration on our infrastructure,5,Online training Self-taught,8,According to me, minimum training is inevitable.,9,If there is more than one person using AlienVault in the company I would recommend writing "best practices" documentation to do things the same way.,No - we have not done any customization to the interface,No - we have not done any custom code,I haven't really done any customisation so far. But I certainly will.,7,Yes,List the past attacks,Sending an email with understandable details of the event every time it happend,5,7,7,8,Active directory Firewall Switch,SNMP traps of all network devices,Single Signon,2,Do the training before you use it.,9,8,Price,Yes,fix glitches,fix the glitches still not fixed.,No,NoPurchased & Installed for ComplianceWe use AlienVault's UTM to help with our PCI compliance. We need a system that can centrally receive and inspect system logs, as well as run 'FIM' (file integrity monitoring) and provide an alert when something out of the ordinary occurs. AlienVault also has a built-in vulnerability scanner 'OpenVAS' that we use to scan for vulnerabilities within our Windows and Linux servers.,Overview of Log information from multiple sources (Trends, frequency, types) Vulnerability scanning Ticketing and Alerting,Extremely hard to set up Hard to configure log filtering,6,,This is the first security tool that I've used of this type.,We are now spending more time on detecting and identifying threats than before; however AlienVault has given us new analysis tools and visibility that we simply did not have prior. We hope that AlienVault would alert and bring to our attention any usual activity within our systems, but I would not be confident in saying that it would definitely detect an intrusion.,2,2,Central log collection Log & event analysis Alerting File integrity monitoring,Network Intrusion Detection System Vulnerability Assessment,10,Yes,9,On one particular issue I wanted to do something that wasn't strictly supported, but the support agent gave me their 'unofficial' solution anyway - and it worked [like] a treat!,Looking at log files received by the system Vulnerability scanning System Updates,Setting up Alerting Generating Custom Reports,4Fantastic All in One security solution at an incredible price pointAlienVault Unified Security Management is being used for information technology security management for the entire organization. The solution provides us with network and host intrusion detection services, intelligent security event correlation, asset availability monitoring, scheduled vulnerability assessments, security log management and archive, net flow monitoring and security reporting.,Value far exceeds the price. Excellent customer service and support. The product walks you through addressing placing values on assets and implementing the proper controls. The product does what it claims it can do.,Product documentation could be more streamlined and easy to use, however, in the short time I have used AlienVault Unified Security Management there seem to be constant improvements. To take full advantage of the solution, it helps to have some experience on the Linux platform, however, the product as delivered provides a solid security management platform with an intuitive GUI interface and AlienVault support coupled with their initial setup support services does a nice job of filling in the gap if you do not have that skill set in your organization.,10,,AlienVault provides a single "goto" interface for all security related events on our campus. In addition, it has provided an interface not only for security staff to investigate threats, it has also allowed our help desk staff the ability to troubleshoot things like Windows account lockouts. We continue to use our much more expensive IPS since it is still under contract and AlienVault continues to detect legitimate threats that the other IPS missed. Unfortunately we paid much more for a device that has limited functionality when compared to the AlienVault Unified Security Management.,We have definitely achieved this. We now have a single pane of glass to use for network security threat management. It is amazing how much information the solution can handle. We push syslogs from all of our windows systems, switch gear, firewalls, wireless controllers and the AlienVault is able to process and normalize those events for possible correlation and alarm creation and for archival purposes. It does this while monitoring traffic on multiple segments, monitoring availability on critical assets, performing scheduled vulnerability scans and asset discovery and much more.,3000,2,Security Event Management Log Management Reporting Incidence Response through the builtin ticketing system,We never dreamed we could us it to consolidate syslogs for so many different systems. We were able to retire another system that was used for availability monitoring. Help desk staff are now empowered to investigate account lockout issues in much more detail.,As the user community and AlienVault's staff develop additional plugins, we will surely be able to integrate new systems with the product.,10,Yes,Price Product Features Product Usability Positive Sales Experience with the Vendor Third-party Reviews,Think outside of the box and consider smaller more specialized companies that are innovative and customer service focused.,Vendor implemented Implemented in-house Professional services company,Yes,Change management was minimal,AlienVault gave us more than enough consulting hours so that we were able to use the system in production and accumulate any problems/question to be worked through during the next scheduled consulting session,10,Online training Self-taught,10,Personally, coupling my own hands-on experience with training offers the best ROI with AlienVault. AlienVault included some good training with our purchase of the USM product and then we decided to the next level of training which was excellent as well. Getting some experience prior to the training worked best for me.,9,Yes,10,Yes,I had a problem with major code upgrade where the system stopped responding in the middle. A time was scheduled where the technician spent a lot of time getting the system functional again. He then escalated the case to a developer who them when through the system again just to make sure everything was perfect. I was impressed with how much they cared about a small campus like us having their product functioning absolutely perfect.,Alert Management Interface It is easy to see the security posture of your organization at a glance Reporting,Sending system backups to another system for DR purposes Querying the Events can be a bit clunky but you get used to it,8,10,10,10,10,10,In our case there was really no negotiation.,None at this timeChamp for SMBsWe are a MSSP company and we use AlienVault Unified Security Management to provide SOC services to our clients. It's also used for the internal SOC at Ebryx.,Packaging opensource components like OpenVAS, Nagios, Nmap into one working bundle. Makes it easy to operate a SOC with one or few analysts. It has a minimal entry barrier to get started.,Can't group few SIEM entries and create a ticket that points back to a group of selected events. The forensic evidence i.e. traffic pcap is very limited. It should at least provide some more traffic around that time. It should have data source plugins for all popular antivirus suites to ingest antivirus alerts and events,8,HP ArcSight,I have encountered very few false positives while using AlienVault Unified Security Management.,Yes, AlienVault Unified Security Management not only has a very minimum entry barrier but it's also very effective and you don't need a large team to operate it. Even the casual IT guy can make best use of it with a few days of training.,,3,Intrusion Detection Log Analysis for security alerts SIEM,None at the moment,Log archive for security audits,9
Unspecified
AlienVault USM
503 Ratings
Score 8.0 out of 101
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>TRScore

AlienVault USM Reviews

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
AlienVault USM
503 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.0 out of 101

Do you work for this company? Manage this listing

TrustRadius Top Rated for 2019
Show Filters 
Hide Filters 
Showing 13 of 505 AlienVault USM ratings and reviews.
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role

Reviews (1-13 of 13)

Do you use this product? Write a Review
No photo available
November 20, 2017

AlienVault USM, a perfect ally for MSSP

Score 9 out of 10
Vetted Review
Reseller
Review Source

Likelihood to Renew

10
Although we have had a few bumps on the road, we believe AlienVault is a strong vendor on the SIEM market and it has been continuously working to improve it's product with new features and better functionalities. As AlienVault is mainly focused on SIEM, other vendors offer a lot of other products and the roadmap is limited.
Read this authenticated review
Aaron Rothstein profile photo
November 21, 2015

Cost-effective, but you better be comfortable with the Linux command line and vi/nano

Score 5 out of 10
Vetted Review
Verified User
Review Source

Likelihood to Renew

5
The centralized logging and retention for PCI compliance was our main driver, and it is meeting that need. Otherwise there has been enough frustration with the lack of documentation and the need to customize through the CLI that I would be open to alternatives.
Read Aaron Rothstein's full review
No photo available
April 20, 2017

AlienVault USM good for your business?

Score 7 out of 10
Vetted Review
Verified User
Review Source

Likelihood to Renew

5
As our company grows we need additional features such as an API, integration with an ELK stack and pivot tables. Unfortunately those are not the strongest points of AlienVault.
Read this authenticated review
No photo available
March 29, 2016

Purchased & Installed for Compliance

Score 6 out of 10
Vetted Review
Verified User
Review Source

Likelihood to Renew

10
It's the best product available to us right now, it gives us a lot of functionality that we need to meet compliance requirements at a reasonable price.
Read this authenticated review

Feature Scorecard Summary

Centralized event and log data collection (1)
8
Correlation (1)
8
Event and log normalization (1)
8
Deployment flexibility (1)
7
Custom dashboards and views (1)
6
Host and network-based intrusion detection (1)
7

About AlienVault USM

AlienVault USM Anywhere is a cloud-based security management solution that promises to accelerate and centralize threat detection, incident response, and compliance management for cloud, hybrid cloud, and on-premises environments. The vendor says that USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physical IT infrastructure.

USM Anywhere aims to help you rapidly deploy sensors into your cloud and on-premises environments while centrally managing data collection, security analysis, and threat detection from the AlienVault Secure Cloud.

Five Essential Security Capabilities in a Single SaaS Platform

AlienVault says that USM Anywhere provides five essential security capabilities, giving you everything you need for threat detection, incident response, and compliance management, within one platform. With USM Anywhere, you can focus on finding and responding to threats, not managing software. USM Anywhere can readily scale to meet your threat detection needs as your hybrid cloud environment changes and grows.

  1. Asset Discovery
  2. Vulnerability Assessment
  3. Intrusion Detection
  4. Behavioral Monitoring
  5. SIEM

Try USM Anywhere in your environment—free for the first 14 days.
www.alienvault.com/products/usm-anywhere/free-trial

AlienVault USM Features

Security Information and Event Management (SIEM) Features
Has featureCentralized event and log data collection
Has featureCorrelation
Has featureEvent and log normalization
Has featureDeployment flexibility
Has featureIntegration with Identity and Access Management Tools
Has featureCustom dashboards and views
Has featureHost and network-based intrusion detection
Additional Features
Has featureAlienVault Open Threat Exchange

AlienVault USM Screenshots

AlienVault USM Videos (2)

Watch AlienVault USM Anywhere: Five Essential Cloud Security Capabilities in a Single SaaS Platform

Watch See How We're Pushing the Outer Limits of Security

AlienVault USM Downloadables

Pricing

Has featureFree Trial Available?Yes
Has featureFree or Freemium Version Available?Yes
Has featurePremium Consulting/Integration Services Available?Yes
Entry-level set up fee?Optional

AlienVault USM Support Options

 Free VersionPaid Version
Phone
Email
Forum/Community
FAQ/Knowledgebase
Social Media
Video Tutorials / Webinar

AlienVault USM Technical Details

Deployment Types:SaaS
Operating Systems: Unspecified
Mobile Application:No
Supported Countries:Global