AlienVault USM Reviews

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener noreferrer'>Customer Verified: Read more.</a>
608 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 7.9 out of 100

Do you work for this company? Manage this listing

TrustRadius Top Rated for 2019

Overall Rating

Reviewer's Company Size

Last Updated

By Topic

Industry

Department

Experience

Job Type

Role

Filtered By:

Reviews (1-25 of 352)

Matthew Stacks profile photo
November 27, 2019

AlienVault USM Anywhere

Score 6 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • AlienVault USM is simple and easy to deploy. Sensors can be deployed in as little as 15 minutes through the setup wizard.
  • The USM UI is easy to understand. I've trained multiple analysts who are able to perform their duties on their first day, in part because of USM Anywhere's ease of use.
  • Top-notch built-in compliance templates and reporting features.
  • Filtering using built-in search statements is difficult to pick up and run with.
  • When creating custom rules for reports, there can be too many options, and often have little use for the task at hand.
  • You sometimes need product-specific knowledge, like AlienVault field names, to find the information you're after.
Read Matthew Stacks's full review
Christian Holton profile photo
Score 8 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Alienvault USM is THOROUGH. We have a highly integrated workspace that's most SAAS, and I monitor those integrations and their security with AV. If I am trying to track the uptime of a laptop, I don't go to VPN or our Directory Services... I go to AV.
  • As I mentioned before, we use Sophos to protect our laptops. If a questionable file shows up on someones laptop, I hear about it from AlienVault before I hear about it from our Sophos service.
  • The OTX Pulse feature is a built-in feature that lets you subscribe to industries and you are notified about new threats that affect that industry on a daily basis. The pulse alerts are added to your AV watchlist.
  • Personally, I've wished I could purchase a service that would configure AV for my environment. I get a lot of traffic on a daily basis and I almost need to hire an analyst that just works on AV.
  • Some of the filters when looking for a specific alert aren't that easy to use.
Read Christian Holton's full review
Mpho Lekota profile photo
Score 7 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • The USM platform provides the essential security capabilities that work together for a fast and cost-effective way for organizations to have complete visibility into the security of their environment.
  • With the information gathered during asset discovery, USM will correlated that information with known vulnerabilities for continuous vulnerability awareness. In addition, USM contains an active scanner capable of scanning for over 30,000 known vulnerabilities.
  • To give better visibility into your network, and possibly detect intrusions that don’t follow behavioral patterns, we offer Netflow information, bandwidth monitoring, and traffic capture, all part of our behavioral monitoring capabilities built into USM.
  • External threats — Coming from external attackers.
  • The value of the asset associated with the event
Read Mpho Lekota's full review
Nathan Manzi profile photo
Score 10 out of 10
Vetted Review
Reseller
Review Source

Pros and Cons

  • With the Open Threat Exchange, AlienVault USM Anywhere is able to quickly identify emerging indicators of compromise and alert on threats as they arise.
  • We've found the improvements in the authenticated vulnerability scanning engine to reduce the number of false positives and increase the integrity of vulnerability reports.
  • Speed of deployment is a strength, particularly with the AlienVault agent which utilizes os query to collect typically important data.
  • Alien apps provide us with the ability to integrate third party security packages and swiftly take action on alarms.
  • More Alien app integrations with emerging EDR solutions would be useful.
  • A catalogue of commonly filtered events would make on-boarding much quicker and easier.
Read Nathan Manzi's full review
Jeremy Cejka profile photo
Score 4 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • It's a decent log aggregator.
  • Does correlation between events well, if set up correctly.
  • Control on attribute mapping within USM Anywhere or fully disclose the mappings between ingested raw logs and attributes those values map to, in order to be searchable, and give power to the end user to create meaningful alerts and queries for the right content.
  • Notifications for alerts tend to lack the essentials to make a determination off of the email. Often times alerts within cloud products are benign and part of the user experience and behavior, but get classified as violations, because they meet the criteria of equivalent alerts that are actionable.
Read Jeremy Cejka's full review
Babak Oskouian profile photo
November 06, 2019

AlienVault Review

Score 7 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Integration with G-suite and AD
  • AlienVault agents that come free of extra charge are valuable
  • Automated scans
  • Updating the agents is not straight forward
  • Agents some time go offline for no apparent reason
Read Babak Oskouian's full review
Ranjith R profile photo
Score 7 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • AlienVault USM has the potential to identify the attack patterns by the traffic events through their sensors which is already built-in with their own correlation rules.
  • USM Anywhere sensor reduces the load for SOC analyst on writing the new set of rules.
  • And also provides an option for slack integration which myself felt very nice for an immediate action.
  • When we talk about the forensics investigation the user interface and experience is not that great as expected, when we sent an alarm/event for investigation it doesn't provide any investigation results.
  • The USM sensor doesn't have the capability of handling more jobs, It does restarts the sensor if certain limit of jobs are configured
  • The log reports are not getting downloaded when we try to attempt via safari browser
Read Ranjith R's full review
Cory Watson profile photo
Score 8 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Correlate logs from different sources into actionable intelligence.
  • Provide an easy to use interface to interact with Alarms and Events.
  • Integrate with our alerting tools to make sure when an incident is happening, the right people know about it quickly.
  • Being able to make custom plugins for internal tools.
  • Being able to have a webhook plugin to send logs directly to the cloud appliance.
  • Make the management of suppression rules better. Maybe include a suppression rule visualizer to make sure your suppression rule is doing exactly what you would like it to do.
Read Cory Watson's full review
Fintan O'Meara profile photo
Score 8 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Intelligence updates from the Alienvault community and security pros.
  • Writing of threat detection rules and ingestion parsing for different devices.
  • Vulnerability scanning.
  • Asset management is done purely by IP unless using the agent.
  • Agent installs and updates can be a bit flakey, and on occasion use lots of resources.
Read Fintan O'Meara's full review
Mario Martinez profile photo
September 27, 2019

AlienVault does the job

Score 9 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Internal vulnerability scans
  • Monitor firewall and security group changes
  • Monitor and alert on suspicious system logs
  • Monitor and alert on suspicious cloud watch logs
  • False alarms occur occasionally
  • There is no report for only displaying vulnerabilities with an available patch. Specter class issues can only be mitigated but will remain active until we are all on next-generation processors.
Read Mario Martinez's full review
Mark Taghap profile photo
Score 9 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Centralization of data logs makes it easier to analyze the many application logs throughout our organization. (ie. Windows logs, PLC logs, Antivirus logs, Exchange server logs, etc).
  • Easy maneuvering with AlienVault pages as well as easy to bookmark alerts.
  • Creating SOC on a budget especially with a smaller IT dept.
  • Incident response.
  • Threat detection.
  • Compliance management.
  • AlientVault OTX is a user community that is very helpful especially when you are curious about the alerts or to help mitigate issues that arise.
  • I would like more detailed ways to mitigate issues.
Read Mark Taghap's full review
Agustin Larrarte profile photo
Score 10 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Reports most common threats, real-time and take immediate automatic actions. I think this is strong if you don't have a team monitoring 24/7.
  • Connects with signature providers and keeps up-to-date well with 0 vulnerabilities. I don't need to explain why you may want to be protected against the newest threats.
  • The UI is very easy to get used to, which will make you adapt to its use quickly.
  • This tool will become slower and slower as you start adding devices to it, the on-premise version has a lot of room for improvement here, the database is slow.
  • The on-premise version of Alienvault USM will not support dynamic environments where people is constantly removing/adding new virtual machines and doesn't cope with puppet management.
  • Only the most common hypervisors supported, it could be good to have an image for XEN.
Read Agustin Larrarte's full review
Jesse Bickel profile photo
Score 8 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • AlienVault USM was quick to deploy and the configuration was pretty straight forward.
  • The AlienVault USM product has great documentation and service support. Very knowledgeable and readily available. Highly recommend their support package.
  • The AlienVault UI is very comprehensive and deep tool-sets. You can monitor just about anything anywhere from anywhere. This flexibility was incredibly useful.
  • While their UI was comprehensive, it takes a while to understand how to group and tag the resources you want to monitor and how and on what schedule. The tools are deep but the usability is a bit complex. You will need to read the documentation.
  • Their pricing model for through-put was a bit challenging. I would like to see a different pricing structure. I would much prefer to see site licenses.
  • Sometimes the assessments where vague. While this shouldn't be relied upon as the only source for assessments, there were often descriptions that did not associate with the vulnerability or required us to deploy other tools to verify such as AWS Inspector, was not a big deal but some added overhead.
Read Jesse Bickel's full review
Erich Barlow, MIS profile photo
Score 7 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Scanning network assets for vulnerabilities.
  • Heuristics in determining behavior and alerts accordingly.
  • Lots of false positives for vulnerabilities, Linux malware on Windows systems????
  • Lack of third-party app support or integration.
  • Being charged based on the amount of data.
Read Erich Barlow, MIS's full review
Todd Fletcher profile photo
Score 10 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Deployment is quick
  • Normalization of log data and threat identification is effective and simple to understand.
  • Vulnerability analysis along with CVE identification is better than Nessus
  • Investigations feature is robust
  • Cloud sensor depoyment and capabilities is robust
  • Custom Plugin creation/modification by the user is missing. If log data is unknown to the platform, the processing of getting a new plugin developed is lengthy. It would be ideal if the user could create custom plugins for their own platform.
  • Asset discovery adds every IP address in a subnet even if no host is present. The detection method is flawed. I don't have this issue on the same network with other asset discovery tools.
  • SaaS performance can be slow. When listing items more than 20 at a time, the UI refresh can be painfully slow.
Read Todd Fletcher's full review
Atul Jain profile photo
Score 10 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • It raises the alarms/notifications at the same moment it happens.
  • The correlation job is wonderful. It correlates all the events and checks with the vuln also.
  • The pcap is not available in USM Anywhere, where it was available in the USM appliance.
  • I feel at times that the correlation is quite slow.
Read Atul Jain's full review
Adam Nield profile photo
September 05, 2019

Picking up AlienVault USM

Score 8 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • SIEM is great for monitoring and maintaining our systems and networks, and with the right tuning the system becomes an incredibly powerful tool by being able to identify the difference between a high priority event and false positive.
  • The vulnerability scanning is a very useful part of the system, especially as after finding any vulnerabilities it provides lots of detail on what was found along with a solution.
  • User management has a good level of modularity, allowing us to restrict access for certain users to only certain areas.
  • The system can be a little over-complicated to set-up to perform what I would think to be simple tasks. For example, sending an email notification on a certain alarm being created.
  • The reporting module does not offer much visual customization, only allowing you to add your company logo and color scheme as a template.
Read Adam Nield's full review
Pankaj KC profile photo
Score 9 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • As for us, it casually integrated to AWS cloud and local infrastructures, in simple words easy to implement
  • Processes different types to logs using its very own inbuilt plugins and display it in an understandable manner for the non-technical users as well
  • Has its own very accurate correlation rules to generate alarms from the processed logs
  • Has an open threat intelligence community which can be integrated with the AlienVault account
  • In order to collect the system logs from various servers, it has an AlienVault agent that can be installed on the windows, MAC and Linux. It collects the various types of logs such as user activity, shell history, file integrity, etc., logs
  • Any suspicious alarm can be added as a ticket on its console and can be processed according to severity type.
  • Server and Network vulnerabilities details can be scanned through the USM.
  • Customizable dashboards view in the console makes easy to monitor logs from the different sources.
  • Events view can be customized according to the data source plugins.
  • USM has a feature of suppressing and filtering out the logs from the console. Suppression hides the logs from the console dashboard whereas filtering block the similar type of log entering the alienvault console which helps to reduce the storage usage
  • Asset Discovery: Maintains and scans dynamic asset inventory and software inventory for large scale organization
  • Security & Compliance Reporting: contains customizable reports for regulation standards and compliance frameworks
  • It uses sensors to collect data from different sources which results in extra cost for the sensor server
  • Support is very poor
  • It would be great if there was document to study on how can we identify and monitor suspicous logs
Read Pankaj KC's full review
Ariel Lucas Sandor profile photo
Score 8 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Very easy to use. The UI is very intuitive.
  • Out of the box predefined reports that make the initial filtering easy.
  • Very easy to setup.
  • Sometimes it gets slow with large queries.
  • When the upgrading fails you have to debug extensively to know what happened.
  • When we massively add hosts, sometimes some of them are not added so you have to be careful.
Read Ariel Lucas Sandor's full review
Brian Lindow profile photo
Score 9 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Active Directory login requests
  • Logs on the Domain Controls
  • Only showing alerts that have a high indication of compromise and reduces false positives.
  • Trimming of log files to stay within limits
  • Projecting any future storage costs from AlienVault
Read Brian Lindow's full review
Magdiel Hernandez profile photo
Score 5 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Creation of dashboards.
  • Creation of metrics that we utilize in our monthly reports.
  • We like the way alerts are being sent to us and the information they provide.
  • Their customer supports is the worst, and sadly this has been consistent every time we've had to reach out to them.
  • The account execs have ZERO flexibility regarding making deals and meeting us halfway.
  • The features do not work as advertised.
Read Magdiel Hernandez's full review
No photo available
Score 8 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • It is easy to deploy and get logs into the dashboard
  • Integrations with Office 365 is pretty seamless and provides great context.
  • Super easy to increase storage tiers if you find yourself adding more and more log sources.
  • USM Anywhere doesn't allow you to multi-home sensors. So if you have non-routable networks, you'll need to investigate the on-premise solution too.
  • You have to be on top of tuning else a constant stream of alerts will cause your SOC staff to begin ignoring alarms.
  • You have to be on top of tuning else you'll eat your allotment of storage for that month. It is really easy to exceed your storage quota if you don't proactively monitor log sources. USM could do a better job letting you know if a log source is too chatty.
Read this authenticated review

Feature Scorecard Summary

Centralized event and log data collection (1)
8
Correlation (1)
8
Event and log normalization (1)
8
Deployment flexibility (1)
7
Custom dashboards and views (1)
6
Host and network-based intrusion detection (1)
7

About AlienVault USM

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.

Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.

Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.

Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.

AlienVault USM Features

Security Information and Event Management (SIEM) Features
Has featureCentralized event and log data collection
Has featureCorrelation
Has featureEvent and log normalization
Has featureDeployment flexibility
Has featureIntegration with Identity and Access Management Tools
Has featureCustom dashboards and views
Has featureHost and network-based intrusion detection
Additional Features
Has featureAlienVault Open Threat Exchange

AlienVault USM Screenshots

AlienVault USM Videos (2)

Watch AlienVault USM Anywhere: Five Essential Cloud Security Capabilities in a Single SaaS Platform

Watch See How We're Pushing the Outer Limits of Security

AlienVault USM Downloadables

AlienVault USM Competitors

Pricing

  • Has featureFree Trial Available?Yes
  • Has featureFree or Freemium Version Available?Yes
  • Has featurePremium Consulting/Integration Services Available?Yes
  • Entry-level set up fee?Optional

AlienVault USM Support Options

 Free VersionPaid Version
Phone
Email
Forum/Community
FAQ/Knowledgebase
Social Media
Video Tutorials / Webinar
Live Chat

AlienVault USM Technical Details

Deployment Types:SaaS
Operating Systems: Unspecified
Mobile Application:No
Supported Countries:Global