AlienVault USM Reviews

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener noreferrer'>Customer Verified: Read more.</a>
633 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 7.9 out of 100

Do you work for this company? Manage this listing

TrustRadius Top Rated for 2019

Overall Rating

Reviewer's Company Size

Last Updated

By Topic

Industry

Department

Experience

Job Type

Role

Filtered By:

Reviews (1-25 of 368)

Matthew Stacks | TrustRadius Reviewer
November 27, 2019

AlienVault USM Anywhere

Score 6 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • AlienVault USM is simple and easy to deploy. Sensors can be deployed in as little as 15 minutes through the setup wizard.
  • The USM UI is easy to understand. I've trained multiple analysts who are able to perform their duties on their first day, in part because of USM Anywhere's ease of use.
  • Top-notch built-in compliance templates and reporting features.
  • Filtering using built-in search statements is difficult to pick up and run with.
  • When creating custom rules for reports, there can be too many options, and often have little use for the task at hand.
  • You sometimes need product-specific knowledge, like AlienVault field names, to find the information you're after.
Read Matthew Stacks's full review
Naveen Sharma | TrustRadius Reviewer
March 13, 2020

Cybersecurity--Not "un"-achievable

Score 8 out of 10
Vetted Review
Reseller
Review Source

Pros and Cons

  • Asset Discovery
  • Network SPAN monitoring
  • Event correlation of out-of-the-box directives and custom directives
  • PCI DSS requirements fulfillment and reporting
  • Appliance should have APIs so that data can be exported to smart dashboards and reports.
  • Limitation of 1000 EPS in All-In-One is very less even for small to medium organizations.
  • Email notification should be smarter and customization for better notifications
Read Naveen Sharma's full review
Christian Holton | TrustRadius Reviewer
November 01, 2019

AlienVault USM for SMB? Sure, if you have the time or don't mind a lot of emails.

Score 8 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Alienvault USM is THOROUGH. We have a highly integrated workspace that's most SAAS, and I monitor those integrations and their security with AV. If I am trying to track the uptime of a laptop, I don't go to VPN or our Directory Services... I go to AV.
  • As I mentioned before, we use Sophos to protect our laptops. If a questionable file shows up on someones laptop, I hear about it from AlienVault before I hear about it from our Sophos service.
  • The OTX Pulse feature is a built-in feature that lets you subscribe to industries and you are notified about new threats that affect that industry on a daily basis. The pulse alerts are added to your AV watchlist.
  • Personally, I've wished I could purchase a service that would configure AV for my environment. I get a lot of traffic on a daily basis and I almost need to hire an analyst that just works on AV.
  • Some of the filters when looking for a specific alert aren't that easy to use.
Read Christian Holton's full review
Anthony Guynes | TrustRadius Reviewer
January 28, 2020

AlienVault USM Review

Score 8 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • It does a great job of correlating the traffic that it sees and compares it to Open Threat Exchange.
  • It's easy to read and set-up.
  • When looking at events from a destination IP, the USM doesn't show you the total number of these until you find the last page. It just says "XXXX of 4,000,000".
Read Anthony Guynes's full review
John Keenan | TrustRadius Reviewer
January 27, 2020

AlienVault appliance review

Score 7 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Lots of ability to generate reports.
  • Solid appliances ingest many sources.
  • Default settings are a bit esoteric and require outside expertise for optimization.
  • AI isn’t really catching as much as I thought it would.
Read John Keenan's full review
Nathan Manzi | TrustRadius Reviewer
December 06, 2019

The most approachable threat management system!

Score 10 out of 10
Vetted Review
Reseller
Review Source

Pros and Cons

  • With the Open Threat Exchange, AlienVault USM Anywhere is able to quickly identify emerging indicators of compromise and alert on threats as they arise.
  • We've found the improvements in the authenticated vulnerability scanning engine to reduce the number of false positives and increase the integrity of vulnerability reports.
  • Speed of deployment is a strength, particularly with the AlienVault agent which utilizes os query to collect typically important data.
  • Alien apps provide us with the ability to integrate third party security packages and swiftly take action on alarms.
  • More Alien app integrations with emerging EDR solutions would be useful.
  • A catalogue of commonly filtered events would make on-boarding much quicker and easier.
Read Nathan Manzi's full review
Jeremy Cejka | TrustRadius Reviewer
November 13, 2019

AlienVault USM for Small Business

Score 4 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • It's a decent log aggregator.
  • Does correlation between events well, if set up correctly.
  • Control on attribute mapping within USM Anywhere or fully disclose the mappings between ingested raw logs and attributes those values map to, in order to be searchable, and give power to the end user to create meaningful alerts and queries for the right content.
  • Notifications for alerts tend to lack the essentials to make a determination off of the email. Often times alerts within cloud products are benign and part of the user experience and behavior, but get classified as violations, because they meet the criteria of equivalent alerts that are actionable.
Read Jeremy Cejka's full review
Babak Oskouian | TrustRadius Reviewer
November 06, 2019

AlienVault Review

Score 7 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Integration with G-suite and AD
  • AlienVault agents that come free of extra charge are valuable
  • Automated scans
  • Updating the agents is not straight forward
  • Agents some time go offline for no apparent reason
Read Babak Oskouian's full review
Ranjith R | TrustRadius Reviewer
October 25, 2019

Review for AlienVault USM Anywhere AWS and GCP Approaches

Score 7 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • AlienVault USM has the potential to identify the attack patterns by the traffic events through their sensors which is already built-in with their own correlation rules.
  • USM Anywhere sensor reduces the load for SOC analyst on writing the new set of rules.
  • And also provides an option for slack integration which myself felt very nice for an immediate action.
  • When we talk about the forensics investigation the user interface and experience is not that great as expected, when we sent an alarm/event for investigation it doesn't provide any investigation results.
  • The USM sensor doesn't have the capability of handling more jobs, It does restarts the sensor if certain limit of jobs are configured
  • The log reports are not getting downloaded when we try to attempt via safari browser
Read Ranjith R's full review
Cory Watson | TrustRadius Reviewer
October 14, 2019

Not very customizable but provides a lot of value for less.

Score 8 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Correlate logs from different sources into actionable intelligence.
  • Provide an easy to use interface to interact with Alarms and Events.
  • Integrate with our alerting tools to make sure when an incident is happening, the right people know about it quickly.
  • Being able to make custom plugins for internal tools.
  • Being able to have a webhook plugin to send logs directly to the cloud appliance.
  • Make the management of suppression rules better. Maybe include a suppression rule visualizer to make sure your suppression rule is doing exactly what you would like it to do.
Read Cory Watson's full review
Fintan O'Meara | TrustRadius Reviewer
October 09, 2019

Immediate ROI with little out of the box configuration to get started.

Score 8 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Intelligence updates from the Alienvault community and security pros.
  • Writing of threat detection rules and ingestion parsing for different devices.
  • Vulnerability scanning.
  • Asset management is done purely by IP unless using the agent.
  • Agent installs and updates can be a bit flakey, and on occasion use lots of resources.
Read Fintan O'Meara's full review
Atul Jain | TrustRadius Reviewer
December 31, 2019

Amazing Experience With USM Anywhere

Score 10 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • It raises the alarms/notifications at the same moment it happens.
  • The correlation job is wonderful. It correlates all the events and checks with the vuln also.
  • The pcap is not available in USM Anywhere, where it was available in the USM appliance.
  • I feel at times that the correlation is quite slow.
Read Atul Jain's full review
Anonymous | TrustRadius Reviewer
April 03, 2020

Built with security professionals in mind.

Score 10 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Great log aggregation and management tool.
  • Great intrusion detection and investigation tool.
  • Very easy to set up and get it going in a very few steps.
  • AlienVault can look into providing log collection methods other than using a sensor.
  • AlienVault USM capabilities should be replicated to AlienVault OSSIM except that with OSSIM there wouldn't be any support.
Read this authenticated review
Anonymous | TrustRadius Reviewer
March 12, 2020

AlienVault USM for Investigation Efficiency

Score 8 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • AlienVault offers Rule Creation which helps in testing out new implementations such as alarm suppression, event suppression, etc.
  • AlienVault is easy to navigate. At first, I was kinda confused watching my teammates use it but the more I spend my time with AlienVault the more I appreciate its features.
  • For me, I really appreciate the filters. I can filter out events specifically, which reduces time spent on looking for a particular event.
  • I think adding multiple events in the investigation would really help.
  • When opening an alarm, I hope we could just open the events on another tab directly.
Read this authenticated review
Anonymous | TrustRadius Reviewer
March 09, 2020

AlienVault Review

Score 6 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Data is ingested quickly.
  • Its easy to get data in.
  • Filter rules are very customizable.
  • Implementation was dicey.
  • I wish it had a real time data feed.
  • Its been a struggle to keep under our data cap.
Read this authenticated review
Anonymous | TrustRadius Reviewer
March 01, 2020

Room to grow

Score 7 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Event filtering is intuitive.
  • Investigations are well-integrated and provide useful event and alert aggregation for review and analysis.
  • Dashboards have plenty of colors and graphs to please management.
  • The ability to save (event) views saves a lot of time.
  • The session timeout is veiled and I've lost work typing notes into the window of an expired session unknowingly.
  • It does not process eStreamer.
  • It cannot parse the "blocked" field in source fire logs so you can't see if IDS events are blocked or not.
  • Sometimes performance lags.
Read this authenticated review
Anonymous | TrustRadius Reviewer
October 24, 2019

A solid SIEM choice for those of us without dedicated SOCs and multiple hats.

Score 8 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • It is easy to deploy and get logs into the dashboard
  • Integrations with Office 365 is pretty seamless and provides great context.
  • Super easy to increase storage tiers if you find yourself adding more and more log sources.
  • USM Anywhere doesn't allow you to multi-home sensors. So if you have non-routable networks, you'll need to investigate the on-premise solution too.
  • You have to be on top of tuning else a constant stream of alerts will cause your SOC staff to begin ignoring alarms.
  • You have to be on top of tuning else you'll eat your allotment of storage for that month. It is really easy to exceed your storage quota if you don't proactively monitor log sources. USM could do a better job letting you know if a log source is too chatty.
Read this authenticated review
Anonymous | TrustRadius Reviewer
January 27, 2020

AlienVault USM Review

Score 9 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Easy to use rules, events will pre-populate fields for alarm rules allowing for quick creation
  • Friendly interface with logical layout of settings and options
  • Some room to improve the scaling of sensors. Sensors struggle to handle millions or events which results in dropped events in large environments
  • USM is upgraded automatically and there is no way to control when your instance is upgraded. This can result in bugs in features without any way to test and control
Read this authenticated review
Anonymous | TrustRadius Reviewer
January 24, 2020

USM Anywhere Review

Score 8 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Co-relation engine helps where we don't have to spend hours writing rules.
  • As a SaaS solution we don't worry about maintaining the system.
  • OTX integration
  • Having more parsers and AlienVault app. Also, updates the log parsers continuously.
  • Option to the users to purge selective data.
  • Better Reporting & GUI interface.
Read this authenticated review
Anonymous | TrustRadius Reviewer
December 31, 2019

Security monitoring that is other worldly

Score 9 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • The ability to ingest and parse logs across systems and then correlate the activity.
  • The filtering of millions of events to discover the details you need to find is intuitive and powerful.
  • Agents should be deployable directly from the console, without manually logging into servers to run scripts.
  • More Alien App integrations should be developed for additional popular products.
Read this authenticated review
Anonymous | TrustRadius Reviewer
December 23, 2019

Alien

Score 8 out of 10
Vetted Review
Verified User
Review Source

Pros and Cons

  • Data storage.
  • Fast recovery.
  • Customer service.
  • Face to face help.
Read this authenticated review

Feature Scorecard Summary

Centralized event and log data collection (1)
8
Correlation (1)
8
Event and log normalization (1)
8
Deployment flexibility (1)
7
Custom dashboards and views (1)
6
Host and network-based intrusion detection (1)
7

About AlienVault USM

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.

Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.

Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.

Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.

AlienVault USM Features

Security Information and Event Management (SIEM) Features
Has featureCentralized event and log data collection
Has featureCorrelation
Has featureEvent and log normalization
Has featureDeployment flexibility
Has featureIntegration with Identity and Access Management Tools
Has featureCustom dashboards and views
Has featureHost and network-based intrusion detection
Additional Features
Has featureAlienVault Open Threat Exchange

AlienVault USM Screenshots

AlienVault USM Videos (2)

Watch AlienVault USM Anywhere: Five Essential Cloud Security Capabilities in a Single SaaS Platform

Watch See How We're Pushing the Outer Limits of Security

AlienVault USM Downloadables

AlienVault USM Competitors

Pricing

  • Has featureFree Trial Available?Yes
  • Has featureFree or Freemium Version Available?Yes
  • Has featurePremium Consulting/Integration Services Available?Yes
  • Entry-level set up fee?Optional

AlienVault USM Support Options

 Free VersionPaid Version
Phone
Email
Forum/Community
FAQ/Knowledgebase
Social Media
Video Tutorials / Webinar
Live Chat

AlienVault USM Technical Details

Deployment Types:SaaS
Operating Systems: Unspecified
Mobile Application:No
Supported Countries:Global