AlienVault USM: Simplifying Security with Cost-Effective Threat Detection.
Our organization uses AlienVault USM to enhance the security posture and streamline our clients' threat detection and response. The …
Starting at $1,075 per month
View PricingOverview
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (8)8.585%
- Correlation (8)8.585%
- Event and log normalization/management (8)8.080%
- Custom dashboards and workspaces (8)7.070%
Reviewer Pros & Cons
Pricing
Essentials
$1,075
Cloud
per month
Standard
$1,695
Cloud
per month
Premium
$2,595
Cloud
per month
Entry-level set up fee?
- Setup fee optional
For the latest information on pricing, visithttps://www.alienvault.com/products/pri…
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Features
Return to navigation
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Features
Security Information and Event Management (SIEM) Features
- Supported: Centralized event and log data collection
- Supported: Correlation
- Supported: Event and log normalization/management
- Supported: Deployment flexibility
- Supported: Integration with Identity and Access Management Tools
- Supported: Custom dashboards and workspaces
- Supported: Host and network-based intrusion detection
Additional Features
- Supported: AlienVault Open Threat Exchange
AlienVault USM Screenshots
AlienVault USM Videos
AlienVault USM Competitors
AlienVault USM Technical Details
| Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
|---|---|
| Operating Systems | Unspecified |
| Mobile Application | No |
| Supported Countries | Global |
AlienVault USM Downloadables
- Unified Security Management vs. SIEM: a Technical Comparison
- AlienVault USM Anywhere: Datasheet
- AlienVault Fast Facts
- AlienVault USM Anywhere: Datasheet
- Beginner’s Guide to Open Source Intrusion Detection Tools
- SIEM for Beginners: Everything You Wanted to Know About Log Management But Were Afraid to Ask
Frequently Asked Questions
Splunk Cloud and Fortinet on IBM Cloud are common alternatives for AlienVault USM.
Reviewers rate Deployment flexibility highest, with a score of 8.6.
The most common users of AlienVault USM are from Mid-sized Companies (51-1,000 employees).
Comparisons
Compare with
Reviews and Ratings
(735)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Recommendations
Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.
AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.
AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.
The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.
Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.
Based on user recommendations, AlienVault USM receives the following common recommendations:
-
AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.
-
Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.
-
To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.
Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.
Attribute Ratings
Reviews
(101-125 of 390)Companies can't remove reviews or game the system. Here's why
August 08, 2019
AlienVault USM - The Core of Your Security Program
- Collecting data in an easy to understand timeline for investigations.
- Correlating attack events and alarms with the NIDS data.
- Providing asset vulnerability scanning for internal assets and remediation strategies straight from the USM portal.
- Adding asset information to investigations.
- Currently there is an issue with not being able to see event details from an investigation page.
- It doesn't make me coffee when I come into the office first thing in the morning!
August 07, 2019
AlienVault USM local appliance
- Gets pretty regular updates
- Appears to monitor all network traffic
- Has appliances for many different situations
- Pretty costly
- Local appliance requires a little more hands on maintenance to keep it updated and running
August 03, 2019
AlienVault USM, missing the versatility of the golden days.
- Creation of dashboards.
- Creation of metrics that we utilize in our monthly reports.
- We like the way alerts are being sent to us and the information they provide.
- Their customer supports is the worst, and sadly this has been consistent every time we've had to reach out to them.
- The account execs have ZERO flexibility regarding making deals and meeting us halfway.
- The features do not work as advertised.
August 01, 2019
Easy, Breezy AlienVault
- Data integration pieces - The many and constantly growing data plugins for different pieces of software and equipment so you have better log collection
- Threat intelligence - showing where your equipment stands against new patches and the visibility to see where you are lacking and how it can put your network at risk.
- Maybe have more of a more sophisticated scanning option. A little bit more of a possible PEN test capability. Simple attacks to try to harvest basic information.
July 29, 2019
Better than Splunk
- Easy to Install
- Good use of filters
- Great training
- Good support documentation
- Paying per GB of usage is not ideal
July 27, 2019
Fantastic Product!
- Multiple functions in one tool (SIEM, Vulnerability Scanning, etc).
- Very intuitive interface.
- Great reporting functionality.
- Deployment was a bit complex.
- Reporting is useful but hard to set up.
- The instructions for how to set up SIEM and import logs from other tools were hard to follow.
- SaaS Log Management: it is easy to ingest logs from SaaS providers like G-Suite, Okta, and more.
- Ease of use: I don't need a lot of engineering work to get AlienVault to a usable place.
- Log Management: it's hard to ingest and organize logs in AlienVault.
- Searching and Querying: the query language is difficult to use and impossible to copy between screens.
- Threat Intelligence: there's no way to get external threat intel into AlienVault to make automatic detections.
July 27, 2019
AlienVault: Great Tool
- Intrusion Detection
- Automated Action Response
- Asset Discovery
- Printer bug: Asset scan would make printers randomly spit out pages and pages of random text.
- Feature-rich includes functionality not typically present in other SIEM's such as vulnerability scanning, UEBA, file integrity monitoring, NIDS
- Simple to configure and deploy.
- Relatively inexpensive compared to other enterprise SIEM solutions.
- While there are many features, many of them are not very advanced. Vulnerability scanning as an example is extremely simplistic and almost unusable for an enterprise organization. It's just enough to get a program off the ground.
- Cloud-only deployment model (SaaS) may not fit all organizations. Not all organizations are "cloud friendly".
- Reporting capabilities out of the box are lack luster. Vulnerability management reporting as an example does not include a single canned report.
July 17, 2019
Very promising, but immature product.
- Has a range of features in one package. HIDS, NIDS, FIM, reporting, and alerting.
- Report templates for SOC, NIST, ISO 27000.
- The support since the recent purchase by AT&T has really dropped off. Answers to questions are much slower and sometimes wildly inaccurate. Asking the same question multiple times of different support will yield totally different answers.
- Some of the features that existed in the on-prem version has still not made it into the cloud version.
- Asset scanning has become buggy in the latest updates, and bugs are getting fixed much slower than our previous experience before the AT&T purchase.
Score 10 out of 10
Vetted Review
Verified User
- AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the cloud) is quick and easy.
- Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response.
- USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice.
- With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon CloudWatch Logs.
- We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.
- More data tiers - something between 250GB and 500GB tiers, maybe break it down into 100GB tiers?
- Integration with OpsGenie would be great.
July 16, 2019
AlienVault USM Review
- Asset Management
- Log searchability
- Built-in plugins
- Plug-in Development for new services
- Vulnerability scanning
- UI tweaks - i.e. asset detail lists
July 16, 2019
AV is ready for cloud?
- Logs collection
- Cloud-aware
- Suspicious events detection
- Dynamic infrastructure detection (e.g. autoscaled instances are not detected when terminated).
- File integrity monitoring rules cannot be customized.
- Agents are manually deployed.
- Agents get disconnected from time to time.
July 15, 2019
AlienVault USM Review
- Authenticated scans.
- Cloud friendly.
- Supports multiple cloud providers.
- Very limited storage quota.
- UI could be more user friendly.
- UI is slow.
- Vulnerability scans on several different OS.
- Intrusion/Attack detection.
- No customisable patterns for log analysis.
- Not friendly with autoscaling resources with no possibility to have auto-deletion of assets no more present after a certain amount of time.
July 06, 2019
Alien Technology for humans
- Fast.
- Neat.
- Powerful.
- Might be a bit complex.
- We could use a map with the story of the events and how they're linked together.
July 05, 2019
So far so good
- Vulnerability lists.
- Log storage.
- Integrations.
- Tech support.
- Releasing unstable agents.
- Did I mention support?
July 05, 2019
Well designed and easy to deploy
- Good UI
- Easy to deploy
- PCI compliant
- Compatibility
July 03, 2019
AV USM review
- Ease of installation
- Ease of setting up logs
- Web interface is user friendly
- Ability to scale or handle a high load of events per day
July 01, 2019
AlienVault USM - Threat detection done right
- Alerts on login activity from unexpected locations (countries)
- Aggregating log files for easy searching
- Better interpretation of errors into more natural language
- Easier grouping or categorization of alerts in order to assign them more efficiently to appropriate users/groups
- Easily integrates with AWS cloud infrastructure.
- Provides an intuitive interface to analyze raw logs and investigate potential threats.
- Automates vulnerability scanning.
- Alerts to potential threats and intrusions.
- Raw logs are only available via the UI for the last 30 days. It would be great if you could choose to load archives into the system for investigation when needed.
- It would be awesome to have an implementation checklist to see how the different features map to various compliance frameworks like NIST.
- They were recently purchased by AT&T, so there is some confusion as to what serves are offered by AlienVault and what is AT&T Cybersecurity, who to contact about your account, etc. Growing pains. :)
- The documentation can be hard to use for security newbies. It covers the technical pieces, but not the why or how to use the different features and functionality. It could benefit from practical examples of AV in action.
- Collects AWS CloudTrail logs
- Collects OS logs
- Has many integrations with other security products
June 28, 2019
Very good SIEM solution
- Reporting.
- Integrations.
- Customer Support.
- More descriptions of events.
- Easier sorts.
- Easier Updates.
June 27, 2019
AlienVault USM Review
- Log Consolidation
- Asset Discovery
- Alarm and Event Tracking
- Website can be slow and unresponsive at times.
- Asset configuration can be tricky with DHCP.
- Asset credentials can be difficult to set up.
- Existent connectors for common IT infrastructure equipment (brands) simplify initial configuration a lot.
- Dashboarding and reporting capabilities permits that you can see relevant information in a single view.
- Availability to train in Spanish would really help us a lot.