AlienVault USM: Simplifying Security with Cost-Effective Threat Detection.
Our organization uses AlienVault USM to enhance the security posture and streamline our clients' threat detection and response. The …
Starting at $1,075 per month
View PricingOverview
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (8)8.585%
- Correlation (8)8.585%
- Event and log normalization/management (8)8.080%
- Custom dashboards and workspaces (8)7.070%
Reviewer Pros & Cons
Pricing
Essentials
$1,075
Cloud
per month
Standard
$1,695
Cloud
per month
Premium
$2,595
Cloud
per month
Entry-level set up fee?
- Setup fee optional
For the latest information on pricing, visithttps://www.alienvault.com/products/pri…
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Features
Return to navigation
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Features
Security Information and Event Management (SIEM) Features
- Supported: Centralized event and log data collection
- Supported: Correlation
- Supported: Event and log normalization/management
- Supported: Deployment flexibility
- Supported: Integration with Identity and Access Management Tools
- Supported: Custom dashboards and workspaces
- Supported: Host and network-based intrusion detection
Additional Features
- Supported: AlienVault Open Threat Exchange
AlienVault USM Screenshots
AlienVault USM Videos
AlienVault USM Competitors
AlienVault USM Technical Details
| Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
|---|---|
| Operating Systems | Unspecified |
| Mobile Application | No |
| Supported Countries | Global |
AlienVault USM Downloadables
Frequently Asked Questions
Splunk Cloud and Fortinet on IBM Cloud are common alternatives for AlienVault USM.
Reviewers rate Deployment flexibility highest, with a score of 8.6.
The most common users of AlienVault USM are from Mid-sized Companies (51-1,000 employees).
Comparisons
Compare with
Reviews and Ratings
(735)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Recommendations
Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.
AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.
AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.
The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.
Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.
Based on user recommendations, AlienVault USM receives the following common recommendations:
-
AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.
-
Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.
-
To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.
Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.
Attribute Ratings
Reviews
(351-375 of 390)Companies can't remove reviews or game the system. Here's why
December 04, 2015
AlienVault's no Alien
- Reporting.
- HIDS (specifically registry monitoring).
- Multi-vendor Integration.
- GUI seems slightly cluttered; especially for manager (high level overview) access.
- Some plugins require significant work to install and configure on the backend
December 04, 2015
AlienVault USM- Beginning Thoughts
- The AlienVault NIDS has proven to be very valuable in helping us identify traffic on our network. It has identified unauthorized traffic that was going out of our network.
- The alarms generated from our realtime events have helped us to respond to and track our responses.
- It has helped us with change management with realtime updates to any changes in configuration.
- Inventory is terrible. Expect to spend some time fixing details on your inventory. This is particularly frustrating as often vulnerabilities are tied to specific versions of Windows or software. I mean there is a world of difference between Windows 7 and Windows 98. Its inability to differentiate is a big issue.
- I would like to see the alerting functionality improved. Such that if you see an alarm that you want to be notified about every time it happens you can just right click on and say alert me next time this event happens.
December 01, 2015
Best bang for your buck
- Vulnerability Assessment
- Intrusion Detection (Host and Network)
- Event Log Management
- Improving the ability of whitelisting vulnerabilities or marking them as acceptable risks
- Improving the accuracy of vulnerability assessments
- Reducing false positives on the network IDS
November 28, 2015
In Aliens We Trust
- Simple and easy deployment
- Powerful correlation features
- A complete tool to deploy in poor security scenarios
- There is some difference in working with official plugins rather than custom ones
- No visual flagging is possible in SIEM events, so working cuncurrently is hard
- We don't agree with using 2 different storage technologies for security database and logger database
November 28, 2015
My AlienVault USM Experience
- Correlates events from different sources and displays comprehensive information about security incidents.
- The threat intelligence database is constantly updated with information about new threats and indicators of compromise.
- The network asset detection function is helping us to always be aware what systems are connected to our network.
- The alarms interface is very easy to navigate and is following the cyber kill chain model. This makes it very easy to prioritize the incident response efforts to the most critical alarms.
- More plugins for anti-virus product logs like Kaspersky.
November 25, 2015
Review from Brier & Thorn - a TIER I MSSP for AlienVault
- Identification of known bad IP addresses
- Access to packet payloads triggering events
- Management/updating of network IDS rules
- Upgrade to new major releases is poorly QAed and tested introducing new bugs that should have been caught in the QA process which has brought down customer production equipment
- Ongoing attention and updates to submitted bugs
November 24, 2015
Its very good to keep eyes on your network data packets
- Security events management is a good feature and alarms by these two we can get some high priority infections
- To analyse all events and find out high priority is quite difficult.But when you get some few high priority events and alarms it easy to look at them and take action as per the infection.
- If any device has net flow issues it should send a notification email to a particular email.
November 24, 2015
Effective, complete product at a competitive price.
- Ease of deployment.
- Intuitive WUI.
- OTX is outstanding.
- Patch roll-out process seems a little immature or is still developing.
November 23, 2015
AV Trust Radius Review
- Ease of setup - up and running very quickly. Not a ton of knobs and switches to dial in, at least initially.
- Application of updates to the platform - with lots of moving pieces, and the myriad of Linux dependencies, upgrades could be made a bit less burdensome for administrators.
- Search features - although quick and on-point, it's the actual location of search boxes that seems quirky. Maybe make the search boxes bigger or different in design?
November 23, 2015
Alien Vault USM in hotspots of Ukraine
- System availability. We completed the installation of AlienVault USM in the corporate environment through telephone consultations within a short time of 2-3 weeks.
- The universality of the system. We had a short period of AlienVault USM implementation in a complex domain architecture, and we have access to the full monitoring of the entire network environment.
- As an example of the stability of the system set up in a stable operating system, we can say that the system is operated in a critical channel breaks, the electrical environment. AlienVaultUSM always restarted without the problems inherent in other systems.
- We have not yet fully mastered the system. We suggest to intellectually develop the system, with the ability to advise on the construction of monitoring systems and network architecture.
November 23, 2015
Fantastic All in One security solution at an incredible price point
- Value far exceeds the price.
- Excellent customer service and support.
- The product walks you through addressing placing values on assets and implementing the proper controls.
- The product does what it claims it can do.
- Product documentation could be more streamlined and easy to use, however, in the short time I have used AlienVault Unified Security Management there seem to be constant improvements.
- To take full advantage of the solution, it helps to have some experience on the Linux platform, however, the product as delivered provides a solid security management platform with an intuitive GUI interface and AlienVault support coupled with their initial setup support services does a nice job of filling in the gap if you do not have that skill set in your organization.
November 23, 2015
Great 5 Capabilities....where is the APT Button??
- AlienVault simplifies threat detection by providing us with a quick overview of what is going on in the network.
- It is really easy to deploy which allows us to show value to our customers right away.
- Having AlienVault labs helps tremendously because it feels that we are not just the only team trying to create our own rules. We have other experts on the other end writing rules that we can add and put together for a more robust threat detection.
- Reporting for compliance purposes is awesome! Having all those already well developed reports has made our lives easier!
- I remember asking a question on one of the demos they had online and it was regarding the capability of downloading executable or malicious files being detected by the NIDS. They laughed and said that one will have to have years and years of experience to analyze those files and that's why they don't have that functionality in their solution. I don't know if the "experts" have ever heard of Remnux or Cuckoo Sandbox . Anyways, I think that it will be great specially for organizations that cannot afford an IR team. Let's keep in mind that this product is being marketed a lot for SMBs and mid-sized businesses !!
- It will be great to see SYSMON events being pulled by the OSSEC agents automatically a soon as it gets installed on the endpoint to have real complete visibility. I havent seen that yet. I have seen projects for Parsers but to work with ELSA. It would be great to see the AlienVault team to focus on getting as much information as possible of the endpoint too to help the IR team. You guys already have agents being installed on the endpoints, why not take advantage of it and show actually processes being created, call outs being made, etc. Remember that the nice packet capture feature will not be useful with encrypted traffic. Having the extra layer of detection will be really helpful. Knowing what files are being accessed or scanning for root-kits is useful but not enough for an IR engagement. During an intrusion, you need more information. Check Carbon-Black for some ideas on how to show the KILL CHAIN ! .
- SAAS will be GREAT TOO!
- Live response CAPABILITIES also will be a GREAT add-on for AlienVault USM. Launching a PSSession and adding functions to DELETE FILES, DOWNLOAD IOCs and KILL PROCESSES is really easy and it will be great to have a button that we can just press and have a shell on the Endpoint. EDR is HOT right now in the industry, and I wish I had that option in my USM Dashboard.
November 21, 2015
Cost-effective, but you better be comfortable with the Linux command line and vi/nano
- The deployment of the OSSEC(AlienVault HIDS) agent the basic logging and event generation got us out of the gate quickly.
- AlienVault has a lot of out of the box parsers for popular network devices to parse system logs.
- AlienVault has a lot of out of the box correlation sets to generate intelligent security alarms.
- The vulnerability scanning feature is basically useless for us. There is not an easy way to see which vulnerabilities are being scanned for, and I've confirmed that monthly Microsoft updates take forever (over 30 days) to get into the definitions. We need to see them in there within a couple of days. The scanning is all done remotely (no local agent-based scanning), which requires superuser credentials to be supplied to the scanner. Because we have a lot of remote locations connected over VPN, the scans repeatedly timeout or error out. We are exploring alternative products for this need.
- AlienVault documentation is severely lacking. When I have opened tickets with AlienVault regarding missing documentation, I am often referred to the open source project's documentation for the component they've integrated. If AlienVault wants to integrate a component and rebrand it as part of their product, they need to take the ownership of documenting how to use it within their product.
- AlienVault requires too much "hacking" to do anything custom. The CLI has a "Jailbreak system" mode that is required for anything outside of the most vanilla configurations. In my mind something called "Jailbreak" should not be required on a daily basis. Examples of low level config include having to create custom rsyslog.d conf files to aggregate syslogs from multiple devices to a single log for parsing. Using the Web UIs per asset assignment of a plugin isn't resource efficient. Doing any sort of custom rules or plugins requires CLI modification of multiple files and the OSSIM database. It shouldn't be that hard.
November 21, 2015
Excellent and affordable but requires better documentation
- Ease of set up
- Open source
- Cheap
- Support
- Documentation
- Configuration
November 20, 2015
AlienVault helps scan for bad behavior not just known threats.
- Host based Intrusion detection works well on Windows servers, and monitors for a number of security related events. Also contains event log monitoring.
- Ease of deployment to Windows Servers.
- Ability to add custom plugins when needed.
- Log file normalization.
- Integration with Open Threat Exchange, and use of IP reputation information.
- There is a lot to it. This is a strength and a weakness. This is a powerful set of tools, it can take a little work to understand everything it can do.
- Navigation can be a bit tricky, i.e. I know it does this, I have seen that option before, but where is it.
November 20, 2015
Trustradius Review - AlienVault
- Universal
- Easy to use
- Excellent customer support
- Doesn't always play well with others (*ahem - FortiGate)
November 20, 2015
AlienVault has made my life 100x better as the Systems Security Administrator and Compliance Liaison
- SIEM solution is the best of any that we tested.
- Agentless monitoring is perfect for monitoring networking equipment for historical changes made.
- The Nagios monitoring software build, it is not always the best through the UI but with the ability to alter the configs and manually monitor specific things I'd like it's great!
- Nagios monitoring through the UI, i.e. configuration changes and naming ports with specific names that pertain to me would be nice.
- The ability to personalize more without them being wiped when doing an update would be even better.
- The ability to stand up a standalone Nagios monitoring system on the AlienVault remote sensor to forward events to the AIO.
November 18, 2015
AlienVault USM Smoothing Out PCI-DSS
- Combining many tools in to one nicely packaged system - used OSSEC but it's a real pain to configure and implement. AlienVault Unified Security Management sets up much easier and very powerful out of the box.
- Event correlation.
- Alerting of issues.
- Tuning out noise - i.e. setup/tear down of sessions in firewall. Would be nice to have a template ready to implement.
- Documentation pertaining to the actual setup/configuration. Right now, you really need to purchase engineer time to get things set up and running in a timely and efficient manner.
- UI flow. Recent updates have made great strides but there's still room for improvement.
November 18, 2015
Newb AlienVault Review
- Real time reporting
- Grouping security events
- Alarms
- Easier access to built in reports
- Updates less often - right now I get notifications for updates every day
- Better integration and ease of use with open threat exchange (OTX)
- More plugins
- AlienVault Unified Security Management is very flexible to configure and collect information from devices, even those which are unknown to it via custom plugins. It can be highly customized to suit each organization's requirements.
- Open threat exchange (OTX) is a very important and useful feature which helps to trace the malicious IP with reputation back to its origin, so intent is clearly visible when analyzing security events. Pulses and IOCs are very interesting and useful as well.
- Reporting is very good, it has variety and huge options to choose from, though the output format has potential to improve.
- Policies and actions can be very useful for fine tuning the system.
- Ticketing system can be improved and integration with external ticketing systems can be made easier.
- Reports can be output in a number of formats such as MS Office etc.
- Creating of new policies can be directly provided from the the SIEM or events page. This will help in pre-population of data fields required to treat the events as either false positives or for writing actions for particular events. Currently, all the data fields have to be noted and included manually in the policy fields which can sometimes be erroneous.
November 18, 2015
To the moon and Back
- Customisable dashboard to see everything at a glance.
- Correlation of events against known vulnerabilities within the Infrastructure.
- Open Threat Exchange to correlate events against knownn bad IPs and attack vectors.
- More ability to read windows event logs for system and application logs and filter out what is not required.
- OCS inventory built into the OSSEC agent.
- Comprehensive online up to date manuals to help in configuration of systems and known issues. Whilst the community is great there can be a lot of confusion about what is best.
November 18, 2015
Alien Vault - USM
- Ease of implementation.
- Support.
- Checks most points for PCI compliance when compared to other SIEM vendors.
- UI can be improved.
November 18, 2015
Real World AlienVault Review
- Log collection correlation and analysis. Makes reviewing logs easier.
- Intrusion detection. Identifies possible threat to our network.
- Asset management is not very user friendly. Takes a lot of manual maintenance to keep it accurate especially when DHCP is used.
- Management of plugins.
- Normalization of logs. Sometimes the logs are not parsed correctly and the important data is difficult to find.
November 18, 2015
A brief review
- I like the reports that are available.
- Easy to use Vulnerability Scanner.
- I have had several issues when trying to upgrade the system.
- A better way to manage assets.
November 17, 2015
Champ for SMBs
- Packaging opensource components like OpenVAS, Nagios, Nmap into one working bundle.
- Makes it easy to operate a SOC with one or few analysts.
- It has a minimal entry barrier to get started.
- Can't group few SIEM entries and create a ticket that points back to a group of selected events.
- The forensic evidence i.e. traffic pcap is very limited. It should at least provide some more traffic around that time.
- It should have data source plugins for all popular antivirus suites to ingest antivirus alerts and events