TrustRadius
https://media.trustradius.com/product-logos/LF/Ap/TPOL9A2198T5.JPEGA complete security framework that works on multiple layers.Originally AlienVault was a product we sought to meet requirements for GDPR, but soon in our initial review, we realized that it would deliver much more than we needed. We currently have a solution that provides us with information for decision-making and proactive action in the security context of our environment. The solution proved to be so well thought out, with an excellent technical background that personally, I invested heavily in an apprenticeship and became an AlienVault USM certified engineer.,AlienVault enables integration with external technologies, thereby broadening its scope and possibilities. AlienVault has a dashboard customization and reporting scheme that makes it flexible to query your data, allowing you to model the tool according to your needs. AlienVault will make you forget the need to consult some information on AWS Cloudtrail. It extracts the data from there and delivers in a much more efficient way. With a single tool you can monitor your cloud and on-premises environment.,Their commercial policy on stored data makes you need to filter out some information before it is stored. Their new agent does not allow you to create local filters, which can easily lead to the overrun of monthly contracted storage limits. It does not allow you to create log analysis plugins. If it were allowed, it would be possible, for example, to create a plugin for analyzing the logs of an application created by your company.,9,Alert Logic Network Threat Detection and Threat Stack,Especially since AlienVault has its own security research lab, recent threats are quickly added to the database. It is even common to see in the security-related community the presence of AlienVault researchers reporting security breaches detected by them.,I have used several security tools before in other companies where I worked. Most of them are based on free solutions. By choosing AlienVault in the company where I currently work, I no longer need to worry about the tool itself, installation, maintenance, upgrade, etc. I basically focus my efforts on analyzing the results that are delivered in a much simpler and less costly way.,No,Price Product Features Product Usability,I do not see at first something that I would change in the process. I can say that the process was executed in a detailed way and that the result was totally within our expectations.,8,Yes,There was a situation where my sensor was outdated and auto update did not work. When you open a call, a member of your support team contacted you by scheduling a time to manually perform the update. At that time the service was done quickly with almost no problem and from there the automatic update came back working correctly.When the door closes what window will they try to use?Our Alienvault USM is deployed at the organizational level. It monitors and reports any attempt to breach in place security or attempts to find vulnerabilities within said security scheme. Ease of use and limited number of false positives provides peace of mind.,Quickly reports unauthorized access attempts of our network. Provides insight to the possible internal breaches sending data out of our network. provides strong reporting on network resources.,I would like to see an interface that is more menu driven. For example a method that allows me to drag and drop the items I would like in an adhoc report based on local machines that are attempting to connect to sites beyond our network that are blocked by our firewall. I would like to see a more robust connection to our SonicWall, having two devices in the same rack that must be configured independently is some times a pain to fine tune. I would like to see additional help files built that allow users to work with the Alienvault without attending formal training.,10,Very effective, as I mentioned previously, we were able to identify a true threat to our environment due that intelligence gathering nature of the AlienVault USM and its clean reporting.,AlienVault USM once configured has allowed us to move away from manual port monitoring and have an automated real-time monitor in place. Reports/texts and emails are sent within a reasonable time of an event occurring, to multiple staff members who can take immediate remedial action.,No,10,No,Every time we call (which isn't often) I would rate the service as exceptional. I have had no complaints with support at all and that alone says a lot, as I demand as much from vendors as I do from internal work force.,10Aliens to the rescue!We are primarily using the product as our SIEM system to correlate logs across our infrastructure and provide useful analysis on potential threats and anomalies. We also use the built in vulnerability scanning, IDS and asset management functions as a complement to our existing vulnerability/IDS/asset management systems. With this level of intelligence, it helps us determine what course of action to take to an incident and assists us in prioritization.,Log correlation is excellent and on par with other more expensive solutions. Ease of use is a big plus. Initial setup was simple and quick. The OTX threat intelligence is a great complement to our other threat intelligence feeds to ensure we have as many 'eyes' out there informing us of all the potentially malicious threat actors out there.,There are a couple of things that can only be done through the CLI and unless you're familiar with the CLI, there may be a large learning curve for some. The vulnerability scanner lacks a number of advanced features that other solutions have which make it simpler and more efficient to manage. Plugins are limited (although they are adding more as time goes on). If you need a plugin that is not available you will need to create one on your own which requires modification of a number of files and can be daunting for someone new to the platform.,9,,The AlienVault USM is reasonable at detecting actual security threats. There is an initial period where you may receive a large amount of false positives or false negatives however with some tweaking these disappear.,With limited budgets and resources, the AlienVault USM has definitely assisted us in reducing the amount of time we need to spend in detecting and reacting to security threats.,4,3,8,Yes,7,Yes,There have been a few times recently when AlienVault support did go out of their way to provide exceptional support. If they keep this up their customer satisfaction rates will no doubt go higher in the future.,8AlienVault is no Alien when it comes to SecurityAlienVault Unified Security Management is being used across the whole organisation for event logging and monitoring, threat/vulnerability management and IDS.,Alerting on correlated events - this has allowed us to capture malware ahead of time. Ease of device logging - once the logs are sent through, the data is available instantly. Actively reviewing and responding to vulnerabilities through an easy to use interface and schedule task format.,More functionality pushed through the web interface would be useful. Asset management can be a little restricted when applying changes across a rule set.,10,LogRythm, Alert Logic and QRadar,Threat management is an excellent feature and allows us an all round vision of our landscape.,With a reduced security team Alienvault's USM allows us to have full SOC capabilities a cost saving to the organisation.,5,2,Determining malware has entered the organisation Communication failures between servers/services Activity on firewalls Changes on AD without the necessary approval authorities in place,Triggering events in other monitoring systems Integrating with other monitoring products to give a more rounded view Utilising into quarter end reporting for excom updates,Allow dashboard use throughout the business support units Centralised view for The SOC Interfacing into other products that fall outside of traditional security products,10,Yes,Price Product Features Product Usability Analyst Reports,Our evaluation process is part of our policy governance therefore the actual process of vendor selection would not change.,8,8,Dashboards Correlation Rule Set up Log Collection Asset Adding Vulnerability Scanning,Creating parsers can be difficult unless regex is understood.,10Great system to meet FINRA's Cyber Security RequirementsWe use AlienVault to be in compliance with FINRA's cyber security regulations. We monitor our traffic, our users logins, and systems to make sure we don't have any unauthorized entries. It is used by our IT Dept primarily, periodically compliance logs in as well. It is a great system and I am happy we went with AlienVault for our cyber security needs.,It has great reports that are able to be generated A lot of functionality The intrusion and detection system is particularly useful for us,It is not easy to use for non IT professionals The set up process is very tedious and difficult,9,,I have not compared this to other software.,We have achieved this benefit but the only issue is unless you are very IT or tech savvy and understand networking professionally, it is very difficult to be able to understand what anything means. For example I took the launch pad training course, I have a legal background not a IT background because of that reason the course was not very helpful for me.,2,2,Meet FINRA Cybersecurity Regulations Network activity monitoring Intrusion detection,We use alienvault as we were trained by the alienvault team,Alienvault is particularly useful when we need to monitor user access and break in attempts.,10,No,We did not use a solution like alienvault before. We went with alienvault because of the capability the software had.,Price Product Features Product Usability Product Reputation Third-party Reviews,There is nothing I would change with our selection process as we are fully satisfied with the decision we made. We did a demo of the software which I believe is the single most important thing that must be done when selecting any kind of provider.,Implemented in-house,Change management was minimal,It had a lot of steps involved that had to do with dealing with our server and data providers Involved a lot of man power to get it fully functional.,7,No,10,No,We had an issue with our intrusion detection system and the support staff identified the issue and suggested a solution on how to resolve it. He even went above and beyond and offered to do a screen share to guide us through what to do on our alienvault platform.,The compliance reports are easy to use. The threat detection system results is easy to understand.,The setup process was difficult When a vulnerability is found, it is difficult to understand what it is.,No,7USM - More Bang for your Buck!We are using AlienVault Unified Security Management not only to monitor our own organization, but we also have a federation server to receive alerts from clients. This allows us to be proactive both internally and for our MSSP clients.,Ease of installation - The VMware OVA installation is very quick, and basically bulletproof. Once installed, the Setup Wizard gets you up and going rather quickly. The availability of sensor plug-ins for the most common network devices is a real plus in getting operational quickly. The USM user interface is easily navigable, and is laid out very well. It makes configuration and remediation very quick.,I'd like to see an auto-update feature. Having to manually update several times a week (times 2 servers) is a process I'd like automated. Policy based email alerts can be difficult for new users to set up. I would like to see a Notification Wizard for this. Have Asset Discovery more actively identify network devices. It seems to always detect Windows 7 systems as Server 2008, for example. Better interrogation and maybe plug-in recommendations.,9,LogRhythm and Cisco Sourcefire SNORT,So far, it has identified quite a few minor inconsistencies in our own environment, largely to do with outdated Java and/or SSL versions. We were also able to tighten down our remote access systems based on information given by USM. Another notable is the ease of HIDS installation and reporting.,We spend a lot less time on maintaining our infrastructure since the introduction of USM. We have the dashboard up and running all day, and any/all serious threats alert our engineering staff for evaluation. All in all, it is a great time saver, and we know we can depend upon it to help maintain the security of our network.,9USM is like having a team of analysts in a boxAlienVault is being extensively used to monitor critical systems. USM provides an easy to use interface that allows us to drill down to a forensic level. The automated ticketing system provides the security team with a 24-hour view and highlights any areas for further investigation.,Setup is incredibly quick and easy, and provides instant results Asset discovery couldn't be easier, just a couple of clicks USM provides a centralised view of the full IT landscape including IoT,Threat reporting can occasionally be vague, reporting back a generic issue It would be great to add specific threats or exclusions (this may already be there, I haven't looked for it yet though),10,SolarWinds Log & Event Manager and ManageEngine AssetExplorer,USM provides us with a starting point, but it also provides a very detailed packet-level information on further investigation that is required.,Implementing USM has not only provided a major timeline efficiency but has further enhanced to target scope through automation and reporting specific points of interest.,Yes,10,No,On first installation they contacted us and ran through various checks to ensure we were getting maximum benefit, then made a couple of suggestions to further enhance benefits.This is no Area 51, AlienVault exposes the hidden threats!AlienVault USM is use throughout our organization. It was put in place to resolve two issues. One was for vulnerability scans for audit compliance. It was also used for monitoring critical systems in our network. We also use to to parse syslog and other logging. An added bonus was the ability to track AD changes. The vulnerability scans are the best bar none that we tested. The monitoring is great too, however the only thing we found lacking was hard drive monitoring, we had to put another solution in place for that, however that was 6 months ago, so things may have changed.,Vulnerability scanning Up to date security definitions Open Threat Exchange Range or product sizes to fit any size of organization,Hard drive monitoring Slightly higher learning curve,9,LogRhythm, SolarWinds Log & Event Manager and Splunk Enterprise,AlienVault USM is phenomenal at keeping us up to date with the latest threat. The Open Threat Exchange (OTX) has great integration in their product and allows peers to submit transparent samples and definitions of security threats that they have seen. This allows the wider spread of example networks and thus the products is trusted to deliver.,It is just that good. We recently had a perceived security threat from an internal user and used AlienVault to investigate. I was able to pull reports of that user's workstation(s) and could verify that nothing damaging. I was also able to verify with certainty for my management team that we had not been compromised.,8,10,7AlienVault USM Implementation ReviewWe use AlienVault USM to monitor our data center, network traffic, and key workstations. Our goal is to protect the systems from loss of PII, from malware, and from intrusion.,Alerts are emailed to us for many types of configurable concerns. Such as intrusion attempts. Network traffic can be monitored for PII that may be transferred across the network or off-site that is not authorized or that is sent unencrypted properly. Key systems can be monitored for malware, intrusions, and network traffic.,The menu structure could be broken down by categories that make it easier to locate sub-menus.,10,,We feel it is comparable to it as well as to open source solutions, but easier to implement than open source solutions.,We have achieved this benefit. We have used open source solutions. But, to get the same results we had to use multiple solutions. Also, the open source solutions were more difficult to set up and difficult to maintain. And the AlienVault OTX makes us feel better about the product being up to date as well as us being more informed as to current threats to be aware of.,2,2,IDS Malware FERPA Compliance Monitor PII IPS Ransomware,We have been able to use Custom Written plugins to monitor our off-brand switches and routers. Watch for PII being send across the network or off-site in an unencrypted format. Identify scans on the network from on and off-site in order to proactively block them at the firewall's.,Monitor critical systems, servers, an applications up-time.,10,Yes,We like the fact that USM has log management, provides excellent support, and provided us with a easy to deploy VM All-In-One system.,Price Product Features Product Usability Product Reputation Positive Sales Experience with the Vendor,The eval and selection went well and as we had hoped.,Implemented in-house Professional services company,Yes,Change management was minimal,no significant issues were encountered,10,10,No,Follow up is absolutely amazing.,Monitoring of Alarms Looking at the logs of monitored systems. Install and Setup up of Agents on servers.,Plugins are a bit difficult - but just something that needs to be learned. Some directives setup can be a bit difficult to do the first time - But, it just requires a little hands on practice.,No,10AlienVault USM, a perfect ally for MSSPCable and Wireless offers our customers across the Latin America and Caribbean region a Security Monitoring service which is based on AlienVault USM technologies. We deploy sensors and servers on different customer locations and collect the alarms generated by those devices on a centralized AlienVault Federation Server which is continuously monitored from our SOC. The SOC analysts asses all the generated alarms and based on their knowledge and they provide the customer with the necessary visibility and corresponding information in order to know how to respond to a security threat or security incident. We at C&W also use AlienVault USM technologies in order to monitor our network and datacenter infrastructure across the Latin America and Caribbean region. AlienVault technologies has allowed us to offer a managed SIEM service which is affordable and reliable, and can be provisioned in order to fulfill specific needs as all of our customers have different requirements and necessities.,AlienVault USM provides enough flexibility when collecting logs and monitoring systems that are not supported by default. AlienVault USM has five different security monitoring capabilities that are focused on monitoring the health of a network and network systems and are included by default. Other SIEM vendors need to integrate additional products in order to generate the same visibility, which can make a project more complex and more expensive. OTX has improved significantly the visibility of the existing threats and this information is not only valuable for the operation of the service we offer but it can be a great security ally for any other SOC.,As a young company, the documentation and support knowledgebase are still not completed and they can improve it in order to make an even better product. As AlienVault comes from an open source product (OSSIM) the log collection relies on the use of third part agents (snare, nxlog, ossec), however regarding the professional version, there should be an Alienvault agent that could collect logs from different datasources. This will give our customers piece of mind as they will notice that even the agents are part of the same product they acquired.,9,,By integrating different security monitoring tools and by understanding that the security threats have evolved into a much more complex environment, AlienVault has given us the tools to monitor different aspects of the information security and it helps to detect attacks that normally would not be detected by the traditional SIEM approach. OTX has been a great ally as it delivers visibility and information about the real time threats and it's information has not only be used for the customer with existing AlienVault deployments bu for other SOC customers. The hierarchy architecture also enables us to monitor all customers infrastructure from a single console make it easier for the SOC analyst to detect specifc events or security threats.,We have achieved this by using the AlienVault Federation Server. A single console facilitates our SOC staff not only to detect threats among any customer but also to continue with the incident process once the threat is detected. The correlation directives that are normally updated, give us the power to monitor new security threats without having to reconfigure the product, so the analyst can focused on their job.,25,10,For monitoring customer infrastructure and security. For monitoring datacenter infrastructure and security. For monitoring other critical infrastructure inside the company.,We have been able to focus the service to our customer's business. The flexibility it offers has allowed us to monitor datasources that no other SIEM vendor could offer. We have been able to integrate the AlienVault USM technologies with other services that we already offered in order to come up with an improved version of already existing services. We have been able to offer POC scenarios to our customers of a technology that is somehow difficult to deliver (other vendors do not offers POC and the customers have to buy the product without proving is what they need),We are trying to deliver visibility and reporting from other services which have these features but are somehow limited.,10,9,9AlienVault - Value for the MoneyAlienVault Unified Security Management is utilized internally by our company, as well as our clients, as a central cog in the wheel of information security management. The main problem we were trying to address was to have information security visibility that was easily scalable and cost effective. By utilizing AlienVault USM we were able to check those boxes.,Value proposition - AlienVault is a package of tools that perform functions that pretty much every business needs including security information event management, intrusion detection, vulnerability scanning, availability alerting, and reporting. Stability - Considering the multiple functions this software performs, stability and availability have been pretty good for us.,Plugins - There are some plugins that aren't out of the box or some tweaking is required to get the reporting correct. Reporting - This can be a garbage in/garbage out scenario for our clients that use this. Some of the reports aren't applicable depending on the information being collected and the canned reports can have gaps. There's a good base of content to do custom reports, but other products seem to do reporting better and more coherently out of the box. Menu layout - Minor gripe, as for day to day tasks the layout is fine, but for some administrative and configuration tasks there is a bit of hunting to do and drilling down to be able to get to the right spot so you can perform your task. Integrated Threat Intelligence - The industry is changing and this is where we've had to turn to additional threat feeds and other vendors for help.,6,Cisco Sourcefire SNORT, IBM Security QRadar and HP Arcsight,AlienVault is pretty effective at detecting threats, but like everything, it takes some care and feeding. Tuning is still required; proper set up of your span/mirror is still required. You still need a trained analyst to do actual analysis of the tickets that are opened for what it sees. Yes, a ton comes in the package that AlienVault offers, but security is never plug and play. I think lately the management of the product has created additional overhead. Threat hunting is now definitely a priority but we're starting to evaluate and utilize specialized tools for that and our concern is that SIEM is becoming more of a log collection and after the fact reporting device.,There is definitely time savings in not having to manage and maintain multiple products that do multiple functions. There is definitely worthwhile correlation, a useful ticketing system, and while you need to do tuning, it's not as onerous as some other products (The old Cisco IPS comes to mind). The built in way that they do federation has allowed us to scale without having to manage multiple consoles, unlike some other products which don't have proper multi tenancy.,3,4Conspiracy Theory - No Aliens here!We are using AlienVault USM for log monitoring and retention. We also monitor the alarms dashboard to be aware of anything that may be penetrating our network. We have just started using it within the last couple of months so do not have it fully tweaked, but will be creating directives and policies to alert our tier 2 support team of possible incidents that require investigation.,Log capturing and retention. Easily searchable. Behavioral monitoring. AlienVault is able to look at all events and correlate them, taking that workload off of staff. Open Threat exchange. AlienVault is on top of the current threats and updates database regularly to optimize protection. Intrusion detection.,Vulnerability scanning. The reports are horrendous and do not provide an easy way to sort through them. Perhaps there is something I am missing, but I would like to be able to break it down by the vulnerability and list all hosts that have that vulnerability. GUI does not keep track of what page you are on. If you make a change, it refreshes and you are back on page one. Would also be nice to be able to have a GoTo Page option. Vulnerability scanning takes much too long to run. I am running scans with another system and am able to easily scan our entire network over the weekend. It times out a lot with small subsets of our network. It also seems to be locking out the account used for authentication. I verified it has the correct password and used the system to test connectivity, which it passed.,9,EventTracker,I have not used other security technology to speak of. AlienVault has provided us with better insight as to what potential threats may be attempting to breach our network. It was also a valuable tool when going through an audit. We were able to identify when the auditor was open testing our network based on the alarms that were triggered.,Since we did not have any system that was able to provide this service, it has added great value to ensuring our environment is protected. We are able to identify potential breaches of our network and whether the source has an IP reputation based on the Open Threat Exchange. It has been a great addition to our arsenal for fighting off the bad guys.,Set up alerts for when a user has locked out their account. The alert goes to helpdesk so that they can contact the user, sometimes before they even realize they have locked their account. Also provides security in knowing that the user is the one indeed locking out their account. Use the vulnerability scanning to address vulnerabilities so when the auditors scan we have a much cleaner report as well as secured our environment. Set up alerts to go to Sys Admins when domain group memberships change. This provides an audit for privileged groups as soon as they occur.,Yes,Product Features Product Usability,Would not change anything. We did a POC on several solutions to see the results first hand in our own environment rather than just a demo so the value was easy to see when choosing AlienVault over the others.,9,7,8All-in-one, Integrated Security that is Simple and Low-costWe use Alien Vault's USM all-in-one appliance for all of our compliance needs. We went looking for a security product that would meet our compliance needs and found that just one component of our compliance budget, logging, was too expensive for our budget. AlienVault United Security Management allowed us to meet the other needs of SIEM, threat detection, HIDS, and vulnerability management less than most of the other products charge for logging.,Integrated product - AlienVault does a great job of bringing the varied product functionality together and provides a centralized view of security throughout our company. Support and Training - We chose to implement AlienVault ourselves and took the training class with implementation assistance. Both helped in learning the product and allowing us to be able to administer, use and improve our use of it more effectively. Product improvements - I have found issues with the product in the short time I have been using it and then seen product updates shortly thereafter that included the fixes we requested.,Plugins for data could use some improvements. Newer plugins and a more user-friendly way of creating them rather than writing regex would greatly improve the ability to add additional data sources. Documentation can be improved. The knowledge base and help are being redone and they have yet to catch up to the latest version. They provide some help but need to add detail for advanced troubleshooting. Forums can sometimes be helpful and the support also is helpful.,10,LogRhythm, WhatsUp Gold and Splunk,I have not seen another other products that do what AlienVault Unified Security Management does. It is the central view into our security stance and provides an easy to use method for detecting and finding vulnerabilities and threats to our enterprise. We still use firewall and anti-virus but without AlienVault Unified Management we would not know of the threats to our network.,I spend a few minutes each day reviewing the alerts in AlienVault Unified Security Management. I also can respond to any emergencies as they come in to my email. We upgrade the product with the latest threat feeds and any new product updates when they come out. We scan for vulnerabilities monthly, allowing us to patch and fix any known issues. AlienVault Unified Security Management makes security threats and management of them actually enjoyable.,9,9,10AlienVault ReviewSecurity Event Correlation.,Notification Log Monitoring Threat Alerts Inventory Monitoring Vulnerability Scans,System Updates break features, especially Threat Intelligence Policies as well as corresponding Alerts Need to conduct more Customer Education regarding features and system updates Steep initial learning curve on getting the most out of system Getting a Support Technician on the phone when something breaks.,7,LogRhythm,AlienVault is very effective but lacks polish in the event correlation. It throws a lot at you as AlienVault has great features like vulnerability scanning, inventory and asset management, as well as monitoring. But getting the best use out of them can be a task. A better job can be done to test and push out system updates before releasing them. Updating the system sometimes breaks Threat Intelligence Policy as well as their corresponding alerts. Getting support assistance can be a pain but once they respond the technicians are great and very knowledgeable on the product. I feel there needs to be more customer education and webinars on AlienVault USM's features. I don't always feel confident that I'm getting all I can out of the system.,In a sense we have reduced some degree of the work, however AlienVault makes security events easier to manage and filter.,No,7,7,7The One Man SoCAlienvault is used across the whole organization and it addresses log correlation problems and real time threat intelligence visibility,Threat detection Log aggregation Threat exchange and enhanced visibility,Report customization Scalability Ability to easily develop custom plugins,9,HP Arcsight,Alienvault has the best threat intelligence and unified security management compared to other security technologies,The benefit of threat detection simplification was achieved...all in a bit!,Integration of all custom log sources- including txt, xml, and other flat files Correlation of custom log sources,10,9,9Don't be afraid of this Alien.The implementation of AlienVault Unified Security Management was the result of a network wide virus infection and not knowing where the virus originated required that all servers and workstations be scanned for infection. The system was deployed across the entire network for a centralized point of administration verifying network integrity and system security protocols.,Real-time access logs and scanning. Once the system was installed and configured it allowed our company to find that the network was being hit with a continued bruteforce attack. With this discovery we made a few changes for our remote users and reduced the unauthorized outside access attempts. Traffic monitoring. When first starting with the company part of my assignment was to find why the network was so lethargic. With the AlienVault system I was able to see the time periods of heavy internet and data usage. With this information I was able to determine the highs and lows of user access. OTX activity. After getting subscribed to the OTX community I was given frequent updates to the latest security threats and what to look for. To me the best aspect of the OTX activity monitoring is to know when the threat is directly affecting our network and keeping up to date on the threats.,Initial setup and administration. I came into this company after the utility was deployed and what I have found in our setup was that the ESXi environment in our setup does not scan the entire network. Having an initial setup assistance program for the installation. Asset environment. In our current configuration we have all the servers and network appliances running with static ip's or reservations from our dhcp server, this works very well in our environment. What does not work well are the machines that are part of the dhcp pool, if the machines are configured as an asset and the ip address changes the description (identity) does not follow the device. I think that if we have the ability assign assets from the MAC address would eliminate this problem as I see it. Kick-off program. As part of the service we where invited to join a kick-off event that I personally attended (virtual class actually) what I discovered from this class was a more advanced configuration than what I had expected to see. While in provided good information and virtual labs, I think if the class is a kick-off then it should be about the basic installation and configuration of the appliance. The time spent on configuring rules out weighed how to get information to be read from the sensors.,8,,I believe the best aspect of the AlienVault system comes ultimately from the community of users. The OTX activity notifications for myself provides a great wealth of knowledge that I would not get otherwise. This is my first true experience in managing a service such as AlienVault for a long period of time. The community support is a great reference for smaller IT departments that have limited resources to stay up to date with emerging threats.,Having been a product the company purchased after experiencing its first network wide virus infection, yes, most definitely. The company just was not set up for or equipped to properly handle this problem. The AlienVault appliance once configured indicated that the company was experiencing a bruteforce attack. Was this an underlying result of the infection possibly? What I do know is that without the AlienVault software showing this outside access the problem would have never been discovered. We implemented changes to the network that resolved this problem to about 95% with just 1 workstation that continued to have problems with network access and traffic problems. The AlienVault system allowed me to watch in real-time when exactly this workstation was getting hit and from where. The workstation that experienced the network congestion just happened to be the same workstation that infected the network. Without this valuable information and having limited IT department resources, I was able to commit my time in monitoring the network and ultimately finding this problem. Once removed from the network and rebuilt this saved the company hundreds of hours in downtime and loss of productivity. Definitely a saver for the company.,No,Coming into the company I work for they had just experienced a very bad network wide virus. The USM software have been in place would have helped to mitigate the infection and locate the machine faster. This service since being installed has provided valuable information on continued port scans and access vulnerabilities. We found that our AD server and SQL servers had continued port scans. Once identified I was able to make changes to the remote access ports and this stopped the port scans. Ultimately Alienvault USM saved valuable time and increased user productivity.,10,5,No,Not sure if this an AlienVault thing directly or not. Working with our consultant Shawn he was able to create a custom plugin for our QNAP Enclosure to support my sys log from the device. It was crucial for us to read these logs and since all other event logs are going into AlienVault this was an ideal situation. After gathering some info logs from the QNAP device Shane had a plugin created for me in 2 days and deployed. That was an invaluable effort on the part of AlienVault and Shane.,Real-time scanning OTX activity Easy to read dashboard,Configuring the ESXi network adaptors Understanding how to create rules Not knowing what many of the rules meant or what they do.,7The right SIEM tool for small and mid-sized organisationsWe've implemented and are currently operating AlienVault for few clients. Some clients use AlienVault to manage the security of a particular network. Another client is using AlienVault to offer managed security services. AlienVault has been improving the security visibility for our clients' infrastructure security. It helps those companies that are tight on budget for security spending. AlienVault helps us to maintain our service level agreement with our clients. After the tool is integrated with the infrastructure, it becomes easy to spot existing abnormalities.,Easy to use dashboard Based on open source making it easy to customise the deployment Cost effective OSSEC agent integration enables file integrity monitoring,Bulk sensors update Improving NIDS signatures Managing OSSEC agents from dashboard is limited and quite restricted Assets tracking,8,Correlating security events proved to be very useful. NIDS is a crucial component of AlienVault and without it one third of security visibility is hindered. The IP reputation and open threat exchange framework maintained by AlienVault labs facilitate sharing security intelligence among AlienVault users. It is possible to create correlation rules and actions based on threat intelligence information.,Yes these benefits are being achieved by continuously tuning the tool. Managing AlienVault is like any other SIEM requires continuous effort to ensure the quality and reliability of the triggered security alerts. Defining concrete use cases from the beginning is a crucial requirement for a successful implementation. It is important to keep track of the assets inventory.,Yes,Switching from AlienVault OSSIM to USM provided our operations team with the following key advantages: - Wider spectrum of security threat intelligence and commercial security feeds updates. - Product support availability. - Activating logger component to maintain a cryptographically secure repository of normalized logs. The logs stay in indexed file and can be retained for extended periods without hindering the system performance. These text based logs also don't consume disk storage. Moreover, we learned that AlienVault USM has tuned settings for system and database performance.,No,5,Yes,Best support can come during pre sales where we wanted to demonstrate how AlienVault can integrate with some technology vendor products. At that time the support team was exceptionally helpful and supplied us with the required plugins.,Scanning and adding assets Creating correlation directives Users management,Manage OSSEC agents Bulk updates for sensors tracking disconnected assets,No,8Alienvault - The Answer to Many of our Network Security NeedsAlienVault is used to provide visibility into our network traffic inbound and outbound from/to the Internet as well as traffic between our DMZ, corporate and extranet networks. Prior to AlienVault we configured a layered security design and it was sufficient for most purposes. However, we did not have insight into the actual network traffic to see any viruses, or exploits that were being transmitted within or through our network. AlienVault provided that visibility and also allows us easier vulnerability tracking. We are now able to see when an exploit is present and respond immediately and appropriately.,Exploit detection Vulnerability Scanning SIEM IDS,AlienVault is excellent at finding issues/exploits and providing the information necessary for forensics. It could be nice if instructions for remedies could be provided as well.,10,,AlienVault has been extremely effective in finding threats in my environment. From something as simple as outdated software detection to detecting an exploit or phishing attempt. It provides me with unequaled visibility into the actual network traffic. It finds exploits in transit and will send me an alarm instantly so I can resolve the issue before it has a chance to propagate through our environment. It integrates with our firewall so I gain the visibility at the edge of our network as well.,After the initial configuration and burn-in period it has reduced the amount of time we use to react to issues. We also have a greater sense of awareness and security knowing that the system is constantly scanning network traffic, analyzing server and firewall logs, etc., to provide us with the necessary information to keep the network secure.,3,1,Exploit detection Vulnerability scanning Logging,Great log monitoring.,Vulnerability resolution.,10,No,Product Features Product Usability Positive Sales Experience with the Vendor,N/A,Implemented in-house,Yes,Change management was minimal,Learning the product.,9,No,9,Yes,At one time the AlienVault system was falsely reporting that Adobe Flash Player was outdated on some of our systems. I contacted support and they contacted me the same day. They researched the issue with me and found that the newest AlienVault update would fix the problem. We installed the new update and the problem was resolved, quickly.,Vulnerability scanning Alarm monitoring,Custom logging,8Cost-effective, but you better be comfortable with the Linux command line and vi/nanoWe are primarily using AlienVault Unified Security Management to enable centralized logging and event correlation across hundreds of retail locations, as well as centralized logging and event correlation for servers and network devices in our core data centers. We thought we would also use the vulnerability scanning capabilities, but we have found the vulnerability information incomplete and the scanning capabilities inadequate for canvasing all of our remote locations over VPN.,The deployment of the OSSEC(AlienVault HIDS) agent the basic logging and event generation got us out of the gate quickly. AlienVault has a lot of out of the box parsers for popular network devices to parse system logs. AlienVault has a lot of out of the box correlation sets to generate intelligent security alarms.,The vulnerability scanning feature is basically useless for us. There is not an easy way to see which vulnerabilities are being scanned for, and I've confirmed that monthly Microsoft updates take forever (over 30 days) to get into the definitions. We need to see them in there within a couple of days. The scanning is all done remotely (no local agent-based scanning), which requires superuser credentials to be supplied to the scanner. Because we have a lot of remote locations connected over VPN, the scans repeatedly timeout or error out. We are exploring alternative products for this need. AlienVault documentation is severely lacking. When I have opened tickets with AlienVault regarding missing documentation, I am often referred to the open source project's documentation for the component they've integrated. If AlienVault wants to integrate a component and rebrand it as part of their product, they need to take the ownership of documenting how to use it within their product. AlienVault requires too much "hacking" to do anything custom. The CLI has a "Jailbreak system" mode that is required for anything outside of the most vanilla configurations. In my mind something called "Jailbreak" should not be required on a daily basis. Examples of low level config include having to create custom rsyslog.d conf files to aggregate syslogs from multiple devices to a single log for parsing. Using the Web UIs per asset assignment of a plugin isn't resource efficient. Doing any sort of custom rules or plugins requires CLI modification of multiple files and the OSSIM database. It shouldn't be that hard.,5,,I can say that the SIEM functionality is better than the previous technology I have used. I find the different tiers of Alarms/SIEM Events/Raw Logs to be effective in elevating the signal above all the noise. The alarms that have been generated in our environment have given us valid scenarios to investigate.,I would say we have achieved this benefit, but expanding the capability of the system to include new sources of information is a painful undertaking.,3,2,Centralized logging and retention. Event correlation. Alerting.,Sending syslog events from our network monitoring solution to use in directive correlations for alerting.,If the vulnerability scanning is improved and introduced localized agent based scanning, we would explore that feature again.,5,Yes,Price Product Features Product Usability,I would have wanted to see a more extensive proof of concept or pilot demonstrating how the product would handle particular systems or aspects of our environment.,Professional services company,No,Change management was minimal,The big deliverable was to enable log collection and event generation of our Meraki MX appliances and Cisco SF300 switches, neither of which had a built-in plugin. We spent all of our professional service hours having to build custom rsyslog conf files and plugins for these devices.,5,6,Yes,When we encountered an issue with an upgrade, AlienVault support was able to connect remotely and resolve the package dependency problems to allow us to complete the upgrade.,I can't say any of them are. Documentation is so lacking and there are not a lot of helpful hints within the UI itself.,I would have to say all of them. Again, lack of documentation, tutorials, etc., coupled with the lack of any sort of help indicators within the UI makes this very difficult to use without training. And then there is all of the undocumented command line work...,No,2AlienVault USM- Beginning ThoughtsWe are currently using AlienVault Unified Security Management across our entire enterprise. We are using it to correlate and store logs from all devices to monitor for network and host intrusion detection. We also use it to do our vulnerability assessment, as well as our network inventory. It's part of our layered approach to security monitoring.,The AlienVault NIDS has proven to be very valuable in helping us identify traffic on our network. It has identified unauthorized traffic that was going out of our network. The alarms generated from our realtime events have helped us to respond to and track our responses. It has helped us with change management with realtime updates to any changes in configuration.,Inventory is terrible. Expect to spend some time fixing details on your inventory. This is particularly frustrating as often vulnerabilities are tied to specific versions of Windows or software. I mean there is a world of difference between Windows 7 and Windows 98. Its inability to differentiate is a big issue. I would like to see the alerting functionality improved. Such that if you see an alarm that you want to be notified about every time it happens you can just right click on and say alert me next time this event happens.,8,AccelOps,So far it has been very effective in alerting us to security threats. It has helped us to identify scanning hosts on our network as well as any host which attempts to contact unauthorized outside the host. The continuous monitoring and notifications has helped us to filter out the noise from real issues.,We achieved this benefit almost immediately. The directives that it comes with out of the box have been essential to our network monitoring program. As we continue to customize it to our environment we feel this will only continue.,2,1,Network intrusion detection Host Intrusion detection Malware/Trojan/Etc. detection,We've used it to validate some of our Regulatory requirements. as In we performed this exercise was AlienVault able to detect that activity We've used for network change management. When It makes a change Security is notified and IT has to signoff that they made the change.,IF they ever get the asset discovery to the point where it's accurate, we can see using it for inventory. We would like to use it to alarm us when a new piece of equipment is connected to the network. I suspect that is in there already. Haven't figured out how that would be accomplished yet.,8,No,Product Features Product Usability Third-party Reviews,If I had to redo it again I probably would end up picking AlienVault with all things being the same with AlienVault and it's competitors.,Implemented in-house,No,Change management was minimal,Training and approvals,10,Yes,8,No,I was having an issue where after i Upgraded to 5.1.1 where the video vanished. You would boot up see the bios and nothing after that. It turned out to be a Bug in 5.1.1 and 5.2. I opened a ticket and within an hour I believe i had a tech on the phone and he knew exactly what the issue was and the workaround. The speed to resolution was frankly amazing.,The directive events are fairly easy to adapt to your environment Deployment of HIDS was very simple. This is in a windows environment,The asset discovery is particularly cumbersome as it's inaccurate, and you end up spending lots of time fixing it. Vulnerability assessment caused many issues with our printers. We ended up having to skip our printers and the way to do that is very cumbersome. instead of being able to say exclude these IP's you had to only include the IP's you wanted inventoried by listing the subnets xxx.xxx.xx.xxx/xx you wanted included.. a lot of /32's,No,7AlienVault USM good for your business?We are currently using AlienVault Unified Security Management for our infrastructure security needs. Both our servers are end users and are being scanned with the OpenVAS integrated scanner. All traffic is being analyzed from our Palo Alto firewalls and all servers have the FIM agent installed. We are also using the system to store net flow data.,Traffic Analysis OTX feed intelligence File Integrity Monitoring Threat Scanning,Asset Management depends too much on DNS Threat scanner could have more functionality,7,McAfee Nitro and RSA enVision,The AlienVault USM is a bit more simplistic in detecting and correlating events. The end user can add more "advanced" functionality, but must do so themselves within the "intelligence" tab. There is currently no easy way for other third party integration, as the API is mostly undocumented.,Once you have created your correlation events, the AlienVault USM can reduce the amount of work needed in detecting security events. A few common problems we have had to overcome was the built in openVAS scanner generating hundreds of alerts from itself. Another large project involved us setting up additional correlation events for products not initially understood by the SIEM.,2,2,Log Analysis File Integrity Management Threat Scanning,Alerting on large file transfers from net flow,Asset Management Enhanced Threat Management,5,Not Sure,Support is great for the USM product. Scalability is the best key feature you receive when official support is purchased. Additionally, if a plugin or an internal process breaks support has the ability and knowledge to update and fix all aspects of the product. This was very useful to us, when a database table needed to be fixed.,Price Product Features Positive Sales Experience with the Vendor,At the time the AlienVault system was the right choice as it provides an easy transition to an SIEM product without the high prices and complicated setup. During our decision process no other vendor provided us with actual techsupport during the POC process. I would not change my decision from a year ago. The newest version of AlienVault 5.x has vastly improved the capabilities of the SIEM with speed and usability improvements.,Implemented in-house,Yes,File Integrity Monitoring -- Agent Rollout Disk IO during logger rollout,6,Online training In-person training Self-taught,5,8,The key to the system is logging sources, enabling the plugins and watching the data flow into the SIEM is quite easy. The asset management setup was easy; just identify your networks and set up a basic asset scan all in a wizard like approach. The other easier setup was an unauthenticated scan of your internal networks, as most of the information provided in the asset scan is used to set up a threat scan.,4,The best recommendation would be to understand the correlation (called intelligence) menu. Without further customization the AlienVault USM will only have limited functionality for alerts. This really isn't a knock on AlienVault as many of the other SIEM vendors require high touch analysis configuration. Another recommendation would be to understand and properly size your AlienVault USM, without doing so could lead to missed or late arriving events. Sensors can help distribute the load.,No - there is no facility to customize the interface,Yes - we have added extensive custom code,We have done some customization via the command line, such as puppet and net flow parsing. This unfortunately means we can not upgrade the system as easily as we would like. This is also true for many of the other SIEM providers, but it would be nice to see the AlienVault USM be more friendly towards customization.,Yes,10,No,We currently have an issue with a firewall sending too many "events per second". The tech support person did a lot of research on how to remediate the problem and took it upon himself to escalate the ticket to the developer team. We now have a phone call lined up with a developer so he can better understand the problems we are facing with a single source of too many "events per second".,Reviewing Alerts Dashboard graphs File Integrity Monitoring Menu systems Threat menu and scheduling OTX maps,Netflow setup Advanced Threat Management Asset Management File Integrity agent setup Correlation Event setup,No,7,3,6,7,SocVue software ELK (elastic search, logstash and kibana),,File import/export API (e.g. SOAP or REST),1,My overall opinion as of AlienVault USM 5.2 is to not integrate with other products. As long as you stay within the painted lines, the AlienVault USM works quite well for most of our needs. For advanced correlation you might need to look elsewhere or put in additional feature requests to get a real documented API in a future release.,9,8,Our terms for training and price were met with very little bartering. It is nice to get some online training thrown in with a large purchase of your AlienVault USM it can help the on-boarding with new employees. The overall purchase was discounted fairly and did not require us to spend weeks haggling over price.,We are completely satisfied with the AlienVault sales team. I would just recommend being honest with them with timelines and prices, I am sure they will work with you to make the AlienVault USM happen. At certain times of the year (year end) the discounts could be higher, so it could be worth the wait!,Yes,Performance Dashboard Log Analysis,Documented API Asset management Better plugin correlation support,Yes,NoAlienVault is a very good investmentIt'a very good product to manage and monitor the network. It's very powerful; it has to be well configured. The support is available to help if needed! It helps to better understand what happens on the network as well.,Monitoring: The possibility to monitor all devices of your network with SNMP management Vulnerability scan: Very simple and powerfull feature. It scans your network and gives you all device vulnerabilities on your LAN. Nagios module: Integrated Tools in AlienVault Unified Security Management Platform. Very useful to have all theses tools in one place.,False positive: there are still too much false positives detected when we use the alarm module. A lot of packets are caught in severity medium or high but are not threats. It is just standard traffic.,9,Nagios,AlienVault has proved today again how effective the threat intelligence tool is. Despite the false positive alerts, AlienVault put the finger on attacks and threats. It gives you details and network captures about the attack. It is very useful and efficient to work with AlienVault.,In our case, it didn't reduce the work, but now we can do things that we couldn't yesterday without AlienVault. Every time there is an attack, with AlienVault we have traces and capture that we can analyse to have more knowledge about what happened and how to prevent future attacks.,2,,Security threats Log tracks Alerts,To generate attack list before the weekly security meeting,Alert every time there is a change in AD or in the firewall,8,No,Price Product Features Product Reputation,No change.,Implemented in-house,Yes,Change management was minimal,Configuration on our infrastructure,5,Online training Self-taught,8,According to me, minimum training is inevitable.,9,If there is more than one person using AlienVault in the company I would recommend writing "best practices" documentation to do things the same way.,No - we have not done any customization to the interface,No - we have not done any custom code,I haven't really done any customisation so far. But I certainly will.,7,Yes,List the past attacks,Sending an email with understandable details of the event every time it happend,5,7,7,8,Active directory Firewall Switch,SNMP traps of all network devices,Single Signon,2,Do the training before you use it.,9,8,Price,Yes,fix glitches,fix the glitches still not fixed.,No,NoPurchased & Installed for ComplianceWe use AlienVault's UTM to help with our PCI compliance. We need a system that can centrally receive and inspect system logs, as well as run 'FIM' (file integrity monitoring) and provide an alert when something out of the ordinary occurs. AlienVault also has a built-in vulnerability scanner 'OpenVAS' that we use to scan for vulnerabilities within our Windows and Linux servers.,Overview of Log information from multiple sources (Trends, frequency, types) Vulnerability scanning Ticketing and Alerting,Extremely hard to set up Hard to configure log filtering,6,,This is the first security tool that I've used of this type.,We are now spending more time on detecting and identifying threats than before; however AlienVault has given us new analysis tools and visibility that we simply did not have prior. We hope that AlienVault would alert and bring to our attention any usual activity within our systems, but I would not be confident in saying that it would definitely detect an intrusion.,2,2,Central log collection Log & event analysis Alerting File integrity monitoring,Network Intrusion Detection System Vulnerability Assessment,10,Yes,9,On one particular issue I wanted to do something that wasn't strictly supported, but the support agent gave me their 'unofficial' solution anyway - and it worked [like] a treat!,Looking at log files received by the system Vulnerability scanning System Updates,Setting up Alerting Generating Custom Reports,4Fantastic All in One security solution at an incredible price pointAlienVault Unified Security Management is being used for information technology security management for the entire organization. The solution provides us with network and host intrusion detection services, intelligent security event correlation, asset availability monitoring, scheduled vulnerability assessments, security log management and archive, net flow monitoring and security reporting.,Value far exceeds the price. Excellent customer service and support. The product walks you through addressing placing values on assets and implementing the proper controls. The product does what it claims it can do.,Product documentation could be more streamlined and easy to use, however, in the short time I have used AlienVault Unified Security Management there seem to be constant improvements. To take full advantage of the solution, it helps to have some experience on the Linux platform, however, the product as delivered provides a solid security management platform with an intuitive GUI interface and AlienVault support coupled with their initial setup support services does a nice job of filling in the gap if you do not have that skill set in your organization.,10,,AlienVault provides a single "goto" interface for all security related events on our campus. In addition, it has provided an interface not only for security staff to investigate threats, it has also allowed our help desk staff the ability to troubleshoot things like Windows account lockouts. We continue to use our much more expensive IPS since it is still under contract and AlienVault continues to detect legitimate threats that the other IPS missed. Unfortunately we paid much more for a device that has limited functionality when compared to the AlienVault Unified Security Management.,We have definitely achieved this. We now have a single pane of glass to use for network security threat management. It is amazing how much information the solution can handle. We push syslogs from all of our windows systems, switch gear, firewalls, wireless controllers and the AlienVault is able to process and normalize those events for possible correlation and alarm creation and for archival purposes. It does this while monitoring traffic on multiple segments, monitoring availability on critical assets, performing scheduled vulnerability scans and asset discovery and much more.,3000,2,Security Event Management Log Management Reporting Incidence Response through the builtin ticketing system,We never dreamed we could us it to consolidate syslogs for so many different systems. We were able to retire another system that was used for availability monitoring. Help desk staff are now empowered to investigate account lockout issues in much more detail.,As the user community and AlienVault's staff develop additional plugins, we will surely be able to integrate new systems with the product.,10,Yes,Price Product Features Product Usability Positive Sales Experience with the Vendor Third-party Reviews,Think outside of the box and consider smaller more specialized companies that are innovative and customer service focused.,Vendor implemented Implemented in-house Professional services company,Yes,Change management was minimal,AlienVault gave us more than enough consulting hours so that we were able to use the system in production and accumulate any problems/question to be worked through during the next scheduled consulting session,10,Online training Self-taught,10,Personally, coupling my own hands-on experience with training offers the best ROI with AlienVault. AlienVault included some good training with our purchase of the USM product and then we decided to the next level of training which was excellent as well. Getting some experience prior to the training worked best for me.,9,Yes,10,Yes,I had a problem with major code upgrade where the system stopped responding in the middle. A time was scheduled where the technician spent a lot of time getting the system functional again. He then escalated the case to a developer who them when through the system again just to make sure everything was perfect. I was impressed with how much they cared about a small campus like us having their product functioning absolutely perfect.,Alert Management Interface It is easy to see the security posture of your organization at a glance Reporting,Sending system backups to another system for DR purposes Querying the Events can be a bit clunky but you get used to it,8,10,10,10,10,10,In our case there was really no negotiation.,None at this time
Unspecified
AlienVault USM
547 Ratings
Score 8.1 out of 101
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>TRScore

AlienVault USM Reviews

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener noreferrer'>Customer Verified: Read more.</a>
AlienVault USM
547 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 8.1 out of 101

Do you work for this company?

TrustRadius Top Rated for 2019
Show Filters 
Hide Filters 
Showing 24 of 548 AlienVault USM ratings and reviews.
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role

Reviews (1-24 of 24)

Companies can't remove reviews or game the system. Here's why.
Farakh Hussain, CISSP, CISM, CEH, ISO LA, MCSA profile photo
December 28, 2017

Aliens to the rescue!

Score 9 out of 10
Vetted Review
Verified User
Review Source

Support

7
I believe they can do a better job at understanding the problem via a phone call when a support ticket is created, rather than going through email. It would help to resolve issues quicker and provider better customer satisfaction.
Read Farakh Hussain, CISSP, CISM, CEH, ISO LA, MCSA's full review
Philip Clarke profile photo
Score 10 out of 10
Vetted Review
Verified User
Review Source

Support

8
Support was initially slow but once engaged resolution was fast and efficient.

Additional support on other topics was also resolved under the same initial call which helped rather than closing the call off and starting again.
Further check backs were carried out before the case was closed so support was very useful throughout.
Read Philip Clarke's full review
Mikhail Suleymanov profile photo
Score 9 out of 10
Vetted Review
Verified User
Review Source

Support

10
I have not had a single issue with the alienvault support staff. Any issue or question that we had, especially in the beginning during the installation phase the support staff was readily available via phone and email to help us. I am very happy with the decision we made to go with alienvault.
Read Mikhail Suleymanov's full review
Chuck Bardram profile photo
Score 9 out of 10
Vetted Review
Reseller
Review Source

Support

9
I find their support to be excellent. From the FAQ's to the tech docs, it is very easy to resolve most issues. The few times we worked with a support technician, they were always quick to resolve our issue. We are very pleased with the overall level of support!
Read Chuck Bardram's full review
No photo available
Score 10 out of 10
Vetted Review
Verified User
Review Source

Support

10
The support we received from alienvault was excellent. They went above and beyond in making sure everything was working as it needed to be. They REALLY want their product implementation to be a success and our security goals be achieved. They are like a member of our security team.
Read this authenticated review
No photo available
Score 6 out of 10
Vetted Review
Verified User
Review Source

Support

3
Support is friendly but response time has been spotty. Also initially when we signed up there was a lot of pointing us at the documentation, which has been spotty and ad-hoc for what is supposed to be a commercial product. Overall the feel of AlienVault and the support has been of a very new and startup company that is trying to grow up out of it's open source roots, and I'm not sure if they've totally been able to make the transition to being able to meet the expectations of the enterprise customers.
Read this authenticated review
No photo available
Score 9 out of 10
Vetted Review
Verified User
Review Source

Support

7
Have had good support and have had poor where they just want to direct you to pay for consultant services or training. Usually the support rep is pretty good and works to resolve/answer the issue/question, but a few times they have not been willing to look into it very far and push off to services/training.
Read this authenticated review
No photo available
November 30, 2017

AlienVault Review

Score 7 out of 10
Vetted Review
Verified User
Review Source

Support

7
My experience with support has not been the best. Support is quick to auto respond to issues and allow remote support to Alienvault USM. However it is hard to reach a live support agent and get someone immediately. Needs work on response time and follow up resolution.
Read this authenticated review
James Ellsworth profile photo
Score 8 out of 10
Vetted Review
Verified User
Review Source

Support

5
I have a 50/50 rating on this because they have been helpful in one aspect but not in another. They seem to be fairly responsive to requests, but like with my most recent request no solution offered. that is not truly a fair statement, but rather no solution unless I agree to pay additional fee's. From conversations with both our sales rep and another representative they both indicate that we have 3 years of extended support, but the problem reported to them is not covered under our support agreement.
Read James Ellsworth's full review
Bilal Al Sabbagh profile photo
Score 8 out of 10
Vetted Review
Reseller
Review Source

Support

5
Based on previous experience we had to explain and demonstrate the problems several times; fixes takes long time to be implemented and rolled out to end users. Several times we had to guide the support contact to fully understand the problem.
Read Bilal Al Sabbagh's full review
Ledan Patrick Masseus profile photo
Score 8 out of 10
Vetted Review
Verified User
Review Source

Support

8
I have extremely favorable support for the live people
support. They seem to know the product well in addition to knowing the actual underbelly
of a product such as AlienVault. I took two spots away as I find the online
support to be lacking. Almost any search takes you to the forums, where it's
mostly a miss. And searching for what one suspects is a bug is never there, but
you call in and it's, ‘yeah that's a bug and here's a quick workaround or
solution.’ so yeah for live support .. boo for the online based support/doc.
Read Ledan Patrick Masseus's full review
No photo available
Score 7 out of 10
Vetted Review
Verified User
Review Source

Support

10
Every time we have opened a ticket with AlienVault they have managed to get us an answer. At times they are not what we want to hear, but I do appreciate the "drive it home" attitude of tech support. I believe the other SIEM competitors could learn a lesson from AlienVault.
Read this authenticated review
No photo available
Score 6 out of 10
Vetted Review
Verified User
Review Source

Support

9
They seem to really care, and take my questions seriously. I've never been left without a response and they track issues really well. In addition they can dial-in to our system and perform remote diagnosis.
Read this authenticated review

Feature Scorecard Summary

Centralized event and log data collection (1)
8
Correlation (1)
8
Event and log normalization (1)
8
Deployment flexibility (1)
7
Custom dashboards and views (1)
6
Host and network-based intrusion detection (1)
7

About AlienVault USM

AlienVault USM Anywhere is a cloud-based security management solution that promises to accelerate and centralize threat detection, incident response, and compliance management for cloud, hybrid cloud, and on-premises environments. The vendor says that USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physical IT infrastructure.

USM Anywhere aims to help you rapidly deploy sensors into your cloud and on-premises environments while centrally managing data collection, security analysis, and threat detection from the AlienVault Secure Cloud.

Five Essential Security Capabilities in a Single SaaS Platform

AlienVault says that USM Anywhere provides five essential security capabilities, giving you everything you need for threat detection, incident response, and compliance management, within one platform. With USM Anywhere, you can focus on finding and responding to threats, not managing software. USM Anywhere can readily scale to meet your threat detection needs as your hybrid cloud environment changes and grows.

  1. Asset Discovery
  2. Vulnerability Assessment
  3. Intrusion Detection
  4. Behavioral Monitoring
  5. SIEM

Try USM Anywhere in your environment—free for the first 14 days.
www.alienvault.com/products/usm-anywhere/free-trial

AlienVault USM Features

Security Information and Event Management (SIEM) Features
Has featureCentralized event and log data collection
Has featureCorrelation
Has featureEvent and log normalization
Has featureDeployment flexibility
Has featureIntegration with Identity and Access Management Tools
Has featureCustom dashboards and views
Has featureHost and network-based intrusion detection
Additional Features
Has featureAlienVault Open Threat Exchange

AlienVault USM Screenshots

AlienVault USM Videos (2)

Watch AlienVault USM Anywhere: Five Essential Cloud Security Capabilities in a Single SaaS Platform

Watch See How We're Pushing the Outer Limits of Security

AlienVault USM Downloadables

Pricing

Has featureFree Trial Available?Yes
Has featureFree or Freemium Version Available?Yes
Has featurePremium Consulting/Integration Services Available?Yes
Entry-level set up fee?Optional

AlienVault USM Support Options

 Free VersionPaid Version
Phone
Email
Forum/Community
FAQ/Knowledgebase
Social Media
Video Tutorials / Webinar

AlienVault USM Technical Details

Deployment Types:SaaS
Operating Systems: Unspecified
Mobile Application:No
Supported Countries:Global