Reviews (1-25 of 210)
- The integrations are very end-user friendly.
- The user interface is fairly intuitive.
- The PCI reports are extremely time-saving.
- The cross-platform compatibility makes hybrid environment management much easier.
- The "Agent" has caused many problems in our environment.
- The AlienVault server seems to get overwhelmed quickly and could use an option for greater scaling for larger installations.
- The documentation is often lacking on details. The documentation often covers what specific steps to take but does not cover why or how certain items work.
- The user interface is missing many features for bulk/large-scale operations. Such as the ability to close more than one page of alarms at once.
- The "report false positive" does not provide a way to easily remove items so they still show up in audits.
- There is no way to reconfigure many checks to avoid false positives.
- The system lacks transparency for many security or infrastructure operations.
- AV is very customizable. We can set up many built in rules and alerts which saves time but can also be extremely granular to properly scan our unique network.
- Great technical support. When I need assistance setting up a new sensor or target scan, AV engineers are there to assist and get me on track.
- Although the interface shows a lot of development and thought put into it, there are some buggy issues at times with simple form submission and web navigation.
- Initially setting up Alien Vault in our environment was challenging and there was a lack of support around the “hardware level” meaning our VMWare environment.
- Ability to tune alarms and events to your liking. Very easy to get rid of false positives that are known in your environment, and create actionable alerts for legitimate alerts.
- The simplicity of the dashboard. Everything within Alienvault is easy to navigate and configure. From sorting logs to creating new users, the layout is natural and easy to figure out.
- The Architecture of the SaaS deployment went smoothly and is very simple and expandable. Very little to worry about on our side with great results.
- Support response time and incident handling have some room to improve. We had major issues with a sensor, and it took several days to get a response. Once we got a response the issue was corrected, it just took a while to get our engineer on the phone.
- Small bugs in the way that the syslog packets are read and normalized. Reading the time in the packet wrong has been the biggest issue we have found so far that is without a solution.
- Complicated Architecture to fully use the product. Requiring port mirroring to use the IDS portion of Alienvault is quite challenging when dealing with a large network size and diverse locations such as ours.
- It is good at doing internal scans of end-user devices to find vulnerabilities without the need of installing an agent or client on each device.
- It is good at being a log server. A place to send logs for all of your networking devices, such as switches, firewalls, and other solutions that accept log servers.
- Its ability to collect logs from Barracuda solutions needs heavy improvement. How it collects and organizes the data isn't very useful.
- The end device client, which is optional, and can be installed on any device you want to collect more data from, has compatibility issues with quite a few products we use, and anti-virus software in-particular doesn't like it. We have also had some performance issues with devices the client is installed on.
- The way collected data from all devices and locations is presented to the user in the web portal is not as user-friendly or as clean as it could be. It tends to show too much useless data and too many categories, making it easy to miss the important parts.
Our environment is complex and stretched across many physical offices. This limited how we were able to use AlienVault. We are not currently able to use or enable all of its features. In a simple network infrastructure, AlienVault would do much better.
Note that the cost of the AlienVault product itself will most likely not be your only costs. It will require your network engineer(s) to spend multiple hours configuring or re-configuring your infrastructure to make some of its features work, such as mirror ports and virtual hosts to collect all network traffic from your core.
For instance, our firewall solutions do a much better job at logging and providing real-time alerts of issue and attacks. Our SAL monitoring solutions provide uptime and performance that is outside the scope of features for AlienVault.
- AWS integration.
- Google integration.
- Asset grouping.
- Incident-automation with ServiceNow.
- Knowing software versions and asset information, we should be able to know the vulnerabilities as they come out without having to rescan the inventory. A rescan could be done to validate the info is still true (about versions and stuff), but instead of va-scan being the vulnerability "informer", you could check when a new vulnerability comes out - if we had this software/service configured somewhere.
- Malware protection? I'm honestly not sure as there's not a lot that AlienVault doesn't do :)
- AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the cloud) is quick and easy.
- Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response.
- USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice.
- With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon CloudWatch Logs.
- We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.
- More data tiers - something between 250GB and 500GB tiers, maybe break it down into 100GB tiers?
- Integration with OpsGenie would be great.
- AlienVault USM has very strong documentation. They really do not try to push professional services but really offer you the opportunity to try and buy the product and work through the documentation to implement on your network.
- AlienVault USM's dashboard is easy to use, highly customizable and quick to report (without issues) any of the parameters you set up. The dashboard is intuitive and responsive!
- AlienVault is easy to scale and deploy. Its soft license platform allows you to deploy additional agents and secure elements of your network at close to a moments notice!
- AlienVault's Dashboard is very strong but does take some time getting used to and customizing. The reporting functions and proactive reporting is a great tool but takes plenty of time to learn and get right. It could be difficult but if there was some out of the box wizard engine that could get some reports up and running fast it would be helpful.
- It would be great to see the USM product compare against other similar environments or industry benchmarks to notify us even if we do not have the threat to our network. It would be a huge value added to understand how, why and where other networks that are part of the USM family are hit.
- Access to the cold storage of logs for AlienVault is a bit confusing. It would be a huge addition if we could dump all the logs locally and have an easier searching tool for such logs. It seems it is not just AlienVault but most companies now want them to use their storage, not local.
As the Chief AlienVault engineer within the company the product has had its ups and downs, And requires a good amount of knowledge with regards to Linux, and the many smaller components which make AlienVault what it is (e.g. rabbitmq, MySQL, openvas, ossec, NAGIOS, Ansible, NMAP, etc. etc.). To really get any worth beyond what AlienVault provides "out of the box", And you may find your head against a wall occasionally with support as they may be slightly inexperienced in some regards (but this can be said about any product if you support it long enough).
With that said, It excels in every single possible task you may throw at it as a security appliance, There really isn't much else like this SIEM that gives you a nice top-down view of what's going on within your network. Very good value if you're just using something simple like this for basic necessities such as raw log management, and event escalation.
- Log management - Out of the box, Alienvault already comes with a ton of plugins for a lot of industry standard names (VMware, Cisco, Brocade, Microsoft... ) with automatic categorization.
- Vulnerability Scanning - With a consistently updated threat-Intelligence database, this is invaluable to highlight some of the weaker points within your network. Maybe that newbie you hired left the default credentials? Maybe a new patch was pushed out for a piece of hardware or software you use that is a serious issue?
- OTX - The Open Threat Exchange which AlienVault manages and updates is fairly consistent with making sure that outside of the updated directives events which are available to the appliance to correlate with the data you receive from the devices you are monitoring from within your network. For example, checking if an outbound firewall log has information on an asset communication with a known malicious server, or if you have files on that very asset or another asset which match hashed values showing that the server may have been potentially compromised.
- Support - The support is the *WORST*!, They take a *VERY* long time to respond, and half the time they're just skimming over the issue instead of actually asking questions to be better informed!
- Buggy Updates - I've had my fair share of issues with the USM Appliance that have either been through updates or oversights from AlienVault's end that have either left the appliance in a degraded or broken state. The most recent 5.6 Update left a lot of people hanging due to failed database upgrades. YOU WILL NEED LINUX KNOWLEDGE IF YOU PLAN TO TAME THIS BEAST.
- Complexity - A lot of people start out with AlienVault and stare like a deer in headlights at the amount of drop-downs and different pages and menus available. While, Yes, AlienVault is a very technically complex package as it's based on many different working components that work with each other. A lot of this data can be more easily presented to the end user. And quite a bit of the documentation on their website is actually out-dated. But then again, managing a SIEM is a full-time job - you hire one person to do *Just That*.
In a post-threat scenario? AlienVault should give you a good overhead view of whodunnit, it's just the time it may take to piece together that data may take a while depending on what logs you are sending to it, and how chatty it is.
- AlienVault makes following real-time threats very simple with its graphics interface.
- AlienVault is also easy to work with, and customer support is great.
- AlienVault works mainly automatically, which makes using it easy. If it required too much effort, the software tool would be replaced.
- The logs of AlientVault are harder to read through than other logs.
- Support is good, but not great.
- Resources for using the product could be made easier to search and understand.
- Single pane of glass solution for on-premises as well as for cloud environment.
- In-built Vulnerability Assessment.
- AlienVault's OTX community direct coNnectivity and sync for tool.
- New End point threat hunter by OTX.
- Process speed
- Have a better NetFlow visibility
- AlienVault USM Anywhere has a modern, user-friendly, and intuitive GUI, making it easy to use.
- AlienVault USM Anywhere is a cloud-based solution that is easy to deploy and easy to scale as well.
- On top of having built-in support with several technologies, AlienVault USM Anywhere has an API that allows you to develop additional plugins if necessary.
- Although they use machine learning, the algorithms that they use are graph-based. Their AI/ML capabilities could be improved a bit.
- The solution provides some compliance reports, but it does not generate reports with information such as... how many of what type of event happened this month. You can see this information on the dashboard, but it would be nice to be able to generate a report automatically.
Vulnerability Assessment and Remediation.
Threat and Malware Detection.
Log Management, Monitoring and Archiving.
Compliance Monitoring & Reporting
Being able to cover all the above aspects in one screen considerably reduces time and lets not forget money to quickly and effectivly solve security issues within the company and implemt fixes and reports as needed.
- SIEM - Real time logs allow you to quickly drill down into current issues in your network and filter out any noise
- Alarms - The alarms page shows all the current environmental awareness on the network and a quick report and ticketing system allows for ease of use. This again saves time and make you more effective at resolving issues and the ability to pass the tickets to the relevant department.
- OTX - The open threat exchange integrations enables the USM to use all the latest threat indicators to correlate against incoming threats without the need to manually add rules to your USM.
- Apps - AlienVault integrate with many apps already but there are plenty more to be added to allow further integration with other products.
- More ability to filter logs form other security platforms
- Enables integration with readily available software currently in use.
- Easily customizable to allow reporting for different functions and users within the organization.
- Reporting function for vulnerabilities as a check and balance with other tools utilized.
- Further integration with Enterprise tools.
- Rapid growth of product has led to some issues with implementation of alerts and false positives.
- Ability to report as needed takes some time for focusing and testing of reports.
- Vulnerability scanning
- Network Intrusion Detection
- Log collection from a variety of products
- Support is not very fast to respond and their resolutions are weak.
- NIDS support with Cisco UCS
- Feature Request: automatic report processing for which the report is emailed
- AlienVault is great at providing a single dashboard to view into all of your security products in one place
- Alienvault has a powerful intrusion detection system
- Alienvault does a great job of collecting security data from a hundreds of different sources/vendors
- Alienvault is complicated. To install and configure it properly you will need to be a seasoned security professional. I am a Sys Admin guy and I needed help.
- Alienvault USM can be a bit too "chatty" , alerting you to so many things out of the box it seems like a full time person is needed just to manage the alerts. It takes a while after implementation to finally get the alerts down to the correct level.
- Alienvault USM "Plug Ins" are sometimes a little flaky
Review: "AlienVault USM - A worthwhile SIEM platform that delivers value in the first days of usage"
- Threat intelligence
- Centralisation of logs and events
- Event management
- Integration into SaaS first ITSM platforms for better workflow
- GDPR compliance dashboard (to show potential breaches and resolution specific to sensitive data that has been classified and tagged)
- Native integration with SMS services for event alerting (such as a detected cyber attack)
- AlientVault can provide a lot of detailed information on each incident and can verify live from AT&T Labs.
- The detailed information that the system provides makes it much easier task to pin down the issues and resolve them accurately.
- HIPPA and PCI compliance with AlienVault is a much easier implementation than other products on the market currently.
- Assets discovery from static has to improve.
- Tagging, labeling, and remote agent install needs to improve.
- Log monitoring
- Centralized Reporting
- While it is fairly good, the integration with various IT systems could always improve - support more products and provide better documentation for tying them to AlienVault.
- The cost does jump quickly. While we've found AlienVault to be affordable for our small size, I would hope that the product continues to be within our reach for everyone's benefit.
- AT&T's ownership remains a concern. They do not have the best track record.
- It clearly displays all information in an alarm/event
- Very customisable for any needs you may have
- Great support team who are easy to contact and great when helping
- You need a high level of Linux knowledge to be able to use AlienVault to it's fullest potential
- The USM can be quite fragile and crash unpredictably
- Multiple bugs in the backend mean you need to bypass some functions/actions
- Vulnerability Scanning is a great feature of AlienVault USM. It is a very powerful tool for securing your infrastructure, and it is comparable with other very big solutions in this market.
- Great view, great AlienVault Labs, a huge number of plugins and correlation rules, and it grows every day.
- NIDS - great module with up to date rules for almost all types of malware.
- Source IP = 0.0.0.0 The biggest hole in AlienVault. If in Syslog, there is no IP address, but hostname - in events we don't see src IP, just 0.0.0.0. This is really bad, it needs to be reconfiguring regex in all plugins.
- No information about AlienApps is provided in AlienVault USM anywhere in Essentials. We know that in the standard license we have all, but there is no info about it in Essential.
- More features for availability, monitoring. More dashboards that we can use in this module. We have Nagios on board, so let's use it with a graphical interface!
- AlienVault enables integration with external technologies, thereby broadening its scope and possibilities.
- AlienVault has a dashboard customization and reporting scheme that makes it flexible to query your data, allowing you to model the tool according to your needs.
- AlienVault will make you forget the need to consult some information on AWS Cloudtrail. It extracts the data from there and delivers in a much more efficient way.
- With a single tool you can monitor your cloud and on-premises environment.
- Their commercial policy on stored data makes you need to filter out some information before it is stored.
- Their new agent does not allow you to create local filters, which can easily lead to the overrun of monthly contracted storage limits.
- It does not allow you to create log analysis plugins. If it were allowed, it would be possible, for example, to create a plugin for analyzing the logs of an application created by your company.
- Deployment and Integration pretty easy and straightforward whether in AWS (Cloud) or the on-prem environment.
- Log aggregation, collection rules/Jobs easy to create.
- Notification s component working very well
- AWS Integration: in particular, monitoring of AWS resources is far away from ideal
- Vulnerabilities scanner requires root and administrative privilege in localhost, which is not acceptable.
- The sensors themselves generate millions of requests, which creates a lot of unnecessary noise to the systems and eventually "eating" traffic and expensive storage space
- SIEM - logging. AlienVault is easy to configure on the client side, and with a couple scripts, makes deployment a piece of cake.
- Vulnerability scanning. AlienVault helps us track which systems are most vulnerable to security issues so we can prioritize patching.
- Reporting. AlienVault generates useful and attractive reports.
- Some of the documentation could be improved and go more into depth, but support is helpful when the documentation falls short.
AlienVault USM Scorecard Summary
Feature Scorecard Summary
About AlienVault USM
AlienVault USM Anywhere is a cloud-based security management solution that promises to accelerate and centralize threat detection, incident response, and compliance management for cloud, hybrid cloud, and on-premises environments. The vendor says that USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physical IT infrastructure.
USM Anywhere aims to help you rapidly deploy sensors into your cloud and on-premises environments while centrally managing data collection, security analysis, and threat detection from the AlienVault Secure Cloud.
Five Essential Security Capabilities in a Single SaaS Platform
AlienVault says that USM Anywhere provides five essential security capabilities, giving you everything you need for threat detection, incident response, and compliance management, within one platform. With USM Anywhere, you can focus on finding and responding to threats, not managing software. USM Anywhere can readily scale to meet your threat detection needs as your hybrid cloud environment changes and grows.
- Asset Discovery
- Vulnerability Assessment
- Intrusion Detection
- Behavioral Monitoring
Try USM Anywhere in
your environment—free for the first 14 days.
AlienVault USM Screenshots
AlienVault USM Videos (2)
AlienVault USM Downloadables
AlienVault USM Support Options
|Free Version||Paid Version|
|Video Tutorials / Webinar|
AlienVault USM Technical Details