TrustRadius
https://media.trustradius.com/product-logos/LF/Ap/TPOL9A2198T5.JPEGAlienVault USM: Best SIEMs to useAlienVault USM also enables you to centralize the storage of all your log data in the AlienVault Secure Cloud, a certified compliant environment. This alleviates the burden of having to manage and secure logs on-premises, while providing a compliance-ready log management environment. SIEM software solutions and log management tools provide valuable security information, but often require expensive and time-consuming integration efforts to bring in log files from disparate sources such as asset inventory, vulnerability assessment, endpoint agents, and IDS products. Once you have the data, you then must research and write correlation rules to identify threats in your environment.Advantages of using all-in-one security essentials is Save Time and Money in Integrating Multiple Third-Party Security Tools and Start Detecting Threats on Day One with Pre-Written Correlation Rules.,The USM platform provides the essential security capabilities that work together for a fast and cost-effective way for organizations to have complete visibility into the security of their environment. With the information gathered during asset discovery, USM will correlated that information with known vulnerabilities for continuous vulnerability awareness. In addition, USM contains an active scanner capable of scanning for over 30,000 known vulnerabilities. To give better visibility into your network, and possibly detect intrusions that don’t follow behavioral patterns, we offer Netflow information, bandwidth monitoring, and traffic capture, all part of our behavioral monitoring capabilities built into USM.,External threats — Coming from external attackers. The value of the asset associated with the event,7,,AlienVault is pretty featured rich compared to other SIEM solutions, but those features are mostly good, not great. There is also a growing list of 3rd party integrations as well, which can make the solution even stronger. With that said, there are other SIEM solutions that offer more flexible deployment models, have more 3rd party integrations, and offer more extensible in terms of holistically supporting the incident response process. Our organization has found AlienVault to work pretty well for us, as this is the first SIEM the business has deployed.,Quickly assess threats with automated alert prioritization.Make informed decisions with full details on every alarm, including a description of the threat, its method and strategy, and recommendations on response.Achieve multi-layered threat detection for your on-premises and cloud environments using the USM platform’s built-in host-, network-, and cloud-based intrusion detection systems and endpoint detection capabilities.AlienVault USM: one of the best SIEMsI was put in charge of getting our company NIST-800 compliant and one of the requirements of compliance is to have a security information and event management (SIEM). The company that did our gap analysis highly recommended the AlienVault USM and after a bit of research and reviews, I decided to move forward with AlienVault. I was very impressed with how simple it was to deploy as a virtual machine and how robust the interface is. This USM does everything and more. I can't wait to delve deeper into the functionality of the dashboard. The support team is also very responsive and very knowledgeable of the product.,The detailed reporting it provides Simple to deploy and install Great dashboard Excellent tech support,Offer more free training courses, either on-demand or scheduled webinars.,10,SolarWinds Security Event Manager,AlienVault USM is one of the best tools to use due to its the ability to notify you and also have very granular control of what you can view about the threats. It pins down the data need to track down any information needed to report or view from the threat and also has wonderful KB's on how to fix or resolve them.,The AlienVault USM has reduced the amount of work I need to perform by centralizing all my threats, vulnerabilities and logs. It allows me to have one central login for all my needs and information. I can also share it with anyone I need via email or save logs to PDF.AlienVault USM - A Solid Tool to Launch Your SecOps ProgramAlienVault is a great SIEM for organizations who are either new to security operational logging, and wish to purchase a sound solution at a lower price point, or those with a smaller staff and potentially IT budget that wishes to buy a solution that can accomplish many different tasks. Our use of the platform extends across the global organization. We have documented multiple use cases that we are working through within the AlienVault platform such as vulnerability management and scanning, malware detection on clients and servers, malicious network traffic moving laterally and vertically throughout our environment, etc. As is the case with any SIEM, they are only as effective as the log sources that they ingest allow them to be. We are pulling in Windows client and server event logs (filtered to specific EventID's), DNS, DHCP, AWS CloudTrail/CloudWatch logs, NIDS sensor logs, firewall logs, and are also working to integrate the solution with other corporate systems to extend its capability, such as our ITSM. AlienVault is pretty featured rich compared to other SIEM solutions, but those features are mostly good, not great. There is also a growing list of 3rd party integrations as well, which can make the solution even stronger. With that said, there are other SIEM solutions that offer more flexible deployment models, have more 3rd party integrations, and offer more extensibility in terms of holistically supporting the incident response process. Our organization has found AlienVault to work pretty well for us, as this is the first SIEM the business has deployed. Additionally, we are early on in the process of cybersecurity program development, so AlienVault's inclusion of features such as vulnerability scanning and file integrity monitoring extend its value.,Feature-rich includes functionality not typically present in other SIEM's such as vulnerability scanning, UEBA, file integrity monitoring, NIDS Simple to configure and deploy. Relatively inexpensive compared to other enterprise SIEM solutions.,While there are many features, many of them are not very advanced. Vulnerability scanning as an example is extremely simplistic and almost unusable for an enterprise organization. It's just enough to get a program off the ground. Cloud-only deployment model (SaaS) may not fit all organizations. Not all organizations are "cloud friendly". Reporting capabilities out of the box are lack luster. Vulnerability management reporting as an example does not include a single canned report.,7,LogRhythm NextGen SIEM Platform, SolarWinds Security Event Manager, Splunk Enterprise Security and IBM QRadar,Like most situations, you get out what you put in. AlienVault is not going to filter up to every malicious activity occurring in an environment right out of the box. There is plenty of work to be done to get log sources ingested in a prioritized manner, to get basic rules tuned, and to integrate it with other solutions, where it makes sense. This maturity can take years to put in place in many cases. Once AlienVault USM is set up and tuned properly and has all log sources ingested, it is very good at finding things in an environment. It requires constant maintenance moving forward however to ensure that as tech landscapes change, the alarm rules are properly configured, and new ones are added.,Our organization has achieved this benefit. We send all security-related log sources to AlienVault, to include our corporate antivirus solution, DNS security solution, Windows logs, etc. Having all of this information in a single platform offers the ability to search through disparate logs while investigating an event. The simplicity of doing this in a single platform is significant. Also, as we configure and deploy more advanced alarm or event rules, the solution becomes even more valuable in this way. Once again, its all about the time and energy that you invest in building the solution to be as effective as it can be in your environment.AlienVault USM Anywhere - Cost effective SIEM-as-a-serviceAlienVault USM Anywhere provides us with SIEM, at a low price point and with a great array of functionality. SIEM is critical to our security operations and feeds incident response efforts. We use it to monitor logs and events from our applications and server platforms, integrating many of our other security products into the flow of data into USM Anywhere, for centralized logging and event management.,AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the cloud) is quick and easy. Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response. USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice. With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon CloudWatch Logs.,We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great. More data tiers - something between 250GB and 500GB tiers, maybe break it down into 100GB tiers? Integration with OpsGenie would be great.,10,Alert Logic Cloud Insight and CloudPassage Halo,We have OTX to be a valuable source and the tight integration with USM really helps eliminate false positives. Being able to submit your own information into OTX also adds value and helps put context on threats. We sometimes find IP addresses can be out of date in OTX and linked to old threats, but it's good to see the history of what has occurred on this IP and you can go back and look for historical indicators of compromise in your data.,With a security team of 2, we are able to manage the events from hundreds of sources and 10's of applications on a daily basis and quickly filter out the noisy alerts and focus on the real events that pose a threat to us. USM Anywhere allows for quick and intuitive configuration and the daily activities don't feel like a chore and are simple to perform.Not very customizable but provides a lot of value for less.We use it to monitor security logs across our various SaaS apps. It is the central hub for our security incident program. It is primarily being used by our Information Security Department. This tool addresses our need to be able to make actionable decisions, across various SaaS platforms, from a single pane of glass.,Correlate logs from different sources into actionable intelligence. Provide an easy to use interface to interact with Alarms and Events. Integrate with our alerting tools to make sure when an incident is happening, the right people know about it quickly.,Being able to make custom plugins for internal tools. Being able to have a webhook plugin to send logs directly to the cloud appliance. Make the management of suppression rules better. Maybe include a suppression rule visualizer to make sure your suppression rule is doing exactly what you would like it to do.,8,IBM QRadar and Splunk Cloud,It is really good at this. The NIDS detects threats sometimes faster than our anti-virus solution does. Once again, for how little configuration and tuning you have to do, you are very quickly able to see actionable results compared to some of the bigger tools out there. In a previous life, this would be a much harder thing to accomplish with our small team of 4.,I think that is my main pro. With very little configuration you are able to get off to the races. Configure your tools on-prem and cloud as well as asset scanning and the NIDS and then just wait. Soon you'll be tuning the rules you don't care about in the environment and you're good to go.Immediate ROI with little out of the box configuration to get started.Alienvault USM is used by the internal IT department to monitor activity from lots of different sources across the organisation. From O365 and Azure, AWS, on-premises servers and network equipment, and others we track vulnerability status, correlate unusual activity and monitor for IOCs from Alienvault's Intelligent Cloud.,Intelligence updates from the Alienvault community and security pros. Writing of threat detection rules and ingestion parsing for different devices. Vulnerability scanning.,Asset management is done purely by IP unless using the agent. Agent installs and updates can be a bit flakey, and on occasion use lots of resources.,8,Microsoft Cloud App Security and Splunk Enterprise Security,Compared to other products we had trialled the integrated threat intelligence and vulnerability scanning provided by Alienvault UTM was very effective out of the box at being able to flag IOCs from network traffic, flag unusual login activity in O365, provide comprehensive server vulnerability scanning which we could integrate into our server patching processes.,This was the key differentiator for us when it came to AlienVault USM. It provided real beneficial ROI pretty much straight out of the box, and required very little configuration of endpoint equipment to start monitoring and alerting for significant events.AlienVault does the jobWe use AlienVault USM to monitor our AWS cloud environment and the individual assets within that environment. AV also provides us with alerting and reporting that helps us attain and maintain compliance with several standards, but, more importantly, helps me sleep better at night as our Information Security Officer. An easy to overlook benefit is that It makes it easier for us to shore up process deficiencies. We can more easily audit that we documented and approved all non-emergency configuration changes within our cloud before they are applied. We also use the AV agent to monitor individual instances for vulnerabilities and the software they run. This all gives us confidence that we are keeping our systems as secure as possible and meeting promises to keep our customer’s data secure.,Internal vulnerability scans Monitor firewall and security group changes Monitor and alert on suspicious system logs Monitor and alert on suspicious cloud watch logs,False alarms occur occasionally There is no report for only displaying vulnerabilities with an available patch. Specter class issues can only be mitigated but will remain active until we are all on next-generation processors.,9,Except for a few false alarms, AlienVault has been very effective and a great tool. I particularly like that it can alert you on S3 bucket misconfiguration and that it will generally only alert on privilege and access escalation but not deescalation. For instance, opening a port on a security group triggers an alert but closing that port later is merely logged. This ultimately helps avoid alert fatigue and keeps you on top of the more relevant alarms.,Yes. We make use of the AlienVault agent, test triggering a handful of alerts each year, and have procedures in place for responding to alerts.Thank goodness for AlienVault USMWe have deployed AlienVault USM throughout the entire organization. The IT department is responsible for monitoring and making necessary configurations. This has immensely improved our visibility in regards to the daily activities of all networks and devices. It has recognized anomalies and notifies my IT department.,Centralization of data logs makes it easier to analyze the many application logs throughout our organization. (ie. Windows logs, PLC logs, Antivirus logs, Exchange server logs, etc). Easy maneuvering with AlienVault pages as well as easy to bookmark alerts. Creating SOC on a budget especially with a smaller IT dept. Incident response. Threat detection. Compliance management. AlientVault OTX is a user community that is very helpful especially when you are curious about the alerts or to help mitigate issues that arise.,I would like more detailed ways to mitigate issues.,9,,AlienVault USM is the only siem that I've worked with. During the siem discovery, we looked at LogRythm, but it cost too much and had the same features.,AlienVault USM has slightly reduced our workload as it prevents malicious activities from spreading. With the alerts, we can quickly mitigate those issues.USM SaaS implementation for AWS and linux instancesWe use AlienVault USM across our entire organization, which includes 5 separate SaaS products. At a basic level, we use the core/default functionality of AlienVault to watch our AWS account. Beyond that, we use it to collect and analyze logs for suspicious activity. The ability to track and respond to suspicious events and document them completely is super key to our organization. The reporting functionality is key in allowing me to demonstrate our processes over time to show we watch and respond to alerts.,Log analysis, both syslog and AWS cloud trail, and searchability/reporting is actually better than most of our other related tools: All of our systems send log information using rsyslog to our AlienVault USM system. AlienVault is able to alert us of many issues with minimal configuration, including adding/removing users to sensitive groups, creating or removing resources such as EBS volumes, S3 buckets, or security groups. AWS loadbalancer traffic/log analysis: AlienVault automatically identifies threatening IPs or entries that match suspicious traffic patterns. The ability to search the many logs AlienVault collects in a way that even novice users can follow is super valuable. Logs can be quickly sorted by source, log type, and/or keyword searches. There have been many occasions where we were able to find non-security related issues due to the simple yet advanced search abilities of AlienVault. This has led to the challenge of deciding when and how long to allow non-security personnel access for troubleshooting.,AlienVaults lack of support for Docker may be its undoing at my company. It clearly stands above other products that fit our company, but we are adopting Docker at an ever-increasing rate. I don't want to support multiple security products, so it would be super cool if a solution to this challenge were found quickly. Enriching data is super key to allowing us to set up alerts for and filer events. This process is rather painful. This significantly increases the cost of maintaining AlienVault. Specifically, several auditd and standard AWS logs do not allow me to filter based on keywords in the message. Here is one example: User: arn:aws:sts::2#########:assumed-role/qe-lambda-role/qe-batch-run-dev-frontend_batch_runner is not authorized to perform: logs:CreateLogStream on resource: arn:aws:logs:us-east-1:#########:log-group:/aws/lambda/qe-batch-run-dev-frontend_batch_runner:log-stream:2019/05/30/[$LATEST]######################## The ability to configure AlienVault to run security scans using SSH on systems is prohibitively difficult to use, especially when using a Bastion. Making OSSIM work is a huge pain. I could not find AlienVault documentation that covers how things work and how to properly integrate it.,9,Qualys Cloud Platform (formerly Qualysguard), Snyk, AWS Config and AWS Cloud9,AWS Inspector is a product that does very well against AlienVault for doing system level scans. It is also very expensive and cannot be customized at all. PEN testing is not something that AlienVault does and I'm assuming that is intentional. Network IDS isn't integrated into AlienVault or is very basic. I am assuming the plan would be to implement something like tripwire and have logs from that system sent to AlienVault. Obviously, we would like it to do absolutely everything and do it very well:) That said, I highly doubt that is an option. If this can be done, please don't let me slow you down.,Yes, we have achieved this. Once set up, ensuring all of our systems are logging to AlienVault is very simple. Native system tools and AWS tools work easily, which simplifies the integration of all of our AWS systems with AlienVault. I am able to handle off much of the daily care and feeding of AlienVault to more junior members of my team with minimal effort. If we experience turn over, it is equally simple to bring new team members online.Great value for organizations who wish to realize the value of SIEMWe have used Alienvault USM in our PCI environment to detect the most common threats. We have discovered it added extra value to our organization by creating visibility on security issues we didn't know of before. On the downside, the on-premise version of Alienvault USM can get slow after loading it with a lot of machines (when doing big queries) and doesn't adapt very well to dynamic environments, but their on cloud version is definitely making that better.,Reports most common threats, real-time and take immediate automatic actions. I think this is strong if you don't have a team monitoring 24/7. Connects with signature providers and keeps up-to-date well with 0 vulnerabilities. I don't need to explain why you may want to be protected against the newest threats. The UI is very easy to get used to, which will make you adapt to its use quickly.,This tool will become slower and slower as you start adding devices to it, the on-premise version has a lot of room for improvement here, the database is slow. The on-premise version of Alienvault USM will not support dynamic environments where people is constantly removing/adding new virtual machines and doesn't cope with puppet management. Only the most common hypervisors supported, it could be good to have an image for XEN.,10,Threat detection is very detailed and gives you all the information you need to start investigating a security issue. The simplicity to suppress or filter information is great. Alerts contain a full breakdown of the event and recommendations for response. Integrations although limited (Alien Apps) are very helpful. The correlation tools are excellent, you just need to feed it the right data.,We come from having an open-source solution based on snort that we had to add extra intelligence in order to analyze security events, where we spent a lot of time researching tools in depth like Snort. With Alienvault, we forgot about that right off the bat, all the right signatures we need are there and support has been great. It has helped us cut costs that were time-related and let us focus on what we need to.Anywhere security! Making security not scary anymore.Alienvault was used to provide security monitoring, alerting for our AWS and on-premise systems. This was deployed to all environments locally and in the cloud. It was deployed and managed by the IT team and assisted us in gaining compliance for PHI, HIPAA and other requirements on top of ensuring integrity for our environments. This assisted in addressing our security needs and proactive monitoring.,AlienVault USM was quick to deploy and the configuration was pretty straight forward. The AlienVault USM product has great documentation and service support. Very knowledgeable and readily available. Highly recommend their support package. The AlienVault UI is very comprehensive and deep tool-sets. You can monitor just about anything anywhere from anywhere. This flexibility was incredibly useful.,While their UI was comprehensive, it takes a while to understand how to group and tag the resources you want to monitor and how and on what schedule. The tools are deep but the usability is a bit complex. You will need to read the documentation. Their pricing model for through-put was a bit challenging. I would like to see a different pricing structure. I would much prefer to see site licenses. Sometimes the assessments where vague. While this shouldn't be relied upon as the only source for assessments, there were often descriptions that did not associate with the vulnerability or required us to deploy other tools to verify such as AWS Inspector, was not a big deal but some added overhead.,8,Splunk Enterprise Security, IBM QRadar and SolarWinds MSP Threat Monitor,Most of our environment were private and internal. We did not test public networks extensively. However, the reports were comprehensive and valuable. We did not have any "real security threats" to ward off but mostly used it to understand our holes so we could make the necessary configuration or update adjustments to prevent a security threat.,Our organization did overall see a reduction in operational overhead. The report schedule was very beneficial and the assessment for the most part always aided us to resolution. The real benefit would have been seen if we used this in a production public environment. With these tools in place and a couple of supplemental tools such as PENS testing and AWS inspector, we felt confident our security needs were being met.Vulnerability management, maybe?We are using it in IT security for vulnerability management and for IDS. It is just focused as part of our IT security management process. For us, it addresses the vulnerabilities that we see all the time and it allows us to prioritize those assets based on the risk they pose to the business.,Scanning network assets for vulnerabilities. Heuristics in determining behavior and alerts accordingly.,Lots of false positives for vulnerabilities, Linux malware on Windows systems???? Lack of third-party app support or integration. Being charged based on the amount of data.,7,Rapid7 Nexpose and SolarWinds Dameware Remote Everywhere,We always get false positives and there is no actionable information that AlienVault USM provides to my staff. I have no way in being able to track down or evaluating the accuracy of the information that is provided by the application itself. This is frustrating for my support personnel who are supposed to remediate the possible threat. Not enough information is provided (host name, valid IP address, threat assessment).,No, we have not achieved this benefit. We continue to have to manually kick off scans and to go into the app in order to determine our vulnerabilities through the portal. This is largely due to the lack of being able to have those automated scan being kicked off due to our large amounts of data being collected (even though no changes have occurred). I actually have to spend more time in the application than I did previously.,1,4,Looking for vulnerabilities on the various network connected systems. Identifying potential threats to the network by looking at patterns of behavior (lots of false positives) and notifying or alerting to those. Parcing through logs to determine if there may be a potential threat or risk to the network and then alerting personnel if there is an identified issue.,None None None None,We are looking to replace it. Not looking to use it longer than we have to. ITS TO EXPENSIVE TO USE AND MAINTAIN, WILL BE LOOKING FOR AN ALTERNATIVE TO EXPENSIVE TO USE AND OPERATE,1Augmenting Security Effectiveness with a SIEM Automation PlatformI have implemented USM Anywhere as our company SIEM. Additionally, I as working to extend it's functionality with Gartner's SOAR principles. The primary business drivers (problems) include controlling costs, mitigation of risk, and supporting agile business initiatives. It is utilitzed by the security team to monitor all business information systems.,Deployment is quick Normalization of log data and threat identification is effective and simple to understand. Vulnerability analysis along with CVE identification is better than Nessus Investigations feature is robust Cloud sensor depoyment and capabilities is robust,Custom Plugin creation/modification by the user is missing. If log data is unknown to the platform, the processing of getting a new plugin developed is lengthy. It would be ideal if the user could create custom plugins for their own platform. Asset discovery adds every IP address in a subnet even if no host is present. The detection method is flawed. I don't have this issue on the same network with other asset discovery tools. SaaS performance can be slow. When listing items more than 20 at a time, the UI refresh can be painfully slow.,10,Nessus and Splunk Enterprise,So far, I have not used a better tool for event correlation. Highlighting the events that have possible malicious intent and placing then in a kill chain has been very valuable. It provides an augmentation to an analyst's effectiveness.,This is primary purpose of implementing this tool. Leveraging the automation of ingestion, normalization and analysis allows our limited security staff to focus on relevent events. Addtionally, I have begun forwarding events from our DLP and Endpoint protection tools to USM to improve the centeralied monitoring and handling of threat detection. More time is now spend on handling the possible malicous events than on sifting through data finding them.Picking up AlienVault USMWe currently use AlienVault primarily for the SIEM and vulnerability scanner. We use the intrusion detection agents across our servers and are in the process of setting up the system to use other features available through AlienVault, such as availability monitoring and creating custom plugins to monitor our bespoke systems. This is all maintained by our infosec, cybersecurity and infrastructure teams.,SIEM is great for monitoring and maintaining our systems and networks, and with the right tuning the system becomes an incredibly powerful tool by being able to identify the difference between a high priority event and false positive. The vulnerability scanning is a very useful part of the system, especially as after finding any vulnerabilities it provides lots of detail on what was found along with a solution. User management has a good level of modularity, allowing us to restrict access for certain users to only certain areas.,The system can be a little over-complicated to set-up to perform what I would think to be simple tasks. For example, sending an email notification on a certain alarm being created. The reporting module does not offer much visual customization, only allowing you to add your company logo and color scheme as a template.,8,,I haven't used any other security technology before picking up AlienVault USM, however, I can say that AlienVault makes detecting real threats from the false positives much easier than I had expected. The fact that the system is smart enough to correlate events should there be multiple of the same, and the fact that you have to option to add in your own custom policies/directives to filter out any unwanted events makes it much easier and clearer to see what needs investigating in what order.,We have certainly achieved this benefit from the system, with very little configuration required by myself as the default policies are well set-up to flag any threats on the system. This alongside setting up your assets with a priority will help calculate the priority order for investigating those threats too! We have also set-up our system to email the relevant team should an alarm be raised with a high enough priority in order for threats to be caught ASAP.How we Improved Infrastructures log Monitoring using AlienVault USM AnywhereWe use it to detect network risks and vulnerabilities to a reasonable and appropriate level. Using across the whole organization. It's also being used to comply with current legislation (security related logs should be recorded).,As for us, it casually integrated to AWS cloud and local infrastructures, in simple words easy to implement Processes different types to logs using its very own inbuilt plugins and display it in an understandable manner for the non-technical users as well Has its own very accurate correlation rules to generate alarms from the processed logs Has an open threat intelligence community which can be integrated with the AlienVault account In order to collect the system logs from various servers, it has an AlienVault agent that can be installed on the windows, MAC and Linux. It collects the various types of logs such as user activity, shell history, file integrity, etc., logs Any suspicious alarm can be added as a ticket on its console and can be processed according to severity type. Server and Network vulnerabilities details can be scanned through the USM. Customizable dashboards view in the console makes easy to monitor logs from the different sources. Events view can be customized according to the data source plugins. USM has a feature of suppressing and filtering out the logs from the console. Suppression hides the logs from the console dashboard whereas filtering block the similar type of log entering the alienvault console which helps to reduce the storage usage Asset Discovery: Maintains and scans dynamic asset inventory and software inventory for large scale organization Security & Compliance Reporting: contains customizable reports for regulation standards and compliance frameworks,It uses sensors to collect data from different sources which results in extra cost for the sensor server Support is very poor It would be great if there was document to study on how can we identify and monitor suspicous logs,9,Amazon GuardDuty,In the current scenario, threat actors are using more sophisticated tools, techniques and procedures to penetrate the organization networks, USM provides real-time log processing and notification alerts for the threats. With the help of threat intelligence, it can constantly harvest and process knowledge about different threat actors and severe external threats, such as APT (Advanced persistent threats). One example can be as follows: You have the list of domains that were visited from your organization employee You compare this list of domains with lists of malicious domains obtained from different OTX(open threat exchange pulse) providers that have already been posted on OTX.If a match is found, an alert is raised to take appropriate action.The same process is repeated at regular intervals to check all the new domains.,As per our compliance policy, we need to have a log review process monthly. With the help of USM, it has been easier to do that. It centralizes the logs and process to give the exact scenario of our infrastructures network and system logs. This product provides pre-built and customizable dashboards to view data collected by different sensors. Otherwise, we had to go through every single log and review it manually which would have resulted in frustration.Easy event correlations, easy deployment, low price point.We used AlienVault for 5 years in our PCI and non-PCI environment. AlienVault USM does nearly everything we need to detect threats we didn't know of. The setup was very easy with little deployment time. The price point is very competitive. The tools for data filtering that the appliance has been very powerful. It also comes with predefined PCI-DSS reports. The main problem we addressed is that sometimes the appliance gets slow when doing some particular queries.,Very easy to use. The UI is very intuitive. Out of the box predefined reports that make the initial filtering easy. Very easy to setup.,Sometimes it gets slow with large queries. When the upgrading fails you have to debug extensively to know what happened. When we massively add hosts, sometimes some of them are not added so you have to be careful.,8,,The solution automatically detects threats without so many configurations, so compared with other open source solutions, where the event correlation gets complicated and messy, this tool made our life easier. From day zero, we started detecting threat we didn't know of.,If you dedicate a little bit of time optimizing the solution, you can save a lot of time later. When we installed AlienVault, our technical engineers started to dedicate more time trying to fix the threats than looking for or implementing other solutions, so the ROI was pretty instant.Simple and easy to install/manage SIEM tool with small infrastructure footprint.AlienVault is our SIEM tool that addresses the enterprise looking for indications of compromise. This was a finding in an internal audit a few years ago so it follows more of a compliance requirement.,Active Directory login requests Logs on the Domain Controls Only showing alerts that have a high indication of compromise and reduces false positives.,Trimming of log files to stay within limits Projecting any future storage costs from AlienVault,9,Splunk Cloud,AlienVault has been more effective than tools that I have previously used for several reasons. One is the ease of install and use compared to other products that you end up turning off since they are too hard to use. Second, the infrastructure footprint is minimal since it is cloud-based and doesn't require extensive infrastructure time.,This benefit happened within the first month since we are able to filter to only critical threats that are exploitable. Very little time spent on false positives which is typically a big FTE issue.AlienVault USM, missing the versatility of the golden days.We use AlienVault as our primary SIEM tool. Our SOC uses the tool to create alerts, monitor suspicious patterns, receive alerting, and investigate security incidents.,Creation of dashboards. Creation of metrics that we utilize in our monthly reports. We like the way alerts are being sent to us and the information they provide.,Their customer supports is the worst, and sadly this has been consistent every time we've had to reach out to them. The account execs have ZERO flexibility regarding making deals and meeting us halfway. The features do not work as advertised.,5,LogRhythm NDR, Splunk Enterprise Security and IBM QRadar,It is not very good. I have detected many times when AlienVault is behind by a span of several hours when compared to other technologies, such as Crowdstrike or LogR.,We have achieved this. However-- and believe me, I'm not trying to just pound the product, which is not bad overall, just behind on functionality-- the concept of security analytics and funneling down data is not as expected. Again, plugins make it hard to achieve this.Better than SplunkWe used to monitor our web application, firewall, and our G Suite logs. AlienVault USM solves the problem of manually monitoring logs. We were able to filter our alerts to ignore known non-threatening behaviours. AlienVault USM also gave us a more efficient way to search our logs rather than viewing the raw log files in our data provider.,Easy to Install Good use of filters Great training Good support documentation,Paying per GB of usage is not ideal,10,Splunk Cloud,AlienVault USM is only as effective as you configure the filters and ensure your data is being digested. Provided those two items are being done, AlienVault USM is a FANTASIC vendor for monitoring our security.,AlienVault USM filters through the noise and helps us monitor our logs in an intelligent way. We are able to respond to focused and relevant alerts rather than hunting and pecking to find issues in a time-intensive method after the fact.AlienVault Is a SuccessAlienVault is being used for the Security Team to see all host and network traffic. This real-time SIEM is tuned to give us alarms we actually need to look at on a daily basis. This addresses anything from malware to network, system and email breaches.,Deployment with the sensors for USM anywhere. Support Responsive UI Alien Apps,Agents offline Easier agent deployment on host. Quicker response from engineers and not just send engineers a document for the fix.,9,Sophos Intercept X and Darktrace,We had a lot of false positives at first, once we tuned it to get real-time alarms this is a great tool to have. We get threat intelligence from multiple systems we run in for our organization.,It took some time to tune it how we wanted to, it sees a ton of traffic so we needed to gather together as a team to do some cleanup for about 2 months. Once this was done we are very happy with what AV shows the Security team on a daily basis. IT is a low maintenance product now.USM Anywhere does what it says.Alienvault USM is being used to aggregate, inspect, and correlate both Windows/Linux logs and our Data Center network traffic. It is used exclusively by the SOC team for threat hunting and EDR.,VMWare Sensor deployment is very easy. Dashboards are nice and clean. Network monitoring and Syslog collector just work.,USM Anywhere does not support Netflow or any variation. SPAN and RSPAN are currently the only methods to monitor IP flows. USM Anywhere tech support is lackluster. I have opened two tickets and struggled to receive knowledgeable technical assistance. USM Anywhere does not do scheduled report delivery in any format. Reports are run on demand and must be printed to pdf for distribution.,7,Splunk Enterprise Security,I started receiving actionable event and alarm data immediately upon deployment of my first sensor and a few agents. Root cause analysis is simplified by being able to drill down into Alarms and associated events.,Alienvault USM was able to provide the monitoring necessary to reduce the amount of time needed to identify a security threat and figure out root cause analysis. Analysts are spending less time threat hunting and more time recommending remediation steps.AlienVault USM - a single solution in a complex worldGlobally as a SIEM/FIM solution.,FIM with limits. Vulnerability scans (with agents installed as opposed to "NXlog"). Dashboards.,Need to be able to comment on issues flagged by AlienVault so that other users may know what has been done for triage. Single pane of glass, need to have a shared dashboard that is customizable.,5,Qualys Policy Compliance (PC), Imperva CDN (formerly Incapsula), Alert Logic Log Correlation and Analysis, Rapid7 Nexpose, Alert Logic Network Threat Detection, Rapid7 InsightOps and Fidelis Elevate,I believe so, you don't know what you don't know of course but it appears to be a good solution for our needs.AlienVault USM gives more visibility than I have ever had in one pane of glass.AlienVault is deployed across the corporate infrastructure to centrally manage security logs on all servers via the agent. Sensors are deployed in the corporate network to monitor and scan workstations and servers for vulnerabilities and perform discovery scans for new systems on the network. The firewalls also supply syslogs to the sensors. Office 365 is monitored via an Azure sensor, along with Azure infrastructure. Production systems are monitored using agents and a sensor.,Effective correlation of various log sources to provide useful alerts. An agent provides detailed logs of events on every system, be it Windows, Linux, or MacOS, to the point you do not have to log in to each machine to review security logs. Provides auto detection of log sources and effective mapping of the log data to key fields. Pre-built alerts allow AlienVault to be effective right away. There's no need to spend days creating alerts for it to be usable. Has powerful search capabilities once the logs are in AlienVault. Has the ability to run queries on agent systems based on an alert trigger (eg. list of logged on users).,The biggest challenge is the deployment of the Agent. It requires logging onto each system and running the install script manually. You need a GPO or a scriptable way to push the agent. We would like the ability to limit access to specific sensors for users that have been given access to AlienVault. Currently, if an analyst has access to AlienVault, they can see all data sources and logs. We saw a lot of false positive results in the beginning, requiring a bit of tuning to suppress some rules. There's no ability to suppress Vulnerabilities identified in the vulnerability scanning component.,9,,AlienVault is very effective in detecting O365 logins from multiple regions for the same users, allowing us to detect compromised accounts. The integrations with Palo Alto FWs allows the detection of users connecting to known C&C addresses.,AlienVault has given us great visibility into security threats in O365, on servers, workstations, and FWs, all using one pane of glass. Without having to manually collect threat intelligence and maintain on-premise hardware. We see user AD account and group changes, we see when someone modifies a configuration on a firewall and if someone launches an attack against an FW using an exploit. I am surprised by all the details I was missing before we deployed AlienVault USM.Alienvault gives you eyes without the extra bodies :)Alienvault was selected as our SIEM solution to provide cutting-edge monitoring, analytics and alerting, and it has the added benefit of being able to conduct vulnerability assessments and provide endpoint detection and response. There is a lot of noise when deploying any SIEM solution, but Alienvault is unique in that it can be effective, practically right out-of-the-box, and anything required beyond that is satisfied by their great support team and available training. I have found that USM Anywhere can fill a critical gap in your security program, and I would recommend it for both small, medium, and large businesses.,Anomaly Detection and Identification Digital Forensics/Incident Response Log Correlation and Built-in Attack Signatures Cloud Security Monitoring,Would be nice to have better error messaging, specifically around credential failures.,8,Due to the predefined correlation and orchestration rules, baked-in dashboards and reports, I would say it is a leader in providing effective threat detection and ROI within a very short period after deployment, from my experience.,In our situation, USM Anywhere was put in place to allow for extra analysis and intelligence without additional analyst resources. USM Anywhere has accomplished this.AlienVault USM..making senseThe USM is being used by the IT department as a SIEM, giving our organization a 360 view of what's going on in the network infrastructure, and more focus on the critical infrastructures which has been plugged-in to send all their log activities. The AlienVault USM has made it simple by the creation of plugins which makes it easier to express the logs in simple expression for easy understanding.,Large plugin base to accommodate different devices. Easy to deploy. Easy management. Makes network monitoring and actionable steps clear and simple.,Updating the appliance to a newer version. More control over which devices will be allowed to log into a database and which ones that should just appear, so that the database will not get filled up quickly.,8,IBM QRadar,AlienVault helps in: - Threat insight through OTX.- Network Intrusion Detection System.- Host Based Intrusion Detecting Solution.- Alienvault gives the ability to monitor up to 5 public IPs, which we use in knowing the hits trends to our network.- The deployment steps are direct and easy.,Our Organization has benefited from this. Before now we were managing a number of appliances, going from one to another, checking and interpreting the different logs and looking for scripts to read those logs, was really making our threat intelligence and detection process slow and tiring, but AlienVault USM has made it easy to configure and get those logs. The plugins from this USM express it in a way we understand, so there's no need for looking and writing scripts. All these are easily displayed on the dashboard for us to act on.
Unspecified
AlienVault USM
568 Ratings
Score 8.0 out of 101
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>

AlienVault USM Reviews

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener noreferrer'>Customer Verified: Read more.</a>
AlienVault USM
568 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 8.0 out of 101

Do you work for this company?

TrustRadius Top Rated for 2019
Show Filters 
Hide Filters 
Filter 569 vetted AlienVault USM reviews and ratings
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role

Reviews (1-25 of 331)

Companies can't remove reviews or game the system. Here's why.
Mpho Lekota profile photo
Score 7 out of 10
Vetted Review
Verified User
Review Source
AlienVault USM also enables you to centralize the storage of all your log data in the AlienVault Secure Cloud, a certified compliant environment. This alleviates the burden of having to manage and secure logs on-premises, while providing a compliance-ready log management environment. SIEM software solutions and log management tools provide valuable security information, but often require expensive and time-consuming integration efforts to bring in log files from disparate sources such as asset inventory, vulnerability assessment, endpoint agents, and IDS products. Once you have the data, you then must research and write correlation rules to identify threats in your environment.Advantages of using all-in-one security essentials is Save Time and Money in Integrating Multiple Third-Party Security Tools and Start Detecting Threats on Day One with Pre-Written Correlation Rules.
  • The USM platform provides the essential security capabilities that work together for a fast and cost-effective way for organizations to have complete visibility into the security of their environment.
  • With the information gathered during asset discovery, USM will correlated that information with known vulnerabilities for continuous vulnerability awareness. In addition, USM contains an active scanner capable of scanning for over 30,000 known vulnerabilities.
  • To give better visibility into your network, and possibly detect intrusions that don’t follow behavioral patterns, we offer Netflow information, bandwidth monitoring, and traffic capture, all part of our behavioral monitoring capabilities built into USM.
  • External threats — Coming from external attackers.
  • The value of the asset associated with the event
AlienVault USM is well suited for any small/medium businesses as well as big corporations. The reporting and dashboard alone are something I always look for in a USM because it makes it easier for me to gather and find the information I am required to have. If detailed reports are what you are looking for or an easy-to-navigate dashboard this is the software for you.
AlienVault is pretty featured rich compared to other SIEM solutions, but those features are mostly good, not great. There is also a growing list of 3rd party integrations as well, which can make the solution even stronger. With that said, there are other SIEM solutions that offer more flexible deployment models, have more 3rd party integrations, and offer more extensible in terms of holistically supporting the incident response process. Our organization has found AlienVault to work pretty well for us, as this is the first SIEM the business has deployed.
Read Mpho Lekota's full review
Stacey Medina profile photo
Score 10 out of 10
Vetted Review
Verified User
Review Source
I was put in charge of getting our company NIST-800 compliant and one of the requirements of compliance is to have a security information and event management (SIEM). The company that did our gap analysis highly recommended the AlienVault USM and after a bit of research and reviews, I decided to move forward with AlienVault. I was very impressed with how simple it was to deploy as a virtual machine and how robust the interface is. This USM does everything and more. I can't wait to delve deeper into the functionality of the dashboard. The support team is also very responsive and very knowledgeable of the product.
  • The detailed reporting it provides
  • Simple to deploy and install
  • Great dashboard
  • Excellent tech support
  • Offer more free training courses, either on-demand or scheduled webinars.
AlienVault USM is well suited for any small/medium businesses as well as big corporations. The reporting and dashboard alone are something I always look for in a USM because it makes it easier for me to gather and find the information I am required to have. If detailed reports are what you are looking for or an easy to navigate dashboard this is the software for you.
AlienVault USM is one of the best tools to use due to its the ability to notify you and also have very granular control of what you can view about the threats. It pins down the data need to track down any information needed to report or view from the threat and also has wonderful KB's on how to fix or resolve them.
Read Stacey Medina's full review
Frank DePaola profile photo
Score 7 out of 10
Vetted Review
Verified User
Review Source
AlienVault is a great SIEM for organizations who are either new to security operational logging, and wish to purchase a sound solution at a lower price point, or those with a smaller staff and potentially IT budget that wishes to buy a solution that can accomplish many different tasks. Our use of the platform extends across the global organization. We have documented multiple use cases that we are working through within the AlienVault platform such as vulnerability management and scanning, malware detection on clients and servers, malicious network traffic moving laterally and vertically throughout our environment, etc. As is the case with any SIEM, they are only as effective as the log sources that they ingest allow them to be. We are pulling in Windows client and server event logs (filtered to specific EventID's), DNS, DHCP, AWS CloudTrail/CloudWatch logs, NIDS sensor logs, firewall logs, and are also working to integrate the solution with other corporate systems to extend its capability, such as our ITSM. AlienVault is pretty featured rich compared to other SIEM solutions, but those features are mostly good, not great. There is also a growing list of 3rd party integrations as well, which can make the solution even stronger. With that said, there are other SIEM solutions that offer more flexible deployment models, have more 3rd party integrations, and offer more extensibility in terms of holistically supporting the incident response process. Our organization has found AlienVault to work pretty well for us, as this is the first SIEM the business has deployed. Additionally, we are early on in the process of cybersecurity program development, so AlienVault's inclusion of features such as vulnerability scanning and file integrity monitoring extend its value.
  • Feature-rich includes functionality not typically present in other SIEM's such as vulnerability scanning, UEBA, file integrity monitoring, NIDS
  • Simple to configure and deploy.
  • Relatively inexpensive compared to other enterprise SIEM solutions.
  • While there are many features, many of them are not very advanced. Vulnerability scanning as an example is extremely simplistic and almost unusable for an enterprise organization. It's just enough to get a program off the ground.
  • Cloud-only deployment model (SaaS) may not fit all organizations. Not all organizations are "cloud friendly".
  • Reporting capabilities out of the box are lack luster. Vulnerability management reporting as an example does not include a single canned report.
AlienVault USM is well suited for smaller organizations or organizations of any size that are just lifting their security operations or security monitoring program off the ground.

AlienVault USM is less appropriate for more mature organizations who have the staff to support more advanced security operational capabilities or engage in advanced threat hunting. Also, organizations who like more ability to add internally developed functionality into their SIEM through scripting or other automated response activities.
Like most situations, you get out what you put in. AlienVault is not going to filter up to every malicious activity occurring in an environment right out of the box. There is plenty of work to be done to get log sources ingested in a prioritized manner, to get basic rules tuned, and to integrate it with other solutions, where it makes sense. This maturity can take years to put in place in many cases. Once AlienVault USM is set up and tuned properly and has all log sources ingested, it is very good at finding things in an environment. It requires constant maintenance moving forward however to ensure that as tech landscapes change, the alarm rules are properly configured, and new ones are added.
Read Frank DePaola's full review
Matthew White profile photo
Score 10 out of 10
Vetted Review
Verified User
Review Source
AlienVault USM Anywhere provides us with SIEM, at a low price point and with a great array of functionality. SIEM is critical to our security operations and feeds incident response efforts. We use it to monitor logs and events from our applications and server platforms, integrating many of our other security products into the flow of data into USM Anywhere, for centralized logging and event management.
  • AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the cloud) is quick and easy.
  • Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response.
  • USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice.
  • With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon CloudWatch Logs.
  • We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.
  • More data tiers - something between 250GB and 500GB tiers, maybe break it down into 100GB tiers?
  • Integration with OpsGenie would be great.
AlienVault USM Anywhere is a great SIEM and if you need to deploy a SaaS solution then it is suited very well. It works very well for us being 100% AWS and integrates well with our toolset and AWS features. The AT&T Alien Labs Open Threat Intelligence (OTX) is perfect for providing context on events and feeding our incident response processes.
We have OTX to be a valuable source and the tight integration with USM really helps eliminate false positives. Being able to submit your own information into OTX also adds value and helps put context on threats. We sometimes find IP addresses can be out of date in OTX and linked to old threats, but it's good to see the history of what has occurred on this IP and you can go back and look for historical indicators of compromise in your data.
Read Matthew White's full review
Cory Watson profile photo
Score 8 out of 10
Vetted Review
Verified User
Review Source
We use it to monitor security logs across our various SaaS apps. It is the central hub for our security incident program. It is primarily being used by our Information Security Department. This tool addresses our need to be able to make actionable decisions, across various SaaS platforms, from a single pane of glass.
  • Correlate logs from different sources into actionable intelligence.
  • Provide an easy to use interface to interact with Alarms and Events.
  • Integrate with our alerting tools to make sure when an incident is happening, the right people know about it quickly.
  • Being able to make custom plugins for internal tools.
  • Being able to have a webhook plugin to send logs directly to the cloud appliance.
  • Make the management of suppression rules better. Maybe include a suppression rule visualizer to make sure your suppression rule is doing exactly what you would like it to do.
It is well suited for a small security team that does not have all the time in the world to set it up, tune it, and babysit it.

It is not appropriate if you are looking to easily be able to customize the tool. A lot of the options you have with tools like Splunk are just not here.
It is really good at this. The NIDS detects threats sometimes faster than our anti-virus solution does. Once again, for how little configuration and tuning you have to do, you are very quickly able to see actionable results compared to some of the bigger tools out there. In a previous life, this would be a much harder thing to accomplish with our small team of 4.
Read Cory Watson's full review
Fintan O'Meara profile photo
Score 8 out of 10
Vetted Review
Verified User
Review Source
Alienvault USM is used by the internal IT department to monitor activity from lots of different sources across the organisation. From O365 and Azure, AWS, on-premises servers and network equipment, and others we track vulnerability status, correlate unusual activity and monitor for IOCs from Alienvault's Intelligent Cloud.
  • Intelligence updates from the Alienvault community and security pros.
  • Writing of threat detection rules and ingestion parsing for different devices.
  • Vulnerability scanning.
  • Asset management is done purely by IP unless using the agent.
  • Agent installs and updates can be a bit flakey, and on occasion use lots of resources.
Good out of the box product, not a huge amount of configuration required to get up and running, though constant tuning is and should be required. Good integrations available, though if you have a lot of experience security analysts in your organisation there are probably more powerful tools out there, they just require you do most of the correlation and detection rules yourself.
Compared to other products we had trialled the integrated threat intelligence and vulnerability scanning provided by Alienvault UTM was very effective out of the box at being able to flag IOCs from network traffic, flag unusual login activity in O365, provide comprehensive server vulnerability scanning which we could integrate into our server patching processes.
Read Fintan O'Meara's full review
Mario Martinez profile photo
September 27, 2019

AlienVault does the job

Score 9 out of 10
Vetted Review
Verified User
Review Source
We use AlienVault USM to monitor our AWS cloud environment and the individual assets within that environment. AV also provides us with alerting and reporting that helps us attain and maintain compliance with several standards, but, more importantly, helps me sleep better at night as our Information Security Officer. An easy to overlook benefit is that It makes it easier for us to shore up process deficiencies. We can more easily audit that we documented and approved all non-emergency configuration changes within our cloud before they are applied. We also use the AV agent to monitor individual instances for vulnerabilities and the software they run.

This all gives us confidence that we are keeping our systems as secure as possible and meeting promises to keep our customer’s data secure.
  • Internal vulnerability scans
  • Monitor firewall and security group changes
  • Monitor and alert on suspicious system logs
  • Monitor and alert on suspicious cloud watch logs
  • False alarms occur occasionally
  • There is no report for only displaying vulnerabilities with an available patch. Specter class issues can only be mitigated but will remain active until we are all on next-generation processors.
AlienVault is well suited for cloud environments and sprawling internal networks. Log ingestion and analysis across your instances and, in our case, AWS, coupled with File Integrity Monitoring and other features are well worth having. It takes some time to get things right and I would suggest, like every tool, that you periodically test its different components to remain confident in its abilities. Smaller systems likely would not benefit as much and it might be a cost/benefit analysis whether to audit changes by hand or monitor them for changes.
Except for a few false alarms, AlienVault has been very effective and a great tool. I particularly like that it can alert you on S3 bucket misconfiguration and that it will generally only alert on privilege and access escalation but not deescalation. For instance, opening a port on a security group triggers an alert but closing that port later is merely logged. This ultimately helps avoid alert fatigue and keeps you on top of the more relevant alarms.
Read Mario Martinez's full review
Mark Taghap profile photo
Score 9 out of 10
Vetted Review
Verified User
Review Source
We have deployed AlienVault USM throughout the entire organization. The IT department is responsible for monitoring and making necessary configurations. This has immensely improved our visibility in regards to the daily activities of all networks and devices. It has recognized anomalies and notifies my IT department.
  • Centralization of data logs makes it easier to analyze the many application logs throughout our organization. (ie. Windows logs, PLC logs, Antivirus logs, Exchange server logs, etc).
  • Easy maneuvering with AlienVault pages as well as easy to bookmark alerts.
  • Creating SOC on a budget especially with a smaller IT dept.
  • Incident response.
  • Threat detection.
  • Compliance management.
  • AlientVault OTX is a user community that is very helpful especially when you are curious about the alerts or to help mitigate issues that arise.
  • I would like more detailed ways to mitigate issues.
AlienVault is perfect for all organizations, especially for smaller-staffed IT departments. The installation was relatively easy, especially with AlienVault's vendor partners. We did not need to integrate and monitor multiple point solutions b/c AlienVault does the automatically. Just make sure you test the data flow for PLC devices as it may disrupt the flow of data on these types of devices.
AlienVault USM is the only siem that I've worked with. During the siem discovery, we looked at LogRythm, but it cost too much and had the same features.
Read Mark Taghap's full review
John DeLay profile photo
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use AlienVault USM across our entire organization, which includes 5 separate SaaS products. At a basic level, we use the core/default functionality of AlienVault to watch our AWS account. Beyond that, we use it to collect and analyze logs for suspicious activity. The ability to track and respond to suspicious events and document them completely is super key to our organization. The reporting functionality is key in allowing me to demonstrate our processes over time to show we watch and respond to alerts.
  • Log analysis, both syslog and AWS cloud trail, and searchability/reporting is actually better than most of our other related tools: All of our systems send log information using rsyslog to our AlienVault USM system. AlienVault is able to alert us of many issues with minimal configuration, including adding/removing users to sensitive groups, creating or removing resources such as EBS volumes, S3 buckets, or security groups.
  • AWS loadbalancer traffic/log analysis: AlienVault automatically identifies threatening IPs or entries that match suspicious traffic patterns.
  • The ability to search the many logs AlienVault collects in a way that even novice users can follow is super valuable. Logs can be quickly sorted by source, log type, and/or keyword searches. There have been many occasions where we were able to find non-security related issues due to the simple yet advanced search abilities of AlienVault. This has led to the challenge of deciding when and how long to allow non-security personnel access for troubleshooting.
  • AlienVaults lack of support for Docker may be its undoing at my company. It clearly stands above other products that fit our company, but we are adopting Docker at an ever-increasing rate. I don't want to support multiple security products, so it would be super cool if a solution to this challenge were found quickly.
  • Enriching data is super key to allowing us to set up alerts for and filer events. This process is rather painful. This significantly increases the cost of maintaining AlienVault. Specifically, several auditd and standard AWS logs do not allow me to filter based on keywords in the message.
  • Here is one example:
  • User: arn:aws:sts::2#########:assumed-role/qe-lambda-role/qe-batch-run-dev-frontend_batch_runner is not authorized to perform: logs:CreateLogStream on resource: arn:aws:logs:us-east-1:#########:log-group:/aws/lambda/qe-batch-run-dev-frontend_batch_runner:log-stream:2019/05/30/[$LATEST]########################
  • The ability to configure AlienVault to run security scans using SSH on systems is prohibitively difficult to use, especially when using a Bastion.
  • Making OSSIM work is a huge pain. I could not find AlienVault documentation that covers how things work and how to properly integrate it.
AlienVault is great and ingesting and processing information from multiple sources. It is excellent at monitoring AWS "things" out of the box, such as user management, network traffic through load balancers, or monitoring devices with sensitive data. I was surprised at how easy this was to start using immediately after purchase. This was a huge selling point. We had tools in place to monitor much of our environment, except AWS. Once the AlienVault system was in place, the rest happened naturally. It's now the most critical security system that we have.

It seems a bit poor when creating alarm filters that only trigger after "x" number of times. I know this can be done with escalation alerts. Keeping noisy alerts out of the UI is key to prevent alert fatigue in our more junior team members.
In general, AlienVault seems to be noisy. I'd like the ability to specify a group of users that can create security groups with sensitive ports exposed to the web, but I don't believe this is possible. I know how to do this per user. I don't believe groups are something we can specify.
AWS Inspector is a product that does very well against AlienVault for doing system level scans. It is also very expensive and cannot be customized at all.

PEN testing is not something that AlienVault does and I'm assuming that is intentional.

Network IDS isn't integrated into AlienVault or is very basic. I am assuming the plan would be to implement something like tripwire and have logs from that system sent to AlienVault. Obviously, we would like it to do absolutely everything and do it very well:) That said, I highly doubt that is an option. If this can be done, please don't let me slow you down.
Read John DeLay's full review
Agustin Larrarte profile photo
Score 10 out of 10
Vetted Review
Verified User
Review Source
We have used Alienvault USM in our PCI environment to detect the most common threats. We have discovered it added extra value to our organization by creating visibility on security issues we didn't know of before. On the downside, the on-premise version of Alienvault USM can get slow after loading it with a lot of machines (when doing big queries) and doesn't adapt very well to dynamic environments, but their on cloud version is definitely making that better.
  • Reports most common threats, real-time and take immediate automatic actions. I think this is strong if you don't have a team monitoring 24/7.
  • Connects with signature providers and keeps up-to-date well with 0 vulnerabilities. I don't need to explain why you may want to be protected against the newest threats.
  • The UI is very easy to get used to, which will make you adapt to its use quickly.
  • This tool will become slower and slower as you start adding devices to it, the on-premise version has a lot of room for improvement here, the database is slow.
  • The on-premise version of Alienvault USM will not support dynamic environments where people is constantly removing/adding new virtual machines and doesn't cope with puppet management.
  • Only the most common hypervisors supported, it could be good to have an image for XEN.
The on-premise version of Alienvault will be very good for environments that don't change a lot over time, it will provide good information about security issues on your premises. I would not recommend using this if you have a big private cloud where a lot of changes are being made. Go with the cloud version if that's your case.
Threat detection is very detailed and gives you all the information you need to start investigating a security issue. The simplicity to suppress or filter information is great. Alerts contain a full breakdown of the event and recommendations for response. Integrations although limited (Alien Apps) are very helpful. The correlation tools are excellent, you just need to feed it the right data.
Read Agustin Larrarte's full review
Jesse Bickel profile photo
Score 8 out of 10
Vetted Review
Verified User
Review Source
Alienvault was used to provide security monitoring, alerting for our AWS and on-premise systems. This was deployed to all environments locally and in the cloud. It was deployed and managed by the IT team and assisted us in gaining compliance for PHI, HIPAA and other requirements on top of ensuring integrity for our environments. This assisted in addressing our security needs and proactive monitoring.
  • AlienVault USM was quick to deploy and the configuration was pretty straight forward.
  • The AlienVault USM product has great documentation and service support. Very knowledgeable and readily available. Highly recommend their support package.
  • The AlienVault UI is very comprehensive and deep tool-sets. You can monitor just about anything anywhere from anywhere. This flexibility was incredibly useful.
  • While their UI was comprehensive, it takes a while to understand how to group and tag the resources you want to monitor and how and on what schedule. The tools are deep but the usability is a bit complex. You will need to read the documentation.
  • Their pricing model for through-put was a bit challenging. I would like to see a different pricing structure. I would much prefer to see site licenses.
  • Sometimes the assessments where vague. While this shouldn't be relied upon as the only source for assessments, there were often descriptions that did not associate with the vulnerability or required us to deploy other tools to verify such as AWS Inspector, was not a big deal but some added overhead.
If you have a network that is cloud-based and you are scaling the deployable sensors are simple and fast. Security is not the hump it used to be. I believe their model is truly agile and scalable with ease. I believe if you have a fully on-prem network while this solution is still viable, we found our self relying on our local Meraki and Cisco security tools more so then USM. I believe this was out of comfort and experience more so than functionality.
Most of our environment were private and internal. We did not test public networks extensively. However, the reports were comprehensive and valuable. We did not have any "real security threats" to ward off but mostly used it to understand our holes so we could make the necessary configuration or update adjustments to prevent a security threat.
Read Jesse Bickel's full review
Erich Barlow, MIS profile photo
Score 7 out of 10
Vetted Review
Verified User
Review Source
We are using it in IT security for vulnerability management and for IDS. It is just focused as part of our IT security management process. For us, it addresses the vulnerabilities that we see all the time and it allows us to prioritize those assets based on the risk they pose to the business.
  • Scanning network assets for vulnerabilities.
  • Heuristics in determining behavior and alerts accordingly.
  • Lots of false positives for vulnerabilities, Linux malware on Windows systems????
  • Lack of third-party app support or integration.
  • Being charged based on the amount of data.
It is well suited if you are looking to identify vulnerabilities within your network environment or need to show that you are actively managing them in a meaningful manner. The application will provide a visible manner in which this can be documented for compliance and regulatory requirements. It is not as well suited for identifying potential threats as it provides a LOT of false positives and alerts.
We always get false positives and there is no actionable information that AlienVault USM provides to my staff. I have no way in being able to track down or evaluating the accuracy of the information that is provided by the application itself. This is frustrating for my support personnel who are supposed to remediate the possible threat. Not enough information is provided (host name, valid IP address, threat assessment).
Read Erich Barlow, MIS's full review
Todd Fletcher profile photo
Score 10 out of 10
Vetted Review
Verified User
Review Source
I have implemented USM Anywhere as our company SIEM. Additionally, I as working to extend it's functionality with Gartner's SOAR principles. The primary business drivers (problems) include controlling costs, mitigation of risk, and supporting agile business initiatives. It is utilitzed by the security team to monitor all business information systems.
  • Deployment is quick
  • Normalization of log data and threat identification is effective and simple to understand.
  • Vulnerability analysis along with CVE identification is better than Nessus
  • Investigations feature is robust
  • Cloud sensor depoyment and capabilities is robust
  • Custom Plugin creation/modification by the user is missing. If log data is unknown to the platform, the processing of getting a new plugin developed is lengthy. It would be ideal if the user could create custom plugins for their own platform.
  • Asset discovery adds every IP address in a subnet even if no host is present. The detection method is flawed. I don't have this issue on the same network with other asset discovery tools.
  • SaaS performance can be slow. When listing items more than 20 at a time, the UI refresh can be painfully slow.
For an organization around 300 to 500 in size, it is a great tool. I feel that adding some network topology scanning and configuration features would allow it to deal with more complex networks better.
So far, I have not used a better tool for event correlation. Highlighting the events that have possible malicious intent and placing then in a kill chain has been very valuable. It provides an augmentation to an analyst's effectiveness.
Read Todd Fletcher's full review
Adam Nield profile photo
September 05, 2019

Picking up AlienVault USM

Score 8 out of 10
Vetted Review
Verified User
Review Source
We currently use AlienVault primarily for the SIEM and vulnerability scanner. We use the intrusion detection agents across our servers and are in the process of setting up the system to use other features available through AlienVault, such as availability monitoring and creating custom plugins to monitor our bespoke systems. This is all maintained by our infosec, cybersecurity and infrastructure teams.
  • SIEM is great for monitoring and maintaining our systems and networks, and with the right tuning the system becomes an incredibly powerful tool by being able to identify the difference between a high priority event and false positive.
  • The vulnerability scanning is a very useful part of the system, especially as after finding any vulnerabilities it provides lots of detail on what was found along with a solution.
  • User management has a good level of modularity, allowing us to restrict access for certain users to only certain areas.
  • The system can be a little over-complicated to set-up to perform what I would think to be simple tasks. For example, sending an email notification on a certain alarm being created.
  • The reporting module does not offer much visual customization, only allowing you to add your company logo and color scheme as a template.
For what we have the system for AlienVault ticks all the boxes, and there are still more areas for us to explore within the system. It is great as a SIEM tool, being able to not only record and log events but also correlate events, meaning it recognizes where lots of the same events are occurring and depending on how you set up the system it can react accordingly.
I haven't used any other security technology before picking up AlienVault USM, however, I can say that AlienVault makes detecting real threats from the false positives much easier than I had expected. The fact that the system is smart enough to correlate events should there be multiple of the same, and the fact that you have to option to add in your own custom policies/directives to filter out any unwanted events makes it much easier and clearer to see what needs investigating in what order.
Read Adam Nield's full review
Pankaj KC profile photo
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use it to detect network risks and vulnerabilities to a reasonable and appropriate level. Using across the whole organization. It's also being used to comply with current legislation (security related logs should be recorded).
  • As for us, it casually integrated to AWS cloud and local infrastructures, in simple words easy to implement
  • Processes different types to logs using its very own inbuilt plugins and display it in an understandable manner for the non-technical users as well
  • Has its own very accurate correlation rules to generate alarms from the processed logs
  • Has an open threat intelligence community which can be integrated with the AlienVault account
  • In order to collect the system logs from various servers, it has an AlienVault agent that can be installed on the windows, MAC and Linux. It collects the various types of logs such as user activity, shell history, file integrity, etc., logs
  • Any suspicious alarm can be added as a ticket on its console and can be processed according to severity type.
  • Server and Network vulnerabilities details can be scanned through the USM.
  • Customizable dashboards view in the console makes easy to monitor logs from the different sources.
  • Events view can be customized according to the data source plugins.
  • USM has a feature of suppressing and filtering out the logs from the console. Suppression hides the logs from the console dashboard whereas filtering block the similar type of log entering the alienvault console which helps to reduce the storage usage
  • Asset Discovery: Maintains and scans dynamic asset inventory and software inventory for large scale organization
  • Security & Compliance Reporting: contains customizable reports for regulation standards and compliance frameworks
  • It uses sensors to collect data from different sources which results in extra cost for the sensor server
  • Support is very poor
  • It would be great if there was document to study on how can we identify and monitor suspicous logs
If you have a bigger organization that has a bigger network infrastructure which needs to be monitored in every aspect, then AlienVault USM is perfect for it. It automatically detects threats and sends out email notifications from which necessary actions can be taken. It has a correlation engine, which quickly detects and alerts on different variants of malware that can affect your organization. It provides full details on the attack method and strategy, the systems in the network involved in the attack (source and destination)with the geo-location, and the associated event that comprised the attack, along with response guidance.

Since it is very expensive I do not recommend it for small organizations it requires additional infrastructures to implement the AlienVault within the premise.
In the current scenario, threat actors are using more sophisticated tools, techniques and procedures to penetrate the organization networks, USM provides real-time log processing and notification alerts for the threats. With the help of threat intelligence, it can constantly harvest and process knowledge about different threat actors and severe external threats, such as APT (Advanced persistent threats). One example can be as follows:
  1. You have the list of domains that were visited from your organization employee
  2. You compare this list of domains with lists of malicious domains obtained from different OTX(open threat exchange pulse) providers that have already been posted on OTX.
  3. If a match is found, an alert is raised to take appropriate action.
  4. The same process is repeated at regular intervals to check all the new domains.
Read Pankaj KC's full review
Ariel Lucas Sandor profile photo
Score 8 out of 10
Vetted Review
Verified User
Review Source
We used AlienVault for 5 years in our PCI and non-PCI environment. AlienVault USM does nearly everything we need to detect threats we didn't know of. The setup was very easy with little deployment time. The price point is very competitive. The tools for data filtering that the appliance has been very powerful. It also comes with predefined PCI-DSS reports. The main problem we addressed is that sometimes the appliance gets slow when doing some particular queries.
  • Very easy to use. The UI is very intuitive.
  • Out of the box predefined reports that make the initial filtering easy.
  • Very easy to setup.
  • Sometimes it gets slow with large queries.
  • When the upgrading fails you have to debug extensively to know what happened.
  • When we massively add hosts, sometimes some of them are not added so you have to be careful.
It's a very nice solution for small and medium deployment scenarios (at least the on-premise version) with slow changes, also is very easy and fast to deploy. On bigger scenarios, it gets slow and a little bit hard to maintain. It's affordable so I would recommend it for small companies.
The solution automatically detects threats without so many configurations, so compared with other open source solutions, where the event correlation gets complicated and messy, this tool made our life easier. From day zero, we started detecting threat we didn't know of.
Read Ariel Lucas Sandor's full review
Brian Lindow profile photo
Score 9 out of 10
Vetted Review
Verified User
Review Source
AlienVault is our SIEM tool that addresses the enterprise looking for indications of compromise. This was a finding in an internal audit a few years ago so it follows more of a compliance requirement.
  • Active Directory login requests
  • Logs on the Domain Controls
  • Only showing alerts that have a high indication of compromise and reduces false positives.
  • Trimming of log files to stay within limits
  • Projecting any future storage costs from AlienVault
Well suited for a small InfoSec team that has limited time to manage the tool and respond to alerts. If you have a larger team that wants more detailed data that could be used for AppDev troubleshooting then a different products is probably better.
AlienVault has been more effective than tools that I have previously used for several reasons. One is the ease of install and use compared to other products that you end up turning off since they are too hard to use. Second, the infrastructure footprint is minimal since it is cloud-based and doesn't require extensive infrastructure time.
Read Brian Lindow's full review
Magdiel Hernandez profile photo
Score 5 out of 10
Vetted Review
Verified User
Review Source
We use AlienVault as our primary SIEM tool. Our SOC uses the tool to create alerts, monitor suspicious patterns, receive alerting, and investigate security incidents.
  • Creation of dashboards.
  • Creation of metrics that we utilize in our monthly reports.
  • We like the way alerts are being sent to us and the information they provide.
  • Their customer supports is the worst, and sadly this has been consistent every time we've had to reach out to them.
  • The account execs have ZERO flexibility regarding making deals and meeting us halfway.
  • The features do not work as advertised.
While is well suited if you are small organization starting a security practice, AlienVault fails to deliver when it comes to medium or large corporations, as there is very little flexibility from the tool to create alerts. Also, plugins in this time are definitely not the way to go.
It is not very good. I have detected many times when AlienVault is behind by a span of several hours when compared to other technologies, such as Crowdstrike or LogR.
Read Magdiel Hernandez's full review
Ryan Hart, MBA profile photo
July 29, 2019

Better than Splunk

Score 10 out of 10
Vetted Review
Verified User
Review Source
We used to monitor our web application, firewall, and our G Suite logs. AlienVault USM solves the problem of manually monitoring logs. We were able to filter our alerts to ignore known non-threatening behaviours. AlienVault USM also gave us a more efficient way to search our logs rather than viewing the raw log files in our data provider.
  • Easy to Install
  • Good use of filters
  • Great training
  • Good support documentation
  • Paying per GB of usage is not ideal
AlienVault USM provides good overall value and support. I am not a fan of on-prem monitoring hardware. Alien Vault USM has fantastic cloud-based monitoring solutions which we host in our cloud environment.
AlienVault USM is only as effective as you configure the filters and ensure your data is being digested. Provided those two items are being done, AlienVault USM is a FANTASIC vendor for monitoring our security.
Read Ryan Hart, MBA's full review
Daniel Jones profile photo
Score 9 out of 10
Vetted Review
Verified User
Review Source
AlienVault is being used for the Security Team to see all host and network traffic. This real-time SIEM is tuned to give us alarms we actually need to look at on a daily basis. This addresses anything from malware to network, system and email breaches.
  • Deployment with the sensors for USM anywhere.
  • Support
  • Responsive UI
  • Alien Apps
  • Agents offline
  • Easier agent deployment on host.
  • Quicker response from engineers and not just send engineers a document for the fix.
AV is beneficial for monitoring all hosts in an environment. I can't think of a scenario where it is less appropriate.
We had a lot of false positives at first, once we tuned it to get real-time alarms this is a great tool to have. We get threat intelligence from multiple systems we run in for our organization.
Read Daniel Jones's full review
Jeremy Wilkins profile photo
Score 7 out of 10
Vetted Review
Verified User
Review Source
Alienvault USM is being used to aggregate, inspect, and correlate both Windows/Linux logs and our Data Center network traffic. It is used exclusively by the SOC team for threat hunting and EDR.
  • VMWare Sensor deployment is very easy.
  • Dashboards are nice and clean.
  • Network monitoring and Syslog collector just work.
  • USM Anywhere does not support Netflow or any variation. SPAN and RSPAN are currently the only methods to monitor IP flows.
  • USM Anywhere tech support is lackluster. I have opened two tickets and struggled to receive knowledgeable technical assistance.
  • USM Anywhere does not do scheduled report delivery in any format. Reports are run on demand and must be printed to pdf for distribution.
Well suited for smaller SOC teams or lean IT departments. A self-driven admin with experience in networking and server administration can find all the resources needed online.
I started receiving actionable event and alarm data immediately upon deployment of my first sensor and a few agents. Root cause analysis is simplified by being able to drill down into Alarms and associated events.
Read Jeremy Wilkins's full review
Dana Williams profile photo
Score 5 out of 10
Vetted Review
Verified User
Review Source
Globally as a SIEM/FIM solution.
  • FIM with limits.
  • Vulnerability scans (with agents installed as opposed to "NXlog").
  • Dashboards.
  • Need to be able to comment on issues flagged by AlienVault so that other users may know what has been done for triage.
  • Single pane of glass, need to have a shared dashboard that is customizable.
I find AlienVaullt easy to use and the learning curve is less when compared to some of the other solutions available. This is especially important for small to medium-sized companies with small staffs. I think of it as what we need and not necessarily what we want in a solution.
The ability to comment on issues within the application is rather important as now I can 'label' an issue and assign to myself or others but cannot include what steps have been taken thus far. That means a separate email communication is necessary.
Read Dana Williams's full review
Stephen Squires profile photo
Score 9 out of 10
Vetted Review
Verified User
Review Source
AlienVault is deployed across the corporate infrastructure to centrally manage security logs on all servers via the agent. Sensors are deployed in the corporate network to monitor and scan workstations and servers for vulnerabilities and perform discovery scans for new systems on the network. The firewalls also supply syslogs to the sensors. Office 365 is monitored via an Azure sensor, along with Azure infrastructure.
Production systems are monitored using agents and a sensor.
  • Effective correlation of various log sources to provide useful alerts.
  • An agent provides detailed logs of events on every system, be it Windows, Linux, or MacOS, to the point you do not have to log in to each machine to review security logs.
  • Provides auto detection of log sources and effective mapping of the log data to key fields.
  • Pre-built alerts allow AlienVault to be effective right away. There's no need to spend days creating alerts for it to be usable.
  • Has powerful search capabilities once the logs are in AlienVault.
  • Has the ability to run queries on agent systems based on an alert trigger (eg. list of logged on users).
  • The biggest challenge is the deployment of the Agent. It requires logging onto each system and running the install script manually. You need a GPO or a scriptable way to push the agent.
  • We would like the ability to limit access to specific sensors for users that have been given access to AlienVault. Currently, if an analyst has access to AlienVault, they can see all data sources and logs.
  • We saw a lot of false positive results in the beginning, requiring a bit of tuning to suppress some rules.
  • There's no ability to suppress Vulnerabilities identified in the vulnerability scanning component.
The Office365 log management & searching is terrible using native Microsoft tools, plus you are limited to 90 days of logs retention in O365. AlienVault has great integration with Palo Alto FWs. The biggest point to note is that AlienVault is only designed for security logging. It is not designed to capture & search application logs, for example. It is not Splunk.
AlienVault is very effective in detecting O365 logins from multiple regions for the same users, allowing us to detect compromised accounts. The integrations with Palo Alto FWs allows the detection of users connecting to known C&C addresses.
Read Stephen Squires's full review
Ryan Collins profile photo
Score 8 out of 10
Vetted Review
Verified User
Review Source
Alienvault was selected as our SIEM solution to provide cutting-edge monitoring, analytics and alerting, and it has the added benefit of being able to conduct vulnerability assessments and provide endpoint detection and response. There is a lot of noise when deploying any SIEM solution, but Alienvault is unique in that it can be effective, practically right out-of-the-box, and anything required beyond that is satisfied by their great support team and available training. I have found that USM Anywhere can fill a critical gap in your security program, and I would recommend it for both small, medium, and large businesses.
  • Anomaly Detection and Identification
  • Digital Forensics/Incident Response
  • Log Correlation and Built-in Attack Signatures
  • Cloud Security Monitoring
  • Would be nice to have better error messaging, specifically around credential failures.
If you have a new, small company that needs effective monitoring and alerting right out of the box, I would say that AV has a lot less deployment and overhead than many SIEM solutions. That said, it can scale quite well and is particularly nice to operate when dealing with cloud infrastructure.
Due to the predefined correlation and orchestration rules, baked-in dashboards and reports, I would say it is a leader in providing effective threat detection and ROI within a very short period after deployment, from my experience.
Read Ryan Collins's full review
Francis Aghedo profile photo
Score 8 out of 10
Vetted Review
Verified User
Review Source
The USM is being used by the IT department as a SIEM, giving our organization a 360 view of what's going on in the network infrastructure, and more focus on the critical infrastructures which has been plugged-in to send all their log activities. The AlienVault USM has made it simple by the creation of plugins which makes it easier to express the logs in simple expression for easy understanding.
  • Large plugin base to accommodate different devices.
  • Easy to deploy.
  • Easy management.
  • Makes network monitoring and actionable steps clear and simple.
  • Updating the appliance to a newer version.
  • More control over which devices will be allowed to log into a database and which ones that should just appear, so that the database will not get filled up quickly.
Threat detection both on-premise and external, especially the feature of having the OTX, which comes in handy in giving more insight as to the threat being faced. The OSSIM feature is also a big plus where HIDS for windows and Linux based workstation and servers can be monitored. The correlation rules are made easy for any admin to easily manage.
AlienVault helps in:
- Threat insight through OTX.
- Network Intrusion Detection System.
- Host Based Intrusion Detecting Solution.
- Alienvault gives the ability to monitor up to 5 public IPs, which we use in knowing the hits trends to our network.
- The deployment steps are direct and easy.

Read Francis Aghedo's full review

Feature Scorecard Summary

Centralized event and log data collection (1)
8
Correlation (1)
8
Event and log normalization (1)
8
Deployment flexibility (1)
7
Custom dashboards and views (1)
6
Host and network-based intrusion detection (1)
7

About AlienVault USM

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.

Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.

Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.

Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.

AlienVault USM Features

Security Information and Event Management (SIEM) Features
Has featureCentralized event and log data collection
Has featureCorrelation
Has featureEvent and log normalization
Has featureDeployment flexibility
Has featureIntegration with Identity and Access Management Tools
Has featureCustom dashboards and views
Has featureHost and network-based intrusion detection
Additional Features
Has featureAlienVault Open Threat Exchange

AlienVault USM Screenshots

AlienVault USM Videos (2)

Watch AlienVault USM Anywhere: Five Essential Cloud Security Capabilities in a Single SaaS Platform

Watch See How We're Pushing the Outer Limits of Security

AlienVault USM Downloadables

AlienVault USM Competitors

Pricing

Has featureFree Trial Available?Yes
Has featureFree or Freemium Version Available?Yes
Has featurePremium Consulting/Integration Services Available?Yes
Entry-level set up fee?Optional

AlienVault USM Support Options

 Free VersionPaid Version
Phone
Email
Forum/Community
FAQ/Knowledgebase
Social Media
Video Tutorials / Webinar
Live Chat

AlienVault USM Technical Details

Deployment Types:SaaS
Operating Systems: Unspecified
Mobile Application:No
Supported Countries:Global