Reviews (1-25 of 367)
- AlienVault USM is simple and easy to deploy. Sensors can be deployed in as little as 15 minutes through the setup wizard.
- The USM UI is easy to understand. I've trained multiple analysts who are able to perform their duties on their first day, in part because of USM Anywhere's ease of use.
- Top-notch built-in compliance templates and reporting features.
- Filtering using built-in search statements is difficult to pick up and run with.
- When creating custom rules for reports, there can be too many options, and often have little use for the task at hand.
- You sometimes need product-specific knowledge, like AlienVault field names, to find the information you're after.
USM Anywhere is well suited to mid-size enterprise environments operating in the cloud. USM Anywhere is also well suited to enterprises whose operations teams require easy deployment and management. Last, USM Anywhere is considered a highly affordable option compared to competitors.
USM Anywhere lags competitors in several areas, such as application monitoring, database monitoring, and integrations with third-party solutions such as cloud access security brokers (CASB), DAM, DAP, and DLP.
- Asset Discovery
- Network SPAN monitoring
- Event correlation of out-of-the-box directives and custom directives
- PCI DSS requirements fulfillment and reporting
- Appliance should have APIs so that data can be exported to smart dashboards and reports.
- Limitation of 1000 EPS in All-In-One is very less even for small to medium organizations.
- Email notification should be smarter and customization for better notifications
- Alienvault USM is THOROUGH. We have a highly integrated workspace that's most SAAS, and I monitor those integrations and their security with AV. If I am trying to track the uptime of a laptop, I don't go to VPN or our Directory Services... I go to AV.
- As I mentioned before, we use Sophos to protect our laptops. If a questionable file shows up on someones laptop, I hear about it from AlienVault before I hear about it from our Sophos service.
- The OTX Pulse feature is a built-in feature that lets you subscribe to industries and you are notified about new threats that affect that industry on a daily basis. The pulse alerts are added to your AV watchlist.
- Personally, I've wished I could purchase a service that would configure AV for my environment. I get a lot of traffic on a daily basis and I almost need to hire an analyst that just works on AV.
- Some of the filters when looking for a specific alert aren't that easy to use.
- It does a great job of correlating the traffic that it sees and compares it to Open Threat Exchange.
- It's easy to read and set-up.
- When looking at events from a destination IP, the USM doesn't show you the total number of these until you find the last page. It just says "XXXX of 4,000,000".
- Lots of ability to generate reports.
- Solid appliances ingest many sources.
- Default settings are a bit esoteric and require outside expertise for optimization.
- AI isn’t really catching as much as I thought it would.
- With the Open Threat Exchange, AlienVault USM Anywhere is able to quickly identify emerging indicators of compromise and alert on threats as they arise.
- We've found the improvements in the authenticated vulnerability scanning engine to reduce the number of false positives and increase the integrity of vulnerability reports.
- Speed of deployment is a strength, particularly with the AlienVault agent which utilizes os query to collect typically important data.
- Alien apps provide us with the ability to integrate third party security packages and swiftly take action on alarms.
- More Alien app integrations with emerging EDR solutions would be useful.
- A catalogue of commonly filtered events would make on-boarding much quicker and easier.
- Simple UI
- Easy to use, even if you are not used to it
- It makes everything simpler to monitor.
- Difficult to get the files in the forensic area
- The investigations could be more user-friendly, or it could apply some AI to be quicker.
- It's a decent log aggregator.
- Does correlation between events well, if set up correctly.
- Control on attribute mapping within USM Anywhere or fully disclose the mappings between ingested raw logs and attributes those values map to, in order to be searchable, and give power to the end user to create meaningful alerts and queries for the right content.
- Notifications for alerts tend to lack the essentials to make a determination off of the email. Often times alerts within cloud products are benign and part of the user experience and behavior, but get classified as violations, because they meet the criteria of equivalent alerts that are actionable.
- Integration with G-suite and AD
- AlienVault agents that come free of extra charge are valuable
- Automated scans
- Updating the agents is not straight forward
- Agents some time go offline for no apparent reason
- AlienVault USM has the potential to identify the attack patterns by the traffic events through their sensors which is already built-in with their own correlation rules.
- USM Anywhere sensor reduces the load for SOC analyst on writing the new set of rules.
- And also provides an option for slack integration which myself felt very nice for an immediate action.
- When we talk about the forensics investigation the user interface and experience is not that great as expected, when we sent an alarm/event for investigation it doesn't provide any investigation results.
- The USM sensor doesn't have the capability of handling more jobs, It does restarts the sensor if certain limit of jobs are configured
- The log reports are not getting downloaded when we try to attempt via safari browser
- Correlate logs from different sources into actionable intelligence.
- Provide an easy to use interface to interact with Alarms and Events.
- Integrate with our alerting tools to make sure when an incident is happening, the right people know about it quickly.
- Being able to make custom plugins for internal tools.
- Being able to have a webhook plugin to send logs directly to the cloud appliance.
- Make the management of suppression rules better. Maybe include a suppression rule visualizer to make sure your suppression rule is doing exactly what you would like it to do.
It is not appropriate if you are looking to easily be able to customize the tool. A lot of the options you have with tools like Splunk are just not here.
- Intelligence updates from the Alienvault community and security pros.
- Writing of threat detection rules and ingestion parsing for different devices.
- Vulnerability scanning.
- Asset management is done purely by IP unless using the agent.
- Agent installs and updates can be a bit flakey, and on occasion use lots of resources.
- It raises the alarms/notifications at the same moment it happens.
- The correlation job is wonderful. It correlates all the events and checks with the vuln also.
- The pcap is not available in USM Anywhere, where it was available in the USM appliance.
- I feel at times that the correlation is quite slow.
- AlienVault offers Rule Creation which helps in testing out new implementations such as alarm suppression, event suppression, etc.
- AlienVault is easy to navigate. At first, I was kinda confused watching my teammates use it but the more I spend my time with AlienVault the more I appreciate its features.
- For me, I really appreciate the filters. I can filter out events specifically, which reduces time spent on looking for a particular event.
- I think adding multiple events in the investigation would really help.
- When opening an alarm, I hope we could just open the events on another tab directly.
- Event filtering is intuitive.
- Investigations are well-integrated and provide useful event and alert aggregation for review and analysis.
- Dashboards have plenty of colors and graphs to please management.
- The ability to save (event) views saves a lot of time.
- The session timeout is veiled and I've lost work typing notes into the window of an expired session unknowingly.
- It does not process eStreamer.
- It cannot parse the "blocked" field in source fire logs so you can't see if IDS events are blocked or not.
- Sometimes performance lags.
- It is easy to deploy and get logs into the dashboard
- Integrations with Office 365 is pretty seamless and provides great context.
- Super easy to increase storage tiers if you find yourself adding more and more log sources.
- USM Anywhere doesn't allow you to multi-home sensors. So if you have non-routable networks, you'll need to investigate the on-premise solution too.
- You have to be on top of tuning else a constant stream of alerts will cause your SOC staff to begin ignoring alarms.
- You have to be on top of tuning else you'll eat your allotment of storage for that month. It is really easy to exceed your storage quota if you don't proactively monitor log sources. USM could do a better job letting you know if a log source is too chatty.
- Easy to use rules, events will pre-populate fields for alarm rules allowing for quick creation
- Friendly interface with logical layout of settings and options
- Some room to improve the scaling of sensors. Sensors struggle to handle millions or events which results in dropped events in large environments
- USM is upgraded automatically and there is no way to control when your instance is upgraded. This can result in bugs in features without any way to test and control
- Co-relation engine helps where we don't have to spend hours writing rules.
- As a SaaS solution we don't worry about maintaining the system.
- OTX integration
- Having more parsers and AlienVault app. Also, updates the log parsers continuously.
- Option to the users to purge selective data.
- Better Reporting & GUI interface.
- The ability to ingest and parse logs across systems and then correlate the activity.
- The filtering of millions of events to discover the details you need to find is intuitive and powerful.
- Agents should be deployable directly from the console, without manually logging into servers to run scripts.
- More Alien App integrations should be developed for additional popular products.
AlienVault USM is the best in 3 categories compared to other tools on the market:
1. cost - traditional SIEM solutions include license, implementation costs, and renewal costs and additional training costs. Enterprise should consider SIEM as long-term investments in overall cybersecurity.
2. poor correlation rules - one SIEM problem enterprise faces is failing to maintain proper event correlation information. This solution works on threat intelligence to potentially detect threats.
3. ease of use - complexity remains one of the most commonly referenced SIEM problems. This SIEM solution possesses a user interface that works best for an IT security team and environment.
- Correlation Directives - USM has 3000+ default directives, which reduces time and man-power.
- SOC building is much quicker and can be complete in 3 months, which is very difficult with other tools that are currently in the market.
- Yearly subscription of USM product is equal to 3-4 months of others currently in market
- OTX pulse is the world's biggest forum, which helps in threat hunting and management.
- Less involvement of man-power and cost
- Raw log feature is a little slow with limited features
- Very few, infrequent updates
- Backup log is not effective and not easy
- Storage issues
AlienVault USM is less appropriate: HIDS disconnection sometimes, backup, updates will face and restore of logs might be big trouble.
AlienVault USM Scorecard Summary
Feature Scorecard Summary
About AlienVault USM
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Screenshots
AlienVault USM Videos (2)
AlienVault USM Downloadables
AlienVault USM Competitors
- Has featureFree Trial Available?Yes
- Has featureFree or Freemium Version Available?Yes
- Has featurePremium Consulting/Integration Services Available?Yes
- Entry-level set up fee?Optional
AlienVault USM Support Options
|Free Version||Paid Version|
|Video Tutorials / Webinar|
AlienVault USM Technical Details