Reviews (1-25 of 195)
- AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the cloud) is quick and easy.
- Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response.
- USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice.
- With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon CloudWatch Logs.
- We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.
- More data tiers - something between 250GB and 500GB tiers, maybe break it down into 100GB tiers?
- Integration with OpsGenie would be great.
- AlienVault enables integration with external technologies, thereby broadening its scope and possibilities.
- AlienVault has a dashboard customization and reporting scheme that makes it flexible to query your data, allowing you to model the tool according to your needs.
- AlienVault will make you forget the need to consult some information on AWS Cloudtrail. It extracts the data from there and delivers in a much more efficient way.
- With a single tool you can monitor your cloud and on-premises environment.
- Their commercial policy on stored data makes you need to filter out some information before it is stored.
- Their new agent does not allow you to create local filters, which can easily lead to the overrun of monthly contracted storage limits.
- It does not allow you to create log analysis plugins. If it were allowed, it would be possible, for example, to create a plugin for analyzing the logs of an application created by your company.
- Single pane of glass solution for on-premises as well as for cloud environment.
- In-built Vulnerability Assessment.
- AlienVault's OTX community direct coNnectivity and sync for tool.
- New End point threat hunter by OTX.
- Process speed
- Have a better NetFlow visibility
- AlienVault USM Anywhere has a modern, user-friendly, and intuitive GUI, making it easy to use.
- AlienVault USM Anywhere is a cloud-based solution that is easy to deploy and easy to scale as well.
- On top of having built-in support with several technologies, AlienVault USM Anywhere has an API that allows you to develop additional plugins if necessary.
- Although they use machine learning, the algorithms that they use are graph-based. Their AI/ML capabilities could be improved a bit.
- The solution provides some compliance reports, but it does not generate reports with information such as... how many of what type of event happened this month. You can see this information on the dashboard, but it would be nice to be able to generate a report automatically.
Vulnerability Assessment and Remediation.
Threat and Malware Detection.
Log Management, Monitoring and Archiving.
Compliance Monitoring & Reporting
Being able to cover all the above aspects in one screen considerably reduces time and lets not forget money to quickly and effectivly solve security issues within the company and implemt fixes and reports as needed.
- SIEM - Real time logs allow you to quickly drill down into current issues in your network and filter out any noise
- Alarms - The alarms page shows all the current environmental awareness on the network and a quick report and ticketing system allows for ease of use. This again saves time and make you more effective at resolving issues and the ability to pass the tickets to the relevant department.
- OTX - The open threat exchange integrations enables the USM to use all the latest threat indicators to correlate against incoming threats without the need to manually add rules to your USM.
- Apps - AlienVault integrate with many apps already but there are plenty more to be added to allow further integration with other products.
- More ability to filter logs form other security platforms
- Enables integration with readily available software currently in use.
- Easily customizable to allow reporting for different functions and users within the organization.
- Reporting function for vulnerabilities as a check and balance with other tools utilized.
- Further integration with Enterprise tools.
- Rapid growth of product has led to some issues with implementation of alerts and false positives.
- Ability to report as needed takes some time for focusing and testing of reports.
- Log monitoring
- Centralized Reporting
- While it is fairly good, the integration with various IT systems could always improve - support more products and provide better documentation for tying them to AlienVault.
- The cost does jump quickly. While we've found AlienVault to be affordable for our small size, I would hope that the product continues to be within our reach for everyone's benefit.
- AT&T's ownership remains a concern. They do not have the best track record.
- AlienVault Unified Security Management (USM) delivers a unified, simple and affordable solution for threat detection and compliance. Powered by the latest AlienVault Labs Threat Intelligence and the Open Threat Exchange the largest crowd-sourced threat intelligence exchange, USM enables mid-size organizations to defend against modern threats.
- It is free. The best free SIEM out there. Possibly the only one.
- Every upgrade is a possible chance for re-building the system. About 80% of the time, the upgrade will break something so badly, you need to re-install and start from scratch.
- The system slows down considerably when a large number of events are fed in.
- The community is weak and there is rarely any input from the developers on the community to help out. So a lot of people try it out and then go somewhere else.
- While I think it is a great product, it seems to me like it is falling behind in the last few years. There are some more usable and better products in recent years that would make me buy them instead of AV USM.
- Up to this point, I have had no issues integrating with a system we currently have in production. while AlienVault stays on top with plugin updates.
- Te dashboard is very informative when you figure out how to navigate around it and tweaked to your organization needs.
- Correlation of events is probably my favorite as I normally only need to jump on the AlienVault dashboard to hammer down on network traffic/activity details.
- At times I do find navigating the dashboard for very specific functions to be difficult.
- For entry level security analysts or administrators I feel can get overwhelmed with the amount of data available from a single platform (in a good way)
- helpful to understand Linux for certain tasks
- The SIEM does a good job of correlating network data from multiple sources along with the Data from deployed HIDS
- The Nmap scan is fast and non-invasive that defines devices on your network.
- The vulnerability scanning has several options and reports to enable data to be available for compliance purposes.
- Walking through all the devices after a Nmap or device discovery scan can be tedious to get the data correct
- When deploying HIDS, it would be better if the system gave more detail as to the deployment error
- Offline updating of licenses can be a little time-consuming
- Compliance: For each compliance aspect in each standard, there's an AlienVault USM feature which helps compliance. For instance, in PCI DSS Compliance you require File Integrity Monitoring, and AlienVault USM has it. Every component of the standard gets covered by the product.
- Data handling: Event management can become cumbersome if not well handled. AlienVault USM classifies event information properly where it belongs to the data it's useful to you. When you export a report, you can filter out easily what you don't need, so you only extract valuable information.
- Asset availability: It is really handy to cover every aspect of your asset classification, events to come in, services each asset has, location, all of the information really helps to draw alarms properly.
- Vulnerability Scanner reporting: The reporting from the integrated scanner (OpenVAS) are really difficult to read. They could have done a better job by scraping the report or creating a custom report from the data of the scan. However, leaving the default report template from OpenVAS makes the report somewhat useless.
- Sometimes the local integration fails because of the scope of the tool. Let me elaborate on that: The OpenVAS scanner has certificated that expire within a year, and that makes the USM fail scans if you don't renew certificates yourself. They should have made them last at least 10 years. Same with Nagios, sometimes the integration fails and one doesn't know why unless you jailbreak it and find out in the logs for sure.
- They do not provide a standalone installation of the product, because they modified so much the Linux distribution, that it must always be deployed as a virtual machine or appliance, but not on your own server.
- Threat detection. AlienVault uses respected open source tools to detect threats.
- Threat intelligence. AlienVault constantly updates their threat intelligence feeds so they are never out of date.
- Complete visibility. AlienVault helps monitor the main 5 areas of security visibility.
- User interface can be very buggy and difficult to use.
- Many features seem unrefined as if they were implemented to be functioning good enough to use but are not fully tested or refined.
- Provides a simple, customizable dashboard to easily see the most important things going on in your environment.
- Goes beyond traditional SIEM by providing things like File Integrity Monitoring, IDS and Asset Management.
- Very simple integration with common cloud services (USM Anywhere only)
- From a volume perspective, if you have a ton of log data, it isn't the best tool for traditional SIEM activities.
- There is no migration from USM Appliance to USM Anywhere. You basically have to start over if you move some things to the cloud and want to capture that information.
- Deployment and Integration pretty easy and straightforward whether in AWS (Cloud) or the on-prem environment.
- Log aggregation, collection rules/Jobs easy to create.
- Notification s component working very well
- AWS Integration: in particular, monitoring of AWS resources is far away from ideal
- Vulnerabilities scanner requires root and administrative privilege in localhost, which is not acceptable.
- The sensors themselves generate millions of requests, which creates a lot of unnecessary noise to the systems and eventually "eating" traffic and expensive storage space
- It is easy to understand and use
- AlienVault USM is a product that works well for companies that do not have personal security insurance
- The system processes them in real time, correlates events and alerts
- The best thing about AlienVault USM is that it has all the tools in one place, vulnerability scanner, netflow, hides ..
- Unable to obtain information sometimes
- The limitation of reports
- SIEM - logging. AlienVault is easy to configure on the client side, and with a couple scripts, makes deployment a piece of cake.
- Vulnerability scanning. AlienVault helps us track which systems are most vulnerable to security issues so we can prioritize patching.
- Reporting. AlienVault generates useful and attractive reports.
- Some of the documentation could be improved and go more into depth, but support is helpful when the documentation falls short.
AlienVault ingests logs from our switches, routers, firewalls, servers and essential workstations. It combines uses the analysis of all of these elements using its correlation engine.
It also does a scan on a regular basis to identify vulnerabilities that exist on the network.
It has an integrated ticket system and asset management system but they are both, kind of, lacking in features.
- AlienVault's correlation engine is really well designed and it understands a large number of log types.
- AlienVault's open threat exchange is a great way to use the community to report new signatures for issues that are being seen in their environment.
- AlienVault's main screen UI is well designed and makes it very clear as to what issues need to be addressed first.
- AlienVaults published development to-do-list is a great feature that more companies need to employ. It is great seeing that features are being worked on and they do take input as to what features need to be added next.
- AlienVault's on-premise and cloud platforms use a completely separate software base and they don't seem to be getting the same attention from developers. They need to bring the two platforms together into one code base.
- AlienVault needs to enable integration with third-party utilities for ticketing and asset management. Neither the ticket system nor the asset management system is well featured, as such, they need to be able to integrate with other systems that have more features.
- AlienVault needs to add a true compliance scanner like Openscap.
- AlienVault needs to get their cloud solution Fedramp compliant.
Additionally, Administrators should employ some kind of vulnerability analysis system and Alienvault does an ok job with that.
However, as a complete SIEM solution Alienvault lacks the ability to do compliance checking and without using their cloud solution you cannot do an analysis of cloud-based applications.
- Easy to navigate UI
- Training classes to get you up to speed fast on the product
- Value "progress over perfection" seen very prominently in bugs while using the software
- Training classes do not properly prepare for the ASCE exam that is recommended for MSSPs to take
- Technical questions about deployment in a distributed environment not easily available. Normally have to schedule technical calls that can take a week to resolve.
- Ease of Initial Installation
- Range of products covered
- Cloud Alert Console
- Relevancy of Data/Alerting
- Adding additional plugins and applications can be difficult
- Extensive customization required to clear out white noise
We are using AlienVault as a collection point for our security and appliance logging to take advantage of its correlation engine to identify security concerns we might not otherwise notice.
We are able to run various reports as needed or schedule them to provide insight into various metrics such as account lockouts, vpn connectivity, etc.
- Log Correlation - continuously growing list of correlation rules to catch network and security concerns.
- Log searching - quick sorting / searching through all of our security events.
- HIDS - It is nice to be able to track multiple specific metrics or logs against servers using the HIDS agent.
- Difficult to configure.
- They include training when you purchase AlienVault - which I feel is necessary. The downside is the training is really split between implementation and use, where the value for end users is really just use. Staff probably need this training to get most out of implementation.
AlienVault USM: "More than SIEM: A whole Security Ecosystem which is easy to integrate, operate and use"
- AlienVault USM is based on well-known Open Source components, which each for itself, represents a quasi industry standard
- Integration into the existing infrastructure works like a charm. Basically you just need to roll-out an OSSEC client to each server or PC and you have already a pretty high coverage of security information and events. They immediately show up in the AlienVault Webinterface
- Due to the countless plugins, it is very easy to add network devices like firewalls, router, switches, but also servers running apache and the alike. You will just need to forward syslog and it will all appear in your AlienVault Webinterface
- The modular design of AlienVault USM in form of "deployable sensors", allows you to easily integrate different network segments, such as remote sites.
- As regular vulnerability scans are a must to understand which CVEs your infrastructure is exposed at, this becomes an easy task with AlienVault. They provide you with a set-and-forget approach for running regular scans. Additionally there are helpful hints to how to get more secure.
- Because AlienVault USM combines several well know components, you have to life with the fact, that they are not in their latest version, i.e. the integrated OSSEC, which should be replaced with the OSSEC-Wazuh fork instead.
- Due to the all-in-one approach, the solution is quite resource hungry. You have to have a decent machine to run it.
- The reporting module is nice, but sometimes it is quite a challenge to configure a custom report as you will only get the results you want after a trial and error run.
- Quickly reports unauthorized access attempts of our network.
- Provides insight to the possible internal breaches sending data out of our network.
- provides strong reporting on network resources.
- I would like to see an interface that is more menu driven. For example a method that allows me to drag and drop the items I would like in an adhoc report based on local machines that are attempting to connect to sites beyond our network that are blocked by our firewall.
- I would like to see a more robust connection to our SonicWall, having two devices in the same rack that must be configured independently is some times a pain to fine tune.
- I would like to see additional help files built that allow users to work with the Alienvault without attending formal training.
AlienVault USM Scorecard Summary
Feature Scorecard Summary
About AlienVault USM
AlienVault USM Anywhere is a cloud-based security management solution that promises to accelerate and centralize threat detection, incident response, and compliance management for cloud, hybrid cloud, and on-premises environments. The vendor says that USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physical IT infrastructure.
USM Anywhere aims to help you rapidly deploy sensors into your cloud and on-premises environments while centrally managing data collection, security analysis, and threat detection from the AlienVault Secure Cloud.
Five Essential Security Capabilities in a Single SaaS Platform
AlienVault says that USM Anywhere provides five essential security capabilities, giving you everything you need for threat detection, incident response, and compliance management, within one platform. With USM Anywhere, you can focus on finding and responding to threats, not managing software. USM Anywhere can readily scale to meet your threat detection needs as your hybrid cloud environment changes and grows.
- Asset Discovery
- Vulnerability Assessment
- Intrusion Detection
- Behavioral Monitoring
Try USM Anywhere in
your environment—free for the first 14 days.
AlienVault USM Screenshots
AlienVault USM Videos (2)
AlienVault USM Downloadables
AlienVault USM Support Options
|Free Version||Paid Version|
|Video Tutorials / Webinar|
AlienVault USM Technical Details