Reviews (1-25 of 385)
- Security event correlation.
- Security event alarms
- Security event investigations
- Potential vulnerability identification
- Log collection
- Users cannot share views across an organization.
- Views and reports could be more interchangeable.
- Descriptions of events are based upon each individual asset reporting and not a general grouping of events according to any framework or standards. This makes it difficult for the administrator/user as they would need to know each and every asset and their respective event descriptions.
- Extremely customizable and versatile product.
- Useful dashboard and UI is easy to navigate.
- Log plugins parse logs from a variety of sources into a readable format
- AlienApps provide out-of-the-box integration with other solutions.
- The product requires a considerable amount of time to set up.
- Setting up log filters in order to prevent USM from quickly running out of space is very time-consuming.
- The product will stop working if the logs run out of space. There is no way to set retention rules to automatically clean up old logs.
- Identifies possible spurious identify (Windows AD) changes and manipulation.
- Identifies installation of possible malware.
- Analyzed all activities and filters for only those with a potential negative security impact.
- Closing an Investigation does not close the attached alarms.
- Vulnerability Scanning interfaces/process is complicated to use.
- Vulnerability Scanning allows far too many assets to be specified at once, resulting in timeouts and ambiguous results.
- Consolidation of logs from various sources.
- Alerting on particular activities.
- Alerting on anomalous activities.
- Time consuming implementation that requires professional services.
- Pricing model based on the amount of data can be expensive.
- Training for the product is available, but at additional expense.
- Deployment is straight forward
- AlienVault USM forensic and response app is great. You can create rules to shut down, disable networking, etc. automatically if Windows becomes infected.
- AlienVault allows seamless integration with third-party products like Cisco, Office365 etc.
- A lot of false-positive alarms
- Vulnerability visibility and remediation
- Log management and compilation
- The vulnerability scanner could use some tweaking as I feel it isn't always working
- The integrations could use some more testing
- Endpoint detection notification with detailed logs
- Vulnerability detection
- Investigation tracking
- Endpoint protection agent rollout
- Vulnerability management historical tracking
- Endpoint tracking across DHCP infrastructure
It is very efficient as a supporting tool if SOC work is outsourced or the monitoring requirements are not very intense.
- Great documentation.
- Overall good support.
- Nice UI.
- UI can be wonky at times.
- Log search from the SIEM UI is quite troublesome as every filter applied performs the search again.
- Some features can stop working seemingly out of nowhere, requiring contacting support.
- Authenticated vulnerability assessment
- Authenticated asset discovery
- Incident response
- Log correlation
- Ability to do an external vulnerability assessment.
- User training awareness through the console for administrators to educate users.
- Allow more remediation options for administrators to endusers.
- Asset Discovery
- Network SPAN monitoring
- Event correlation of out-of-the-box directives and custom directives
- PCI DSS requirements fulfillment and reporting
- Appliance should have APIs so that data can be exported to smart dashboards and reports.
- Limitation of 1000 EPS in All-In-One is very less even for small to medium organizations.
- Email notification should be smarter and customization for better notifications
- It does a great job of correlating the traffic that it sees and compares it to Open Threat Exchange.
- It's easy to read and set-up.
- When looking at events from a destination IP, the USM doesn't show you the total number of these until you find the last page. It just says "XXXX of 4,000,000".
- Lots of ability to generate reports.
- Solid appliances ingest many sources.
- Default settings are a bit esoteric and require outside expertise for optimization.
- AI isn’t really catching as much as I thought it would.
- Simple UI
- Easy to use, even if you are not used to it
- It makes everything simpler to monitor.
- Difficult to get the files in the forensic area
- The investigations could be more user-friendly, or it could apply some AI to be quicker.
We also implement and manage AlienVault USM deployments for clients as our recommended SIEM solution.
- Ease of deployment and quick to get operating.
- Wide range of plugins and log receivers to ingest logs from many sources.
- Simple interface and dashboard makes daily operation quick and easy.
- Custom notification templates can be limited - it is not easy to get custom email alert content for example.
- Some network configuration on premise is needed to take full advantage of NIDS (port/traffic mirroring for example).
- Vulnerability scanning and reporting can be a bit sparse if you are used to the likes of Nessus.
While it works with fully on-premise deployments (Exchange, file server etc), additional configuration for log correlations and alerting will likely be needed. Also for complex networks, getting the required port mirroring to ingest all network traffic can be difficult.
1) Logging aggregation and actionable insights using log correlation.
2) Threat hunting & intel.
3) Vulnerability management and validation of our separate patch automation software.
4) Security orchestration.
5) Asset discovery and inventory management.
- Log Correlation: The engineers at Alienvault/AT&T Cybersecurity have included a great integrated rule set (which continues to grow) to save analysts time on combing through logs and instead executing threat hunts, investigations, and remedial activities.
- Single pane-of-glass for all security activities from the convenience and efficiency of a SaaS web console, being that USM has deep integrations with over a dozen major software platforms (Office 365, GSuite, ZScaler, Box, etc.) and what they call plugins which interpret log and SIEM data from hundreds of vendors and platforms like Meraki, CrowdStrike, Aruba switches and AP's, etc.
- Great value! You can pay the same or more for other big name SIEM vendors that offer less features than this platform. Plus, even if you begin ingesting too much log data, you can filter specifics types of logs (for example, ones that have no impact to security) to bring data ingestion in line with your subscription level. The onboarding team did a great job in right-sizing our subscription plan, so this hasn't been a problem.
- Vulnerability scanning is currently done by authentication into the host over the network, even when the AlienVault USM agent is installed on an endpoint. It would be nice to have near-real-time vulnerability information provided via the agents. This would also delete the need for specially-configured remote-access admin service accounts on endpoints, which is just another account that has to be administered, namely password management and auditing for potential abuse and compromise.
- Endpoint agent support for ARM architecture is just starting to get going -- wide availability across Linux and MS Windows/Server platforms won't be available until possibly circa mid-2021. Fortunately, at least general asset scan info, authenticated vulnerability scans, etc. still provide a good deal of security inspection into these devices.
- Making some UI settings persist across logins on the web console is still lacking. Would also be nice to change a "detailed view" to icons/thumbnails/tiles. UI is very efficient in some aspects but frustrating in others.
A MSP and especially MSSP would do well with this while organizations that pay for MSSP services might not need AlienVault USM.
- Easy intergration using APIs
- Bespoke alarm configuration
- OTX database
- Needs to be fine tuned to get any valuable insight
- Requires alot of resourses when running in VMs
- Cost makes it hard to sell to smaller buisnesses
The system may slow down considerably when a large number of events/logs are fed in the dashboard, so ensure there is enough storage each month.
- The system is intuitive and easy to navigate.
- Integration with key services like AWS and other cloud applications is crucial.
- Links to MITRE, root cause, and remediation recommendations is also a very nice feature.
- Difficult to configure for initial set up.
- Key features like alarms for brute force attacks or malware should be automatic instead of needing to be created and configured.
- Remediation should be taken one step further past recommendations to actual solutions able to be purchased or assisted by AlienVault.
- Great log aggregation and management tool.
- Great intrusion detection and investigation tool.
- Very easy to set up and get it going in a very few steps.
- AlienVault can look into providing log collection methods other than using a sensor.
- AlienVault USM capabilities should be replicated to AlienVault OSSIM except that with OSSIM there wouldn't be any support.
- AlienVault offers Rule Creation which helps in testing out new implementations such as alarm suppression, event suppression, etc.
- AlienVault is easy to navigate. At first, I was kinda confused watching my teammates use it but the more I spend my time with AlienVault the more I appreciate its features.
- For me, I really appreciate the filters. I can filter out events specifically, which reduces time spent on looking for a particular event.
- I think adding multiple events in the investigation would really help.
- When opening an alarm, I hope we could just open the events on another tab directly.
- Event filtering is intuitive.
- Investigations are well-integrated and provide useful event and alert aggregation for review and analysis.
- Dashboards have plenty of colors and graphs to please management.
- The ability to save (event) views saves a lot of time.
- The session timeout is veiled and I've lost work typing notes into the window of an expired session unknowingly.
- It does not process eStreamer.
- It cannot parse the "blocked" field in source fire logs so you can't see if IDS events are blocked or not.
- Sometimes performance lags.
AlienVault USM Scorecard Summary
Feature Scorecard Summary
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Screenshots
AlienVault USM Videos (2)
AlienVault USM Downloadables
AlienVault USM Competitors
AlienVault USM Pricing
- Has featureFree Trial Available?Yes
- Has featureFree or Freemium Version Available?Yes
- Has featurePremium Consulting/Integration Services Available?Yes
- Entry-level set up fee?Optional
AlienVault USM Support Options
|Free Version||Paid Version|
|Video Tutorials / Webinar|
AlienVault USM Technical Details