AlienVault USM Reviews

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener noreferrer'>Customer Verified: Read more.</a>
631 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 7.8 out of 100

Do you work for this company? Manage this listing

TrustRadius Top Rated for 2019

Overall Rating

Reviewer's Company Size

Last Updated

By Topic

Industry

Department

Experience

Job Type

Role

Reviews (1-25 of 367)

Matthew Stacks | TrustRadius Reviewer
November 27, 2019

AlienVault USM Anywhere

Score 6 out of 10
Vetted Review
Verified User
Review Source
Our organization provides multiple security services to clients. These services fall into three broad categories: Offensive consulting services, such as penetration tests and vulnerability assessments; Defensive consulting services, like digital forensics and incident response; and security operations, which consist of continuous network and endpoint security monitoring and threat detection. AlienVault USM is one of the many solutions used to perform security operations for our clients.
  • AlienVault USM is simple and easy to deploy. Sensors can be deployed in as little as 15 minutes through the setup wizard.
  • The USM UI is easy to understand. I've trained multiple analysts who are able to perform their duties on their first day, in part because of USM Anywhere's ease of use.
  • Top-notch built-in compliance templates and reporting features.
  • Filtering using built-in search statements is difficult to pick up and run with.
  • When creating custom rules for reports, there can be too many options, and often have little use for the task at hand.
  • You sometimes need product-specific knowledge, like AlienVault field names, to find the information you're after.
AlienVault Unified Security Management (USM) Anywhere is a cloud-based security information and event management solution that provides effective and affordable threat detection, incident response, and compliance management capabilities.

USM Anywhere is well suited to mid-size enterprise environments operating in the cloud. USM Anywhere is also well suited to enterprises whose operations teams require easy deployment and management. Last, USM Anywhere is considered a highly affordable option compared to competitors.

USM Anywhere lags competitors in several areas, such as application monitoring, database monitoring, and integrations with third-party solutions such as cloud access security brokers (CASB), DAM, DAP, and DLP.
Read Matthew Stacks's full review
Naveen Sharma | TrustRadius Reviewer
March 13, 2020

Cybersecurity--Not "un"-achievable

Score 8 out of 10
Vetted Review
Reseller
Review Source
Talos Cybersecurity is an MSSP providing Managed Detection and Response services to our clients. For this, we use AlienVault USM on-premises. It is very easy to deploy and setup and starts providing value as soon as it is plugged into the network. All the needs of asset discovery, file integrity, monitoring of critical assets, vulnerability detection, and SIEM ready to plug and play on the initial setup. A long list of plugins helps to integrate SIEM with a variety of products. Also, it is quite easy to develop new plugins and modify the existing plugins. Being an MSSP enables each analyst to handle multiple incidents in a short span of time as the product correlates major information before any need for human intervention.
  • Asset Discovery
  • Network SPAN monitoring
  • Event correlation of out-of-the-box directives and custom directives
  • PCI DSS requirements fulfillment and reporting
  • Appliance should have APIs so that data can be exported to smart dashboards and reports.
  • Limitation of 1000 EPS in All-In-One is very less even for small to medium organizations.
  • Email notification should be smarter and customization for better notifications
Being a great option for large organizations, AlienVault USM is very well suited for small companies as well. Since most cybercrimes are targeted at small companies, which lack funding for cybersecurity setup, AlienVault USM with its pricing model is well suited for all sectors of companies.
Read Naveen Sharma's full review
Xiaotong Song | TrustRadius Reviewer
February 27, 2020

AlienVault USM is quite cost effective.

Score 8 out of 10
Vetted Review
Verified User
Review Source
AlienVault USM is one of the tools that we use across the entire organization. It is used to monitor the traffic in our cloud infrastructure and also allows us to centralize the login information in one place, which is the AlienVault Secure Cloud. If there is a triggered alarm for suspicious traffic, it will track that.
  • Ability to identify issues
  • Reduces workload
  • No auto-investigation
  • Multitasking ability
AlienVault USM is well suited for an organization in which the security team is fairly small or an organization that does not have a specialized security team. The AlienVault USM allows such a team to monitor the traffic and threats without a huge initial investment in the infrastructure and without worrying about tuning.
Read Xiaotong Song's full review
Christian Holton | TrustRadius Reviewer
November 01, 2019

AlienVault USM for SMB? Sure, if you have the time or don't mind a lot of emails.

Score 8 out of 10
Vetted Review
Verified User
Review Source
We use AlienVault across the org, with accumulator appliances in two offices and in our cloud infrastructure. These devices are syslog targets and are used to scan traffic in each location. In addition, I also have deployed the AlientVault USM agent script to all servers and user systems. AlienVault sometimes notifies me of problems within integrated systems such as Sophos before that service itself. Notifications as simple as an improperly configured SSH config or something as significant as signs of SPECTRE traffic are delivered to my inbox so I may deal with these alerts ASAP.
  • Alienvault USM is THOROUGH. We have a highly integrated workspace that's most SAAS, and I monitor those integrations and their security with AV. If I am trying to track the uptime of a laptop, I don't go to VPN or our Directory Services... I go to AV.
  • As I mentioned before, we use Sophos to protect our laptops. If a questionable file shows up on someones laptop, I hear about it from AlienVault before I hear about it from our Sophos service.
  • The OTX Pulse feature is a built-in feature that lets you subscribe to industries and you are notified about new threats that affect that industry on a daily basis. The pulse alerts are added to your AV watchlist.
  • Personally, I've wished I could purchase a service that would configure AV for my environment. I get a lot of traffic on a daily basis and I almost need to hire an analyst that just works on AV.
  • Some of the filters when looking for a specific alert aren't that easy to use.
AlienVault is an amazing product. The only reason my rating isn't higher is that most of my colleagues work for smaller businesses where the IT staff is less than 5 people. There are a lot of moving parts to AlienVault and it is almost another job. Folks in my circle of colleagues, for the most part, don't have the bandwidth that AlienVault demands.
Read Christian Holton's full review
Anthony Guynes | TrustRadius Reviewer
January 28, 2020

AlienVault USM Review

Score 8 out of 10
Vetted Review
Verified User
Review Source
We use USM to monitor our organization and we deploy it to our customers so we can monitor them with our NSOC.
  • It does a great job of correlating the traffic that it sees and compares it to Open Threat Exchange.
  • It's easy to read and set-up.
  • When looking at events from a destination IP, the USM doesn't show you the total number of these until you find the last page. It just says "XXXX of 4,000,000".
For the price, AlienVault has a lot of reporting dashboards and plugins that make it a very valuable SIEM. It also has very good scalability, so whether you have a large organization or a small business, there is a solution for you. The USM is also very user-friendly which lets you be able to start monitoring right away.
Read Anthony Guynes's full review
John Keenan | TrustRadius Reviewer
January 27, 2020

AlienVault appliance review

Score 7 out of 10
Vetted Review
Verified User
Review Source
We use AlienVault USM as the SIEM for a large healthcare organization with numerous disparate sites and a small security team. We also employ a SOCaaS to help optimize and monitor for 24x7 operations.
  • Lots of ability to generate reports.
  • Solid appliances ingest many sources.
  • Default settings are a bit esoteric and require outside expertise for optimization.
  • AI isn’t really catching as much as I thought it would.
This is well suited to small organizations that need a SIEM but can’t justify Splunk or LogRhythm.
Read John Keenan's full review
Nathan Manzi | TrustRadius Reviewer
December 06, 2019

The most approachable threat management system!

Score 10 out of 10
Vetted Review
Reseller
Review Source
As an MSSP our company utilizes AlienVault USM Anywhere to provide our customers with best-in-class threat monitoring and response services.
  • With the Open Threat Exchange, AlienVault USM Anywhere is able to quickly identify emerging indicators of compromise and alert on threats as they arise.
  • We've found the improvements in the authenticated vulnerability scanning engine to reduce the number of false positives and increase the integrity of vulnerability reports.
  • Speed of deployment is a strength, particularly with the AlienVault agent which utilizes os query to collect typically important data.
  • Alien apps provide us with the ability to integrate third party security packages and swiftly take action on alarms.
  • More Alien app integrations with emerging EDR solutions would be useful.
  • A catalogue of commonly filtered events would make on-boarding much quicker and easier.
AlienVault USM Anywhere is well-suited for the mid-market to enterprise space, providing a mature suite of cybersec solutions in a single package.
Read Nathan Manzi's full review
Alan Yair Villaseñor Cervantes | TrustRadius Reviewer
March 18, 2020

AlienVault is amazing

Score 8 out of 10
Vetted Review
Reseller
Review Source
We are using AlienVault USM to monitor our whole network. We then sell to and manage the app for clients.
  • Simple UI
  • Easy to use, even if you are not used to it
  • It makes everything simpler to monitor.
  • Difficult to get the files in the forensic area
  • The investigations could be more user-friendly, or it could apply some AI to be quicker.
AlienVault USM is well suited if you want to get a SIEM to monitor your network, because it is easy to use and easy to deploy.
Read Alan Yair Villaseñor Cervantes's full review
Jeremy Cejka | TrustRadius Reviewer
November 13, 2019

AlienVault USM for Small Business

Score 4 out of 10
Vetted Review
Verified User
Review Source
The business problem it addresses is derived from governance and compliance set by the USG and the DFARS regulations to have a SEIM. I have experience with paid products such as QRADAR and Splunk, and open source products such as Graylog/Elk/Wazah/security_onion. This is a department tool to consume the whole organization's security related data. We currently use it as the SEIM.
  • It's a decent log aggregator.
  • Does correlation between events well, if set up correctly.
  • Control on attribute mapping within USM Anywhere or fully disclose the mappings between ingested raw logs and attributes those values map to, in order to be searchable, and give power to the end user to create meaningful alerts and queries for the right content.
  • Notifications for alerts tend to lack the essentials to make a determination off of the email. Often times alerts within cloud products are benign and part of the user experience and behavior, but get classified as violations, because they meet the criteria of equivalent alerts that are actionable.
To be honest, AlienVault is run of the mill. I can get more power out of Gralyog/ ELK and pay for the threat exchanges they have, and still have complete control over how my SIEM works for me. AlienVault USM isn't a bad product, but as an end user you give up too much control and get little back from the company when it comes to attribute mapping. Also not a fan of the updates the break my appliance for a couple days. Which falls in the category of control. I think USM is a good starter for small companies needing SIEM where resources otherwise prohibit having someone/something better. As businesses grow and compliance becomes more instituted, the businesses need may be very unique where AlienVault may not be able to satisfy the burden of their specific SIEM needs.
Read Jeremy Cejka's full review
Babak Oskouian | TrustRadius Reviewer
November 06, 2019

AlienVault Review

Score 7 out of 10
Vetted Review
Verified User
Review Source
We use it across the organization but not every plan is included mainly because of limited storage. We do vulnerability scanning, traffic analysis, and SIEM.
  • Integration with G-suite and AD
  • AlienVault agents that come free of extra charge are valuable
  • Automated scans
  • Updating the agents is not straight forward
  • Agents some time go offline for no apparent reason
Because of the price and the fact that it does much more than just SIEM, it has been very valuable to us, however, a redo of the GUI might be in order as it is old and somewhat not very intuitive.
Read Babak Oskouian's full review
Ranjith R | TrustRadius Reviewer
October 25, 2019

Review for AlienVault USM Anywhere AWS and GCP Approaches

Score 7 out of 10
Vetted Review
Verified User
Review Source
We have procured AlienVault USM Anywhere for Monitoring and Triggering alarms/notification on the suspicious traffic and attacks. It is being used within the infosec/infra department to take necessary actions on the security events. It majorly helps us to find the real-time attack and traffic events to our organisational assets and also it helps us on finding the vulnerabilities on a specific asset.
  • AlienVault USM has the potential to identify the attack patterns by the traffic events through their sensors which is already built-in with their own correlation rules.
  • USM Anywhere sensor reduces the load for SOC analyst on writing the new set of rules.
  • And also provides an option for slack integration which myself felt very nice for an immediate action.
  • When we talk about the forensics investigation the user interface and experience is not that great as expected, when we sent an alarm/event for investigation it doesn't provide any investigation results.
  • The USM sensor doesn't have the capability of handling more jobs, It does restarts the sensor if certain limit of jobs are configured
  • The log reports are not getting downloaded when we try to attempt via safari browser
It is well suited for a Cloud environment like AWS and Azure, since GCP is a new player in cloud, AlienVault has to improve a lot in terms of support with the data and log sync of instance asset mapping and sensor capability to handle more jobs to get out of unavailability issue among other competitors like Splunk, Sumo Logic and LogRhythm
Read Ranjith R's full review
Cory Watson | TrustRadius Reviewer
October 14, 2019

Not very customizable but provides a lot of value for less.

Score 8 out of 10
Vetted Review
Verified User
Review Source
We use it to monitor security logs across our various SaaS apps. It is the central hub for our security incident program. It is primarily being used by our Information Security Department. This tool addresses our need to be able to make actionable decisions, across various SaaS platforms, from a single pane of glass.
  • Correlate logs from different sources into actionable intelligence.
  • Provide an easy to use interface to interact with Alarms and Events.
  • Integrate with our alerting tools to make sure when an incident is happening, the right people know about it quickly.
  • Being able to make custom plugins for internal tools.
  • Being able to have a webhook plugin to send logs directly to the cloud appliance.
  • Make the management of suppression rules better. Maybe include a suppression rule visualizer to make sure your suppression rule is doing exactly what you would like it to do.
It is well suited for a small security team that does not have all the time in the world to set it up, tune it, and babysit it.

It is not appropriate if you are looking to easily be able to customize the tool. A lot of the options you have with tools like Splunk are just not here.
Read Cory Watson's full review
Fintan O'Meara | TrustRadius Reviewer
October 09, 2019

Immediate ROI with little out of the box configuration to get started.

Score 8 out of 10
Vetted Review
Verified User
Review Source
Alienvault USM is used by the internal IT department to monitor activity from lots of different sources across the organisation. From O365 and Azure, AWS, on-premises servers and network equipment, and others we track vulnerability status, correlate unusual activity and monitor for IOCs from Alienvault's Intelligent Cloud.
  • Intelligence updates from the Alienvault community and security pros.
  • Writing of threat detection rules and ingestion parsing for different devices.
  • Vulnerability scanning.
  • Asset management is done purely by IP unless using the agent.
  • Agent installs and updates can be a bit flakey, and on occasion use lots of resources.
Good out of the box product, not a huge amount of configuration required to get up and running, though constant tuning is and should be required. Good integrations available, though if you have a lot of experience security analysts in your organisation there are probably more powerful tools out there, they just require you do most of the correlation and detection rules yourself.
Read Fintan O'Meara's full review
Atul Jain | TrustRadius Reviewer
December 31, 2019

Amazing Experience With USM Anywhere

Score 10 out of 10
Vetted Review
Verified User
Review Source
AlienVault has been implemented across the whole organization. We monitor and raise the alarms/alerts and reach out to the end user/business for mitigation. It addresses all kinds of network-related activities, not limited to third-party chat applications, torrent connectivity, P2P connections, etc.
  • It raises the alarms/notifications at the same moment it happens.
  • The correlation job is wonderful. It correlates all the events and checks with the vuln also.
  • The pcap is not available in USM Anywhere, where it was available in the USM appliance.
  • I feel at times that the correlation is quite slow.
AlienVault USM Anywhere is easy to handle. The event logging, alarms, etc. are perfectly logged. Raising alerts is handy.
Read Atul Jain's full review
Anonymous | TrustRadius Reviewer
March 12, 2020

AlienVault USM for Investigation Efficiency

Score 8 out of 10
Vetted Review
Verified User
Review Source
AlienVault USM is used by the Cyber Security Team of the company as a SIEM. Basically we use it for our investigation by utilizing the events and alarms section. AlienVault is actually easy to use and understand. It helps in making the investigation process a lot more efficient. It also provides Threat Intelligence that helps identify which of the alarms we should prioritize.
  • AlienVault offers Rule Creation which helps in testing out new implementations such as alarm suppression, event suppression, etc.
  • AlienVault is easy to navigate. At first, I was kinda confused watching my teammates use it but the more I spend my time with AlienVault the more I appreciate its features.
  • For me, I really appreciate the filters. I can filter out events specifically, which reduces time spent on looking for a particular event.
  • I think adding multiple events in the investigation would really help.
  • When opening an alarm, I hope we could just open the events on another tab directly.
Some alarms from the AlienVault NIDS still lack the information we need to fully identify whether or not the alarm is a legitimate attack or not. I'm not sure but it would help if we are able to see events prior and after the alarm to at least have an idea of what's going on. Also, the associated events really helps, but it doesn't consider all the events related to that particular alarm. Although I understand that it's impossible to do that but it would be best if we can be redirected to the events page where all the associated events are included as well as the events prior and after those for a specific amount of time. Since once we deal with a very large number of events, it's kind of hard to investigate since all we can see are the event names. (Customizing the columns is sometimes forgotten.)
Read this authenticated review
Anonymous | TrustRadius Reviewer
March 09, 2020

AlienVault Review

Score 6 out of 10
Vetted Review
Verified User
Review Source
We use it primarily to monitor our edge gear.
  • Data is ingested quickly.
  • Its easy to get data in.
  • Filter rules are very customizable.
  • Implementation was dicey.
  • I wish it had a real time data feed.
  • Its been a struggle to keep under our data cap.
I think it works well - but it's not something an average IT guy would want to tackle. I think its probably better suited for large enterprises or MSSP's that have full-time staff to babysit it.
Read this authenticated review
Anonymous | TrustRadius Reviewer
March 01, 2020

Room to grow

Score 7 out of 10
Vetted Review
Verified User
Review Source
Alien Vault is our ATT MSSP SIEM for the entire organization.
  • Event filtering is intuitive.
  • Investigations are well-integrated and provide useful event and alert aggregation for review and analysis.
  • Dashboards have plenty of colors and graphs to please management.
  • The ability to save (event) views saves a lot of time.
  • The session timeout is veiled and I've lost work typing notes into the window of an expired session unknowingly.
  • It does not process eStreamer.
  • It cannot parse the "blocked" field in source fire logs so you can't see if IDS events are blocked or not.
  • Sometimes performance lags.
In a mid-sized business, paired with managed services, USM would really shine. Many of the ancillary offerings (agent, vuln scanning, forensics, and response) are already provided by tools that a larger organization would already employ. Also, be cognizant of your event consumption. If you exceed your monthly limit, "USM Anywhere will no longer store events in the searchable data store, but it will continue to generate alarms, run authenticated asset scans and store raw logs associated with events in cold storage."
Read this authenticated review
Anonymous | TrustRadius Reviewer
October 24, 2019

A solid SIEM choice for those of us without dedicated SOCs and multiple hats.

Score 8 out of 10
Vetted Review
Verified User
Review Source
We're using the USM product as its intended use case of a SIEM. Sensors are deployed into our hybrid cloud at various points and push logs to the USM dashboard. With our MSSP monitoring, AlienVault USM meets our needs of 24/7 security monitoring
  • It is easy to deploy and get logs into the dashboard
  • Integrations with Office 365 is pretty seamless and provides great context.
  • Super easy to increase storage tiers if you find yourself adding more and more log sources.
  • USM Anywhere doesn't allow you to multi-home sensors. So if you have non-routable networks, you'll need to investigate the on-premise solution too.
  • You have to be on top of tuning else a constant stream of alerts will cause your SOC staff to begin ignoring alarms.
  • You have to be on top of tuning else you'll eat your allotment of storage for that month. It is really easy to exceed your storage quota if you don't proactively monitor log sources. USM could do a better job letting you know if a log source is too chatty.
AlienVault USM is a good SIEM product for shops that don't have dedicated content creators. If your log source volume is at the TB level on a daily basis, it's not for you. However if you are on a TB level at the monthly level then it's worth looking into. The AT&T purchase has seen a good bit of new development being put into the product around investigation frameworks and integrations. We've gone to a TB tier and have renewed our subscription.
Read this authenticated review
Anonymous | TrustRadius Reviewer
January 27, 2020

AlienVault USM Review

Score 9 out of 10
Vetted Review
Verified User
Review Source
AlienVault is used as a SIEM with ATT managed security services assisting with monitoring and creating alerts for potential incidents.
  • Easy to use rules, events will pre-populate fields for alarm rules allowing for quick creation
  • Friendly interface with logical layout of settings and options
  • Some room to improve the scaling of sensors. Sensors struggle to handle millions or events which results in dropped events in large environments
  • USM is upgraded automatically and there is no way to control when your instance is upgraded. This can result in bugs in features without any way to test and control
It is great for those just getting started with a SIEM. Offers a lot of out of the box functionality and integrations. ATT managed services are also helpful for managing the services.
Read this authenticated review
Anonymous | TrustRadius Reviewer
January 24, 2020

USM Anywhere Review

Score 8 out of 10
Vetted Review
Verified User
Review Source
USM anywhere is extensively used by the IT Security Dept to meet the regulatory compliance requirements and as part of SOC operations.
  • Co-relation engine helps where we don't have to spend hours writing rules.
  • As a SaaS solution we don't worry about maintaining the system.
  • OTX integration
  • Having more parsers and AlienVault app. Also, updates the log parsers continuously.
  • Option to the users to purge selective data.
  • Better Reporting & GUI interface.
AlienVault has not kept up with the industry with respect to Next-Gen SIEM capabilities such as UEBA (user-based analytics) or SOAR capabilities along with ML. Also, the parser/s never seem to parse the logs accurately. Customer service can be improved.
Read this authenticated review
Anonymous | TrustRadius Reviewer
January 24, 2020

USM Anywhere - Low maintenance, great support and easy to use.

Score 8 out of 10
Vetted Review
Verified User
Review Source
We currently use USM Anywhere inside of our organisation and are planning to sell the service to other companies. Overall it is easy to use and setup, with this ease of use come some limitations to how much you can customize it. If you want an application that requires little to no effort to manage and setup, I recommend USM Anywhere. If you want more control I would advise to go for USM Appliance.
  • Ease of use.
  • Cloud based.
  • Limitations to customisation.
USM Anywhere is great when you want a quick and easy deployment on standard applications. But if you want to monitor your own business application then you need to either make a request to AlienVault to create a new plugin or implement another USM program like USM Appliance. Overall, great solution.
Read this authenticated review
Anonymous | TrustRadius Reviewer
December 31, 2019

AlienVault USM is good overall

Score 7 out of 10
Vetted Review
Verified User
Review Source
My organization is using AlienVault USM as one of the internal security operation solutions. It helps us to perform operations such as vulnerability analysis and threat detection. It also helps us to centralize the log data to be stored in one place, which is AlienVault Secure Cloud, a certified environment.
  • Fast and inexpensive.
  • Easy to deploy.
  • Tedious in customizing rules.
  • Filters are hard to use.
It is suitable for external use for small consulting firms and internal for large corporations. The reporting and dashboard are some great ways to demonstrate and to show to other people either the client or colleagues in the other department in the same organization who do not have any background knowledge in this field.
Read this authenticated review
Anonymous | TrustRadius Reviewer
December 31, 2019

Security monitoring that is other worldly

Score 9 out of 10
Vetted Review
Verified User
Review Source
We utilize AlienVault to collect and alert on network and system activity across the entire organization including a couple thousand systems from several different data centers and clouds and from about a dozen different domains. This SIEM solution is capable of collecting data from anything that produces and can deliver log data and lets us easily filter for what is important. The logical use of the product makes it easy to track down events and alarms and put together a picture of activity that occurs at any point in time. AlienVault gives us a single access point for security events across a very complex environment with simple methodology of accessing and understanding events as they occurred.
  • The ability to ingest and parse logs across systems and then correlate the activity.
  • The filtering of millions of events to discover the details you need to find is intuitive and powerful.
  • Agents should be deployable directly from the console, without manually logging into servers to run scripts.
  • More Alien App integrations should be developed for additional popular products.
AlienVault is well suited for complex environments provided you are willing to utilize different methods of data collection. Not all methods work for the same system type or scenario. The interface and searching doesn't require knowledge of a specific language to use and create accurate queries. The use of clouds such as AWS and Azure are highly simplified due to built in integrations.
Read this authenticated review
Anonymous | TrustRadius Reviewer
December 23, 2019

Alien

Score 8 out of 10
Vetted Review
Verified User
Review Source
AlienVault is a great program to use where I am currently working, because throughout the time of working we have tried multiple programs, and we do not trust them like this company. It keeps all of our data and information safe from any risks that may be out there and could harm us.
  • Data storage.
  • Fast recovery.
  • Customer service.
  • Face to face help.
We lost a lot of data when using another company, and this has helped with everything. I haven't lost anything yet. The vault keeps a lot of private information that we once lost safe, and we have never had any problems since then.
Read this authenticated review
Anonymous | TrustRadius Reviewer
March 09, 2020

AlienVault USM Review

Score 8 out of 10
Vetted Review
Verified User
Review Source
AlienVault USM is being used by the whole organization and our multiple clients. Being an MSSP Partner we use it starting from installation to incidence response, for threat intelligence, forensics, etc. AlienVault USM can address a wide range of issues, including basic issues like security monitoring, Office 365, end-point detection, behavioral monitoring, vulnerability management, IDS, IPS, etc. These are the basic issues that most SIEM solutions solve. What makes AlienVault USM different is its threat intelligence performance, fastest intrusion detection, and incidence response methods. It has more than 3000+ user directives built-in by AlienVault research labs.

AlienVault USM is the best in 3 categories compared to other tools on the market:
1. cost - traditional SIEM solutions include license, implementation costs, and renewal costs and additional training costs. Enterprise should consider SIEM as long-term investments in overall cybersecurity.
2. poor correlation rules - one SIEM problem enterprise faces is failing to maintain proper event correlation information. This solution works on threat intelligence to potentially detect threats.
3. ease of use - complexity remains one of the most commonly referenced SIEM problems. This SIEM solution possesses a user interface that works best for an IT security team and environment.
  • Correlation Directives - USM has 3000+ default directives, which reduces time and man-power.
  • SOC building is much quicker and can be complete in 3 months, which is very difficult with other tools that are currently in the market.
  • Yearly subscription of USM product is equal to 3-4 months of others currently in market
  • OTX pulse is the world's biggest forum, which helps in threat hunting and management.
  • Less involvement of man-power and cost
  • Raw log feature is a little slow with limited features
  • Very few, infrequent updates
  • Backup log is not effective and not easy
  • Storage issues
AlienVault USM is well suited in terms of cost, no doubt, as well as for correlation directives and suppression of false positive alarms, threat intelligence, and worldwide-recognized OTX pulse.

AlienVault USM is less appropriate: HIDS disconnection sometimes, backup, updates will face and restore of logs might be big trouble.
Read this authenticated review

Feature Scorecard Summary

Centralized event and log data collection (1)
8
Correlation (1)
8
Event and log normalization (1)
8
Deployment flexibility (1)
7
Custom dashboards and views (1)
6
Host and network-based intrusion detection (1)
7

About AlienVault USM

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.

Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.

Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.

Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.

AlienVault USM Features

Security Information and Event Management (SIEM) Features
Has featureCentralized event and log data collection
Has featureCorrelation
Has featureEvent and log normalization
Has featureDeployment flexibility
Has featureIntegration with Identity and Access Management Tools
Has featureCustom dashboards and views
Has featureHost and network-based intrusion detection
Additional Features
Has featureAlienVault Open Threat Exchange

AlienVault USM Screenshots

AlienVault USM Videos (2)

Watch AlienVault USM Anywhere: Five Essential Cloud Security Capabilities in a Single SaaS Platform

Watch See How We're Pushing the Outer Limits of Security

AlienVault USM Downloadables

AlienVault USM Competitors

Pricing

  • Has featureFree Trial Available?Yes
  • Has featureFree or Freemium Version Available?Yes
  • Has featurePremium Consulting/Integration Services Available?Yes
  • Entry-level set up fee?Optional

AlienVault USM Support Options

 Free VersionPaid Version
Phone
Email
Forum/Community
FAQ/Knowledgebase
Social Media
Video Tutorials / Webinar
Live Chat

AlienVault USM Technical Details

Deployment Types:SaaS
Operating Systems: Unspecified
Mobile Application:No
Supported Countries:Global