Reviews (1-25 of 358)
- AlienVault USM is simple and easy to deploy. Sensors can be deployed in as little as 15 minutes through the setup wizard.
- The USM UI is easy to understand. I've trained multiple analysts who are able to perform their duties on their first day, in part because of USM Anywhere's ease of use.
- Top-notch built-in compliance templates and reporting features.
- Filtering using built-in search statements is difficult to pick up and run with.
- When creating custom rules for reports, there can be too many options, and often have little use for the task at hand.
- You sometimes need product-specific knowledge, like AlienVault field names, to find the information you're after.
USM Anywhere is well suited to mid-size enterprise environments operating in the cloud. USM Anywhere is also well suited to enterprises whose operations teams require easy deployment and management. Last, USM Anywhere is considered a highly affordable option compared to competitors.
USM Anywhere lags competitors in several areas, such as application monitoring, database monitoring, and integrations with third-party solutions such as cloud access security brokers (CASB), DAM, DAP, and DLP.
- Alienvault USM is THOROUGH. We have a highly integrated workspace that's most SAAS, and I monitor those integrations and their security with AV. If I am trying to track the uptime of a laptop, I don't go to VPN or our Directory Services... I go to AV.
- As I mentioned before, we use Sophos to protect our laptops. If a questionable file shows up on someones laptop, I hear about it from AlienVault before I hear about it from our Sophos service.
- The OTX Pulse feature is a built-in feature that lets you subscribe to industries and you are notified about new threats that affect that industry on a daily basis. The pulse alerts are added to your AV watchlist.
- Personally, I've wished I could purchase a service that would configure AV for my environment. I get a lot of traffic on a daily basis and I almost need to hire an analyst that just works on AV.
- Some of the filters when looking for a specific alert aren't that easy to use.
- It does a great job of correlating the traffic that it sees and compares it to Open Threat Exchange.
- It's easy to read and set-up.
- When looking at events from a destination IP, the USM doesn't show you the total number of these until you find the last page. It just says "XXXX of 4,000,000".
- Lots of ability to generate reports.
- Solid appliances ingest many sources.
- Default settings are a bit esoteric and require outside expertise for optimization.
- AI isn’t really catching as much as I thought it would.
- The USM platform provides the essential security capabilities that work together for a fast and cost-effective way for organizations to have complete visibility into the security of their environment.
- With the information gathered during asset discovery, USM will correlated that information with known vulnerabilities for continuous vulnerability awareness. In addition, USM contains an active scanner capable of scanning for over 30,000 known vulnerabilities.
- To give better visibility into your network, and possibly detect intrusions that don’t follow behavioral patterns, we offer Netflow information, bandwidth monitoring, and traffic capture, all part of our behavioral monitoring capabilities built into USM.
- External threats — Coming from external attackers.
- The value of the asset associated with the event
- With the Open Threat Exchange, AlienVault USM Anywhere is able to quickly identify emerging indicators of compromise and alert on threats as they arise.
- We've found the improvements in the authenticated vulnerability scanning engine to reduce the number of false positives and increase the integrity of vulnerability reports.
- Speed of deployment is a strength, particularly with the AlienVault agent which utilizes os query to collect typically important data.
- Alien apps provide us with the ability to integrate third party security packages and swiftly take action on alarms.
- More Alien app integrations with emerging EDR solutions would be useful.
- A catalogue of commonly filtered events would make on-boarding much quicker and easier.
- It's a decent log aggregator.
- Does correlation between events well, if set up correctly.
- Control on attribute mapping within USM Anywhere or fully disclose the mappings between ingested raw logs and attributes those values map to, in order to be searchable, and give power to the end user to create meaningful alerts and queries for the right content.
- Notifications for alerts tend to lack the essentials to make a determination off of the email. Often times alerts within cloud products are benign and part of the user experience and behavior, but get classified as violations, because they meet the criteria of equivalent alerts that are actionable.
- Integration with G-suite and AD
- AlienVault agents that come free of extra charge are valuable
- Automated scans
- Updating the agents is not straight forward
- Agents some time go offline for no apparent reason
- AlienVault USM has the potential to identify the attack patterns by the traffic events through their sensors which is already built-in with their own correlation rules.
- USM Anywhere sensor reduces the load for SOC analyst on writing the new set of rules.
- And also provides an option for slack integration which myself felt very nice for an immediate action.
- When we talk about the forensics investigation the user interface and experience is not that great as expected, when we sent an alarm/event for investigation it doesn't provide any investigation results.
- The USM sensor doesn't have the capability of handling more jobs, It does restarts the sensor if certain limit of jobs are configured
- The log reports are not getting downloaded when we try to attempt via safari browser
- Correlate logs from different sources into actionable intelligence.
- Provide an easy to use interface to interact with Alarms and Events.
- Integrate with our alerting tools to make sure when an incident is happening, the right people know about it quickly.
- Being able to make custom plugins for internal tools.
- Being able to have a webhook plugin to send logs directly to the cloud appliance.
- Make the management of suppression rules better. Maybe include a suppression rule visualizer to make sure your suppression rule is doing exactly what you would like it to do.
It is not appropriate if you are looking to easily be able to customize the tool. A lot of the options you have with tools like Splunk are just not here.
- Intelligence updates from the Alienvault community and security pros.
- Writing of threat detection rules and ingestion parsing for different devices.
- Vulnerability scanning.
- Asset management is done purely by IP unless using the agent.
- Agent installs and updates can be a bit flakey, and on occasion use lots of resources.
- Internal vulnerability scans
- Monitor firewall and security group changes
- Monitor and alert on suspicious system logs
- Monitor and alert on suspicious cloud watch logs
- False alarms occur occasionally
- There is no report for only displaying vulnerabilities with an available patch. Specter class issues can only be mitigated but will remain active until we are all on next-generation processors.
- Centralization of data logs makes it easier to analyze the many application logs throughout our organization. (ie. Windows logs, PLC logs, Antivirus logs, Exchange server logs, etc).
- Easy maneuvering with AlienVault pages as well as easy to bookmark alerts.
- Creating SOC on a budget especially with a smaller IT dept.
- Incident response.
- Threat detection.
- Compliance management.
- AlientVault OTX is a user community that is very helpful especially when you are curious about the alerts or to help mitigate issues that arise.
- I would like more detailed ways to mitigate issues.
- Reports most common threats, real-time and take immediate automatic actions. I think this is strong if you don't have a team monitoring 24/7.
- Connects with signature providers and keeps up-to-date well with 0 vulnerabilities. I don't need to explain why you may want to be protected against the newest threats.
- The UI is very easy to get used to, which will make you adapt to its use quickly.
- This tool will become slower and slower as you start adding devices to it, the on-premise version has a lot of room for improvement here, the database is slow.
- The on-premise version of Alienvault USM will not support dynamic environments where people is constantly removing/adding new virtual machines and doesn't cope with puppet management.
- Only the most common hypervisors supported, it could be good to have an image for XEN.
- AlienVault USM was quick to deploy and the configuration was pretty straight forward.
- The AlienVault USM product has great documentation and service support. Very knowledgeable and readily available. Highly recommend their support package.
- The AlienVault UI is very comprehensive and deep tool-sets. You can monitor just about anything anywhere from anywhere. This flexibility was incredibly useful.
- While their UI was comprehensive, it takes a while to understand how to group and tag the resources you want to monitor and how and on what schedule. The tools are deep but the usability is a bit complex. You will need to read the documentation.
- Their pricing model for through-put was a bit challenging. I would like to see a different pricing structure. I would much prefer to see site licenses.
- Sometimes the assessments where vague. While this shouldn't be relied upon as the only source for assessments, there were often descriptions that did not associate with the vulnerability or required us to deploy other tools to verify such as AWS Inspector, was not a big deal but some added overhead.
- Scanning network assets for vulnerabilities.
- Heuristics in determining behavior and alerts accordingly.
- Lots of false positives for vulnerabilities, Linux malware on Windows systems????
- Lack of third-party app support or integration.
- Being charged based on the amount of data.
- Deployment is quick
- Normalization of log data and threat identification is effective and simple to understand.
- Vulnerability analysis along with CVE identification is better than Nessus
- Investigations feature is robust
- Cloud sensor depoyment and capabilities is robust
- Custom Plugin creation/modification by the user is missing. If log data is unknown to the platform, the processing of getting a new plugin developed is lengthy. It would be ideal if the user could create custom plugins for their own platform.
- Asset discovery adds every IP address in a subnet even if no host is present. The detection method is flawed. I don't have this issue on the same network with other asset discovery tools.
- SaaS performance can be slow. When listing items more than 20 at a time, the UI refresh can be painfully slow.
- It raises the alarms/notifications at the same moment it happens.
- The correlation job is wonderful. It correlates all the events and checks with the vuln also.
- The pcap is not available in USM Anywhere, where it was available in the USM appliance.
- I feel at times that the correlation is quite slow.
- SIEM is great for monitoring and maintaining our systems and networks, and with the right tuning the system becomes an incredibly powerful tool by being able to identify the difference between a high priority event and false positive.
- The vulnerability scanning is a very useful part of the system, especially as after finding any vulnerabilities it provides lots of detail on what was found along with a solution.
- User management has a good level of modularity, allowing us to restrict access for certain users to only certain areas.
- The system can be a little over-complicated to set-up to perform what I would think to be simple tasks. For example, sending an email notification on a certain alarm being created.
- The reporting module does not offer much visual customization, only allowing you to add your company logo and color scheme as a template.
- As for us, it casually integrated to AWS cloud and local infrastructures, in simple words easy to implement
- Processes different types to logs using its very own inbuilt plugins and display it in an understandable manner for the non-technical users as well
- Has its own very accurate correlation rules to generate alarms from the processed logs
- Has an open threat intelligence community which can be integrated with the AlienVault account
- In order to collect the system logs from various servers, it has an AlienVault agent that can be installed on the windows, MAC and Linux. It collects the various types of logs such as user activity, shell history, file integrity, etc., logs
- Any suspicious alarm can be added as a ticket on its console and can be processed according to severity type.
- Server and Network vulnerabilities details can be scanned through the USM.
- Customizable dashboards view in the console makes easy to monitor logs from the different sources.
- Events view can be customized according to the data source plugins.
- USM has a feature of suppressing and filtering out the logs from the console. Suppression hides the logs from the console dashboard whereas filtering block the similar type of log entering the alienvault console which helps to reduce the storage usage
- Asset Discovery: Maintains and scans dynamic asset inventory and software inventory for large scale organization
- Security & Compliance Reporting: contains customizable reports for regulation standards and compliance frameworks
- It uses sensors to collect data from different sources which results in extra cost for the sensor server
- Support is very poor
- It would be great if there was document to study on how can we identify and monitor suspicous logs
Since it is very expensive I do not recommend it for small organizations it requires additional infrastructures to implement the AlienVault within the premise.
- Very easy to use. The UI is very intuitive.
- Out of the box predefined reports that make the initial filtering easy.
- Very easy to setup.
- Sometimes it gets slow with large queries.
- When the upgrading fails you have to debug extensively to know what happened.
- When we massively add hosts, sometimes some of them are not added so you have to be careful.
- It is easy to deploy and get logs into the dashboard
- Integrations with Office 365 is pretty seamless and provides great context.
- Super easy to increase storage tiers if you find yourself adding more and more log sources.
- USM Anywhere doesn't allow you to multi-home sensors. So if you have non-routable networks, you'll need to investigate the on-premise solution too.
- You have to be on top of tuning else a constant stream of alerts will cause your SOC staff to begin ignoring alarms.
- You have to be on top of tuning else you'll eat your allotment of storage for that month. It is really easy to exceed your storage quota if you don't proactively monitor log sources. USM could do a better job letting you know if a log source is too chatty.
- Easy to use rules, events will pre-populate fields for alarm rules allowing for quick creation
- Friendly interface with logical layout of settings and options
- Some room to improve the scaling of sensors. Sensors struggle to handle millions or events which results in dropped events in large environments
- USM is upgraded automatically and there is no way to control when your instance is upgraded. This can result in bugs in features without any way to test and control
- Co-relation engine helps where we don't have to spend hours writing rules.
- As a SaaS solution we don't worry about maintaining the system.
- OTX integration
- Having more parsers and AlienVault app. Also, updates the log parsers continuously.
- Option to the users to purge selective data.
- Better Reporting & GUI interface.
AlienVault USM Scorecard Summary
Feature Scorecard Summary
About AlienVault USM
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Screenshots
AlienVault USM Videos (2)
AlienVault USM Downloadables
AlienVault USM Competitors
- Has featureFree Trial Available?Yes
- Has featureFree or Freemium Version Available?Yes
- Has featurePremium Consulting/Integration Services Available?Yes
- Entry-level set up fee?Optional
AlienVault USM Support Options
|Free Version||Paid Version|
|Video Tutorials / Webinar|
AlienVault USM Technical Details