Reviews (1-25 of 348)
- AlienVault USM is simple and easy to deploy. Sensors can be deployed in as little as 15 minutes through the setup wizard.
- The USM UI is easy to understand. I've trained multiple analysts who are able to perform their duties on their first day, in part because of USM Anywhere's ease of use.
- Top-notch built-in compliance templates and reporting features.
- Filtering using built-in search statements is difficult to pick up and run with.
- When creating custom rules for reports, there can be too many options, and often have little use for the task at hand.
- You sometimes need product-specific knowledge, like AlienVault field names, to find the information you're after.
USM Anywhere is well suited to mid-size enterprise environments operating in the cloud. USM Anywhere is also well suited to enterprises whose operations teams require easy deployment and management. Last, USM Anywhere is considered a highly affordable option compared to competitors.
USM Anywhere lags competitors in several areas, such as application monitoring, database monitoring, and integrations with third-party solutions such as cloud access security brokers (CASB), DAM, DAP, and DLP.
- Alienvault USM is THOROUGH. We have a highly integrated workspace that's most SAAS, and I monitor those integrations and their security with AV. If I am trying to track the uptime of a laptop, I don't go to VPN or our Directory Services... I go to AV.
- As I mentioned before, we use Sophos to protect our laptops. If a questionable file shows up on someones laptop, I hear about it from AlienVault before I hear about it from our Sophos service.
- The OTX Pulse feature is a built-in feature that lets you subscribe to industries and you are notified about new threats that affect that industry on a daily basis. The pulse alerts are added to your AV watchlist.
- Personally, I've wished I could purchase a service that would configure AV for my environment. I get a lot of traffic on a daily basis and I almost need to hire an analyst that just works on AV.
- Some of the filters when looking for a specific alert aren't that easy to use.
- The USM platform provides the essential security capabilities that work together for a fast and cost-effective way for organizations to have complete visibility into the security of their environment.
- With the information gathered during asset discovery, USM will correlated that information with known vulnerabilities for continuous vulnerability awareness. In addition, USM contains an active scanner capable of scanning for over 30,000 known vulnerabilities.
- To give better visibility into your network, and possibly detect intrusions that don’t follow behavioral patterns, we offer Netflow information, bandwidth monitoring, and traffic capture, all part of our behavioral monitoring capabilities built into USM.
- External threats — Coming from external attackers.
- The value of the asset associated with the event
- With the Open Threat Exchange, AlienVault USM Anywhere is able to quickly identify emerging indicators of compromise and alert on threats as they arise.
- We've found the improvements in the authenticated vulnerability scanning engine to reduce the number of false positives and increase the integrity of vulnerability reports.
- Speed of deployment is a strength, particularly with the AlienVault agent which utilizes os query to collect typically important data.
- Alien apps provide us with the ability to integrate third party security packages and swiftly take action on alarms.
- More Alien app integrations with emerging EDR solutions would be useful.
- A catalogue of commonly filtered events would make on-boarding much quicker and easier.
- It's a decent log aggregator.
- Does correlation between events well, if set up correctly.
- Control on attribute mapping within USM Anywhere or fully disclose the mappings between ingested raw logs and attributes those values map to, in order to be searchable, and give power to the end user to create meaningful alerts and queries for the right content.
- Notifications for alerts tend to lack the essentials to make a determination off of the email. Often times alerts within cloud products are benign and part of the user experience and behavior, but get classified as violations, because they meet the criteria of equivalent alerts that are actionable.
- Feature-rich includes functionality not typically present in other SIEM's such as vulnerability scanning, UEBA, file integrity monitoring, NIDS
- Simple to configure and deploy.
- Relatively inexpensive compared to other enterprise SIEM solutions.
- While there are many features, many of them are not very advanced. Vulnerability scanning as an example is extremely simplistic and almost unusable for an enterprise organization. It's just enough to get a program off the ground.
- Cloud-only deployment model (SaaS) may not fit all organizations. Not all organizations are "cloud friendly".
- Reporting capabilities out of the box are lack luster. Vulnerability management reporting as an example does not include a single canned report.
AlienVault USM is less appropriate for more mature organizations who have the staff to support more advanced security operational capabilities or engage in advanced threat hunting. Also, organizations who like more ability to add internally developed functionality into their SIEM through scripting or other automated response activities.
- AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the cloud) is quick and easy.
- Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response.
- USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice.
- With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon CloudWatch Logs.
- We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.
- More data tiers - something between 250GB and 500GB tiers, maybe break it down into 100GB tiers?
- Integration with OpsGenie would be great.
- Integration with G-suite and AD
- AlienVault agents that come free of extra charge are valuable
- Automated scans
- Updating the agents is not straight forward
- Agents some time go offline for no apparent reason
- AlienVault USM has the potential to identify the attack patterns by the traffic events through their sensors which is already built-in with their own correlation rules.
- USM Anywhere sensor reduces the load for SOC analyst on writing the new set of rules.
- And also provides an option for slack integration which myself felt very nice for an immediate action.
- When we talk about the forensics investigation the user interface and experience is not that great as expected, when we sent an alarm/event for investigation it doesn't provide any investigation results.
- The USM sensor doesn't have the capability of handling more jobs, It does restarts the sensor if certain limit of jobs are configured
- The log reports are not getting downloaded when we try to attempt via safari browser
- Correlate logs from different sources into actionable intelligence.
- Provide an easy to use interface to interact with Alarms and Events.
- Integrate with our alerting tools to make sure when an incident is happening, the right people know about it quickly.
- Being able to make custom plugins for internal tools.
- Being able to have a webhook plugin to send logs directly to the cloud appliance.
- Make the management of suppression rules better. Maybe include a suppression rule visualizer to make sure your suppression rule is doing exactly what you would like it to do.
It is not appropriate if you are looking to easily be able to customize the tool. A lot of the options you have with tools like Splunk are just not here.
- Intelligence updates from the Alienvault community and security pros.
- Writing of threat detection rules and ingestion parsing for different devices.
- Vulnerability scanning.
- Asset management is done purely by IP unless using the agent.
- Agent installs and updates can be a bit flakey, and on occasion use lots of resources.
- Internal vulnerability scans
- Monitor firewall and security group changes
- Monitor and alert on suspicious system logs
- Monitor and alert on suspicious cloud watch logs
- False alarms occur occasionally
- There is no report for only displaying vulnerabilities with an available patch. Specter class issues can only be mitigated but will remain active until we are all on next-generation processors.
- Centralization of data logs makes it easier to analyze the many application logs throughout our organization. (ie. Windows logs, PLC logs, Antivirus logs, Exchange server logs, etc).
- Easy maneuvering with AlienVault pages as well as easy to bookmark alerts.
- Creating SOC on a budget especially with a smaller IT dept.
- Incident response.
- Threat detection.
- Compliance management.
- AlientVault OTX is a user community that is very helpful especially when you are curious about the alerts or to help mitigate issues that arise.
- I would like more detailed ways to mitigate issues.
- Reports most common threats, real-time and take immediate automatic actions. I think this is strong if you don't have a team monitoring 24/7.
- Connects with signature providers and keeps up-to-date well with 0 vulnerabilities. I don't need to explain why you may want to be protected against the newest threats.
- The UI is very easy to get used to, which will make you adapt to its use quickly.
- This tool will become slower and slower as you start adding devices to it, the on-premise version has a lot of room for improvement here, the database is slow.
- The on-premise version of Alienvault USM will not support dynamic environments where people is constantly removing/adding new virtual machines and doesn't cope with puppet management.
- Only the most common hypervisors supported, it could be good to have an image for XEN.
- AlienVault USM was quick to deploy and the configuration was pretty straight forward.
- The AlienVault USM product has great documentation and service support. Very knowledgeable and readily available. Highly recommend their support package.
- The AlienVault UI is very comprehensive and deep tool-sets. You can monitor just about anything anywhere from anywhere. This flexibility was incredibly useful.
- While their UI was comprehensive, it takes a while to understand how to group and tag the resources you want to monitor and how and on what schedule. The tools are deep but the usability is a bit complex. You will need to read the documentation.
- Their pricing model for through-put was a bit challenging. I would like to see a different pricing structure. I would much prefer to see site licenses.
- Sometimes the assessments where vague. While this shouldn't be relied upon as the only source for assessments, there were often descriptions that did not associate with the vulnerability or required us to deploy other tools to verify such as AWS Inspector, was not a big deal but some added overhead.
- Scanning network assets for vulnerabilities.
- Heuristics in determining behavior and alerts accordingly.
- Lots of false positives for vulnerabilities, Linux malware on Windows systems????
- Lack of third-party app support or integration.
- Being charged based on the amount of data.
- Deployment is quick
- Normalization of log data and threat identification is effective and simple to understand.
- Vulnerability analysis along with CVE identification is better than Nessus
- Investigations feature is robust
- Cloud sensor depoyment and capabilities is robust
- Custom Plugin creation/modification by the user is missing. If log data is unknown to the platform, the processing of getting a new plugin developed is lengthy. It would be ideal if the user could create custom plugins for their own platform.
- Asset discovery adds every IP address in a subnet even if no host is present. The detection method is flawed. I don't have this issue on the same network with other asset discovery tools.
- SaaS performance can be slow. When listing items more than 20 at a time, the UI refresh can be painfully slow.
- SIEM is great for monitoring and maintaining our systems and networks, and with the right tuning the system becomes an incredibly powerful tool by being able to identify the difference between a high priority event and false positive.
- The vulnerability scanning is a very useful part of the system, especially as after finding any vulnerabilities it provides lots of detail on what was found along with a solution.
- User management has a good level of modularity, allowing us to restrict access for certain users to only certain areas.
- The system can be a little over-complicated to set-up to perform what I would think to be simple tasks. For example, sending an email notification on a certain alarm being created.
- The reporting module does not offer much visual customization, only allowing you to add your company logo and color scheme as a template.
- As for us, it casually integrated to AWS cloud and local infrastructures, in simple words easy to implement
- Processes different types to logs using its very own inbuilt plugins and display it in an understandable manner for the non-technical users as well
- Has its own very accurate correlation rules to generate alarms from the processed logs
- Has an open threat intelligence community which can be integrated with the AlienVault account
- In order to collect the system logs from various servers, it has an AlienVault agent that can be installed on the windows, MAC and Linux. It collects the various types of logs such as user activity, shell history, file integrity, etc., logs
- Any suspicious alarm can be added as a ticket on its console and can be processed according to severity type.
- Server and Network vulnerabilities details can be scanned through the USM.
- Customizable dashboards view in the console makes easy to monitor logs from the different sources.
- Events view can be customized according to the data source plugins.
- USM has a feature of suppressing and filtering out the logs from the console. Suppression hides the logs from the console dashboard whereas filtering block the similar type of log entering the alienvault console which helps to reduce the storage usage
- Asset Discovery: Maintains and scans dynamic asset inventory and software inventory for large scale organization
- Security & Compliance Reporting: contains customizable reports for regulation standards and compliance frameworks
- It uses sensors to collect data from different sources which results in extra cost for the sensor server
- Support is very poor
- It would be great if there was document to study on how can we identify and monitor suspicous logs
Since it is very expensive I do not recommend it for small organizations it requires additional infrastructures to implement the AlienVault within the premise.
- You have the list of domains that were visited from your organization employee
- You compare this list of domains with lists of malicious domains obtained from different OTX(open threat exchange pulse) providers that have already been posted on OTX.
- If a match is found, an alert is raised to take appropriate action.
- The same process is repeated at regular intervals to check all the new domains.
- Very easy to use. The UI is very intuitive.
- Out of the box predefined reports that make the initial filtering easy.
- Very easy to setup.
- Sometimes it gets slow with large queries.
- When the upgrading fails you have to debug extensively to know what happened.
- When we massively add hosts, sometimes some of them are not added so you have to be careful.
- Active Directory login requests
- Logs on the Domain Controls
- Only showing alerts that have a high indication of compromise and reduces false positives.
- Trimming of log files to stay within limits
- Projecting any future storage costs from AlienVault
- Creation of dashboards.
- Creation of metrics that we utilize in our monthly reports.
- We like the way alerts are being sent to us and the information they provide.
- Their customer supports is the worst, and sadly this has been consistent every time we've had to reach out to them.
- The account execs have ZERO flexibility regarding making deals and meeting us halfway.
- The features do not work as advertised.
- Deployment with the sensors for USM anywhere.
- Responsive UI
- Alien Apps
- Agents offline
- Easier agent deployment on host.
- Quicker response from engineers and not just send engineers a document for the fix.
AlienVault USM Scorecard Summary
Feature Scorecard Summary
About AlienVault USM
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Screenshots
AlienVault USM Videos (2)
AlienVault USM Downloadables
AlienVault USM Competitors
AlienVault USM Support Options
|Free Version||Paid Version|
|Video Tutorials / Webinar|
AlienVault USM Technical Details