Overview
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…
TrustRadius Insights
Empowering Security Zenith with Unified Vigilance.
will I continue to use USM, Yes I would
Excellent security for your machine
MSSP Review
Great product but out of the box it needs a lot of work.
AlienVault is about as user-friendly as it gets for threat detection
Great if you can deploy and manage on-premises SIEMs
AlienVault - Not Worth the Price
AlienVault USM Anywhere, a SIEM that is easy on your pocket.
Unbeatable Security Machine
AlienVault USM Provides Heightened Security Awareness in the Legal Services Industry
Best product I've seen for a smaller enterprise network.
Great SIEM for enterprise environments
AlienVault USM is a really beneficial SIEM solution.
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (8)8.585%
- Correlation (8)8.585%
- Event and log normalization/management (8)8.080%
- Custom dashboards and workspaces (8)7.070%
Reviewer Pros & Cons
Pricing
Essentials
$1,075
Standard
$1,695
Premium
$2,595
Entry-level set up fee?
- Setup fee optional
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Features
Security Information and Event Management (SIEM)
Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools
- 8.5Centralized event and log data collection(8) Ratings
Effectiveness of real-time centralized event and log data collection
- 8.5Correlation(8) Ratings
Correlation of logs and events to pinpoint significant threats
- 8Event and log normalization/management(8) Ratings
Ability to normalize event syntax so that logs can be compared and are machine-understandable
- 8.6Deployment flexibility(7) Ratings
Ability to tune system to maximize threat detection and minimize false positives
- 7.3Integration with Identity and Access Management Tools(5) Ratings
Integration with access control tools like Active Directory and LDAP
- 7Custom dashboards and workspaces(8) Ratings
dashboards that can be customized to meet the needs of specific groups
- 8Host and network-based intrusion detection(5) Ratings
Ability to detect both endpoint intrusion and network ingress detection
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Features
Security Information and Event Management (SIEM) Features
- Supported: Centralized event and log data collection
- Supported: Correlation
- Supported: Event and log normalization/management
- Supported: Deployment flexibility
- Supported: Integration with Identity and Access Management Tools
- Supported: Custom dashboards and workspaces
- Supported: Host and network-based intrusion detection
Additional Features
- Supported: AlienVault Open Threat Exchange
AlienVault USM Screenshots
AlienVault USM Videos
AlienVault USM Competitors
AlienVault USM Technical Details
Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
---|---|
Operating Systems | Unspecified |
Mobile Application | No |
Supported Countries | Global |
AlienVault USM Downloadables
- Unified Security Management vs. SIEM: a Technical Comparison
- AlienVault USM Anywhere: Datasheet
- AlienVault Fast Facts
- AlienVault USM Anywhere: Datasheet
- Beginner’s Guide to Open Source Intrusion Detection Tools
- SIEM for Beginners: Everything You Wanted to Know About Log Management But Were Afraid to Ask
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(735)Community Insights
- Business Problems Solved
- Recommendations
Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.
AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.
AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.
The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.
Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.
Based on user recommendations, AlienVault USM receives the following common recommendations:
-
AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.
-
Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.
-
To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.
Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.
Attribute Ratings
- 7.2Likelihood to Renew18 ratings
- 6.4Availability3 ratings
- 7.3Performance3 ratings
- 6.7Usability34 ratings
- 7.3Support Rating25 ratings
- 8.3Online Training6 ratings
- 4.5In-Person Training1 rating
- 6.4Implementation Rating38 ratings
- 8Configurability3 ratings
- 6.3Product Scalability3 ratings
- 7.3Ease of integration3 ratings
- 8.2Vendor pre-sale3 ratings
- 7.6Vendor post-sale3 ratings
Reviews
(151-175 of 390)- Log analysis, both syslog and AWS cloud trail, and searchability/reporting is actually better than most of our other related tools: All of our systems send log information using rsyslog to our AlienVault USM system. AlienVault is able to alert us of many issues with minimal configuration, including adding/removing users to sensitive groups, creating or removing resources such as EBS volumes, S3 buckets, or security groups.
- AWS loadbalancer traffic/log analysis: AlienVault automatically identifies threatening IPs or entries that match suspicious traffic patterns.
- The ability to search the many logs AlienVault collects in a way that even novice users can follow is super valuable. Logs can be quickly sorted by source, log type, and/or keyword searches. There have been many occasions where we were able to find non-security related issues due to the simple yet advanced search abilities of AlienVault. This has led to the challenge of deciding when and how long to allow non-security personnel access for troubleshooting.
- AlienVaults lack of support for Docker may be its undoing at my company. It clearly stands above other products that fit our company, but we are adopting Docker at an ever-increasing rate. I don't want to support multiple security products, so it would be super cool if a solution to this challenge were found quickly.
- Enriching data is super key to allowing us to set up alerts for and filer events. This process is rather painful. This significantly increases the cost of maintaining AlienVault. Specifically, several auditd and standard AWS logs do not allow me to filter based on keywords in the message.
- Here is one example:
- User: arn:aws:sts::2#########:assumed-role/qe-lambda-role/qe-batch-run-dev-frontend_batch_runner is not authorized to perform: logs:CreateLogStream on resource: arn:aws:logs:us-east-1:#########:log-group:/aws/lambda/qe-batch-run-dev-frontend_batch_runner:log-stream:2019/05/30/[$LATEST]########################
- The ability to configure AlienVault to run security scans using SSH on systems is prohibitively difficult to use, especially when using a Bastion.
- Making OSSIM work is a huge pain. I could not find AlienVault documentation that covers how things work and how to properly integrate it.
It seems a bit poor when creating alarm filters that only trigger after "x" number of times. I know this can be done with escalation alerts. Keeping noisy alerts out of the UI is key to prevent alert fatigue in our more junior team members.
In general, AlienVault seems to be noisy. I'd like the ability to specify a group of users that can create security groups with sensitive ports exposed to the web, but I don't believe this is possible. I know how to do this per user. I don't believe groups are something we can specify.
Good tech, poor back office.
- Sensor integration is relatively easy.
- Technical support for unique situations is extremely helpful.
- Billing sucks since AT&T bought AlienVault.
- Accounting takes weeks to do a simple change of address.
- The administrative side is not customer focused and you feel like you are inconveniencing them.
It works fine I guess
- Integrations, like with Azure, Windows, IIS.
- Notifications/e-mail alerts on changes.
- How many events/data points are recorded and how you can drill down into them.
- Our Azure integration broke at some point because some credentials changed. I didn't set it up originally but I had to fix it. It didn't feel easy to get it back up and running. It wasn't completely straightforward.
- It's sometimes hard to find specific types of events in the reports. Like if I'm looking for all of a specific type of event, it can be hard to know what page to use, what knobs to turn and buttons to push to find what I'm looking for.
- It's hard to find subscription/billing information, like to know when we last paid, how much it was, for what subscription, what were the details of what we paid for. Is it that I don't have access to see this? Is it hard to get to, or is it just that I don't have access to see it? I don't know which one of those it is. I needed to get this information to my manager recently and wasn't able to do it. I'm not sure if they ever got what they needed. Are we going to try to auto-renew with an expired credit card? Who knows.
- Anomaly Detection and Identification
- Digital Forensics/Incident Response
- Log Correlation and Built-in Attack Signatures
- Cloud Security Monitoring
- Would be nice to have better error messaging, specifically around credential failures.
AlienVault is a great product. It is a must for any organization with security on the brain
- I love the Office 365 integration feature. It allows me to be proactive to all account breach attempts and all administrative changes made in the environment.
- The Meraki integration feature is amazing as well. This shows me more details than the Meraki logs can show.
- The details of the Windows Server logs are very good. The ability to research any issue on The AlienVault OTX portal is great.
- I feel the third party used to help Implement the AlienVault installation could use some improvement. The person that was assigned to help us was just reading from the online material, I could have done that myself, and did. They were not familiar with the product at all.
- I would like to see a Module that scans for PHI on workstations and file share server, with detailed reports.
- Simplifying the process to perform end to end security monitoring triage and response.
- Unifying security capabilities such as log management, SIEM, HIDS/NIDS, and Vulnerability Management.
- A product that scales well.
- The search interface in event page could be improved.
- We found AlienVault USM very easy to configure and get running.
- The user interface is very intuitive, allowing most IT staff to use with little training.
- Many useful features included.
- Custom reports are difficult to configure.
Great product to meet many SIEM requirements
- Integrating with other applications.
- Satisfies several PCI requirements.
- Nice customization for the dashboard.
- Support is very good.
- The UI is slow to load. Not extremely slow, but noticeably.
- I have found no way to easily move a suppression rule to a filtering rule.
- Needs more tiers for data usage. You can only go up in increments of 500gb which can be expensive and overkill for smaller businesses.
- Sales teams and pricing for renewals - Huge price increase after the 1st year.
AlienVault USM Anywhere - Protecting AWS environment for a small healthcare SaaS company
- Deployment and management of the product is much simpler than other SIEM platforms, making it ideal for small IT teams who don't have a bunch of SIEM gurus on staff.
- It does a very good job of providing useful, meaningful, and relevant alerts.
- Searching through log & event data is fast and easy using all the built-in query tools.
- I love the OTX (Open Threat Exchange) integration, identifies malicious IPs communicating with your systems.
- I'm not a fan of the shady sales tactics and price increases. We originally signed a one-year contract. Our account rep contacted us about 6 months into the contract, saying that there would be a big price increase in the coming months, but he could get us last years pricing on our renewal if we signed the renewal within 30 days (with Net30 payment terms).
- Translation - we sold you a 12 month subscription, but you have to pay for another 12 month subscription after only 8 months if you don't want to price to go up.
- The exact same thing happened the following year, so this was not one-time thing. During the most recent yearly renewal, the price was going to nearly double if we didn't do early renewal. These type of sales shenanigans feel an awful lot like extortion to me.
- Tech support isn't that great. Thankfully we haven't had many problems with the product, but when we have had issues, support can take a long time to address the problems.
Works good, but overpriced
- Centralizing Windows OS Events.
- Alerting to atypical changes in the AWS infrastructure.
- Overview of systems in use.
- Cost
- Inclusion of specific Windows events even if not meeting the generic filter of event types.
- Notification of changes to security settings.
- Very good out of the box settings.
- Ability to setup reports that are sent to email distributions.
Alienvault is beaming with quality and security.
- Alerting when a person changes a routing table in our cloud network.
- Alerting when someone fails to login after many attempts.
- Vulnerability scans.
- Finding results after scanning an environment for vulnerabilities.
- Installing a sensor into an environment.
Security is not an Alien
- Cloud environment connectivity
- Event correlation
- User behavior visibility
- Pricing of Storage
- Customer support
- Account management
- Log storage capacity
AlienVault USM..making sense
- Large plugin base to accommodate different devices.
- Easy to deploy.
- Easy management.
- Makes network monitoring and actionable steps clear and simple.
- Updating the appliance to a newer version.
- More control over which devices will be allowed to log into a database and which ones that should just appear, so that the database will not get filled up quickly.
USM AlienVault Review
- USM is very good at detecting suspicious activity/traffic and generating alarms for these events. Even though many times they end up being false positives, it is still better to know and investigate rather than not be made aware of the potentially malicious activity at all.
- Eliminating false positives is very easy with suppression and filtering rules.
- The breakdown of logs from events in easy to read format really helps with quickly investigating an issue and figuring out the source.
- When creating an alarm or notification rule I think the "Event name" should be one of the default fields instead of having to add the condition every time.
- Data analysis at the endpoint
- Functions independent of directory services if necessary
- Well-rounded approach to data gathering (e.g. asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring, etc.)
- They nickel and dime you on the processing of data, and you have to create different kinds of filtering rules and purge rules so that you don't hit your data limits. It's not uncommon to charge for data processing in this industry. That's not what I have a problem with. Most data analytics tools will do that, but the way they tier it (at least when we looked at it) was pretty aggravating. You really couldn't use their lowest tier unless you weren't planning on retaining and processing much of the data, which defeats the whole purpose.
- The way the different rules (e.g. filter vs purge) are laid out and configured isn't very intuitive. Their UX guys have a lot of work to do.
- "Sensors" aren't just sensors. They do the bulk of the heavy lifting. I'm not a fan of allocating those kinds of resources on an endpoint to an agent (sensor). I would much rather the agents be lightweight and funneling the info back to a server that does the computing. If you want a cloud-deployable and managed solution, and you want quick, thorough analysis, it has to be done on the endpoint instead of the management server in the cloud. I wish that weren't the case and would love to see that workload shifted off of my endpoints if possible.
Had I not had a live person running the labs, I would not have been able to figure out a lot of it on my own. Even with the trainer's help, we still ran into issues that were perplexing. So, it has its quirks and someone needs to be able to take the time to understand those quirks.
Value for money!
- Correlation of logs between different applications
- Executive Dashboard view
- Rather having two different systems for SIEM and Vulnerability management, AlienVault delivers seamless
- Reporting
- Dashboard view
- Logging
- Correlation Rules
- Interoperability
- Compliance
- Customization can always be improved with more AlienApps / Plugins
- Better guidance on what a good baseline of logs should be brought in
- Better estimates about how many devices a given environment can support.
Out of this World, Out-of-the-Box
- Alarms - These are one of the products strengths in that they provide detailed breakdowns of the information that a security analyst is looking for in order to understand what is happening on the network
- Investigations - The best feature of the product is the ability to create investigations, assign events and alarms to them, and then gather evidence, make a determination and react/respond based on the nature of the incident
- Dashboard - This gives a useful at-a-glance summary of the current security posture and recent trends in alarms
- The main criticism I had with USM Anywhere was that initially it was lacking the Investigations functionality which often meant that alarms were investigated but there was no record of this work that could serve for audit purposes or to look at long term trends. Now that this has been added I have very little to criticise about the product and I use it more than ever.
- Data aggregation is reliable and relatively easy to set up.
- The product is flexible in the way it can be configured to record and aggregate activity.
- Alerts are easily configurable.
- It is easy to demonstrate the product to satisfy auditors.
- There are a plethora of possible rules configurations. These could be better categorized.
- More readily available examples for particular configurations, like comprehensive Exchange monitoring for example.
- Online at your own speed training would be an excellent addition.
AlienVault USM Review and how it works for us.
- The upgrade of the sensors is automatic, which is great! We never had to do nothing extra in that aspect.
- We're always being informed about the new security risks that appear in any place.
- The automatic vulnerability scan of assets is really useful, as we can keep updated about our security risks and can take corrective actions based on those reports.
- We would be glad to see more flexibility to manage the rules, to list all of them, or export them for a more detailed analysis.
- In the same line, a better manager of the alerts would be great. It's complicated to manage events when there are a lot.
- The price could be more friendly.
- AlienVault USM helps our IT staff stay on top of patches.
- AlientVault USM makes it easier for our IT staff to track down vulnerabilities.
- AlienVault USM provides steps to correct any vulnerabilities that may arise.
- AlienVault's staff were very helpful in setting up their product on our network. There was plenty of opportunity for training.
- AlienVault USM can be cumbersome for a small IT staff to manage. We still use AlienVault USM but now pay a third party to help us manage it.
- The network IDS of AlienVault USM Anywhere is easy to set up with our network and provides excellent visibility into the network traffic.
- We use the host-based IDS agent on each of our servers so that we can get detailed server actions and analyze anything unusual.
- The web interface of AlienVault USM does an excellent job of providing the right level of information and not overloading us with raw data.
- Some flexibility of how we can use the data from the host agent ISD would be a good improvement.
Alienvault is wonderful
- Normalization of logs that it receives
- Know threat alerts
- Amount of data it keeps track of
- Easier connection with the Cisco Umbrella system
- Better systems integrations
- Simpler log clean ups and alerts
- The plug and play feature of AlienVault USM is very helpful to get started with the product and reduce set-up and implementation time.
- The use of Office 365 Management API to monitor user and administrate activities has been very helpful as a part of our migration to MO356.
- Another useful feature is AlienVault’s integrated threat intelligence with OTX community, as AlienVault OTX daily emails are considered a helpful additional source of information.
- The setup and configuration of the VMware port mirroring for virtual switches and port monitoring are very challenging.