Overview
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…
TrustRadius Insights
Empowering Security Zenith with Unified Vigilance.
will I continue to use USM, Yes I would
Excellent security for your machine
MSSP Review
Great product but out of the box it needs a lot of work.
AlienVault is about as user-friendly as it gets for threat detection
Great if you can deploy and manage on-premises SIEMs
AlienVault - Not Worth the Price
AlienVault USM Anywhere, a SIEM that is easy on your pocket.
Unbeatable Security Machine
AlienVault USM Provides Heightened Security Awareness in the Legal Services Industry
Best product I've seen for a smaller enterprise network.
Great SIEM for enterprise environments
AlienVault USM is a really beneficial SIEM solution.
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (8)8.585%
- Correlation (8)8.585%
- Event and log normalization/management (8)8.080%
- Custom dashboards and workspaces (8)7.070%
Reviewer Pros & Cons
Pricing
Essentials
$1,075
Standard
$1,695
Premium
$2,595
Entry-level set up fee?
- Setup fee optional
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Features
Security Information and Event Management (SIEM)
Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools
- 8.5Centralized event and log data collection(8) Ratings
Effectiveness of real-time centralized event and log data collection
- 8.5Correlation(8) Ratings
Correlation of logs and events to pinpoint significant threats
- 8Event and log normalization/management(8) Ratings
Ability to normalize event syntax so that logs can be compared and are machine-understandable
- 8.6Deployment flexibility(7) Ratings
Ability to tune system to maximize threat detection and minimize false positives
- 7.3Integration with Identity and Access Management Tools(5) Ratings
Integration with access control tools like Active Directory and LDAP
- 7Custom dashboards and workspaces(8) Ratings
dashboards that can be customized to meet the needs of specific groups
- 8Host and network-based intrusion detection(5) Ratings
Ability to detect both endpoint intrusion and network ingress detection
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Features
Security Information and Event Management (SIEM) Features
- Supported: Centralized event and log data collection
- Supported: Correlation
- Supported: Event and log normalization/management
- Supported: Deployment flexibility
- Supported: Integration with Identity and Access Management Tools
- Supported: Custom dashboards and workspaces
- Supported: Host and network-based intrusion detection
Additional Features
- Supported: AlienVault Open Threat Exchange
AlienVault USM Screenshots
AlienVault USM Videos
AlienVault USM Competitors
AlienVault USM Technical Details
Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
---|---|
Operating Systems | Unspecified |
Mobile Application | No |
Supported Countries | Global |
AlienVault USM Downloadables
- Unified Security Management vs. SIEM: a Technical Comparison
- AlienVault USM Anywhere: Datasheet
- AlienVault Fast Facts
- AlienVault USM Anywhere: Datasheet
- Beginner’s Guide to Open Source Intrusion Detection Tools
- SIEM for Beginners: Everything You Wanted to Know About Log Management But Were Afraid to Ask
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(734)Community Insights
- Business Problems Solved
- Recommendations
Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.
AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.
AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.
The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.
Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.
Based on user recommendations, AlienVault USM receives the following common recommendations:
-
AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.
-
Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.
-
To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.
Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.
Attribute Ratings
- 7.2Likelihood to Renew18 ratings
- 6.4Availability3 ratings
- 7.3Performance3 ratings
- 6.7Usability34 ratings
- 7.3Support Rating25 ratings
- 8.3Online Training6 ratings
- 4.5In-Person Training1 rating
- 6.4Implementation Rating38 ratings
- 8Configurability3 ratings
- 6.3Product Scalability3 ratings
- 7.3Ease of integration3 ratings
- 8.2Vendor pre-sale3 ratings
- 7.6Vendor post-sale3 ratings
Reviews
(276-300 of 390)Men in Black can't catch this AlienVault
- Interface & Dashboards are very easy to filter alarms, and dive into trends, etc.
- Lots of correlations and plugins that can be setup to gather data from all over
- Includes many different tools from vulnerability scanning, to netflow, to agent based server monitoring
- It is very difficult to setup some of the extra plugins beyond just basic network monitoring
- The installation process could be a little more intuitive
- Hard to snooze, or ignore alerts for specific devices
Russian looks for USM
- It deployes very easy and fast.
- It provides not only SIEM. It delivers very good benefits with the vulnerability scanner and NIDS/HIDS.
- It has an OS based system, so you can add any changes in to the system and add additional functionality.
- Open Threat Exchange (OTX) is a very good idea to get information about the newest vulnerabilities and malicious hosts.
- Threre is multilevel role administration.
- As a virtual appliance it delivers a near to full view of security of the company.
- There are no other supported languages - only English and Spanish. OSSIM has more languages.
- AlienVault Unified Security Management uses the "latin1" alphabet, which gives Eastern Europe very big problems with logs (there are shown wrong and can't be correlated), for example to work with the Cyrillic alphabet.
- There is no possible way to see what signatures in which modules were updated.
- It's not possible to disable an alarm for current values in current type. It does not support the ability to disable a group of alarms with play load.
- The price with multi tier and disturbed infrastructure going for 150k USD, it very expensive and in this price [range] there a lot of good competitors.
- Raw logs search works very slowly.
- There is no way to work with Suricata signature with user interface.
- The opportunity with company is very very bad. The company manager doesn't give partners a Not For Resale license of products for webinars, demonstration to customers to add changes in system and other.
- Sales managers have low qualifications in information security sphere.
- AlienVault Inc. doesnt do anything to improve product quality with partners. We made a patch to AlienVault USM that fixes problems with Cyrrilic and we wanted to give this solution to development team of AlienVault, but they aren't interested in this.
- There is no documentation for OSSEC corelation. No inforation in interface, no example.
USM for AWS offers best solution on the market.
- Once your Instances are set up to log to CloudWatch, setup is extremely easy in USM interface.
- USM for AWS is great at logging every kind of event that Windows servers log.
- USM for AWS facilitates user management to provide access to events for different user levels.
- USM for AWS is very slow to load. It can take up to 2 minutes to load some of the pages.
- Alarms need email notification.
- The interface caches information forcing the user to hard refresh their browser every time they want to wait.
- AWS for USM hides assets sometimes making it difficult to see what is being tracked.
Cyber success with AlienVault
- As asset management, VA, SIEM, and behaviour monitoring are all built into one platform, this is a jackpot for a security/incident investigator.
- The user interface and dashboard are easy to navigate with amazing drill down ablity, which helps in investigating issues easily.
- The risk-based approach, correction, and OTX are crucial to this product.
- The overall stability of the product.
- Agentless log collection with IDS feature.
- More improved incident analytics ability.
Into the mind of a programmer
- Monitors the network for various attack vectors. We were notified of an attack vector via Remote Desktop where we were able to take action and close up those ports.
- It was able to handle the thousands of messages (syslog) it was receiving from both our API web servers.
- The search needs to be better polished as it makes it difficult to search by multiple parameters (i.e. we have custom user fields and we wanted to search by two fields, and it does not allow us to do so).
- The steep learning curve is a big stumbling block. The UI needs to be more polished and easier to use. Perhaps having a basic and advanced screens.
- There should be an easier way to bump up the mysql connection pool without having to jailbreak to the command prompt and modify the configurations. We initially were constantly getting a "Too many connections" error, but once I bumped up the connection pool limit, the problem went away. It would've been nice if we could do this from the UI.
Best SIEM
- Easy to use.
- Correlate the external logs.
- Best feature is that it shows an attack when detected.
- When external logs are placed it never shows up sometimes and for that, it requires [forceful] operation on the backend.
- Complex to learn.
- USM GUI not responsive when you do not have the compatible setup of the hardware.
Rather than IPV6 alienvault has all type of feature that every SIEM tool need.
OTX threat intelligence is very best to know IOC that are know to the whole world,by using this we can mitigate the threats.
- It is being used for the SIEM role in our organization.
- It provides log aggregation, correlation, and reporting.
- It provides compliance for us within the financial realm and gives us metrics on what is happening in our environment.
- For the most part, it is effective, we would like more performance as we often find ourselves hitting the wall without current data load. This might be able to be fixed with a move to a virtual environment.
- AlienVault is particularly flexible at taking logs and being able to custom craft plugins using regular expressions. This prevents you from being limited by the SIEM vendors support.
- They are also good at keeping their installation updated. Updates are often issued on a monthly basis for the program itself, the same happens to the feeds about half as often.
- The support is actually quite good. Having received support from numerous vendors over the years I have found their support staff to be knowledgeable and helpful. An email receives a reasonably quick response without any hoops or interrogation whatsoever.
- Sometimes the modules don't work quite the way you want. Case in point would be the filtering of assets. There really should be more options when it comes to isolating certain operating systems and host name nomenclature.
- Quick log searching can be tedious and painful, although we use a physical and not a virtual instance so IOPs might be an issue. We find reports often time out unless very narrowly focused.
- Some actions come up over and over in security. One is tracking the log activity of a certain user. There should be a template or some sort of predefined mechanism, but unfortunately there isn't. User searching is ugly and tedious at the log level.
AlienVault USM Review
- Very in depth on scanning for inventory! This allows one to get the "50,000 feet" view of the organizations IT assets, and can narrow down on a specific inventory item with just a few clicks.
- Conducts detailed vulnerability scans. While it doesn't mitigate the vulnerabilities, it gives us instructions on how to mitigate them..what steps we need to take.
- The reporting function is phenomenal. It aggregates logs from other hardware and software, and can present a in-depth report based on that data.
- It can be difficult to set up correctly. I found the documentation sparse in some instances.
- It can generate a ton of alerts, again if not set up correctly. I recommend taking the engineer's class for it, so that you can get the most out of your investment.
- The vulnerability scans can eat up a lot of resources, as well as be a bit pushy. Running a scan against one of our printers resulted in that printer constantly flooded with inventory scan requests by AlienVault, which rendered said printer unusable. Make sure you break out your networks when doing scans!
AlienVault review from a newbie
- Provides good security to the network.
- Provides intrusion detection.
- It provides responses for any incidents.
- Needs more granularity for the setup.
Honest Review of AlienVault USM
- Correlating events to threats
- Ranking severity of threats
- The UI is simple and straightforward
- There are many false positives
- The licensing/renewal process is painful
- Sometimes performance of the appliance is an issue (slowness)
AlienVault USM good for your business?
- Traffic Analysis
- OTX feed intelligence
- File Integrity Monitoring
- Threat Scanning
- Asset Management depends too much on DNS
- Threat scanner could have more functionality
From Zero to Hero with AlienVault!
- Customer Service
- Ease of Use
- Easy Implementation!
- Hidden costs not disclosed up front.
- Not all functionality is built into current USM Anywhere Appliance; future capabilities to come.
- They are busy busy busy! Be prepared to wait 24+ hours for responses for some issues.
Simple Review
- SIEM
- Event Correlation
- Reporting
- Functionality for mobile users.
- Automated threat response, like configuration modifications of connected devices upon threat detection.
- Dashboards.
- Using trends in industry such as OTX pulses.
- The alarms are easy to track and start an investigation.
- More graphs like PRTG.
- More hands on labs.
- A faster learning curve.
AlienVault USM Review
- Correlation of Events Collected
- Event Alarm notification
- Vulnerability Scanning
- User Interface - Options are buried too many levels deep
- Administrator User Experience
- Ability to customize top level information of Event Alarms
- Reliability
AlienVault, Yeah
- PCI Compliance
- Log management
- Ease of use
- Inital setup
- UI content placement
- User management
AlienVault - A bump in network security
- Correlation of HIDS, NIDS, and security devices attached to your network.
- Vulnerability scanner included.
- Reporting and notification functions work flawlessly.
- With every product I evaluate, I would like to see a better system of creating custom reports.
AlienVault USM is my best security coworker.
- Vulnerability identification and classification.
- Event logging.
- Grouping of networks and assets to easily keep track of different locations.
- I'd like to see the threat rating on the live feed of the SIEM.
- Improvements to make the deployment of OSSEC agent easier.
We deploy and manage it in client environments. AlienVault solves a number of information technology issues, such as
- log aggregation & correlation
- asset management
- vulnerability assessment
- behavior monitoring
- threat intelligence
- SIEM tools are only as good as support surround it. This includes manufacturer support as well as support from an MSSP (Managed Security Service Provider). AlienVault has outstanding customer support and they have created a product that is easy to work with.
- Rules, Rules, Rules! What makes a SIEM tool truly effective is the rules that trigger alarms from the correlated data. AlienVault comes with hundreds of rules out of the box and is updated with new rules frequently. Also the UI is user friendly so writing your own custom rules is easy.
- OTX (Open Threat Exchange), The sharing of threat intel is built into the device. Its not an add-on piece or an additional expense.
- The tool isn't fully mature just yet. So occasionally we run into plug-ins that don't work properly or don't exist. This isn't horrible because you can write your own plug-ins but you will need some regex coding skills and a test environment.
It is probably less appropriate in an very large enterprise environment. Where I would most likely recommend a number of separate enterprise levels tools to emulate what AlienVault does in a slightly smaller environment.
Threat protection at the speed of the wire
- Ability to collect and process logs from many types of devices. Even have the ability to write custom log parsing to collect data from your custom devices/apps.
- Ability to correlate data into actionable intelligence. The common operational picture of your local network, combined with the global threat intelligence lets you know if you're in trouble or not. It's an awesome one-stop-shop kind of product and interface.
- Great support. The sales team, marketing team, and technical support are second to none. They've been able to answer any question that I have had, and they really dig in and engage.
- There's so much stuff you can do, it can be somewhat daunting at first. They've got great videos and documentation to walk you through stuff though.
- Cost isn't cheap, but it is fairly inexpensive compared to some of the other vendors.
AlienVault USM Review
- Very well priced
- The USM relies on pre-configured and configurable plugins that can be cumbersome if you are not well versed in programming. AlienVault support offers to create plugins.
Review of AlienVault by a Community Bank
- Asset Discovery and Management - easy to set up a scan of your network, and you can automate the scans on different time intervals. Based on the response from the scan, AlienVault can determine with pretty good accuracy what type of system it is.
- SIEM & Log Management. - AlienVault installs an agent on Windows devices that can pull in all logs and analyze them, for various information, rather it be malicious activity or known activities.
- Behavioral Monitoring and Intrusion Detection - AlienVault has rule sets built in that when analyzing your logs, will report and notify you of malicious activity on your network.
- Vulnerability Assesment - the interface and reporting was a weakness on AlienVault, this definitely will not replace some other vulnerability scanners such as Tenable's Nessus.
Couldn't have done it without you!
All platforms are hosted within Amazon's AWS cloud environment and are multi-tenant in nature. We maintain a presence in several AWS regions and support international business operations across a number of industries.
- I was really pleased with the initial setup, configuration and ease of use.
- The integration with Amazon AWS is great... the level of detail is perfect for our needs.
- The correlation and alerting capabilities are really helpful.
- The documentation could be more detailed.
- Customization can be a bit cumbersome. Adding correlation rules, etc.
- More dashboard capabilities would be welcome when working with larger groups of events.
Send the aliens back into space
- Pulling in LOTS of logs from various places in AWS.
- In theory, can consume any type of log you can send it.
- SMTP: The appliance can only send SMTP alerts to ONE email address. At the very least, it should be able to send to multiple people, and this shouldn't be a global setting. Some people want to see certain alerts, others need to see other alerts. It's highly inflexible.
- Reports: There basically aren't any. I need a way to prove to the CEO that this expense is worth it, but I can't print a nice graph of logs collected per day, alarms on each device, or really anything at all.
- SLOW: When it starts collecting lots of logs, the appliance really slows down. When you're trying to do a search on logs, it can take an hour or more. Almost impossible to do forensic analysis of an incident when it takes this long to gather the correct logs.
- Multiple VPCs are not supported: The only deployment option is a single box. Without allowing multiple sensor nodes, it's very difficult to see into other networks. VPC peering can get you around this, but this is not allowed for us because of security concerns, and it's impossible because both VPCs use the same IP range. You can use a Linux jump box, but you can't use a Windows jump box, and a Linux jump box won't connect to any Windows servers.
AlienVault USM is great for the price and functionality
- Log management
- Vulnerability scanning
- Net-flow
- Behavioral analysis
- Database maintenance
- Faster log searches