AlienVault USM: Simplifying Security with Cost-Effective Threat Detection.
Our organization uses AlienVault USM to enhance the security posture and streamline our clients' threat detection and response. The …
Starting at $1,075 per month
View PricingOverview
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (8)8.585%
- Correlation (8)8.585%
- Event and log normalization/management (8)8.080%
- Custom dashboards and workspaces (8)7.070%
Reviewer Pros & Cons
Pricing
Essentials
$1,075
Cloud
per month
Standard
$1,695
Cloud
per month
Premium
$2,595
Cloud
per month
Entry-level set up fee?
- Setup fee optional
For the latest information on pricing, visithttps://www.alienvault.com/products/pri…
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Features
Return to navigation
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Features
Security Information and Event Management (SIEM) Features
- Supported: Centralized event and log data collection
- Supported: Correlation
- Supported: Event and log normalization/management
- Supported: Deployment flexibility
- Supported: Integration with Identity and Access Management Tools
- Supported: Custom dashboards and workspaces
- Supported: Host and network-based intrusion detection
Additional Features
- Supported: AlienVault Open Threat Exchange
AlienVault USM Screenshots
AlienVault USM Videos
AlienVault USM Competitors
AlienVault USM Technical Details
| Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
|---|---|
| Operating Systems | Unspecified |
| Mobile Application | No |
| Supported Countries | Global |
AlienVault USM Downloadables
- Unified Security Management vs. SIEM: a Technical Comparison
- AlienVault USM Anywhere: Datasheet
- AlienVault Fast Facts
- AlienVault USM Anywhere: Datasheet
- Beginner’s Guide to Open Source Intrusion Detection Tools
- SIEM for Beginners: Everything You Wanted to Know About Log Management But Were Afraid to Ask
Frequently Asked Questions
Splunk Cloud and Fortinet on IBM Cloud are common alternatives for AlienVault USM.
Reviewers rate Deployment flexibility highest, with a score of 8.6.
The most common users of AlienVault USM are from Mid-sized Companies (51-1,000 employees).
Comparisons
Compare with
Reviews and Ratings
(734)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Recommendations
Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.
AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.
AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.
The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.
Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.
Based on user recommendations, AlienVault USM receives the following common recommendations:
-
AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.
-
Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.
-
To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.
Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.
Attribute Ratings
Reviews
(276-300 of 390)Companies can't remove reviews or game the system. Here's why
May 29, 2017
Men in Black can't catch this AlienVault
AV is being used to monitor our network and let us know not only what is happening as packets come in, but as they leave as well. It is being used by our entire organization across all departments. This helps us keep our network secure by alerting us when there is anything suspicious going on such as port scans, malware, DoS attacks, etc. It doesn't prevent anything but it allows you to understand all the traffic going in and out allowing you to find the weaknesses in your network and work with your firewall vendor to correct.
- Interface & Dashboards are very easy to filter alarms, and dive into trends, etc.
- Lots of correlations and plugins that can be setup to gather data from all over
- Includes many different tools from vulnerability scanning, to netflow, to agent based server monitoring
- It is very difficult to setup some of the extra plugins beyond just basic network monitoring
- The installation process could be a little more intuitive
- Hard to snooze, or ignore alerts for specific devices
May 26, 2017
Russian looks for USM
It adresses meeting PCI DSS compliance. It used only in the department of IT security.
- It deployes very easy and fast.
- It provides not only SIEM. It delivers very good benefits with the vulnerability scanner and NIDS/HIDS.
- It has an OS based system, so you can add any changes in to the system and add additional functionality.
- Open Threat Exchange (OTX) is a very good idea to get information about the newest vulnerabilities and malicious hosts.
- Threre is multilevel role administration.
- As a virtual appliance it delivers a near to full view of security of the company.
- There are no other supported languages - only English and Spanish. OSSIM has more languages.
- AlienVault Unified Security Management uses the "latin1" alphabet, which gives Eastern Europe very big problems with logs (there are shown wrong and can't be correlated), for example to work with the Cyrillic alphabet.
- There is no possible way to see what signatures in which modules were updated.
- It's not possible to disable an alarm for current values in current type. It does not support the ability to disable a group of alarms with play load.
- The price with multi tier and disturbed infrastructure going for 150k USD, it very expensive and in this price [range] there a lot of good competitors.
- Raw logs search works very slowly.
- There is no way to work with Suricata signature with user interface.
- The opportunity with company is very very bad. The company manager doesn't give partners a Not For Resale license of products for webinars, demonstration to customers to add changes in system and other.
- Sales managers have low qualifications in information security sphere.
- AlienVault Inc. doesnt do anything to improve product quality with partners. We made a patch to AlienVault USM that fixes problems with Cyrrilic and we wanted to give this solution to development team of AlienVault, but they aren't interested in this.
- There is no documentation for OSSEC corelation. No inforation in interface, no example.
May 26, 2017
USM for AWS offers best solution on the market.
We are using AlienVault Unified Security Management for AWS to meet our PCI compliance for Intrusion detection, vulnerability scans, and problems that might occur. It is being used for all our servers that fall within PCI compliance. It addresses the problem of finding a product that can easily interface with Amazon's AWS servers and load balancers.
- Once your Instances are set up to log to CloudWatch, setup is extremely easy in USM interface.
- USM for AWS is great at logging every kind of event that Windows servers log.
- USM for AWS facilitates user management to provide access to events for different user levels.
- USM for AWS is very slow to load. It can take up to 2 minutes to load some of the pages.
- Alarms need email notification.
- The interface caches information forcing the user to hard refresh their browser every time they want to wait.
- AWS for USM hides assets sometimes making it difficult to see what is being tracked.
May 18, 2017
Cyber success with AlienVault
AlienVault Unified Security Management (USM) is being used for our whole organization. We also provide USM as a service through our MSS program. It helps us widely in the compliance requirements for our organization and also provides us with complete control over users and system technical activities, which also helps us tremendously in detecting threats within the organization.
- As asset management, VA, SIEM, and behaviour monitoring are all built into one platform, this is a jackpot for a security/incident investigator.
- The user interface and dashboard are easy to navigate with amazing drill down ablity, which helps in investigating issues easily.
- The risk-based approach, correction, and OTX are crucial to this product.
- The overall stability of the product.
- Agentless log collection with IDS feature.
- More improved incident analytics ability.
May 15, 2017
Into the mind of a programmer
We use it to track all calls to our WebAPI application. We use this to stay compliant with HiTrust. We designed a plugin to use with AlienVault to track all of these calls with custom attributes. It works great. It also had the added benefit of monitoring our network which yielded surprising results (such as an outside penetration attempt which allowed us to take action). As much as I love this tool, it does have its caveats: It is not easy to maintain and has a steep learning curve. Once you pick it up, it would be easy to maintain thereafter and rarely has any hiccups.
- Monitors the network for various attack vectors. We were notified of an attack vector via Remote Desktop where we were able to take action and close up those ports.
- It was able to handle the thousands of messages (syslog) it was receiving from both our API web servers.
- The search needs to be better polished as it makes it difficult to search by multiple parameters (i.e. we have custom user fields and we wanted to search by two fields, and it does not allow us to do so).
- The steep learning curve is a big stumbling block. The UI needs to be more polished and easier to use. Perhaps having a basic and advanced screens.
- There should be an easier way to bump up the mysql connection pool without having to jailbreak to the command prompt and modify the configurations. We initially were constantly getting a "Too many connections" error, but once I bumped up the connection pool limit, the problem went away. It would've been nice if we could do this from the UI.
May 15, 2017
Best SIEM
It’s somewhat complex so it’s hard for management but security teams enforce management to do desired changes as per logs. So it’s necessary to use it in the whole organization. It’s required to understand how AlienVault is working, what AlienVault shows you from the management point of view (or any other department like software teams) while deploying the applications or using vulnerable software.
- Easy to use.
- Correlate the external logs.
- Best feature is that it shows an attack when detected.
- When external logs are placed it never shows up sometimes and for that, it requires [forceful] operation on the backend.
- Complex to learn.
- USM GUI not responsive when you do not have the compatible setup of the hardware.
- It is being used for the SIEM role in our organization.
- It provides log aggregation, correlation, and reporting.
- It provides compliance for us within the financial realm and gives us metrics on what is happening in our environment.
- For the most part, it is effective, we would like more performance as we often find ourselves hitting the wall without current data load. This might be able to be fixed with a move to a virtual environment.
- AlienVault is particularly flexible at taking logs and being able to custom craft plugins using regular expressions. This prevents you from being limited by the SIEM vendors support.
- They are also good at keeping their installation updated. Updates are often issued on a monthly basis for the program itself, the same happens to the feeds about half as often.
- The support is actually quite good. Having received support from numerous vendors over the years I have found their support staff to be knowledgeable and helpful. An email receives a reasonably quick response without any hoops or interrogation whatsoever.
- Sometimes the modules don't work quite the way you want. Case in point would be the filtering of assets. There really should be more options when it comes to isolating certain operating systems and host name nomenclature.
- Quick log searching can be tedious and painful, although we use a physical and not a virtual instance so IOPs might be an issue. We find reports often time out unless very narrowly focused.
- Some actions come up over and over in security. One is tracking the log activity of a certain user. There should be a template or some sort of predefined mechanism, but unfortunately there isn't. User searching is ugly and tedious at the log level.
May 05, 2017
AlienVault USM Review
AlienVault USM is being used across the entire organization to address threats and to aggregate logging functions into one easy-to-read report. It also handles vulnerability scanning across the network, showing which machines have what vulnerability, and what needs to be done to mitigate that vulnerability. It is also being used to help generate our inventory records.
- Very in depth on scanning for inventory! This allows one to get the "50,000 feet" view of the organizations IT assets, and can narrow down on a specific inventory item with just a few clicks.
- Conducts detailed vulnerability scans. While it doesn't mitigate the vulnerabilities, it gives us instructions on how to mitigate them..what steps we need to take.
- The reporting function is phenomenal. It aggregates logs from other hardware and software, and can present a in-depth report based on that data.
- It can be difficult to set up correctly. I found the documentation sparse in some instances.
- It can generate a ton of alerts, again if not set up correctly. I recommend taking the engineer's class for it, so that you can get the most out of your investment.
- The vulnerability scans can eat up a lot of resources, as well as be a bit pushy. Running a scan against one of our printers resulted in that printer constantly flooded with inventory scan requests by AlienVault, which rendered said printer unusable. Make sure you break out your networks when doing scans!
May 05, 2017
AlienVault review from a newbie
I support a node of the USM deployment. It is used to monitor and prevent intrusion of the network. The main device is at a central location and like I said, just support a node at a branch office.
- Provides good security to the network.
- Provides intrusion detection.
- It provides responses for any incidents.
- Needs more granularity for the setup.
May 05, 2017
Honest Review of AlienVault USM
Our IT department uses AlienVault to monitor traffic in and out of our environment. We use the USM to reduce our business risk in regard to known threats. I really like the fact that AlienVault is connected to the Open Threat Exchange, or OTX, to identify known threats. We then can take action based on the severity of the threat.
- Correlating events to threats
- Ranking severity of threats
- The UI is simple and straightforward
- There are many false positives
- The licensing/renewal process is painful
- Sometimes performance of the appliance is an issue (slowness)
April 20, 2017
AlienVault USM good for your business?
We are currently using AlienVault Unified Security Management for our infrastructure security needs. Both our servers are end users and are being scanned with the OpenVAS integrated scanner. All traffic is being analyzed from our Palo Alto firewalls and all servers have the FIM agent installed. We are also using the system to store net flow data.
- Traffic Analysis
- OTX feed intelligence
- File Integrity Monitoring
- Threat Scanning
- Asset Management depends too much on DNS
- Threat scanner could have more functionality
April 17, 2017
From Zero to Hero with AlienVault!
AlienVault USM Anywhere assists my company with implementing ISO 27001:2013.
- Customer Service
- Ease of Use
- Easy Implementation!
- Hidden costs not disclosed up front.
- Not all functionality is built into current USM Anywhere Appliance; future capabilities to come.
- They are busy busy busy! Be prepared to wait 24+ hours for responses for some issues.
April 10, 2017
Simple Review
We implement and manage AlienVault installations for customers.
- SIEM
- Event Correlation
- Reporting
- Functionality for mobile users.
- Automated threat response, like configuration modifications of connected devices upon threat detection.
AlientVault is used in the classroom in a college environment to acclimate students to the product before they go out in the field and use it in a production environment. We have several students in our Baccalaureate program that are using the product in their current jobs. Some students are going on internship positions where the company is using AlienVault as a main product in an NOC environment. Currently, AlienVault is a dashboard utility in our classroom where students can see the product, get excited about the product, use the product, and gain knowledge of the product without fear of breaking something in a production environment. This hands-on approach is a win-win situation for Pittsburgh Technical College and future employers.
- Dashboards.
- Using trends in industry such as OTX pulses.
- The alarms are easy to track and start an investigation.
- More graphs like PRTG.
- More hands on labs.
- A faster learning curve.
March 23, 2017
AlienVault USM Review
Here at NMM we are using Alienvault USM for log collection and correlation, vulnerability reporting, and event alarms.
- Correlation of Events Collected
- Event Alarm notification
- Vulnerability Scanning
- User Interface - Options are buried too many levels deep
- Administrator User Experience
- Ability to customize top level information of Event Alarms
- Reliability
March 22, 2017
AlienVault, Yeah
Our IT department uses AlienVault to capture logs from our web server for PCI compliance. AlienVault helps us keep track of and manage the large amount of logs generated by our web server.
- PCI Compliance
- Log management
- Ease of use
- Inital setup
- UI content placement
- User management
March 21, 2017
AlienVault - A bump in network security
Multi-layered network security is essential in order to protect your network from today's advanced threats. But when all else fails, you need that one extra step, the last nail in the coffin so to speak that identifies a problem using all the available data. That last step for total security is the deployment of AlienVault. AlienVault provides high level, affordable SIEM and security analysis that will detect breaches as well as vulnerabilities on your network. Combined with our managed services, your company will not only have the visibility that AlienVault provides, but the manpower as well to monitor the network either 8x5 or 24x7.
- Correlation of HIDS, NIDS, and security devices attached to your network.
- Vulnerability scanner included.
- Reporting and notification functions work flawlessly.
- With every product I evaluate, I would like to see a better system of creating custom reports.
March 21, 2017
AlienVault USM is my best security coworker.
We use AlienVault USM to collect and monitor nearly 100 properties across the US. It is one of the tools that allows us to easily monitor events and vulnerabilities at so many locations and devices with ease.
- Vulnerability identification and classification.
- Event logging.
- Grouping of networks and assets to easily keep track of different locations.
- I'd like to see the threat rating on the live feed of the SIEM.
- Improvements to make the deployment of OSSEC agent easier.
AlienVault is Security Incident and Event Management (SIEM) tool.
We deploy and manage it in client environments. AlienVault solves a number of information technology issues, such as
We deploy and manage it in client environments. AlienVault solves a number of information technology issues, such as
- log aggregation & correlation
- asset management
- vulnerability assessment
- behavior monitoring
- threat intelligence
- SIEM tools are only as good as support surround it. This includes manufacturer support as well as support from an MSSP (Managed Security Service Provider). AlienVault has outstanding customer support and they have created a product that is easy to work with.
- Rules, Rules, Rules! What makes a SIEM tool truly effective is the rules that trigger alarms from the correlated data. AlienVault comes with hundreds of rules out of the box and is updated with new rules frequently. Also the UI is user friendly so writing your own custom rules is easy.
- OTX (Open Threat Exchange), The sharing of threat intel is built into the device. Its not an add-on piece or an additional expense.
- The tool isn't fully mature just yet. So occasionally we run into plug-ins that don't work properly or don't exist. This isn't horrible because you can write your own plug-ins but you will need some regex coding skills and a test environment.
March 06, 2017
Threat protection at the speed of the wire
AlienVault USM is a valuable tool for collecting, aggregating and correlating threat events into actionable intelligence. The GUI is beautiful and gives you clickable drill down information. If I were to build a system from scratch, this product has already done all that and more. It's pretty slick!
- Ability to collect and process logs from many types of devices. Even have the ability to write custom log parsing to collect data from your custom devices/apps.
- Ability to correlate data into actionable intelligence. The common operational picture of your local network, combined with the global threat intelligence lets you know if you're in trouble or not. It's an awesome one-stop-shop kind of product and interface.
- Great support. The sales team, marketing team, and technical support are second to none. They've been able to answer any question that I have had, and they really dig in and engage.
- There's so much stuff you can do, it can be somewhat daunting at first. They've got great videos and documentation to walk you through stuff though.
- Cost isn't cheap, but it is fairly inexpensive compared to some of the other vendors.
March 02, 2017
AlienVault USM Review
Network monitoring for some areas of organization.
- Very well priced
- The USM relies on pre-configured and configurable plugins that can be cumbersome if you are not well versed in programming. AlienVault support offers to create plugins.
February 20, 2017
Review of AlienVault by a Community Bank
AlienVault USM is being used within my organization, to monitor the computer network for threat detection and incident response throughout the entire organization. We have set up asset discovery and inventory, which has allowed us to fully see what is on our network, and when new things come on to the network. We have also set up SIEM and log management, this allows us to set up alerts for certain conditions happening on our network.
- Asset Discovery and Management - easy to set up a scan of your network, and you can automate the scans on different time intervals. Based on the response from the scan, AlienVault can determine with pretty good accuracy what type of system it is.
- SIEM & Log Management. - AlienVault installs an agent on Windows devices that can pull in all logs and analyze them, for various information, rather it be malicious activity or known activities.
- Behavioral Monitoring and Intrusion Detection - AlienVault has rule sets built in that when analyzing your logs, will report and notify you of malicious activity on your network.
- Vulnerability Assesment - the interface and reporting was a weakness on AlienVault, this definitely will not replace some other vulnerability scanners such as Tenable's Nessus.
February 20, 2017
Couldn't have done it without you!
Astute Solutions offers a cloud-based, SaaS suite of products serving global consumer brands. Our products include CRM, SRM and KM platforms to enable multichannel contact with our customer's consumer base.
All platforms are hosted within Amazon's AWS cloud environment and are multi-tenant in nature. We maintain a presence in several AWS regions and support international business operations across a number of industries.
All platforms are hosted within Amazon's AWS cloud environment and are multi-tenant in nature. We maintain a presence in several AWS regions and support international business operations across a number of industries.
- I was really pleased with the initial setup, configuration and ease of use.
- The integration with Amazon AWS is great... the level of detail is perfect for our needs.
- The correlation and alerting capabilities are really helpful.
- The documentation could be more detailed.
- Customization can be a bit cumbersome. Adding correlation rules, etc.
- More dashboard capabilities would be welcome when working with larger groups of events.
February 17, 2017
Send the aliens back into space
We are using it for our SaaS platform. Our software is used by healthcare networks, and AlienVault is our IDS.
- Pulling in LOTS of logs from various places in AWS.
- In theory, can consume any type of log you can send it.
- SMTP: The appliance can only send SMTP alerts to ONE email address. At the very least, it should be able to send to multiple people, and this shouldn't be a global setting. Some people want to see certain alerts, others need to see other alerts. It's highly inflexible.
- Reports: There basically aren't any. I need a way to prove to the CEO that this expense is worth it, but I can't print a nice graph of logs collected per day, alarms on each device, or really anything at all.
- SLOW: When it starts collecting lots of logs, the appliance really slows down. When you're trying to do a search on logs, it can take an hour or more. Almost impossible to do forensic analysis of an incident when it takes this long to gather the correct logs.
- Multiple VPCs are not supported: The only deployment option is a single box. Without allowing multiple sensor nodes, it's very difficult to see into other networks. VPC peering can get you around this, but this is not allowed for us because of security concerns, and it's impossible because both VPCs use the same IP range. You can use a Linux jump box, but you can't use a Windows jump box, and a Linux jump box won't connect to any Windows servers.
February 17, 2017
AlienVault USM is great for the price and functionality
We use AlienVault for vulnerability scanning, net-flow/Sflow, log aggregation and management, and asset listings.
- Log management
- Vulnerability scanning
- Net-flow
- Behavioral analysis
- Database maintenance
- Faster log searches