Skip to main content
TrustRadius
AlienVault USM

AlienVault USM

Overview

What is AlienVault USM?

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…

Read more
Recent Reviews

TrustRadius Insights

Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network …
Continue reading

MSSP Review

8 out of 10
October 04, 2021
AlienVault offers a different experience as opposed to other SIEM tools where it can be set up and configured properly in a shorter amount …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 7 features
  • Centralized event and log data collection (8)
    8.5
    85%
  • Correlation (8)
    8.5
    85%
  • Event and log normalization/management (8)
    8.0
    80%
  • Custom dashboards and workspaces (8)
    7.0
    70%

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing

Essentials

$1,075

Cloud
per month

Standard

$1,695

Cloud
per month

Premium

$2,595

Cloud
per month

Entry-level set up fee?

  • Setup fee optional
For the latest information on pricing, visithttps://www.alienvault.com/products/pri…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services
Return to navigation

Features

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

8
Avg 7.8
Return to navigation

Product Details

What is AlienVault USM?

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.

Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.

Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.

Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.

AlienVault USM Features

Security Information and Event Management (SIEM) Features

  • Supported: Centralized event and log data collection
  • Supported: Correlation
  • Supported: Event and log normalization/management
  • Supported: Deployment flexibility
  • Supported: Integration with Identity and Access Management Tools
  • Supported: Custom dashboards and workspaces
  • Supported: Host and network-based intrusion detection

Additional Features

  • Supported: AlienVault Open Threat Exchange

AlienVault USM Screenshots

Screenshot of USM Anywhere NIDS Dashboard

AlienVault USM Videos

AlienVault USM Competitors

AlienVault USM Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo
Supported CountriesGlobal

Frequently Asked Questions

Splunk Cloud and Fortinet on IBM Cloud are common alternatives for AlienVault USM.

Reviewers rate Deployment flexibility highest, with a score of 8.6.

The most common users of AlienVault USM are from Mid-sized Companies (51-1,000 employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(735)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.

AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.

AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.

The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.

Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.

Based on user recommendations, AlienVault USM receives the following common recommendations:

  1. AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.

  2. Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.

  3. To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.

Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.

Attribute Ratings

Reviews

(351-375 of 390)
Companies can't remove reviews or game the system. Here's why
December 04, 2015

AlienVault's no Alien

Score 9 out of 10
Vetted Review
Verified User
Incentivized
AlienVault Unified Security Management is used in our organization by the information technology department to meet regulatory compliance, specifically both HIPAA and PCI. The most critical problems it addresses are the needs for storing and reporting on centralized logs and host intrusion detection system information for our servers storing electronic protected health information (ePHI).
  • Reporting.
  • HIDS (specifically registry monitoring).
  • Multi-vendor Integration.
  • GUI seems slightly cluttered; especially for manager (high level overview) access.
  • Some plugins require significant work to install and configure on the backend
The primary reason our organization purchased AlienVault was the pricing point. It is significantly cheaper that many of its competitors but doesn't skimp on any of the features. Clearly, lots of time and effort is put into the product. There are even recompiled Windows agents for the HIDS modules.
Ledan Patrick Masseus | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We are currently using AlienVault Unified Security Management across our entire enterprise. We are using it to correlate and store logs from all devices to monitor for network and host intrusion detection. We also use it to do our vulnerability assessment, as well as our network inventory. It's part of our layered approach to security monitoring.
  • The AlienVault NIDS has proven to be very valuable in helping us identify traffic on our network. It has identified unauthorized traffic that was going out of our network.
  • The alarms generated from our realtime events have helped us to respond to and track our responses.
  • It has helped us with change management with realtime updates to any changes in configuration.
  • Inventory is terrible. Expect to spend some time fixing details on your inventory. This is particularly frustrating as often vulnerabilities are tied to specific versions of Windows or software. I mean there is a world of difference between Windows 7 and Windows 98. Its inability to differentiate is a big issue.
  • I would like to see the alerting functionality improved. Such that if you see an alarm that you want to be notified about every time it happens you can just right click on and say alert me next time this event happens.
One of the key questions that should be asked is - what in-house expertise will be needed? You do need someone with unix/linux familiarity.
December 01, 2015

Best bang for your buck

Score 8 out of 10
Vetted Review
Verified User
Incentivized
We currently use AlienVault Unified Security Management to stay ahead of what is going on in our environment. More and more it is becoming important to stay on top of the latest security threats. It is not enough to just handle threats passively with all of the breaches of recent. AlienVault brings together many strong technologies into a single product that help to not only prevent potential attacks, but detect any current attacks. With a small network and few employees, AlienVault enables us to reduce the time to detect and stop any threats as well as the number of resources needed to do so.
  • Vulnerability Assessment
  • Intrusion Detection (Host and Network)
  • Event Log Management
  • Improving the ability of whitelisting vulnerabilities or marking them as acceptable risks
  • Improving the accuracy of vulnerability assessments
  • Reducing false positives on the network IDS
AlienVault Unified Security Management is well suited for scenarios where an SIEM device is needed. For companies just looking to get their feet wet in vulnerability assessments, AlienVault should be at the top of their list because of the added benefits they bring. Instead of using multiple products, AlienVault is able to converge all the technologies under a single pane of glass.
November 28, 2015

In Aliens We Trust

Giuseppe Trolio | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Incentivized
AlienVault Unified Security Management is the main SIEM device in our organization. Primary use is in collecting our fw / IDS / security devices logs, to obtain enriched information on security scenarios and general status. We've got a special interest in the Environmental Awareness alerting functions, by which we have spotted some misconfiguration cases inside our IT infrastructure. We are experiencing some difficulties in making custom plugin datasources behave like the officially supported ones: alerting and correlation features are not working at their best, so we are trying to workaround that issue. Except for this, we definitively love AlienVault USM :)
  • Simple and easy deployment
  • Powerful correlation features
  • A complete tool to deploy in poor security scenarios
  • There is some difference in working with official plugins rather than custom ones
  • No visual flagging is possible in SIEM events, so working cuncurrently is hard
  • We don't agree with using 2 different storage technologies for security database and logger database
No doubt on that, AlienVault USM makes the difference when you have to address security controls and processes in SMB companies - there are situations in which security is often mistreated, by using old, or poor, instrumentation.
Aleksandar Zlatanchev, CISSP, CASP | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
AlienVault Unified Security Management is being used by the information security department of our company. It is helping us to quickly identify security incidents and to investigate and respond in a timely manner.
  • Correlates events from different sources and displays comprehensive information about security incidents.
  • The threat intelligence database is constantly updated with information about new threats and indicators of compromise.
  • The network asset detection function is helping us to always be aware what systems are connected to our network.
  • The alarms interface is very easy to navigate and is following the cyber kill chain model. This makes it very easy to prioritize the incident response efforts to the most critical alarms.
  • More plugins for anti-virus product logs like Kaspersky.
Ask about:
  • Number of built in data correlation rules.
  • What threat intelligence feeds are used.
  • Ability to create custom dashboards and reports.
Alissa Knight | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
ResellerIncentivized

We are a Managed Security Service Provider, leveraging AlienVault as the federated monitoring infrastructure for our Security Operations Center.

It addresses the problem of log management/Security Information and Event Management through correlation and aggregation of security event logs.

  • Identification of known bad IP addresses
  • Access to packet payloads triggering events
  • Management/updating of network IDS rules
  • Upgrade to new major releases is poorly QAed and tested introducing new bugs that should have been caught in the QA process which has brought down customer production equipment
  • Ongoing attention and updates to submitted bugs
Well suited for organizations that have the necessary internal resources to monitor/manage an enterprise SIEM deployment, monitor and respond to security events, and triage events filtering out false positives
Sk Jaki | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Incentivized
We have around 260 AlienVault appliances all over the world including HIDS NIDS and SIEM. This technology is good enough to monitor on network packets and analysis data. But it's time consuming to log in all appliances and check appliances; if it possible to make little advancements like components-issue forwarder through mail to particular mail address it will be better.

It makes it possible to keep the network infrastructure safe and secure. It's easy to monitor over the network data packets. Netflow Alarms and event we get it in a same SIEM console.
  • Security events management is a good feature and alarms by these two we can get some high priority infections
  • To analyse all events and find out high priority is quite difficult.But when you get some few high priority events and alarms it easy to look at them and take action as per the infection.
  • If any device has net flow issues it should send a notification email to a particular email.
AlienVault Unified Security Management is well suited for any private network to keep eyes on all data packets. It is also well suited for when you need to check the network infrastructure and where you need to put it and to see what things need to be monitored based on what you want analyze in the packets.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
When examining our security solutions, we realized we needed a product or group of products to fill a number of roles- log management, event correlation, intrusion detection, and vulnerability management. AlienVault not only was able to provide a single solution to cover all those areas, but the time to actionable data was incredible. We were detecting malware almost immediately (once the dashboard was up on the all-in-one trial) - malware that was missed by our antivirus and firewall.
  • Ease of deployment.
  • Intuitive WUI.
  • OTX is outstanding.
  • Patch roll-out process seems a little immature or is still developing.
Between the price point and the out of the box effectiveness, I think AlienVault Unified Security Management can compete with anyone.
November 23, 2015

AV Trust Radius Review

Score 7 out of 10
Vetted Review
Verified User
Incentivized
Used by the organization, AlienVault Unified Security Management addresses log and event collection and analysis. As a bonus, it also adds vulnerability analysis, HIDS / OSSEC and other central management capabilities.
  • Ease of setup - up and running very quickly. Not a ton of knobs and switches to dial in, at least initially.
  • Application of updates to the platform - with lots of moving pieces, and the myriad of Linux dependencies, upgrades could be made a bit less burdensome for administrators.
  • Search features - although quick and on-point, it's the actual location of search boxes that seems quirky. Maybe make the search boxes bigger or different in design?
Do your administrators have any familiarity with Linux? If not, you may want to consider a Windows based platform. You will need to move to the dark side (CLI) for some work within this tool.
Валерий Ткаченко | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Incentivized
AlienVault Unified Security Management is being used by the Security Department. We use it as a primary means of monitoring the status of the vulnerability of the network infrastructure and the confidentiality of business information in a corporate network.
  • System availability. We completed the installation of AlienVault USM in the corporate environment through telephone consultations within a short time of 2-3 weeks.
  • The universality of the system. We had a short period of AlienVault USM implementation in a complex domain architecture, and we have access to the full monitoring of the entire network environment.
  • As an example of the stability of the system set up in a stable operating system, we can say that the system is operated in a critical channel breaks, the electrical environment. AlienVaultUSM always restarted without the problems inherent in other systems.
  • We have not yet fully mastered the system. We suggest to intellectually develop the system, with the ability to advise on the construction of monitoring systems and network architecture.
We consider that scenario depends on the existing network environment. In an environment of modern equipment, Cisco or CheckPoint is much better to use. For multi-brand equipment AlienVault Unified Security Management would be the best choice, especially for efficiency and economy.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
AlienVault Unified Security Management is being used for information technology security management for the entire organization. The solution provides us with network and host intrusion detection services, intelligent security event correlation, asset availability monitoring, scheduled vulnerability assessments, security log management and archive, net flow monitoring and security reporting.
  • Value far exceeds the price.
  • Excellent customer service and support.
  • The product walks you through addressing placing values on assets and implementing the proper controls.
  • The product does what it claims it can do.
  • Product documentation could be more streamlined and easy to use, however, in the short time I have used AlienVault Unified Security Management there seem to be constant improvements.
  • To take full advantage of the solution, it helps to have some experience on the Linux platform, however, the product as delivered provides a solid security management platform with an intuitive GUI interface and AlienVault support coupled with their initial setup support services does a nice job of filling in the gap if you do not have that skill set in your organization.
Due to budget cuts our organization was able to put in place a solid network security management solution at a price that we could afford. Going through the steps to set up the product forced us to address security gaps we didn't realize we had. We feel we have a stronger solution in place with AlienVault Unified Security Management than when we were able to allocate much more funds to similar solutions in the past.
Score 7 out of 10
Vetted Review
Verified User
Incentivized
We are an MSSP and we are using AlienVault Unified Security Management on other companies. It is being used across the whole organizations. It is addressing compliance issues, insiders, and possible advanced intrusions. We use it for hunting operations and to have a 360 view of the organizations we work with.
  • AlienVault simplifies threat detection by providing us with a quick overview of what is going on in the network.
  • It is really easy to deploy which allows us to show value to our customers right away.
  • Having AlienVault labs helps tremendously because it feels that we are not just the only team trying to create our own rules. We have other experts on the other end writing rules that we can add and put together for a more robust threat detection.
  • Reporting for compliance purposes is awesome! Having all those already well developed reports has made our lives easier!
  • I remember asking a question on one of the demos they had online and it was regarding the capability of downloading executable or malicious files being detected by the NIDS. They laughed and said that one will have to have years and years of experience to analyze those files and that's why they don't have that functionality in their solution. I don't know if the "experts" have ever heard of Remnux or Cuckoo Sandbox . Anyways, I think that it will be great specially for organizations that cannot afford an IR team. Let's keep in mind that this product is being marketed a lot for SMBs and mid-sized businesses !!
  • It will be great to see SYSMON events being pulled by the OSSEC agents automatically a soon as it gets installed on the endpoint to have real complete visibility. I havent seen that yet. I have seen projects for Parsers but to work with ELSA. It would be great to see the AlienVault team to focus on getting as much information as possible of the endpoint too to help the IR team. You guys already have agents being installed on the endpoints, why not take advantage of it and show actually processes being created, call outs being made, etc. Remember that the nice packet capture feature will not be useful with encrypted traffic. Having the extra layer of detection will be really helpful. Knowing what files are being accessed or scanning for root-kits is useful but not enough for an IR engagement. During an intrusion, you need more information. Check Carbon-Black for some ideas on how to show the KILL CHAIN ! .
  • SAAS will be GREAT TOO!
  • Live response CAPABILITIES also will be a GREAT add-on for AlienVault USM. Launching a PSSession and adding functions to DELETE FILES, DOWNLOAD IOCs and KILL PROCESSES is really easy and it will be great to have a button that we can just press and have a shell on the Endpoint. EDR is HOT right now in the industry, and I wish I had that option in my USM Dashboard.
Does the product have EDR capabilities? How deep can the product go regarding endpoint security?
Aaron Rothstein | TrustRadius Reviewer
Score 5 out of 10
Vetted Review
Verified User
Incentivized
We are primarily using AlienVault Unified Security Management to enable centralized logging and event correlation across hundreds of retail locations, as well as centralized logging and event correlation for servers and network devices in our core data centers. We thought we would also use the vulnerability scanning capabilities, but we have found the vulnerability information incomplete and the scanning capabilities inadequate for canvasing all of our remote locations over VPN.
  • The deployment of the OSSEC(AlienVault HIDS) agent the basic logging and event generation got us out of the gate quickly.
  • AlienVault has a lot of out of the box parsers for popular network devices to parse system logs.
  • AlienVault has a lot of out of the box correlation sets to generate intelligent security alarms.
  • The vulnerability scanning feature is basically useless for us. There is not an easy way to see which vulnerabilities are being scanned for, and I've confirmed that monthly Microsoft updates take forever (over 30 days) to get into the definitions. We need to see them in there within a couple of days. The scanning is all done remotely (no local agent-based scanning), which requires superuser credentials to be supplied to the scanner. Because we have a lot of remote locations connected over VPN, the scans repeatedly timeout or error out. We are exploring alternative products for this need.
  • AlienVault documentation is severely lacking. When I have opened tickets with AlienVault regarding missing documentation, I am often referred to the open source project's documentation for the component they've integrated. If AlienVault wants to integrate a component and rebrand it as part of their product, they need to take the ownership of documenting how to use it within their product.
  • AlienVault requires too much "hacking" to do anything custom. The CLI has a "Jailbreak system" mode that is required for anything outside of the most vanilla configurations. In my mind something called "Jailbreak" should not be required on a daily basis. Examples of low level config include having to create custom rsyslog.d conf files to aggregate syslogs from multiple devices to a single log for parsing. Using the Web UIs per asset assignment of a plugin isn't resource efficient. Doing any sort of custom rules or plugins requires CLI modification of multiple files and the OSSIM database. It shouldn't be that hard.
I wouldn't recommend it for anyone that isn't comfortable messing around at the Linux command line. Basic out of the box monitoring is OK, but if you have any specialized requirements, be prepared to put in a lot of time and testing. For vulnerability scanning, if you have a lot of remote locations and can't put a sensor in each one (like a small quick-serve restaurant), don't plan on using that feature. The vulnerability reporting views are sorely lacking as well. It doesn't allow you to easily pivot and collapse views based on a node or a vulnerability.
Chris Dale | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Incentivized
It is being used for log collection, vulnerability scanning, asset management and SIEM.
  • Ease of set up
  • Open source
  • Cheap
  • Support
  • Documentation
  • Configuration
AlienVault Unified Security Management is well suited for organisations that need to get started. It won't replace Splunk if you are using Splunk for debugging, but still, you have log handling.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We are using AlienVault for host based intrusion detection, log aggregation and screening, network monitoring, and vulnerability assessments.
  • Host based Intrusion detection works well on Windows servers, and monitors for a number of security related events. Also contains event log monitoring.
  • Ease of deployment to Windows Servers.
  • Ability to add custom plugins when needed.
  • Log file normalization.
  • Integration with Open Threat Exchange, and use of IP reputation information.
  • There is a lot to it. This is a strength and a weakness. This is a powerful set of tools, it can take a little work to understand everything it can do.
  • Navigation can be a bit tricky, i.e. I know it does this, I have seen that option before, but where is it.
Cost and complexity are always concerns, but If you buy the right package and deploy it correctly it can cover any environment. There are simple deployments, complex deployments, and even manged deployments. It can cover your needs if set up correctly.

I would like to see automated responses, other than alerts. I believe they may be working on this, so that it can actually take action not just warn you of the incident.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
In this industry, security compliance is typically a large burden. With AlienVault Unified Security Management, it makes being compliant just a little bit easier for the little guy.
  • Universal
  • Easy to use
  • Excellent customer support
  • Doesn't always play well with others (*ahem - FortiGate)
Depending on its end use, it is very likely that I would recommend AlienVault Unified Security Management to another person.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
AlienVault Unified Security Management has simplified our PCI compliance with amazing visibility. AlienVault has been amazing! We currently have a support contract as well as a third party consultant, and I know that there is nothing more that I would ask of either one. Everything from the sales guy working so diligently with me all the way up to their customer support. AlienVault has made my life 100% better and I am very satisfied with the decision I made to move to AlienVault.
  • SIEM solution is the best of any that we tested.
  • Agentless monitoring is perfect for monitoring networking equipment for historical changes made.
  • The Nagios monitoring software build, it is not always the best through the UI but with the ability to alter the configs and manually monitor specific things I'd like it's great!
  • Nagios monitoring through the UI, i.e. configuration changes and naming ports with specific names that pertain to me would be nice.
  • The ability to personalize more without them being wiped when doing an update would be even better.
  • The ability to stand up a standalone Nagios monitoring system on the AlienVault remote sensor to forward events to the AIO.
What can it do for me? Every company is different and they will always have different needs, specifically for us was the need for centralized logging and a simple but amazing vulnerability scanning. Everything else in the system was just an added bonus and not to mention the sales team working a lot with me on pricing and additional components.
Jay Dibble | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We are using AlienVault Unified Security Management for PCI compliance purposes. We are monitoring specific systems and network traffic to meet our PCI DSS requirements. It is handling scanning for vulnerabilities on those systems as well as some other key organizational systems and platforms.
  • Combining many tools in to one nicely packaged system - used OSSEC but it's a real pain to configure and implement. AlienVault Unified Security Management sets up much easier and very powerful out of the box.
  • Event correlation.
  • Alerting of issues.
  • Tuning out noise - i.e. setup/tear down of sessions in firewall. Would be nice to have a template ready to implement.
  • Documentation pertaining to the actual setup/configuration. Right now, you really need to purchase engineer time to get things set up and running in a timely and efficient manner.
  • UI flow. Recent updates have made great strides but there's still room for improvement.
For the implementation, the sizing really needs to be looked at carefully. For example, the USM All-In-One virtual appliance is limited on space and scaling versus the standard and enterprise versions (as well as hardware versus virtual appliances).
November 18, 2015

Newb AlienVault Review

Score 8 out of 10
Vetted Review
Verified User
Incentivized
We use AlienVault Unified Security Management as a central storage device for all logs within our network. It addresses the problem of storage and easy reporting on the logs that are collected.
  • Real time reporting
  • Grouping security events
  • Alarms
  • Easier access to built in reports
  • Updates less often - right now I get notifications for updates every day
  • Better integration and ease of use with open threat exchange (OTX)
  • More plugins
Vishal Jadhav | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Incentivized
AlienVault Unified Security Management is deployed for a part of our network, and is used to monitor network devices and a few servers with HIDS deployed. We do plan to deploy it across entire organization very soon. It gives an insight of what assets are present in the network, which otherwise are not known since we do not use any asset management tools. It gives a good picture of our network through net flow as well. HIDS is a very useful and powerful tool which reports all the activities and any suspicious behavior at the host level. It all works in a very good synergy. Reports and alerts are provided which are very useful to manage the security posture of the network.
  • AlienVault Unified Security Management is very flexible to configure and collect information from devices, even those which are unknown to it via custom plugins. It can be highly customized to suit each organization's requirements.
  • Open threat exchange (OTX) is a very important and useful feature which helps to trace the malicious IP with reputation back to its origin, so intent is clearly visible when analyzing security events. Pulses and IOCs are very interesting and useful as well.
  • Reporting is very good, it has variety and huge options to choose from, though the output format has potential to improve.
  • Policies and actions can be very useful for fine tuning the system.
  • Ticketing system can be improved and integration with external ticketing systems can be made easier.
  • Reports can be output in a number of formats such as MS Office etc.
  • Creating of new policies can be directly provided from the the SIEM or events page. This will help in pre-population of data fields required to treat the events as either false positives or for writing actions for particular events. Currently, all the data fields have to be noted and included manually in the policy fields which can sometimes be erroneous.
I think it is very suited as a SIEM tool. In scenarios where network monitoring using both log collection as well as the Network Intrusion Detection System is required and correlation of events is required, AlienVault Unified Security Management is an excellent fit. It addresses the security, audit and compliance monitoring of the networks very effectively. Of course, tuning is the most important part in the case of any SIEM, so it iss true with AlienVault Unified Security as well, but it allows options to filter events at the source or at processing stages and also to redirect or drop or directly store events as per the organization's information security policies. The security analysis process is very well defined. Of course, every analyst will have his own style of investigations, but AlienVault Unified Security Management is definitely a value addition.
November 18, 2015

To the moon and Back

Barry Stephenson | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized

AlienVault Unified Security Management is used across our entire group. We use this for both network IDS and server based IDS. AlienVault Unified SecurityManagement is a great single pane of glass to allow me to correlate our SIEM events with known vulnerabilities within our network. I use this to manage and track our security events using the ticketing system. Also it allows me to give specific access to various areas within the business like our asset owners; support teams and to automate alarms and reports related to the individuals.

This is invaluable to aid in our ISO27001 compliance program.

  • Customisable dashboard to see everything at a glance.
  • Correlation of events against known vulnerabilities within the Infrastructure.
  • Open Threat Exchange to correlate events against knownn bad IPs and attack vectors.
  • More ability to read windows event logs for system and application logs and filter out what is not required.
  • OCS inventory built into the OSSEC agent.
  • Comprehensive online up to date manuals to help in configuration of systems and known issues. Whilst the community is great there can be a lot of confusion about what is best.

What documentation do you have available to help with the likes of setting up OCS, WIDS?

What assistance can be provided to assist with the set up of the Vulnerability Scanner? Both for internal hardware, web applications and external hardware hosting our data.

November 18, 2015

Alien Vault - USM

Score 9 out of 10
Vetted Review
Verified User
Incentivized
From my research of various vendors for SIEM systems, AlienVault Unified Security Management was definitely the best product. For us, our infrastructure was on AWS and AlienVault Unified Security Management provided the best and easy to implement product. I highly recommend AlienVault Unified Security Management if your infrastructure is on the cloud.
  • Ease of implementation.
  • Support.
  • Checks most points for PCI compliance when compared to other SIEM vendors.
  • UI can be improved.
Yes, the specific scenario here was to achieve PCI DSS level 1 compliance and AlienVault Unified Security Management covered our SIEM requirements. Another major reason for selecting AlienVault is the ease of implementation.
Score 9 out of 10
Vetted Review
ResellerIncentivized
We use AlienVault Unified Security Management for monitoring our entire corporate network. We also use it for compliance with HIPAA regulations since we have signed business associate agreements (BAA) in place.
  • Log collection correlation and analysis. Makes reviewing logs easier.
  • Intrusion detection. Identifies possible threat to our network.
  • Asset management is not very user friendly. Takes a lot of manual maintenance to keep it accurate especially when DHCP is used.
  • Management of plugins.
  • Normalization of logs. Sometimes the logs are not parsed correctly and the important data is difficult to find.
Key considerations are to make sure to size the network appropriately.
November 18, 2015

A brief review

Score 9 out of 10
Vetted Review
Verified User
Incentivized
AlienVault Unified Security Management is being used for PCI compliance across the whole organization.
  • I like the reports that are available.
  • Easy to use Vulnerability Scanner.
  • I have had several issues when trying to upgrade the system.
  • A better way to manage assets.
How many assets? Any remote sites?
November 17, 2015

Champ for SMBs

Score 8 out of 10
Vetted Review
ResellerIncentivized
We are a MSSP company and we use AlienVault Unified Security Management to provide SOC services to our clients. It's also used for the internal SOC at Ebryx.
  • Packaging opensource components like OpenVAS, Nagios, Nmap into one working bundle.
  • Makes it easy to operate a SOC with one or few analysts.
  • It has a minimal entry barrier to get started.
  • Can't group few SIEM entries and create a ticket that points back to a group of selected events.
  • The forensic evidence i.e. traffic pcap is very limited. It should at least provide some more traffic around that time.
  • It should have data source plugins for all popular antivirus suites to ingest antivirus alerts and events
It's well suited for companies where they have one or few security analysts. Even if they don't have any, the IT guy can easily learn the operations in less time and make use of it. It doesn't compete well with other SIEM solutions in the market like HP ArcSight as they have more integrations with other products like antiviruses and firewalls and have official plugins to fetch data from them.
Return to navigation