Overview
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…
TrustRadius Insights
Empowering Security Zenith with Unified Vigilance.
will I continue to use USM, Yes I would
Excellent security for your machine
MSSP Review
Great product but out of the box it needs a lot of work.
AlienVault is about as user-friendly as it gets for threat detection
Great if you can deploy and manage on-premises SIEMs
AlienVault - Not Worth the Price
AlienVault USM Anywhere, a SIEM that is easy on your pocket.
Unbeatable Security Machine
AlienVault USM Provides Heightened Security Awareness in the Legal Services Industry
Best product I've seen for a smaller enterprise network.
Great SIEM for enterprise environments
AlienVault USM is a really beneficial SIEM solution.
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (8)8.585%
- Correlation (8)8.585%
- Event and log normalization/management (8)8.080%
- Custom dashboards and workspaces (8)7.070%
Reviewer Pros & Cons
Pricing
Essentials
$1,075
Standard
$1,695
Premium
$2,595
Entry-level set up fee?
- Setup fee optional
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Features
Security Information and Event Management (SIEM)
Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools
- 8.5Centralized event and log data collection(8) Ratings
Effectiveness of real-time centralized event and log data collection
- 8.5Correlation(8) Ratings
Correlation of logs and events to pinpoint significant threats
- 8Event and log normalization/management(8) Ratings
Ability to normalize event syntax so that logs can be compared and are machine-understandable
- 8.6Deployment flexibility(7) Ratings
Ability to tune system to maximize threat detection and minimize false positives
- 7.3Integration with Identity and Access Management Tools(5) Ratings
Integration with access control tools like Active Directory and LDAP
- 7Custom dashboards and workspaces(8) Ratings
dashboards that can be customized to meet the needs of specific groups
- 8Host and network-based intrusion detection(5) Ratings
Ability to detect both endpoint intrusion and network ingress detection
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Features
Security Information and Event Management (SIEM) Features
- Supported: Centralized event and log data collection
- Supported: Correlation
- Supported: Event and log normalization/management
- Supported: Deployment flexibility
- Supported: Integration with Identity and Access Management Tools
- Supported: Custom dashboards and workspaces
- Supported: Host and network-based intrusion detection
Additional Features
- Supported: AlienVault Open Threat Exchange
AlienVault USM Screenshots
AlienVault USM Videos
AlienVault USM Competitors
AlienVault USM Technical Details
Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
---|---|
Operating Systems | Unspecified |
Mobile Application | No |
Supported Countries | Global |
AlienVault USM Downloadables
- Unified Security Management vs. SIEM: a Technical Comparison
- AlienVault USM Anywhere: Datasheet
- AlienVault Fast Facts
- AlienVault USM Anywhere: Datasheet
- Beginner’s Guide to Open Source Intrusion Detection Tools
- SIEM for Beginners: Everything You Wanted to Know About Log Management But Were Afraid to Ask
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(735)Community Insights
- Business Problems Solved
- Recommendations
Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.
AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.
AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.
The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.
Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.
Based on user recommendations, AlienVault USM receives the following common recommendations:
-
AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.
-
Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.
-
To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.
Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.
Attribute Ratings
- 7.2Likelihood to Renew18 ratings
- 6.4Availability3 ratings
- 7.3Performance3 ratings
- 6.7Usability34 ratings
- 7.3Support Rating25 ratings
- 8.3Online Training6 ratings
- 4.5In-Person Training1 rating
- 6.4Implementation Rating38 ratings
- 8Configurability3 ratings
- 6.3Product Scalability3 ratings
- 7.3Ease of integration3 ratings
- 8.2Vendor pre-sale3 ratings
- 7.6Vendor post-sale3 ratings
Reviews
(51-75 of 390)AlienVault USM for Small Business
- It's a decent log aggregator.
- Does correlation between events well, if set up correctly.
- Control on attribute mapping within USM Anywhere or fully disclose the mappings between ingested raw logs and attributes those values map to, in order to be searchable, and give power to the end user to create meaningful alerts and queries for the right content.
- Notifications for alerts tend to lack the essentials to make a determination off of the email. Often times alerts within cloud products are benign and part of the user experience and behavior, but get classified as violations, because they meet the criteria of equivalent alerts that are actionable.
AlienValut and Oracle database
- Analyze Syslog.
- Analyze Windows log.
- We monitor suspicious activities and also audit the account usage activities.
Alienvault USM - Reporting & Security that works!
- Reporting is made Simple with AlienVault USM
- AlientVault USM inform us of urgent security holes or issues with our environment
- AlientVault USM is useful for monitoring who has accessed your data
- I find the agent can report incorrect data from time to time, so improvements in the AlienVault USM agent is advised.
- I don't like how AlientVault USM prevents you from fully removing (Unnecessary) vulnerabilities, which you already flagged as (NOT important), you should have the option to fully remove these if you want.
AlienVault USM review
- Alert end devices with PUPs.
- Successfully takes the device offline.
- Pulls forensic details really well.
- Evaluate processes in real -time to filter less false positives.
AlienVault Review
- Integration with G-suite and AD
- AlienVault agents that come free of extra charge are valuable
- Automated scans
- Updating the agents is not straight forward
- Agents some time go offline for no apparent reason
Cost effective and easy to use
- Easy to set up/use
- Cost-effective
- Interface is slow and quirky
- Lacks functionality compared to other products
- Documentation (both troubleshooting and informative) is lacking detail
- Ease of use also has downfalls in that when detailed information is needed it's harder to obtain when investigating/troubleshooting
- Alienvault USM is THOROUGH. We have a highly integrated workspace that's most SAAS, and I monitor those integrations and their security with AV. If I am trying to track the uptime of a laptop, I don't go to VPN or our Directory Services... I go to AV.
- As I mentioned before, we use Sophos to protect our laptops. If a questionable file shows up on someones laptop, I hear about it from AlienVault before I hear about it from our Sophos service.
- The OTX Pulse feature is a built-in feature that lets you subscribe to industries and you are notified about new threats that affect that industry on a daily basis. The pulse alerts are added to your AV watchlist.
- Personally, I've wished I could purchase a service that would configure AV for my environment. I get a lot of traffic on a daily basis and I almost need to hire an analyst that just works on AV.
- Some of the filters when looking for a specific alert aren't that easy to use.
AlienVault Review
- Alienvault USM does a good job presenting the data collected in a concise and actionable manner.
- AlienVault USM lacks good technical documentation, documentation needs more detail, more substances, and background information. The current documentation is frustrating for first-time users and assumes the user is already familiar with how and why USM works the way it does.
- AlienVault USM would benefit greatly from a simpler onboarding process. One situation I remember well has to do with adding the credentials for vulnerability scanning. We knew the credentials were accurate, however, they worked for some systems and didn't work for others. Very frustrating.
- Another area of major improvement for AlienVault USM is technical support. Technical support basically does not exists, if the documentation was comprehensive and detailed, with examples and scenarios, this would not be such a big issue. The first time my team experienced this, I knew we would not renew our contract.
AlienVault. Your SIEM solution from another world.
- PCI compliance scanning: AlienVault USM gives you the ability to scan assets using different variations of PCI policies.
- Event log management: AlienVault USM allows you to easily collect and search event log data across multiple systems of different variations.
- The event log filter rules are another strong feature of AlienVault USM. It allows for easy filtering of non-essential data.
- I would like to have the ability to restore a deleted sensor. I ran into an issue where a sensor was deleted and we had to rebuild our setup.
- A nice feature to have would be the ability to create read-only users with a custom view built for them.
- When a vulnerability is found, you are directed to an external site for (OTX and others) more information. Suggested fixes and patches should work directly in the USM interface.
AlienVault working reliably to protect your office network.
- Through the open threat exchange, I get the latest indicators of bad actors and can, on the other hand, add my own indicators if I feel something is missing.
- Filter-/Alarm-rules are easy to set up, so I can distinguish the important bits from noise in the logs
- Deploying the agents is very easy through the provided PowerShell scripts.
- Setting up a working stream of the windows-event-log (not using local agents) seems impossible, and AlienVault's support wasn't very helpful in this matter. We finally decided to drop this (it ran for a while, then stopped for no apparent reason, seemingly a problem with certificates) and use local agents instead.
- Sometimes agents don't update themselves, and it's hard to diagnose what causes this.
- Also, the updater of the sensor-appliances doesn't seem to run very reliably. From time to time I have to re-install the sensor-appliance, as it doesn't want to update itself.
My Experience using AlienVault
- Threat Detection
- Scanning for Vulnerabilities in servers
- Event handling
- Integration with other product like Google Suite to create security reports.
- When handling alarms, I'd like to be able to select all the resulting alarms at once after filtering and not by groups of 100 like it's possible now.
- I think filtering could be improved in the Alarms and Events sections.
Get it!!
- great search and filtering capabilities
- Alarm filtering capabilities
- Easy deployment
- Multiple plugins
- For SaaS deployments, it would be nice to give customers the capability to create custom plugins
- Very easy to read the logs.
- This tool has been relatively easy to deploy and maintain.
- It's a good tool to use for monitoring assets.
- Several times we lost connectivity and didn't know it. It would be helpful if there was better support when this happens.
- It would be helpful if there was a better way to ensure line of sight into the entire network. We were never 100 percent confident that we were seeing everything. Discovery tools would help with this...i.e., set it and forget it.
- An "out of the box" recommendation on what are the most important things for us to look at would be helpful.
Review for AlienVault USM Anywhere AWS and GCP Approaches
- AlienVault USM has the potential to identify the attack patterns by the traffic events through their sensors which is already built-in with their own correlation rules.
- USM Anywhere sensor reduces the load for SOC analyst on writing the new set of rules.
- And also provides an option for slack integration which myself felt very nice for an immediate action.
- When we talk about the forensics investigation the user interface and experience is not that great as expected, when we sent an alarm/event for investigation it doesn't provide any investigation results.
- The USM sensor doesn't have the capability of handling more jobs, It does restarts the sensor if certain limit of jobs are configured
- The log reports are not getting downloaded when we try to attempt via safari browser
Good for startups
It is primarily used by the security team.
- integration with the cloud providers
- ability to manage big log files
- threat intelligence
- support is not so great
- plugins are not always up to date
- It is easy to deploy and get logs into the dashboard
- Integrations with Office 365 is pretty seamless and provides great context.
- Super easy to increase storage tiers if you find yourself adding more and more log sources.
- USM Anywhere doesn't allow you to multi-home sensors. So if you have non-routable networks, you'll need to investigate the on-premise solution too.
- You have to be on top of tuning else a constant stream of alerts will cause your SOC staff to begin ignoring alarms.
- You have to be on top of tuning else you'll eat your allotment of storage for that month. It is really easy to exceed your storage quota if you don't proactively monitor log sources. USM could do a better job letting you know if a log source is too chatty.
A very satisfied customer
- Scanning our servers for vulnerabilities.
- Monitoring our infrastructure for any changes to our security.
- Monitoring our infrastructure for any unusual activity on the servers or attacks.
- The cloud formation template uses an older instance type and should be updated.
- Some of the settings are a little had to find.
AlienVault USM Anywhere for PCI-DSS Compliance! - Try it out
- Easy and straightforward implementation.
- Comprehensive logging solution with good notifications.
- Easy tuning, based on received events/alarms.
- Customization/creation of plugins
- Custom parsing of specific fields of the raw message
- Customization of FIM folders/files
Not very customizable but provides a lot of value for less.
- Correlate logs from different sources into actionable intelligence.
- Provide an easy to use interface to interact with Alarms and Events.
- Integrate with our alerting tools to make sure when an incident is happening, the right people know about it quickly.
- Being able to make custom plugins for internal tools.
- Being able to have a webhook plugin to send logs directly to the cloud appliance.
- Make the management of suppression rules better. Maybe include a suppression rule visualizer to make sure your suppression rule is doing exactly what you would like it to do.
It is not appropriate if you are looking to easily be able to customize the tool. A lot of the options you have with tools like Splunk are just not here.
- Intelligence updates from the Alienvault community and security pros.
- Writing of threat detection rules and ingestion parsing for different devices.
- Vulnerability scanning.
- Asset management is done purely by IP unless using the agent.
- Agent installs and updates can be a bit flakey, and on occasion use lots of resources.
USM Anywhere! Excellent long term investment
- Discovery of endpoints
- Management of event logs across different sources
- Investigation and remediation of security events.
- Management of sensors
AlienVault does the job
- Internal vulnerability scans
- Monitor firewall and security group changes
- Monitor and alert on suspicious system logs
- Monitor and alert on suspicious cloud watch logs
- False alarms occur occasionally
- There is no report for only displaying vulnerabilities with an available patch. Specter class issues can only be mitigated but will remain active until we are all on next-generation processors.
AlienVault USM is a fantastic product
- Monitoring Azure logs, such as events where users log in from multiple countries. No need to trawl through the Azure audit trails.
- Easy visibility on AD account lockouts which are common in our organization due to beta software.
- Nice visuals and reporting on AWS, 365 and Windows.
- The console is a little sluggish to refresh and navigate to different pages.
- Add some more color to the filters rather than all grey.
AlienVault USM - A Great Product
- It's pretty easy to get rid of the access noise without losing any logs.
- Ability to create customizable views. Allows you to view the type of information quickly.
- The alerts that are sent, and the information in them, are helpful.
- If the assets are put in groups, you seem to have to run separate vulnerability scans per group. In comparison to the appliance, you have the ability to add all groups in one scan.
- The results of the vulnerability scan feel scattered. The appliance layout of the results is easier to deal with.
- More help with deployment and initial setup. Depending on the setup, discussing what needs to be done and how to do it killed a lot of time.
Thank goodness for AlienVault USM
- Centralization of data logs makes it easier to analyze the many application logs throughout our organization. (ie. Windows logs, PLC logs, Antivirus logs, Exchange server logs, etc).
- Easy maneuvering with AlienVault pages as well as easy to bookmark alerts.
- Creating SOC on a budget especially with a smaller IT dept.
- Incident response.
- Threat detection.
- Compliance management.
- AlientVault OTX is a user community that is very helpful especially when you are curious about the alerts or to help mitigate issues that arise.
- I would like more detailed ways to mitigate issues.