Skip to main content
TrustRadius
AlienVault USM

AlienVault USM

Overview

What is AlienVault USM?

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…

Read more
Recent Reviews

TrustRadius Insights

Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network …
Continue reading

MSSP Review

8 out of 10
October 04, 2021
AlienVault offers a different experience as opposed to other SIEM tools where it can be set up and configured properly in a shorter amount …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 7 features
  • Centralized event and log data collection (8)
    8.5
    85%
  • Correlation (8)
    8.5
    85%
  • Event and log normalization/management (8)
    8.0
    80%
  • Custom dashboards and workspaces (8)
    7.0
    70%

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing

Essentials

$1,075

Cloud
per month

Standard

$1,695

Cloud
per month

Premium

$2,595

Cloud
per month

Entry-level set up fee?

  • Setup fee optional
For the latest information on pricing, visithttps://www.alienvault.com/products/pri…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services
Return to navigation

Features

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

8
Avg 7.8
Return to navigation

Product Details

What is AlienVault USM?

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.

Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.

Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.

Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.

AlienVault USM Features

Security Information and Event Management (SIEM) Features

  • Supported: Centralized event and log data collection
  • Supported: Correlation
  • Supported: Event and log normalization/management
  • Supported: Deployment flexibility
  • Supported: Integration with Identity and Access Management Tools
  • Supported: Custom dashboards and workspaces
  • Supported: Host and network-based intrusion detection

Additional Features

  • Supported: AlienVault Open Threat Exchange

AlienVault USM Screenshots

Screenshot of USM Anywhere NIDS Dashboard

AlienVault USM Videos

AlienVault USM Competitors

AlienVault USM Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo
Supported CountriesGlobal

Frequently Asked Questions

Splunk Cloud and Fortinet on IBM Cloud are common alternatives for AlienVault USM.

Reviewers rate Deployment flexibility highest, with a score of 8.6.

The most common users of AlienVault USM are from Mid-sized Companies (51-1,000 employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(735)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.

AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.

AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.

The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.

Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.

Based on user recommendations, AlienVault USM receives the following common recommendations:

  1. AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.

  2. Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.

  3. To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.

Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.

Attribute Ratings

Reviews

(51-75 of 390)
Companies can't remove reviews or game the system. Here's why
Score 4 out of 10
Vetted Review
Verified User
Incentivized
The business problem it addresses is derived from governance and compliance set by the USG and the DFARS regulations to have a SEIM. I have experience with paid products such as QRADAR and Splunk, and open source products such as Graylog/Elk/Wazah/security_onion. This is a department tool to consume the whole organization's security related data. We currently use it as the SEIM.
  • It's a decent log aggregator.
  • Does correlation between events well, if set up correctly.
  • Control on attribute mapping within USM Anywhere or fully disclose the mappings between ingested raw logs and attributes those values map to, in order to be searchable, and give power to the end user to create meaningful alerts and queries for the right content.
  • Notifications for alerts tend to lack the essentials to make a determination off of the email. Often times alerts within cloud products are benign and part of the user experience and behavior, but get classified as violations, because they meet the criteria of equivalent alerts that are actionable.
To be honest, AlienVault is run of the mill. I can get more power out of Gralyog/ ELK and pay for the threat exchanges they have, and still have complete control over how my SIEM works for me. AlienVault USM isn't a bad product, but as an end user you give up too much control and get little back from the company when it comes to attribute mapping. Also not a fan of the updates the break my appliance for a couple days. Which falls in the category of control. I think USM is a good starter for small companies needing SIEM where resources otherwise prohibit having someone/something better. As businesses grow and compliance becomes more instituted, the businesses need may be very unique where AlienVault may not be able to satisfy the burden of their specific SIEM needs.
Score 6 out of 10
Vetted Review
Verified User
Incentivized
We use AlienVault to monitor the server activity. AlienVault is used to analyze the Syslog and Windows log.
  • Analyze Syslog.
  • Analyze Windows log.
  • We monitor suspicious activities and also audit the account usage activities.
AlienVault is great for Syslog analysis, but I would like it to analyze the Oracle alert log also.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
AlienVault USM is currently being used to monitor our PCI (Private) environment within AWS, we use it to assist in security patching and monitoring.
  • Reporting is made Simple with AlienVault USM
  • AlientVault USM inform us of urgent security holes or issues with our environment
  • AlientVault USM is useful for monitoring who has accessed your data
  • I find the agent can report incorrect data from time to time, so improvements in the AlienVault USM agent is advised.
  • I don't like how AlientVault USM prevents you from fully removing (Unnecessary) vulnerabilities, which you already flagged as (NOT important), you should have the option to fully remove these if you want.
AlientVault USM is well suited to secure sites, which you want to actively keep monitored and keep reports on. Well suited to small/medium enterprises.
November 06, 2019

AlienVault USM review

Score 8 out of 10
Vetted Review
Verified User
Incentivized
We use this SIEM for the entire company in order to have full visibility of our network activity and remediate issues as they arise.
  • Alert end devices with PUPs.
  • Successfully takes the device offline.
  • Pulls forensic details really well.
  • Evaluate processes in real -time to filter less false positives.
It would be nice to be able to use this SIEM to remote into user machines.
November 06, 2019

AlienVault Review

Score 7 out of 10
Vetted Review
Verified User
Incentivized
We use it across the organization but not every plan is included mainly because of limited storage. We do vulnerability scanning, traffic analysis, and SIEM.
  • Integration with G-suite and AD
  • AlienVault agents that come free of extra charge are valuable
  • Automated scans
  • Updating the agents is not straight forward
  • Agents some time go offline for no apparent reason
Because of the price and the fact that it does much more than just SIEM, it has been very valuable to us, however, a redo of the GUI might be in order as it is old and somewhat not very intuitive.
Score 5 out of 10
Vetted Review
Verified User
Incentivized
It is being used by our Network Operations Center to monitor potential security alerts and suspicious activity. It is also used as an additional investigation tool if users or customers report potentially malicious activity.
  • Easy to set up/use
  • Cost-effective
  • Interface is slow and quirky
  • Lacks functionality compared to other products
  • Documentation (both troubleshooting and informative) is lacking detail
  • Ease of use also has downfalls in that when detailed information is needed it's harder to obtain when investigating/troubleshooting
If you're looking for something easy to set up and cheap while hitting the checkboxes, this will suffice. In order to get real functionality out of it, you need to tweak things. During the sale that was a big selling point, but once we implemented the "out of the box" solution, it all needed to be configured. And it wasn't like we could configure them because most of the issues found during implementation required development work. It was disappointing to learn these things once we already signed the contract.
Christian Holton | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We use AlienVault across the org, with accumulator appliances in two offices and in our cloud infrastructure. These devices are syslog targets and are used to scan traffic in each location. In addition, I also have deployed the AlientVault USM agent script to all servers and user systems. AlienVault sometimes notifies me of problems within integrated systems such as Sophos before that service itself. Notifications as simple as an improperly configured SSH config or something as significant as signs of SPECTRE traffic are delivered to my inbox so I may deal with these alerts ASAP.
  • Alienvault USM is THOROUGH. We have a highly integrated workspace that's most SAAS, and I monitor those integrations and their security with AV. If I am trying to track the uptime of a laptop, I don't go to VPN or our Directory Services... I go to AV.
  • As I mentioned before, we use Sophos to protect our laptops. If a questionable file shows up on someones laptop, I hear about it from AlienVault before I hear about it from our Sophos service.
  • The OTX Pulse feature is a built-in feature that lets you subscribe to industries and you are notified about new threats that affect that industry on a daily basis. The pulse alerts are added to your AV watchlist.
  • Personally, I've wished I could purchase a service that would configure AV for my environment. I get a lot of traffic on a daily basis and I almost need to hire an analyst that just works on AV.
  • Some of the filters when looking for a specific alert aren't that easy to use.
AlienVault is an amazing product. The only reason my rating isn't higher is that most of my colleagues work for smaller businesses where the IT staff is less than 5 people. There are a lot of moving parts to AlienVault and it is almost another job. Folks in my circle of colleagues, for the most part, don't have the bandwidth that AlienVault demands.
October 31, 2019

AlienVault Review

Score 5 out of 10
Vetted Review
Verified User
Incentivized
We are using AlienVault USM across the whole organization as a SIEM solution, vulnerability management, HIDS, NIDS, and compliance reporting.
  • Alienvault USM does a good job presenting the data collected in a concise and actionable manner.
  • AlienVault USM lacks good technical documentation, documentation needs more detail, more substances, and background information. The current documentation is frustrating for first-time users and assumes the user is already familiar with how and why USM works the way it does.
  • AlienVault USM would benefit greatly from a simpler onboarding process. One situation I remember well has to do with adding the credentials for vulnerability scanning. We knew the credentials were accurate, however, they worked for some systems and didn't work for others. Very frustrating.
  • Another area of major improvement for AlienVault USM is technical support. Technical support basically does not exists, if the documentation was comprehensive and detailed, with examples and scenarios, this would not be such a big issue. The first time my team experienced this, I knew we would not renew our contract.
Alientvault provides basic SIEM functionality pretty well, however, when it comes to implementing all the features that the marketing solution boasts you will have a hard time. I wish this was not true since it can really be a great product.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
AlienVault is used to monitor and assess corporate resources to help maintain system integrity and PCI compliance. We use it to monitor critical system files and resources and to help analyze multiple event logs in a single user easy to manage interface. It gives our administrators the ability to set up alerts so that we are notified of potential security vulnerabilities.
  • PCI compliance scanning: AlienVault USM gives you the ability to scan assets using different variations of PCI policies.
  • Event log management: AlienVault USM allows you to easily collect and search event log data across multiple systems of different variations.
  • The event log filter rules are another strong feature of AlienVault USM. It allows for easy filtering of non-essential data.
  • I would like to have the ability to restore a deleted sensor. I ran into an issue where a sensor was deleted and we had to rebuild our setup.
  • A nice feature to have would be the ability to create read-only users with a custom view built for them.
  • When a vulnerability is found, you are directed to an external site for (OTX and others) more information. Suggested fixes and patches should work directly in the USM interface.
AlienVault USM is essential when managing multiple servers across physical and virtual locations. With an easily deployable on-premise virtual appliance or cloud offering, it allows those limited resources multiple choices of implementation. For a small team managing multiple servers, the centralized management and user control makes a difficult task easy to manage.
Score 6 out of 10
Vetted Review
Verified User
Incentivized
AlienVault is used to monitor traffic in our offices and the VPN for suspicious activity. Additionally, deployed agents monitor event-logs and several streams from our Syslog to ensure we can see any bad-auths. AlienVault helps to identify bad traffic, suspicious user behavior and outdated software on those hosts with the agent deployed.
  • Through the open threat exchange, I get the latest indicators of bad actors and can, on the other hand, add my own indicators if I feel something is missing.
  • Filter-/Alarm-rules are easy to set up, so I can distinguish the important bits from noise in the logs
  • Deploying the agents is very easy through the provided PowerShell scripts.
  • Setting up a working stream of the windows-event-log (not using local agents) seems impossible, and AlienVault's support wasn't very helpful in this matter. We finally decided to drop this (it ran for a while, then stopped for no apparent reason, seemingly a problem with certificates) and use local agents instead.
  • Sometimes agents don't update themselves, and it's hard to diagnose what causes this.
  • Also, the updater of the sensor-appliances doesn't seem to run very reliably. From time to time I have to re-install the sensor-appliance, as it doesn't want to update itself.
It does a good job of monitoring office-networks with user traffic. As there's still a bunch of false-positives, it likely won't do as good of a job in protecting applications in a datacenter. That would most likely generate too much noise and require too much work, setting up all those custom rules, to actually catch what you want to see. For making sure there's no C&C-traffic and no suspicious authentication behavior, it's working very well. Also, monitoring the software-stack through the local agents works well.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
In our organization we use AlienVault USM for threat detection and to keep up to date with patches needed to cover for known vulnerabilities in our servers.
  • Threat Detection
  • Scanning for Vulnerabilities in servers
  • Event handling
  • Integration with other product like Google Suite to create security reports.
  • When handling alarms, I'd like to be able to select all the resulting alarms at once after filtering and not by groups of 100 like it's possible now.
  • I think filtering could be improved in the Alarms and Events sections.
I think it's well suited when you when you need to tackle host intrusion detection from scratch and there's not a security specialist in your organization. AlienVault is pretty straightforward and easy to understand. You get support to implement and then you can get training. Once implemented it's easy and intuitive to navigate.
October 25, 2019

Get it!!

Score 8 out of 10
Vetted Review
Verified User
Incentivized
It is used by the Security Team in IT Department for log collection and correlation. Currently we feed logs from all our security devices including on-cloud, cloudtrail, cloudwatch, s3 access and Load balancer event logs, we've also incorporated other external vendor sources e.g end point protection, web content filtering logs using proxies.
  • great search and filtering capabilities
  • Alarm filtering capabilities
  • Easy deployment
  • Multiple plugins
  • For SaaS deployments, it would be nice to give customers the capability to create custom plugins
It is well suited for log collection and rule correlation, regular syslog ingestion is great except where you have scenarios where the event logs come in a different format, sometimes it's hard to find the appropriate plugin for specific logs, most times it's a matter of trying multiple plugins until the right one is identified
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Only used with Information Security. We use [it] to monitor various segments of our network. We have used this to aggregate logs and monitor assets.
  • Very easy to read the logs.
  • This tool has been relatively easy to deploy and maintain.
  • It's a good tool to use for monitoring assets.
  • Several times we lost connectivity and didn't know it. It would be helpful if there was better support when this happens.
  • It would be helpful if there was a better way to ensure line of sight into the entire network. We were never 100 percent confident that we were seeing everything. Discovery tools would help with this...i.e., set it and forget it.
  • An "out of the box" recommendation on what are the most important things for us to look at would be helpful.
I think AlienVault USM is well suited for an IT/IS department that has more than three information security professionals to assist with the deployment and operations of the product. We are a lean shop and are not in a position to stand up a security operations center. I felt that this product was too much for us.
Ranjith R | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Incentivized
We have procured AlienVault USM Anywhere for Monitoring and Triggering alarms/notification on the suspicious traffic and attacks. It is being used within the infosec/infra department to take necessary actions on the security events. It majorly helps us to find the real-time attack and traffic events to our organisational assets and also it helps us on finding the vulnerabilities on a specific asset.
  • AlienVault USM has the potential to identify the attack patterns by the traffic events through their sensors which is already built-in with their own correlation rules.
  • USM Anywhere sensor reduces the load for SOC analyst on writing the new set of rules.
  • And also provides an option for slack integration which myself felt very nice for an immediate action.
  • When we talk about the forensics investigation the user interface and experience is not that great as expected, when we sent an alarm/event for investigation it doesn't provide any investigation results.
  • The USM sensor doesn't have the capability of handling more jobs, It does restarts the sensor if certain limit of jobs are configured
  • The log reports are not getting downloaded when we try to attempt via safari browser
It is well suited for a Cloud environment like AWS and Azure, since GCP is a new player in cloud, AlienVault has to improve a lot in terms of support with the data and log sync of instance asset mapping and sensor capability to handle more jobs to get out of unavailability issue among other competitors like Splunk, Sumo Logic and LogRhythm
October 25, 2019

Good for startups

Score 7 out of 10
Vetted Review
Verified User
Incentivized
We use alienvault as our SIEM, by collecting all events coming from the physical network and the cloud one, allowing us to overview everything (from a server, a firewall down to an endpoint).
It is primarily used by the security team.
  • integration with the cloud providers
  • ability to manage big log files
  • threat intelligence
  • support is not so great
  • plugins are not always up to date
if you got a small security team, alienvault OTX would greatly help in providing a strong centralized dashboard to overview everything. With a bigger team there could be more specialised tool.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We're using the USM product as its intended use case of a SIEM. Sensors are deployed into our hybrid cloud at various points and push logs to the USM dashboard. With our MSSP monitoring, AlienVault USM meets our needs of 24/7 security monitoring
  • It is easy to deploy and get logs into the dashboard
  • Integrations with Office 365 is pretty seamless and provides great context.
  • Super easy to increase storage tiers if you find yourself adding more and more log sources.
  • USM Anywhere doesn't allow you to multi-home sensors. So if you have non-routable networks, you'll need to investigate the on-premise solution too.
  • You have to be on top of tuning else a constant stream of alerts will cause your SOC staff to begin ignoring alarms.
  • You have to be on top of tuning else you'll eat your allotment of storage for that month. It is really easy to exceed your storage quota if you don't proactively monitor log sources. USM could do a better job letting you know if a log source is too chatty.
AlienVault USM is a good SIEM product for shops that don't have dedicated content creators. If your log source volume is at the TB level on a daily basis, it's not for you. However if you are on a TB level at the monthly level then it's worth looking into. The AT&T purchase has seen a good bit of new development being put into the product around investigation frameworks and integrations. We've gone to a TB tier and have renewed our subscription.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
AlienVault is being used to monitor our Cloud environment. It scans and alerts us for any know vulnerabilities or activity on our servers. Monitoring the cloud permissions and any changes to our security is extremely helpful to us for auditing purposes as well.
  • Scanning our servers for vulnerabilities.
  • Monitoring our infrastructure for any changes to our security.
  • Monitoring our infrastructure for any unusual activity on the servers or attacks.
  • The cloud formation template uses an older instance type and should be updated.
  • Some of the settings are a little had to find.
I think it does a great job of monitoring our AWS account. From the internal users, servers, configuration, and threat detection, it does a good job of monitoring it all and allows you to configure how many or how few alerts you receive.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
AlienVault USM is being used as a SIEM solution in our organization for internal use within the company. It's helping us to easily identify security incidents happening across our infrastructure and helps us comply with PCI-DSS compliance requirements.
  • Easy and straightforward implementation.
  • Comprehensive logging solution with good notifications.
  • Easy tuning, based on received events/alarms.
  • Customization/creation of plugins
  • Custom parsing of specific fields of the raw message
  • Customization of FIM folders/files
Very appropriate for easy and fast implementation where compliance is required, not that suitable for an MSSP that needs to meet different customization requirements from their customers.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We use it to monitor security logs across our various SaaS apps. It is the central hub for our security incident program. It is primarily being used by our Information Security Department. This tool addresses our need to be able to make actionable decisions, across various SaaS platforms, from a single pane of glass.
  • Correlate logs from different sources into actionable intelligence.
  • Provide an easy to use interface to interact with Alarms and Events.
  • Integrate with our alerting tools to make sure when an incident is happening, the right people know about it quickly.
  • Being able to make custom plugins for internal tools.
  • Being able to have a webhook plugin to send logs directly to the cloud appliance.
  • Make the management of suppression rules better. Maybe include a suppression rule visualizer to make sure your suppression rule is doing exactly what you would like it to do.
It is well suited for a small security team that does not have all the time in the world to set it up, tune it, and babysit it.

It is not appropriate if you are looking to easily be able to customize the tool. A lot of the options you have with tools like Splunk are just not here.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Alienvault USM is used by the internal IT department to monitor activity from lots of different sources across the organisation. From O365 and Azure, AWS, on-premises servers and network equipment, and others we track vulnerability status, correlate unusual activity and monitor for IOCs from Alienvault's Intelligent Cloud.
  • Intelligence updates from the Alienvault community and security pros.
  • Writing of threat detection rules and ingestion parsing for different devices.
  • Vulnerability scanning.
  • Asset management is done purely by IP unless using the agent.
  • Agent installs and updates can be a bit flakey, and on occasion use lots of resources.
Good out of the box product, not a huge amount of configuration required to get up and running, though constant tuning is and should be required. Good integrations available, though if you have a lot of experience security analysts in your organisation there are probably more powerful tools out there, they just require you do most of the correlation and detection rules yourself.
Score 9 out of 10
Vetted Review
ResellerIncentivized
It is being used across the whole organisation, and being an MSSP, we are reselling the USM Anywhere service to our clients.
  • Discovery of endpoints
  • Management of event logs across different sources
  • Investigation and remediation of security events.
  • Management of sensors
Monitoring of banking platforms, as well as SCADA systems
September 27, 2019

AlienVault does the job

Mario Martinez | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use AlienVault USM to monitor our AWS cloud environment and the individual assets within that environment. AV also provides us with alerting and reporting that helps us attain and maintain compliance with several standards, but, more importantly, helps me sleep better at night as our Information Security Officer. An easy to overlook benefit is that It makes it easier for us to shore up process deficiencies. We can more easily audit that we documented and approved all non-emergency configuration changes within our cloud before they are applied. We also use the AV agent to monitor individual instances for vulnerabilities and the software they run.

This all gives us confidence that we are keeping our systems as secure as possible and meeting promises to keep our customer’s data secure.
  • Internal vulnerability scans
  • Monitor firewall and security group changes
  • Monitor and alert on suspicious system logs
  • Monitor and alert on suspicious cloud watch logs
  • False alarms occur occasionally
  • There is no report for only displaying vulnerabilities with an available patch. Specter class issues can only be mitigated but will remain active until we are all on next-generation processors.
AlienVault is well suited for cloud environments and sprawling internal networks. Log ingestion and analysis across your instances and, in our case, AWS, coupled with File Integrity Monitoring and other features are well worth having. It takes some time to get things right and I would suggest, like every tool, that you periodically test its different components to remain confident in its abilities. Smaller systems likely would not benefit as much and it might be a cost/benefit analysis whether to audit changes by hand or monitor them for changes.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
AlienVault USM is being used throughout our organization to monitor our multiple AWS VPCs and limited internal infrastructure. It provides us with a central management console where we can see everything from our hardware firewalls' traffic, to our Azure AD logs to AWS activity such as GuardDuty, Security Group and IAM events. It has helped us identify threats without which would have gone unidentified and is extremeely useful as part of our IT security and compliance standards.
  • Monitoring Azure logs, such as events where users log in from multiple countries. No need to trawl through the Azure audit trails.
  • Easy visibility on AD account lockouts which are common in our organization due to beta software.
  • Nice visuals and reporting on AWS, 365 and Windows.
  • The console is a little sluggish to refresh and navigate to different pages.
  • Add some more color to the filters rather than all grey.
It is well suited to an organization that is growing and there is a need to monitor security events across the board—Office 365, along with AD or any other cloud infrastructure like AWS or Azure. It makes it really easy to administer and bring everything into one place.
Score 7 out of 10
Vetted Review
Verified User
Incentivized
It is used by our entire organization.
  • It's pretty easy to get rid of the access noise without losing any logs.
  • Ability to create customizable views. Allows you to view the type of information quickly.
  • The alerts that are sent, and the information in them, are helpful.
  • If the assets are put in groups, you seem to have to run separate vulnerability scans per group. In comparison to the appliance, you have the ability to add all groups in one scan.
  • The results of the vulnerability scan feel scattered. The appliance layout of the results is easier to deal with.
  • More help with deployment and initial setup. Depending on the setup, discussing what needs to be done and how to do it killed a lot of time.
It's very helpful when you want to view what's happening, all in one spot.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We have deployed AlienVault USM throughout the entire organization. The IT department is responsible for monitoring and making necessary configurations. This has immensely improved our visibility in regards to the daily activities of all networks and devices. It has recognized anomalies and notifies my IT department.
  • Centralization of data logs makes it easier to analyze the many application logs throughout our organization. (ie. Windows logs, PLC logs, Antivirus logs, Exchange server logs, etc).
  • Easy maneuvering with AlienVault pages as well as easy to bookmark alerts.
  • Creating SOC on a budget especially with a smaller IT dept.
  • Incident response.
  • Threat detection.
  • Compliance management.
  • AlientVault OTX is a user community that is very helpful especially when you are curious about the alerts or to help mitigate issues that arise.
  • I would like more detailed ways to mitigate issues.
AlienVault is perfect for all organizations, especially for smaller-staffed IT departments. The installation was relatively easy, especially with AlienVault's vendor partners. We did not need to integrate and monitor multiple point solutions b/c AlienVault does the automatically. Just make sure you test the data flow for PLC devices as it may disrupt the flow of data on these types of devices.
Return to navigation