1. Home
  2. Security Information and Event Management (SIEM) Software
  3. AlienVault USM Reviews
  4. User Review of AlienVault USM
AlienVault delivers out-of-this-world Integrated Security Management
Updated August 24, 2017

AlienVault delivers out-of-this-world Integrated Security Management

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Software Version

5.1.1

Modules Used

  • USMStandardServer, USMSensor, USMLoggger

Overall Satisfaction with AlienVault USM

AlienVault is being used for asset monitoring, log monitoring and event correlation, availability monitoring, vulnerability scanning, Host Intrusion Detection (OSSEC), Network Intrusion Detection (Snort / Suricata), and as a SIEM (OSSIM). It is being used mostly by IT Security, but also partially by IT Infrastructure System Administrators.
  • AlienVault is the "glue" that integrates what could otherwise be maintained as a set of separate, open-source applications. Instead of having to install, configure, test and maintain separate packages for HIDS, NIDS, Vulnerability Testing and log monitoring, AV presents these various tools through a single integrated Web GUI.
  • AlienVault's SIEM and Log monitoring/event correlation tools are very good. They make it easy to get a good overall picture of what's happening on the network, and then to zoom in on details down to single TCP flows or individual events on a workstation.
  • AlienVault's vulnerability scanning has replaced Nessus for us in the Enterprise. We now have regular, scheduled, scans of all servers and workstations, and have a monthly remediation meeting with the Systems Administrators to work through how to address the more serious vulnerabilities.
  • AlienVault's documentation is poor. Taking their one-week Security Analyst and Security Engineer certification training helped since the course documentation was more concise and centralized than anything I could find online.
  • Reporting in AlienVault actually took a step backward recently when they eliminated their OSSIM reporting functionality and now only provide USM reporting. Some of the report modules are still not working properly.
  • More consistent Case management would help tremendously. Usually they are responsive and effective, but on a couple cases that I've opened, their responsiveness has been very poor.
AV USM stacks up well against these other, individual products, especially when considered as an integrated package. The Suricata and OpenVAS modules are rule-compatible with their counterparts (Snort and Nessus), and offer the same functionality. The log management and correlation is probably not quite as strong as Splunk, but close.
The more aspects of AV's functionality that you can use, the better. If you're only buying it as log management tool, or as a HIDS/NIDS tool, then you'll probably not be as satisfied as if you were buying it as a comprehensive platform. Also, definitely a good idea to really understand sizing of AV components, especially if you plan run in a Virtual Environment or on your own server. Having an undersized or bandwidth-constrained server will be a real drag on AV's effectiveness.

Using AlienVault USM

I find some areas, like asset management and vulnerability scanning to not be very user friendly.