1. Home
  2. Security Information and Event Management (SIEM) Software
  3. AlienVault USM Reviews
  4. User Review of AlienVault USM
Nothing is what it SIEMs
September 29, 2015

Nothing is what it SIEMs

Koen Vanhees | TrustRadius Reviewer
Score 5 out of 10
Vetted Review
Verified User

Software Version

5.1.0

Overall Satisfaction with AlienVault Unified Security Management

Our USM is primarily used as an importing building block in our Security Operations Center (SOC) and Network Security Monitoring (NSM) activities. It's used by the members of the security team alone, as they are responsible for all these activities. The USM is used to improve security visibility throughout the whole organisation, and to detect security incidents while they are happening.
  • USM incorporates different technologies (HIDS, vulnerability scanning, netflow, NIDS...)
  • USM is quite open, and you are pretty free to do what you want by using the command line (although that's less and less supported by AlienVault, which is a pity)
  • Quite easy to scale up or down
  • Not so easy to develop custom plugins compared to other vendors
  • Not so easy to set up correlation rules compared to other vendors. For example, you cannot correlate on correlation rules.
  • It's difficult to deal with static data (for example, personnel list), USM can only deal well with dynamic data like syslogs, netflow, data captures, etc...
  • You can not use netflow in correlation rules.
  • Data stored in the "Logger" is difficult and inefficient to query.
  • Custom reporting is very limited. For example, it's impossible to create a bar chart to visualize most common attacked ports.
HP Arcsight and QRadar was not so easy and financially interesting to scale. LogRhythm lacked some key functionalities. Splunk is more like an advanced Log Management tool.
Selecting a SIEM solution depends on many conditions. For example, scalability was important for us, and in this prospect AlienVault USM scores very well. Also, the fact USM is derived from the open source OSSIM is a very positive element, as well as the integration with other open source solutions like OSSEC, OpenVas, Suricata... But if you want high end reporting, advanced correlation rules or complex use case scenarios in an enterprise environment, other options are to be considered.