1. Home
  2. Security Information and Event Management (SIEM) Software
  3. AlienVault USM Reviews
  4. User Review of AlienVault USM
AlienVault USM - a user's perspective
October 02, 2015

AlienVault USM - a user's perspective

Mel Green | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Software Version

5.1

Modules Used

  • SIEM, FIM, HIDS, NIDS

Overall Satisfaction with AlienVault Unified Security Management

We use AlientVault Unified Security Management across our entire organization to address PCI compliance and to improve our security posture. We use it to correlate and monitor security logs, for network intrusion detection, and for local host intrusion detection and file integrity monitoring.
  • The cross-correlation in the SIEM module is very advanced. It will take in input from as many devices as you can throw at it, and will set up alarms when it sees suspicious activity.
  • Having one central web-based location to view all security events and potential threats is incredibly useful.
  • AlienVault USM provides an easy way to manage some very difficult, opaque technologies such as Ossec and Snort. These two technologies while powerful, on their own each require a lot of management without great support. AlienVault takes the management hassles out of your hands while still providing the functionality.
  • Being able to access IP blacklists and community threats through the OTX functionality allows you to identify known bad external actors and correlate with internal network activity.
  • There are a ton of built-in reports, however there is not a lot of guidance available on building customized reports, and the tools are not as robust as I would like.
  • Plug-ins are available to parse syslog from different devices, but in my case at least none were available/up-to-date for my particular brand of hardware. Writing your own plug-ins is difficult and time consuming.
  • Pre-sales set up support is fantastic, but once the sale is done if you need configuration support instead of technical support you're expected to pay separately. Not enough documentation available for tweaking and problems.
  • OSSEC, Snort and GFI
We previously had GFI LanGuard for the vulnerability management, GFI EventsManager for SIEM, and various open source tools such as OSSEC and Snort. These were all very time consuming to manage and finetune. AlienVault USM replaces all of these with one unified console, plus it offers additional features with the OTX feeds and net flow monitoring.
This is a great all-in-one solution for security monitoring if you can spend enough time upfront getting it configured properly. Make sure when choosing that you thoroughly evaluate your systems and backend - you want to make sure you are able to store all of the great data it will spit out, and also that you have enough resources to handle it. In my case I don't have all of the net flow monitoring configured (even though that would be ideal) because I don't have enough bandwidth/resources on my network to handle it.