AlienVault is the best SIEM out there - hands down!
Updated December 04, 2017

AlienVault is the best SIEM out there - hands down!

Matt Frederickson | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with AlienVault USM

I implemented first OSSIM, the community version, to see what type of intelligence it could give me. Before long I was feeding it information from my firewall and network devices. When people talk about a "single pane of glass", this must be the product they are referring too. I purchased the product and have it deployed across the enterprise now. I'm using it for two purposes really - to see what isn't normal - i.e. warn me about potential issues, and I'm using it to see what has happened (historical).

The interface really allows you to see what's hot - if a metric, when it changes, doesn't prompt you to get out of your chair and do something, it's a wasted metric. With AlienVault, all I see are metrics that make me do things when they aren't where they are supposed to be.

In my environment, I have 18 buildings spread across 72 square miles. We support 13,000 users on a daily basis, with 6,000 owned devices, and a ton of BYOD devices. With only 10 people in the department (including myself and my secretary), I couldn't imagine staying on top of this without AlienVault.
  • Reporting, reporting, reporting. Setting it up so I get emailed reports has allowed me to know, even when I am not in the office, how my day is going to go. The breadth and depth of the reports, and the ability to customize so you get what you want is awesome.
  • Dashboard. The visual dashboard with the circles (areas of concentration based on number of incidents) is brilliant. All I have to do is show that to people, and they want to install it.
  • Ease of implementation. Turn it on, answer a few questions, point stuff at it, and you're done. Ok, there is a lot more - I mean a lot more - you can do to customize it, but if you're looking to quickly establish a baseline, that's all you need to do.
  • Who else has a fully functional product (OSSIM) you can download and install for FREE to see how it will work in your environment?
  • If it did a little more with IPFIX data (think NTOP).
  • Otherwise, it's perfect.
I actually don't remember now what I evaluated. When I hit AlienVault I just stopped looking.
Ideally suited everywhere. A small SMB with NO IT staff; a medium sized organization; a large corporate environment. It scales and can be configured to just about any type of scenario.

Seriously people, if you need a SIEM and aren't using AlienVault you're wasting money.....

Evaluating AlienVault USM and Competitors

Yes - I was using both OSSIM and Lancope StealthWatch. Alien vault combined both the SipIEM and network monitoring into a single pane of glass. It also ads real-time threat analytics with its UTM features to give me one appliance to collect and view data.
  • Price
  • Product Features
  • Product Usability
  • Analyst Reports
  • Third-party Reviews
At the end of the day, the product had to meet two critical criteria. It had to be easy to use, and it had to be reliable. AlienVault meets both criteria very well. I’ve gotten to the point where not only do I trust it, but I rely on it.
I would not change the evaluation process. Awesome that I can use an OSSIM for as long as I need to, to make sure it works, before purchase.

AlienVault USM Implementation

The one thing to remember is where to place the sensors within your organization. It is one thing to collect and analyze data, but collecting the right data is key. This is where AlienVaults experts really help. Instead of trying to sell you a gazillion sensors, they walk you through your network to make sure he sensors are where they need to be so you can achieve your goal. Implementation works so well because they take the time upfront to know your goals before they help you achieve them.

Using AlienVault USM

Best SIEM out there. Built for the serious security practioner. Has features you would expect in something much more expensive. Product continues to be refined and improved.