The right SIEM tool for small and mid-sized organisations
Updated August 03, 2017

The right SIEM tool for small and mid-sized organisations

Bilal Al Sabbagh | TrustRadius Reviewer
Score 8 out of 10
Vetted Review

Overall Satisfaction with AlienVault USM

We've implemented and are currently operating AlienVault for few clients. Some clients use AlienVault to manage the security of a particular network. Another client is using AlienVault to offer managed security services. AlienVault has been improving the security visibility for our clients' infrastructure security. It helps those companies that are tight on budget for security spending. AlienVault helps us to maintain our service level agreement with our clients. After the tool is integrated with the infrastructure, it becomes easy to spot existing abnormalities.
  • Easy to use dashboard
  • Based on open source making it easy to customise the deployment
  • Cost effective
  • OSSEC agent integration enables file integrity monitoring
  • Bulk sensors update
  • Improving NIDS signatures
  • Managing OSSEC agents from dashboard is limited and quite restricted
  • Assets tracking
AlienVault is most valuable and effective for those organisations running on tight budgets. It works well for small and mid-size deployments and also features federated type of deployment. AlienVault might not scale well for larger deployments and/or complex integrations. AlienVault users will gain advantage and improve their security visibility immediately after connecting AlienVault sensor to the network.

Evaluating AlienVault USM and Competitors

Yes - Yes, we replaced Splunk logs collector and manager with AlienVault OSSIM then AlienVault USM. Ofcourse at that time AlienVault was more comprehensive tools compared to a classical log collector and manager. AlienVault offered far more features combing multiple security tools with also the poer of events correlation. We finally ended up using AlienVault USM as our production SIEM tool.

AlienVault USM Support

Based on previous experience we had to explain and demonstrate the problems several times; fixes takes long time to be implemented and rolled out to end users. Several times we had to guide the support contact to fully understand the problem.
Slow Resolution
Poor followup
Less knowledgeable
Escalation required
Need to explain problems multiple times
No - I don't believe there will be an added value in terms of the speed to fix reported issues.
Yes - Bug fixes usually takes long time. Some deficiencies were reported but not fixed.
Best support can come during pre sales where we wanted to demonstrate how AlienVault can integrate with some technology vendor products. At that time the support team was exceptionally helpful and supplied us with the required plugins.

Using AlienVault USM

AlienVault is usable effectively for small and mid size deployments. AlienVault might not scale well for larger or complex deployments.
Like to use
Relatively simple
Easy to use
Technical support not required
Feel confident using
Slow to learn
  • Scanning and adding assets
  • Creating correlation directives
  • Users management
  • Manage OSSEC agents
  • Bulk updates for sensors
  • tracking disconnected assets