AlienVault USM - The SEIM has landed.
February 13, 2017

AlienVault USM - The SEIM has landed.

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with AlienVault USM

Alienvault USM is being used as our main log collection and correlation engine. As we are a relatively small company, IT resources from all parts of the company feed into the USM. The main business problem it solved is insight into network and user activity along with the benefit of having applied threat intelligence through the OTX.
  • The price point is amazing.
  • Directives are highly customizable.
  • The open threat exchange is quite valuable as an open threat and IOC exchange.
  • The UI has a bit of a learning curve.
  • I would recommend a strong Linux background if you are going to do any custom plugins or directives.
  • Some events are fairly generic in terms of naming convention, which can require more hands on investigation.
AlienVault may be slightly less refined when compared to other enterprise offerings. But in our testing, we found either the cost, licensing model, learning curve, or any combination of the three, made AlienVault's competitors not appropriate for our environment. Over the past year, AlienVault has made great improvements to its usability and threat detection components.
Since we are a relatively small company, cost is a huge factor. When we were looking into entering the SEIM market, the price point of AlienVault couldn't be beat. Out of the several solutions we looked at, AlienVault was by far the most reasonably priced. From my experiences thus far, AlienVault would be most appropriate in a small to medium size environment, as it won't cause your finance department to run away screaming when compared to the price point of competitors.