Overall Satisfaction with AlienVault USM
Alienvault's USM SIEM tool is currently in use for several clients of the MSP/MSSP I work for as a security engineer. While I have not been involved in all stages of deployment for all clients my role requires my involvement in all aspects of the product's lifecycle. As with many deployments, we utilize AlienVault USM as a SIEM tool and for SIEM related tasks.
- Easy to Deploy
- Easy to Maintain
- Rockstar Support
- Documentation, while expansive, is highly technical and less technical users may have issues appropriately utilizing the resources.
- The AlienVault community of users is quiet but still contains good content.
- AlienVault is less traditional and more "startup" this may or may not be a negative.
AlienVault is well rounded and fits well in most scenarios for most users. Deployment time is minimal compared to Splunk and feature set is more robust. The secret sauce with AlienVault is that it's a comprehensive package that is legitimately good at what it sets out to do, there are no features I feel could be improved greatly unlike others.
Threat detection "just works" and USM can pull from almost anything one way or another. Definitions are updated frequently and correlation routines work to keep your focus where it needs to be.
When compared to manual methods AlienVault is a slam dunk, it greatly maximizes analyst efficiency. Compared to others I see no major difference between most competing products.
I would consider the AlienVault USM to be a market leader, especially in SMB. There may be other options that may be better in certain areas, however, AlienVault is very good at everything it attempts unlike many solutions that specialize in one area but lack in others. If you're looking for one aspect of the product, rather than the whole package you may sell yourself short.