1. Home
  2. Security Information and Event Management (SIEM) Software
  3. AlienVault USM Reviews
  4. User Review of AlienVault USM
Good for static networks; too slow for cloud
June 12, 2017

Good for static networks; too slow for cloud

Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Software Version

USM Appliance (On-Premises)

Overall Satisfaction with AlienVault USM

AlienVault is used by our information security team for log management, SIEM, and vulnerability scanning. Our network is split across on-premise and multiple cloud accounts. Alarms are raised for any issues detected, and then are investigated by the infosec team.
  • Good detailed vulnerability scanning using OpenVAS
  • Logs are correlated well
  • HIDS Agents are easy to deploy to static servers
  • Access to the linux back-end of the server for adding additional functionality
  • Frequent correlation updates
  • Alienvault becomes pretty inflexible when working in rapidly-changing transient cloud environments. Our servers can automatically rebuild when required, and alienvault requires an agent to be deployed to each. Unfortunately an auto-deployment function is not included, and we had to script our own process - requiring extra upkeep and maintenance.
  • Drilling down to find specific logs is awkward and clunky (especially compared to some of the competition in this area).
  • There is no functionality to automatically remove agents/assets that have been disconnected for a period of time. This means it is a constant manual job to make sure old agents aren't still in the system (as you will soon get IP collisions when using DHCP or in a limited IP range on the cloud).
  • Some competitors use machine-learning to alter which events raise alarms - Alienvault doesn't have this functionality meaning I have to be constantly adjusting rules.
  • Struggles finding DNS names for our cloud servers, meaning a lot of our assets are named something like Host-192-168-1-1. We have found ways to script around this, but this is another thing that isn't supported by AlienVault.
  • Agent deployment to Linux can't be done from the AlienVault UI, and has to be done manually on each Linux instance (or by creating unsupported scripts as we did).
  • Can't digest cloud infrastructure logs without additional scripting and writing own plugins.
AlienVault is generally more affordable than its competitors. It also includes a built-in OpenVAS vulnerability scanner - which most competitors don't have. It is a decent option, but is not as mature of a product as some of the more expensive options like Splunk and LogRhythm.
Alienvault USM is a good affordable solution for someone with a very static small-to-medium sized Windows network. As soon as the cloud is involved, Alienvault USM comes short and struggles to keep up with the speed of change.