AlienVault cuts right through all the noise and shows you where to look for trouble.
October 23, 2017

AlienVault cuts right through all the noise and shows you where to look for trouble.

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Software Version

USM Appliance (On-Premises)

Overall Satisfaction with AlienVault USM

We utilize Alienvault USM both to monitor our internal infrastructure as well as our hosted customers one.
  • Top notch ever evolving NIDS module with both AlienVault and community fed threat definitions
  • Pretty good alarm and threat intelligence system to both create your own notifications for specific events (or sets of events) as well as ever-growing rules from the community and AV both
  • Reliable infrastructure, scalable
  • Ever growing plugin (parser) list to increase the number of compatible log types, data sources and devices. Alienvault support will create them for you for free if not already in existence
  • Great event browsing, assets and networks GUI
  • Reports quickly become cumbersome and start either taking too long to run or sometimes even freezes
  • Sometimes can be hard to keep the overall performance and stats within proper margins (swap, ram, disk etc)
  • Threat intelligence items such as actions and directives could be more powerful if they allowed for more conditionals and more fields available to the user
I have not personally used McAfee SIEM but have heard of it at MPOWER Cybersecurity summit. They are not as broad and easy to make compatible with other systems, but looks like they have performance and EPS really well done.
Small and medium/large companies taking their first steps in developing their SOC infrastructure or that want to stay on top of logs generated by their devices.