Great correlation engine but needs additional features to be a full SIEM
May 01, 2018

Great correlation engine but needs additional features to be a full SIEM

Anonymous | TrustRadius Reviewer
Score 6 out of 10
Vetted Review
Verified User

Software Version

USM Appliance (On-Premises)

Overall Satisfaction with AlienVault USM

We are using AlienVault for log aggregation, analysis and alerting and for scheduled vulnerability scans.

AlienVault ingests logs from our switches, routers, firewalls, servers and essential workstations. It combines uses the analysis of all of these elements using its correlation engine.

It also does a scan on a regular basis to identify vulnerabilities that exist on the network.

It has an integrated ticket system and asset management system but they are both, kind of, lacking in features.
  • AlienVault's correlation engine is really well designed and it understands a large number of log types.
  • AlienVault's open threat exchange is a great way to use the community to report new signatures for issues that are being seen in their environment.
  • AlienVault's main screen UI is well designed and makes it very clear as to what issues need to be addressed first.
  • AlienVaults published development to-do-list is a great feature that more companies need to employ. It is great seeing that features are being worked on and they do take input as to what features need to be added next.
  • AlienVault's on-premise and cloud platforms use a completely separate software base and they don't seem to be getting the same attention from developers. They need to bring the two platforms together into one code base.
  • AlienVault needs to enable integration with third-party utilities for ticketing and asset management. Neither the ticket system nor the asset management system is well featured, as such, they need to be able to integrate with other systems that have more features.
  • AlienVault needs to add a true compliance scanner like Openscap.
  • AlienVault needs to get their cloud solution Fedramp compliant.
Of the systems I evaluated:
Qualys' cloud solution is the most expensive option with the most features, the cost made it not a viable option.
Rapid 7's SIEM solution was a close competitor in price and features with Alienvault and I likely would have chosen Rapid 7 if I had realized that AlienVault didn't have compliance scanner.
Tennable's solution was a close competitor but ranked third when comparing features and price.
All administrators need to use some kind of log aggregation and analysis tool. Alienvault is a great product for that.
Additionally, Administrators should employ some kind of vulnerability analysis system and Alienvault does an ok job with that.

However, as a complete SIEM solution Alienvault lacks the ability to do compliance checking and without using their cloud solution you cannot do an analysis of cloud-based applications.