Great Product, Great Value
Jason G | TrustRadius Reviewer
October 29, 2018

Great Product, Great Value

Score 10 out of 10
Vetted Review
Review Source

Software Version

USM Anywhere (SaaS)

Overall Satisfaction with AlienVault USM

As a product-agnostic Managed Security Services Provider (MSSP), AlienVault USM is one of several SIEM solutions we utilize in our Security Operation Center (SOC). We deploy, manage, and monitor the solution for other clients, and we use it for ourselves. As do most SIEMs, AlienVault allows us a central location to monitor the cybersecurity of an IT environment. It's impossible to avoid 100% of attacks, so after setting up defenses, the next best thing is to have 24/7 eyes-on-glass to be able to quickly respond to incidents as they happen.
  • AlienVault USM Anywhere has a modern, user-friendly, and intuitive GUI, making it easy to use.
  • AlienVault USM Anywhere is a cloud-based solution that is easy to deploy and easy to scale as well.
  • On top of having built-in support with several technologies, AlienVault USM Anywhere has an API that allows you to develop additional plugins if necessary.
  • Although they use machine learning, the algorithms that they use are graph-based. Their AI/ML capabilities could be improved a bit.
  • The solution provides some compliance reports, but it does not generate reports with information such as... how many of what type of event happened this month. You can see this information on the dashboard, but it would be nice to be able to generate a report automatically.
AlienVault is a fantastic solution in helping detect security threats. I have said this before, but again, you can set up all sorts of defenses, but there will always be someone who is able to break in, so the next best thing is to be able to detect when that happens and respond effectively.
AlienVault will correlate logs from your network to decide whether an incident really is an incident. It's customizable, so if I get 5 failed logins in 1 minute and never again for the next day, it was probably not a brute-force attack; don't bother me unless you see other weird things going on. Now, if we get 1000 in 5 seconds, we should probably look into it.
Of the many SIEM solutions that I have worked with in the past, AlienVault USM Anywhere has the best value. In my opinion, it is not the best of the best that one can afford, but if you are looking for a good balance between price and performance, then AlienVault USM Anywhere is for you.