AlienVault USM: better than expected and a convenient way to maintain security compliance
April 04, 2019

AlienVault USM: better than expected and a convenient way to maintain security compliance

Alex Kranz | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Software Version

USM Anywhere (SaaS)

Overall Satisfaction with AlienVault USM

We use AlienVault USM to monitor and secure our AWS, Azure, and Office 365 environments. The primary use of the product is to maintain PCI compliance. The various PCI reports save a significant amount of time each year during our security audits. We use it to collect logs from Windows, Linux, and cloud environments into one convenient location.
  • The integrations are very end-user friendly.
  • The user interface is fairly intuitive.
  • The PCI reports are extremely time-saving.
  • The cross-platform compatibility makes hybrid environment management much easier.
  • The "Agent" has caused many problems in our environment.
  • The AlienVault server seems to get overwhelmed quickly and could use an option for greater scaling for larger installations.
  • The documentation is often lacking on details. The documentation often covers what specific steps to take but does not cover why or how certain items work.
  • The user interface is missing many features for bulk/large-scale operations. Such as the ability to close more than one page of alarms at once.
  • The "report false positive" does not provide a way to easily remove items so they still show up in audits.
  • There is no way to reconfigure many checks to avoid false positives.
  • The system lacks transparency for many security or infrastructure operations.
I have not used any other platforms that are supposedly specifically for security only purposes. I have used many management applications such as SCCM, Nagios, Puppet, Chef, OSSEC, etc. AlienVault lacks transparency and customization that I would prefer from a centralized portal. Having to log in to yet another portal gets tiresome. Those procedures which it does accomplish it does very well. The reporting and user interface is much simpler than most software and portals I use.
AlienVault is well suited for monitoring environments especially standard Linux environments and is great at generating non-technical reports. The standard user interface allows non-technical individuals to navigate the system and generates clean looking easy to understand reports. The system is not as well suited for Windows environments or any non-standard configurations such as integrating custom software/scripts is very challenging. File integrity monitoring on Windows has been very frustrating.