AlienVault USM - A worthwhile SIEM platform that delivers value in the first days of usage
April 13, 2019

AlienVault USM - A worthwhile SIEM platform that delivers value in the first days of usage

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Software Version

USM Anywhere (SaaS)

Overall Satisfaction with AlienVault USM

AlienVault USM is being used in a phased approach to build an internal SoC function. We initially used it to collect server and device logs centrally for retention. This was then expanded to allow for security alerting and threat intelligence. Through the use of the platform we are able to prove our security processes and working practices are effective in mitigating company risk. Additionally, this solution is making up part of our ongoing accreditation for Cyber Essential Plus by enabling us to evidence good practice with regards to security and compliance.
  • Threat intelligence
  • Centralisation of logs and events
  • Event management
  • Integration into SaaS first ITSM platforms for better workflow
  • GDPR compliance dashboard (to show potential breaches and resolution specific to sensitive data that has been classified and tagged)
  • Native integration with SMS services for event alerting (such as a detected cyber attack)
They are similar in concept and operation. AlienVault USM platform feels a little more search friendly than the competition. Threat dashboard within AlienVault USM is much more consumable in the initial days of release and has a much more user friendly feel to it versus others. The same level of service comes from each SIEM platform. AlienVault USM does offer additional features such as vulnerability detection which is a huge plus.
Well suited where a platform is needed to be rapidly deployed into an environment and then gradually matured with regards to usage. Very good to get into place to capture logs which can help with forensic investigation of security issues to resolve problem and evidence the issue and steps taken to resolve. If you are a very small support team it can (as with any platform in the same category) be overwhelming to deploy and manage due to its potential complexity and overhead to manage alerting.