Small org upping security visibility - a good first SIEM
April 25, 2019

Small org upping security visibility - a good first SIEM

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Software Version

USM Anywhere (SaaS)

Overall Satisfaction with AlienVault USM

Our organisation did not previously use a SIEM product. What we wanted was a service that provided current information on threats in the context of our environment, and produced a sensible and manageable level of alerts without needing a lot of tuning - to increase security visibility without overburdening a small operations team.
  • Easy to set up quickly and get results
  • Works well with AWS
  • Alerting can integrate with third party systems, e.g. Pagerduty
  • Low lock-in
  • Sluggish performance means that we try to avoid using their GUI in routine processes
  • Small feature set and opaque development roadmap leave us frustrated with their minimal query language and lack of reporting customisations
  • User and professional services community appears to be heavily Windows-focused
IBM QRadar - long and clunky installation process, after which we weren't blown away by the tired and over-complicated user interface - wasn't a good fit for us.
InsightIDR - disappointing engagement with their sales team, who weren't able to answer surface-level questions about Linux support.
Splunk - our reserve option. A mixed experience with their sales engineers. We liked the product, but preferred the lower cost of a security-only tool, as we already have good systems in place for managing logs.
A good fit if you're looking for up-to-date visibility of known threats. There's no AI in the product - complex attacks may produce alerts and good contextual information, but triaging, detecting and tracing the threats is still mostly a manual effort. You'll want another tool for any serious data analysis, as the GUI and API are feature-limited and slow.