Small org upping security visibility - a good first SIEM
April 25, 2019
Small org upping security visibility - a good first SIEM
Score 8 out of 10
Vetted Review
Verified User
Software Version
USM Anywhere (SaaS)
Overall Satisfaction with AlienVault USM
Our organisation did not previously use a SIEM product. What we wanted was a service that provided current information on threats in the context of our environment, and produced a sensible and manageable level of alerts without needing a lot of tuning - to increase security visibility without overburdening a small operations team.
- Easy to set up quickly and get results
- Works well with AWS
- Alerting can integrate with third party systems, e.g. Pagerduty
- Low lock-in
- Sluggish performance means that we try to avoid using their GUI in routine processes
- Small feature set and opaque development roadmap leave us frustrated with their minimal query language and lack of reporting customisations
- User and professional services community appears to be heavily Windows-focused
IBM QRadar - long and clunky installation process, after which we weren't blown away by the tired and over-complicated user interface - wasn't a good fit for us.
InsightIDR - disappointing engagement with their sales team, who weren't able to answer surface-level questions about Linux support.
Splunk - our reserve option. A mixed experience with their sales engineers. We liked the product, but preferred the lower cost of a security-only tool, as we already have good systems in place for managing logs.
InsightIDR - disappointing engagement with their sales team, who weren't able to answer surface-level questions about Linux support.
Splunk - our reserve option. A mixed experience with their sales engineers. We liked the product, but preferred the lower cost of a security-only tool, as we already have good systems in place for managing logs.