AlienVault USM review from an end user perspective
May 08, 2019

AlienVault USM review from an end user perspective

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Software Version

USM Anywhere (SaaS)

Overall Satisfaction with AlienVault USM

We were evaluating various SIEM systems and decided to use AlienVault USM due to the product's offerings and the price point. We started using AlienVault USM last year. The first phase was with initial monitoring of events from development servers and then we gradually moved it to other devices. It is currently used for monitoring of devices for some departments and we may gradually extend the
SIEM tool to rest of the organization.

  • The plug and play feature of AlienVault USM is very helpful to get started with the product and reduce set-up and implementation time.
  • The use of Office 365 Management API to monitor user and administrate activities has been very helpful as a part of our migration to MO356.
  • Another useful feature is AlienVault’s integrated threat intelligence with OTX community, as AlienVault OTX daily emails are considered a helpful additional source of information.
  • The setup and configuration of the VMware port mirroring for virtual switches and port monitoring are very challenging.
Splunk Cloud's security intelligence platform is composed of Splunk Enterprise and three solutions: Splunk Enterprise Security (ES), Splunk User Behavior Analytics (UBA) and Splunk Phantom. Splunk Enterprise provides event and data collection, search, and visualisations for various security use cases. The premium ES solution delivers most of the security-monitoring-specific capabilities, including security-specific queries, visualizations and dashboards, and some case management, workflow and incident response capabilities.
The Log & Event Manager (LEM) SIEM solution from SolarWinds, includes the core SIEM solution that provides data management, real-time correlation and log searching to support investigations. This solution is composed of the manager and console, deployed via a virtual appliance, and an endpoint agent. The agent provides log collection and forwarding in addition to FIM, EDR (including active response functionality) and lightweight DLP capabilities.
The AlienVault USM SIEM product delivered SaaS and includes components for asset discovery, vulnerability assessment, and intrusion detection system for the network as well as core SIEM capabilities. Additional offerings such as the Open Threat Exchange threat intelligence sharing capability and OTX Endpoint Threat Hunter service as well as the OSSIM and suitable pricepoint were the features which helped us to select this product.

If you have a small SOC team and have not used a SIEM product before, then the
plug and play feature of AlienVault USM is very helpful to get you started with
the product and help to reduce setup and implementation time. Aside from the SIEM capability, other security
capabilities of the product such as threat detection & vulnerability assessment are also very helpful.