1. Home
  2. Security Information and Event Management (SIEM) Software
  3. AlienVault USM Reviews
  4. User Review of AlienVault USM
Not the best, but not the worst. Robust data analysis with an OK user interface.
May 16, 2019

Not the best, but not the worst. Robust data analysis with an OK user interface.

Anonymous | TrustRadius Reviewer
Score 6 out of 10
Vetted Review
Verified User

Software Version

USM Anywhere (SaaS)

Overall Satisfaction with AlienVault USM

AlienValut USM is deployed throughout our entire server and database architecture primarily in the cloud in Linux environments. It's managed and orchestrated by one department but secures data integral to the entire business.
  • Data analysis at the endpoint
  • Functions independent of directory services if necessary
  • Well-rounded approach to data gathering (e.g. asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring, etc.)
  • They nickel and dime you on the processing of data, and you have to create different kinds of filtering rules and purge rules so that you don't hit your data limits. It's not uncommon to charge for data processing in this industry. That's not what I have a problem with. Most data analytics tools will do that, but the way they tier it (at least when we looked at it) was pretty aggravating. You really couldn't use their lowest tier unless you weren't planning on retaining and processing much of the data, which defeats the whole purpose.
  • The way the different rules (e.g. filter vs purge) are laid out and configured isn't very intuitive. Their UX guys have a lot of work to do.
  • "Sensors" aren't just sensors. They do the bulk of the heavy lifting. I'm not a fan of allocating those kinds of resources on an endpoint to an agent (sensor). I would much rather the agents be lightweight and funneling the info back to a server that does the computing. If you want a cloud-deployable and managed solution, and you want quick, thorough analysis, it has to be done on the endpoint instead of the management server in the cloud. I wish that weren't the case and would love to see that workload shifted off of my endpoints if possible.
AlienVault USM does a good job of thorough analysis, but it puts more load on my endpoints than SentinelOne. It's more thorough and well-executed than SecureWorks. At the end of the day, I would go with SentinelOne over USM any day of the week. Not only is SentinelOne more robust, it's more intuitive and lighter weight on my endpoints.
If your endpoints can handle the workload, AlienVault USM does a good job and fairly thorough analysis. It has the ability to do quite a bit of customization and automation of rules to analyze, process and alert regarding questionable issues, but you'll need someone who can take the time to get to know the system well as it's not the most intuitive and has a lot of quirks.

Had I not had a live person running the labs, I would not have been able to figure out a lot of it on my own. Even with the trainer's help, we still ran into issues that were perplexing. So, it has its quirks and someone needs to be able to take the time to understand those quirks.