AlienVault USM Anywhere - Protecting AWS environment for a small healthcare SaaS company
May 20, 2019

AlienVault USM Anywhere - Protecting AWS environment for a small healthcare SaaS company

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Software Version

USM Anywhere (SaaS)

Overall Satisfaction with AlienVault USM

We're using USM Anywhere as our security monitoring and SIEM platform. We have two AWS accounts with about 150 servers (Linux & Window). The USM is used to monitor the servers, virtual firewalls, other various virtual appliances, and the AWS VPC network itself. There are virtual AlienVault sensor appliances hosted within the AWS accounts, to collect log data.
  • Deployment and management of the product is much simpler than other SIEM platforms, making it ideal for small IT teams who don't have a bunch of SIEM gurus on staff.
  • It does a very good job of providing useful, meaningful, and relevant alerts.
  • Searching through log & event data is fast and easy using all the built-in query tools.
  • I love the OTX (Open Threat Exchange) integration, identifies malicious IPs communicating with your systems.
  • I'm not a fan of the shady sales tactics and price increases. We originally signed a one-year contract. Our account rep contacted us about 6 months into the contract, saying that there would be a big price increase in the coming months, but he could get us last years pricing on our renewal if we signed the renewal within 30 days (with Net30 payment terms).
  • Translation - we sold you a 12 month subscription, but you have to pay for another 12 month subscription after only 8 months if you don't want to price to go up.
  • The exact same thing happened the following year, so this was not one-time thing. During the most recent yearly renewal, the price was going to nearly double if we didn't do early renewal. These type of sales shenanigans feel an awful lot like extortion to me.
  • Tech support isn't that great. Thankfully we haven't had many problems with the product, but when we have had issues, support can take a long time to address the problems.
We also looked at Threatstack and Splunk. Splunk was significantly more expensive and complicated to use - well suited for large organization with SIEM specialists, but not a small company. ThreatStack had great features for AWS security monitoring, but AlienVault was more featurific and provided a lot more bang-for-the-buck.
Well suited for smaller organizations who don't have SIEM specialists on staff. The product can be deployed and maintained by general network administrators, or IT security generalists. It does however require a significant amount of time and IT expertise to get any benefit out of the product. So it wouldn't be well suited to organizations that don't have any capable IT professionals on staff. We use the product in AWS and it works quite well in the AWS environment.