AlienVault USM - Threat detection done right
July 01, 2019

AlienVault USM - Threat detection done right

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Software Version

USM Anywhere (SaaS)

Overall Satisfaction with AlienVault USM

We use AlienVault to provide alerts for any irregular login activity along with other network behavior that is outside normal expectations. AlienVault also aggregates all our log files from network and edge devices into a single, searchable database. It corroborates events from various systems to better report on any unusual activity.
  • Alerts on login activity from unexpected locations (countries)
  • Aggregating log files for easy searching
  • Better interpretation of errors into more natural language
  • Easier grouping or categorization of alerts in order to assign them more efficiently to appropriate users/groups
Other solutions out there typically focus on one or more aspects of protection such as log inspection. Alien Vault does the job of several tools and simplifies the process of guarding your systems. Other applications may also be somewhat harder to configure such as Splunk. The trade off is usually capability versus ease of use. Other systems (Solarwinds) focus on the network activity and may have limited understanding of some devices. They may also not work with as wide a variety of vendors.
AlienVault is well suited for environments with multiple locations and multiple internet connections. The more complicated the network topology, the better AlienVault shines. That's not to say that it is not well suited to smaller organizations with fewer links, it works fine there as well. It also is well suited in complex environments where a variety of equipment is used and where little, if any, synergy exists between disparate systems. AlienVault easily takes from, and understands, log entries from various types of systems and interprets them as a whole.