A tool with great short and long term return on investment
June 20, 2019

A tool with great short and long term return on investment

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Software Version

USM Anywhere (SaaS)

Overall Satisfaction with AlienVault USM

We use the USM Anywhere SIEM for our corporate security program currently, separate from our application security team in charge of our cloud environments our SaaS offering is hosted on. This solves the compliance and security issues we face as an organization for forensically sound log storage as well as data aggregation for correlation.
  • The integration setup for syslog forwarding and native web apps partnered with the platform is a very simple setup.
  • Deploying sensors in cloud systems usually follow a pre-defined build flow for ease of sensor deployments and scaling.
  • For perimeter defense, as long as your defended organizational structure uses Active Directory or another LDAP replication type service, vuln scanning and KIDS is a breeze.
  • For highly distributed workforce issues, the system requires a lot of third-party integrations to collect data for automation.
  • Customization can be lacking in areas without significant help from their support teams.
  • Building rules for filtering, suppression, and custom alarms can be a steep learning curve, although this is slightly offset by their training offerings.
For baseline functionality and simplicity in deployment, we chose USM over other commercial or open source technologies in the same arena. When compared against other tooling like Rapid7 or Splunk, the cost for the ingestion load we were seeing on a monthly basis was best with USM Anywhere when including the full suite of tooling as these are supported in Rapid7 and Splunk either through add-on services the company sells or by integrating additional third-party tools which may be better options for larger organizations or teams, but was not supportable by my company.
The system works very well for 'legacy' perimeter defense based networks that rely on centralized network traffic and remote management solutions for the internal networking and endpoint devices. For architectures adopting a zero-trust/BeyondCorp mentality, the system can still be useful but requires either investment in third-party tools to collect information otherwise unavailable to the system, or significant custom infrastructure tools to support many orchestration functionalities.