A tool with great short and long term return on investment
June 20, 2019
A tool with great short and long term return on investment
Score 9 out of 10
Vetted Review
Verified User
Software Version
USM Anywhere (SaaS)
Overall Satisfaction with AlienVault USM
We use the USM Anywhere SIEM for our corporate security program currently, separate from our application security team in charge of our cloud environments our SaaS offering is hosted on. This solves the compliance and security issues we face as an organization for forensically sound log storage as well as data aggregation for correlation.
- The integration setup for syslog forwarding and native web apps partnered with the platform is a very simple setup.
- Deploying sensors in cloud systems usually follow a pre-defined build flow for ease of sensor deployments and scaling.
- For perimeter defense, as long as your defended organizational structure uses Active Directory or another LDAP replication type service, vuln scanning and KIDS is a breeze.
- For highly distributed workforce issues, the system requires a lot of third-party integrations to collect data for automation.
- Customization can be lacking in areas without significant help from their support teams.
- Building rules for filtering, suppression, and custom alarms can be a steep learning curve, although this is slightly offset by their training offerings.
For baseline functionality and simplicity in deployment, we chose USM over other commercial or open source technologies in the same arena. When compared against other tooling like Rapid7 or Splunk, the cost for the ingestion load we were seeing on a monthly basis was best with USM Anywhere when including the full suite of tooling as these are supported in Rapid7 and Splunk either through add-on services the company sells or by integrating additional third-party tools which may be better options for larger organizations or teams, but was not supportable by my company.