AlienVault USM - A Solid Tool to Launch Your SecOps Program
July 19, 2019

AlienVault USM - A Solid Tool to Launch Your SecOps Program

Frank DePaola | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Software Version

USM Anywhere (SaaS)

Overall Satisfaction with AlienVault USM

AlienVault is a great SIEM for organizations who are either new to security operational logging, and wish to purchase a sound solution at a lower price point, or those with a smaller staff and potentially IT budget that wishes to buy a solution that can accomplish many different tasks. Our use of the platform extends across the global organization. We have documented multiple use cases that we are working through within the AlienVault platform such as vulnerability management and scanning, malware detection on clients and servers, malicious network traffic moving laterally and vertically throughout our environment, etc. As is the case with any SIEM, they are only as effective as the log sources that they ingest allow them to be. We are pulling in Windows client and server event logs (filtered to specific EventID's), DNS, DHCP, AWS CloudTrail/CloudWatch logs, NIDS sensor logs, firewall logs, and are also working to integrate the solution with other corporate systems to extend its capability, such as our ITSM. AlienVault is pretty featured rich compared to other SIEM solutions, but those features are mostly good, not great. There is also a growing list of 3rd party integrations as well, which can make the solution even stronger. With that said, there are other SIEM solutions that offer more flexible deployment models, have more 3rd party integrations, and offer more extensibility in terms of holistically supporting the incident response process. Our organization has found AlienVault to work pretty well for us, as this is the first SIEM the business has deployed. Additionally, we are early on in the process of cybersecurity program development, so AlienVault's inclusion of features such as vulnerability scanning and file integrity monitoring extend its value.
  • Feature-rich includes functionality not typically present in other SIEM's such as vulnerability scanning, UEBA, file integrity monitoring, NIDS
  • Simple to configure and deploy.
  • Relatively inexpensive compared to other enterprise SIEM solutions.
  • While there are many features, many of them are not very advanced. Vulnerability scanning as an example is extremely simplistic and almost unusable for an enterprise organization. It's just enough to get a program off the ground.
  • Cloud-only deployment model (SaaS) may not fit all organizations. Not all organizations are "cloud friendly".
  • Reporting capabilities out of the box are lack luster. Vulnerability management reporting as an example does not include a single canned report.
With the exception of Solar Winds, AlienVault USM is far easier to administer and support, but far less extensible. LogRhythm and Splunk are going to offer far more advanced capabilities in the way of deployment models, features, and automation capabilities. Also, other solutions will likely require a larger team to support, while AlienVault USM can be supported with smaller teams.
AlienVault USM is well suited for smaller organizations or organizations of any size that are just lifting their security operations or security monitoring program off the ground.

AlienVault USM is less appropriate for more mature organizations who have the staff to support more advanced security operational capabilities or engage in advanced threat hunting. Also, organizations who like more ability to add internally developed functionality into their SIEM through scripting or other automated response activities.