AlienVault USM - The Core of Your Security Program
August 08, 2019

AlienVault USM - The Core of Your Security Program

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Software Version

USM Anywhere (SaaS)

Overall Satisfaction with AlienVault USM

We use AlienVault to look for security alarms and user events. We have used it to report to managers across the company for user behavior analytics, login times, VPN usage, etc. It is helpful for Internet usage reports as well, our current Web filter does not have very good reporting capability but allows users to send the Syslog W3C data to our USM sensor which allows us to run much better investigations in an easier to use interface.
  • Collecting data in an easy to understand timeline for investigations.
  • Correlating attack events and alarms with the NIDS data.
  • Providing asset vulnerability scanning for internal assets and remediation strategies straight from the USM portal.
  • Adding asset information to investigations.
  • Currently there is an issue with not being able to see event details from an investigation page.
  • It doesn't make me coffee when I come into the office first thing in the morning!
We attempted to use RackFoundry previously which was a poor clone of AlienVault that was never implemented properly or kicked off. We used Rapid7 InsightIDR which we like quiet a bit as well, AlienVault USM just fit our organization better.
It is great to use for a NOC environment with a small staff. It's easy to automate scanning network ranges to auto pickup new assets and check for vulnerabilities. This system is great for building an entire security program out of as the central system.