Great value for organizations who wish to realize the value of SIEM USMUnspecified7.9600101
Agustin Larrarte profile photo
Updated September 23, 2019

Great value for organizations who wish to realize the value of SIEM

Score 10 out of 101
Vetted Review
Verified User
Review Source

Software Version

USM Appliance (On-Premises)

Overall Satisfaction with AlienVault USM

We have used Alienvault USM in our PCI environment to detect the most common threats. We have discovered it added extra value to our organization by creating visibility on security issues we didn't know of before. On the downside, the on-premise version of Alienvault USM can get slow after loading it with a lot of machines (when doing big queries) and doesn't adapt very well to dynamic environments, but their on cloud version is definitely making that better.
  • Reports most common threats, real-time and take immediate automatic actions. I think this is strong if you don't have a team monitoring 24/7.
  • Connects with signature providers and keeps up-to-date well with 0 vulnerabilities. I don't need to explain why you may want to be protected against the newest threats.
  • The UI is very easy to get used to, which will make you adapt to its use quickly.
  • This tool will become slower and slower as you start adding devices to it, the on-premise version has a lot of room for improvement here, the database is slow.
  • The on-premise version of Alienvault USM will not support dynamic environments where people is constantly removing/adding new virtual machines and doesn't cope with puppet management.
  • Only the most common hypervisors supported, it could be good to have an image for XEN.
Threat detection is very detailed and gives you all the information you need to start investigating a security issue. The simplicity to suppress or filter information is great. Alerts contain a full breakdown of the event and recommendations for response. Integrations although limited (Alien Apps) are very helpful. The correlation tools are excellent, you just need to feed it the right data.
We come from having an open-source solution based on snort that we had to add extra intelligence in order to analyze security events, where we spent a lot of time researching tools in depth like Snort. With Alienvault, we forgot about that right off the bat, all the right signatures we need are there and support has been great. It has helped us cut costs that were time-related and let us focus on what we need to.
The on-premise version of Alienvault will be very good for environments that don't change a lot over time, it will provide good information about security issues on your premises. I would not recommend using this if you have a big private cloud where a lot of changes are being made. Go with the cloud version if that's your case.