A solid SIEM choice for those of us without dedicated SOCs and multiple hats.
October 24, 2019

A solid SIEM choice for those of us without dedicated SOCs and multiple hats.

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Software Version

USM Anywhere (SaaS)

Overall Satisfaction with AlienVault USM

We're using the USM product as its intended use case of a SIEM. Sensors are deployed into our hybrid cloud at various points and push logs to the USM dashboard. With our MSSP monitoring, AlienVault USM meets our needs of 24/7 security monitoring
  • It is easy to deploy and get logs into the dashboard
  • Integrations with Office 365 is pretty seamless and provides great context.
  • Super easy to increase storage tiers if you find yourself adding more and more log sources.
  • USM Anywhere doesn't allow you to multi-home sensors. So if you have non-routable networks, you'll need to investigate the on-premise solution too.
  • You have to be on top of tuning else a constant stream of alerts will cause your SOC staff to begin ignoring alarms.
  • You have to be on top of tuning else you'll eat your allotment of storage for that month. It is really easy to exceed your storage quota if you don't proactively monitor log sources. USM could do a better job letting you know if a log source is too chatty.
Splunk's ES is a paid add-on on top of an already pricey product. Finding a MSSP that supports Splunk and isn't a 6 figure annual commitment seems unlikely.

LogRhythm did not have a cloud-based solution when we were considering SIEMs. Fantastic product though and have a good MSSP base.

Devo did not have a MSSP partner base when we looked. Their product is fantastic too.

AlienVault USM has good partners to choose from as well as an affordable cloud model, that's why we chose it.
AlienVault USM is a good SIEM product for shops that don't have dedicated content creators. If your log source volume is at the TB level on a daily basis, it's not for you. However if you are on a TB level at the monthly level then it's worth looking into. The AT&T purchase has seen a good bit of new development being put into the product around investigation frameworks and integrations. We've gone to a TB tier and have renewed our subscription.