Room to grow
March 01, 2020

Room to grow

Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Software Version

USM Anywhere (SaaS)

Overall Satisfaction with AlienVault USM

Alien Vault is our ATT MSSP SIEM for the entire organization.

Pros

  • Event filtering is intuitive.
  • Investigations are well-integrated and provide useful event and alert aggregation for review and analysis.
  • Dashboards have plenty of colors and graphs to please management.
  • The ability to save (event) views saves a lot of time.

Cons

  • The session timeout is veiled and I've lost work typing notes into the window of an expired session unknowingly.
  • It does not process eStreamer.
  • It cannot parse the "blocked" field in source fire logs so you can't see if IDS events are blocked or not.
  • Sometimes performance lags.
I didn't select either product but I have used both. I suspect IBM QRadar is more expensive, however, it is also more responsive, includes support for e-streamer, does parse the "blocked" field in source fire logs, and includes UEBA.
In a mid-sized business, paired with managed services, USM would really shine. Many of the ancillary offerings (agent, vuln scanning, forensics, and response) are already provided by tools that a larger organization would already employ. Also, be cognizant of your event consumption. If you exceed your monthly limit, "USM Anywhere will no longer store events in the searchable data store, but it will continue to generate alarms, run authenticated asset scans and store raw logs associated with events in cold storage."

Comments

  • Tami Andrews | TrustRadius Reviewer
    Thank you for sharing your feedback!

More Reviews of AlienVault USM