AlienVault USM Review
March 09, 2020

AlienVault USM Review

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source

Software Version

USM Appliance (On-Premises)

Overall Satisfaction with AlienVault USM

AlienVault USM is being used by the whole organization and our multiple clients. Being an MSSP Partner we use it starting from installation to incidence response, for threat intelligence, forensics, etc. AlienVault USM can address a wide range of issues, including basic issues like security monitoring, Office 365, end-point detection, behavioral monitoring, vulnerability management, IDS, IPS, etc. These are the basic issues that most SIEM solutions solve. What makes AlienVault USM different is its threat intelligence performance, fastest intrusion detection, and incidence response methods. It has more than 3000+ user directives built-in by AlienVault research labs.

AlienVault USM is the best in 3 categories compared to other tools on the market:
1. cost - traditional SIEM solutions include license, implementation costs, and renewal costs and additional training costs. Enterprise should consider SIEM as long-term investments in overall cybersecurity.
2. poor correlation rules - one SIEM problem enterprise faces is failing to maintain proper event correlation information. This solution works on threat intelligence to potentially detect threats.
3. ease of use - complexity remains one of the most commonly referenced SIEM problems. This SIEM solution possesses a user interface that works best for an IT security team and environment.
  • Correlation Directives - USM has 3000+ default directives, which reduces time and man-power.
  • SOC building is much quicker and can be complete in 3 months, which is very difficult with other tools that are currently in the market.
  • Yearly subscription of USM product is equal to 3-4 months of others currently in market
  • OTX pulse is the world's biggest forum, which helps in threat hunting and management.
  • Less involvement of man-power and cost
  • Raw log feature is a little slow with limited features
  • Very few, infrequent updates
  • Backup log is not effective and not easy
  • Storage issues
We had used Splunk, which is not even close to its pricing not at all budget-friendly. Splunk implementation requires more man-power and is a time-consuming process because no default directives are present and in implementation, each and every case needs to be checked. Complete installation and deployment is a long process but it is best in performance among all SIEM tools in the market.
AlienVault USM is well suited in terms of cost, no doubt, as well as for correlation directives and suppression of false positive alarms, threat intelligence, and worldwide-recognized OTX pulse.

AlienVault USM is less appropriate: HIDS disconnection sometimes, backup, updates will face and restore of logs might be big trouble.