AlienVault USM Review
March 09, 2020
AlienVault USM Review
Score 8 out of 10
Vetted Review
Verified User
Software Version
USM Appliance (On-Premises)
Overall Satisfaction with AlienVault USM
AlienVault USM is being used by the whole organization and our multiple clients. Being an MSSP Partner we use it starting from installation to incidence response, for threat intelligence, forensics, etc. AlienVault USM can address a wide range of issues, including basic issues like security monitoring, Office 365, end-point detection, behavioral monitoring, vulnerability management, IDS, IPS, etc. These are the basic issues that most SIEM solutions solve. What makes AlienVault USM different is its threat intelligence performance, fastest intrusion detection, and incidence response methods. It has more than 3000+ user directives built-in by AlienVault research labs.
AlienVault USM is the best in 3 categories compared to other tools on the market:
1. cost - traditional SIEM solutions include license, implementation costs, and renewal costs and additional training costs. Enterprise should consider SIEM as long-term investments in overall cybersecurity.
2. poor correlation rules - one SIEM problem enterprise faces is failing to maintain proper event correlation information. This solution works on threat intelligence to potentially detect threats.
3. ease of use - complexity remains one of the most commonly referenced SIEM problems. This SIEM solution possesses a user interface that works best for an IT security team and environment.
AlienVault USM is the best in 3 categories compared to other tools on the market:
1. cost - traditional SIEM solutions include license, implementation costs, and renewal costs and additional training costs. Enterprise should consider SIEM as long-term investments in overall cybersecurity.
2. poor correlation rules - one SIEM problem enterprise faces is failing to maintain proper event correlation information. This solution works on threat intelligence to potentially detect threats.
3. ease of use - complexity remains one of the most commonly referenced SIEM problems. This SIEM solution possesses a user interface that works best for an IT security team and environment.
- Correlation Directives - USM has 3000+ default directives, which reduces time and man-power.
- SOC building is much quicker and can be complete in 3 months, which is very difficult with other tools that are currently in the market.
- Yearly subscription of USM product is equal to 3-4 months of others currently in market
- OTX pulse is the world's biggest forum, which helps in threat hunting and management.
- Less involvement of man-power and cost
- Raw log feature is a little slow with limited features
- Very few, infrequent updates
- Backup log is not effective and not easy
- Storage issues
We had used Splunk, which is not even close to its pricing not at all budget-friendly. Splunk implementation requires more man-power and is a time-consuming process because no default directives are present and in implementation, each and every case needs to be checked. Complete installation and deployment is a long process but it is best in performance among all SIEM tools in the market.