Great SIEM for enterprise environments
July 29, 2020

Great SIEM for enterprise environments

Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Software Version

USM Anywhere (SaaS)

Overall Satisfaction with AlienVault USM

It is our SIEM for the entire firm. It collects logs from various data sources across our network and normalizes the data to make actionable alerts. AlienVault makes it easy to consolidate all information from virtually any data source and make it searchable. It can also recognize anomalous activity and alert on it.
  • Consolidation of logs from various sources.
  • Alerting on particular activities.
  • Alerting on anomalous activities.
  • Time consuming implementation that requires professional services.
  • Pricing model based on the amount of data can be expensive.
  • Training for the product is available, but at additional expense.
The only other product I've used similar to AlienVault is SolarWinds SIEM (formerly TriGeo). It too could be difficult to implement and maintain, but it's user interface was much worse. While AlienVault USM Anywhere charges for the amount of data being processed, SolarWinds was a local install that didn't have that limitation. It was priced by the number of nodes monitored. If you get your filtering setup properly on AlienVault, there's not really a limit to the number of data sources, just the amount of overall data. AlienVault also makes it much easier to add data sources than SolarWinds in my experience.
For an organization that has a dedicated security team, it is a powerful tool in your security arsenal. For others, it's going to be something that requires a lot of time to implement and maintain that may not be your primary focus. While you can feel confident that all the information is there and searchable, you may not feel as confident that you are getting alerts on everything you want to be alerted about if you don't stay on top of maintaining the system.