Great SIEM for enterprise environments
July 29, 2020
Great SIEM for enterprise environments
Score 7 out of 10
Vetted Review
Verified User
Software Version
USM Anywhere (SaaS)
Overall Satisfaction with AlienVault USM
It is our SIEM for the entire firm. It collects logs from various data sources across our network and normalizes the data to make actionable alerts. AlienVault makes it easy to consolidate all information from virtually any data source and make it searchable. It can also recognize anomalous activity and alert on it.
- Consolidation of logs from various sources.
- Alerting on particular activities.
- Alerting on anomalous activities.
- Time consuming implementation that requires professional services.
- Pricing model based on the amount of data can be expensive.
- Training for the product is available, but at additional expense.
The only other product I've used similar to AlienVault is SolarWinds SIEM (formerly TriGeo). It too could be difficult to implement and maintain, but it's user interface was much worse. While AlienVault USM Anywhere charges for the amount of data being processed, SolarWinds was a local install that didn't have that limitation. It was priced by the number of nodes monitored. If you get your filtering setup properly on AlienVault, there's not really a limit to the number of data sources, just the amount of overall data. AlienVault also makes it much easier to add data sources than SolarWinds in my experience.