AlienVault - Not Worth the Price
November 11, 2020

AlienVault - Not Worth the Price

Anonymous | TrustRadius Reviewer
Score 4 out of 10
Vetted Review
Verified User
Review Source

Software Version

USM Anywhere (SaaS)

Overall Satisfaction with AlienVault USM

AlienVault was purchased to provide the security department with a security operations center overview of the infrastructure of our environment. It is currently only being used as a SIEM for the Security Department for client compliance. This is due to the the lack of resources to manage the day to day management of the tool.
  • Log collection
  • Users cannot share views across an organization.
  • Views and reports could be more interchangeable.
  • Descriptions of events are based upon each individual asset reporting and not a general grouping of events according to any framework or standards. This makes it difficult for the administrator/user as they would need to know each and every asset and their respective event descriptions.
The cost of AlienVault is what sold us on AlienVault. However, considering the amount of time and effort that has gone into getting it set up and realizing that views and reports cannot be shared across groups makes it not worth the savings.
As I said before, this product is just collecting log files at this point and is not performing any other functions.
No, we have not achieved any reduction of the amount of work. These types of tools require an initial outlay of manpower to get them set up and reporting accordingly. When features limit the user's ability to do that effectively, it adds to the amount of work to deploy; therefore reducing the overall return on investment.
At this point I'm saying a 4. While the marketing material make it appear to be easy to use and it was relatively easy to set up, as previously mentioned, each event description is based upon the individual asset making it nearly impossible for the administrator to be a SME for each asset. For example, if one of the assets reporting is a router, the administrator monitoring alerts would need to know what the various events are that can be triggered as an event for the particular router; however, if the asset is a workstation, the administrator would need to know the various events that are triggered for workstations.