AlienVault USM

AlienVault USM

(66)
4.4 out of 5 stars

AlienVault Unified Security Management (USM) is a platform that provides five essential security capabilities in a single console to manage both compliance and threats, understanding the sensitive nature of IT environments, include active, passive and host-based technologies to match the requirements of each particular environment.

Work for AlienVault USM?

Learning about AlienVault USM?

We can help you find the solution that fits you best.

Find the Right Product

AlienVault USM Reviews

Write a Review
Filter Reviews
Filter Reviews
  • Ratings
  • Company Size
  • User Role
  • User Industry
  • For Category
Ratings
Company Size
User Role
User Industry
For Category
Showing 66 AlienVault USM reviews
LinkedIn Connections
AlienVault USM review by <span>Layla B.</span>
Layla B.
Validated Reviewer
Verified Current User
Organic
Reviewed On

AlienVault USM Review

What do you like best?

AlienVault is overall an easy product to use that has a significant amount of documentation and a growing community to help learn the product rather quickly. Our company has only been using AlienVault for a couple of years and we have a pretty solid understanding of the product.

What do you dislike?

The UI can be rather buggy. There isn't a day that goes by that we don't run into an error banner from trying to view an alarm that "doesn't exist in the database" or that the UI page isn't found. My personal favorite is viewing an event through the alarm information page and getting the "this event doesn't exist in the database". These types of errors make it significantly harder to do investigations.

Recommendations to others considering the product

The product is definitely getting better - the features are being more refined and as an MSSP there is a significant amount of resources Alienvault offers. It's definitely worthwhile to check-out, but it isn't for everyone.

What business problems are you solving with the product? What benefits have you realized?

Reporting on vulnerabilities. The vulnerability scans are nice for getting an overall view of an asset. If you need more in depth, the open source tool AlienVault uses won't be enough. But for giving an overall "security health checkup" to a customer it gets the job done.

Sign in to G2 Crowd to see what your connections have to say about AlienVault USM
Headshots
AlienVault USM review by <span>Karl H.</span>
Karl H.
Validated Reviewer
Verified Current User
Invitation from G2 Crowd on behalf of the vendor
Reviewed On

Security that is out of this world

What do you like best?

The ease of use and customization. The USM is a work horse, no matter what devices or the number of logs we throw at it, the system processes them in real-time, correlates the events, and alerts on only events that need human review.

What do you dislike?

The one thing I continue to dislike about the USM is the limitation on reports. Hard to get what you need in a report and once you do there is no control over the formatting.

Recommendations to others considering the product

Compare how AlienVault does Events Per Second (EPS) compared to others. Most other products charge based on EPS, the more events the more you have to pay. This causes most companies to limit the amount of logs sent and processed. AlienVault charges by the number of devices managed, you can send anything and everything to the USM. The more logs you can process the better correlation you will have. I have found that companies that limit their logs then have a security incident would have been able to identify the attack if they would have been monitoring all events in their logs.

What business problems are you solving with the product? What benefits have you realized?

We are able to get a real-time view on of our security that is accurate. We have seen a dramatic increase in the productivity and efficiency of our security team. We are now able to identify and stop security issues before they get out of control, usually before anyone else even notices.

What Security Information and Event Management (SIEM) solution do you use?

Thanks for letting us know!
AlienVault USM review by <span>James E.</span>
James E.
Validated Reviewer
Verified Current User
Invitation from G2 Crowd on behalf of the vendor
Reviewed On

Simple and understandable security interface

What do you like best?

I do not have to 'dig' within multiple levels of information to see what is going on. I can view the current alarm notifications in 1 large readable format. If an event catches my attention I can then delve into the details from here.

What do you dislike?

The inability for assets that have been identified to be tracked by MAC address. After spending the time to identify all our assets in the network I have found that devices with DHCP address can be incorrectly identified. Example hostname frplabws02-pc is currently recognized as:

frplabws02-pc (192.168.***.***)

jack-win7.***.local,mikes-pc.***.local,frplabws02-pc.***.local

But DHCP lease has identified the system as : lorettas-iphone.***.local

What business problems are you solving with the product? What benefits have you realized?

To monitor computer systems for vulnerabilities not previously identified. The system discovered an ongoing port scan against our servers that was not identified before. Our main server was getting hit with a port scan to RDP 3389 (default port). Once this was discovered I changed the default port, created firewall rule on the desktop and our cisco firewall to allow legitimate access. Once configured the random port scan stopped and our network seemed to be more responsive.

AlienVault USM review by <span>Javier R.</span>
Javier R.
Validated Reviewer
Verified Current User
Invitation from a vendor or affiliate
Reviewed On

Is the SIEM you want

What do you like best?

Best of USM is that you have all tools in one place, vulnerability scanner, netflow, hids...the other thing is the easy way to implement this product you have a wizard in the beggining that help step by step using the best practice like scan your network to find assets and adding to the usm inventory, next initiate the logger from security devices or other programs like, switches, firewalls, AV, you can add a span port to help improve your security this help to see malwares, danger applications, or if you have compromised the netflow help to see if there is a stranger behavior in the network. The USM have a ticket system that help to follow the alarms

What do you dislike?

some times the system have database problem, like generating reports that have too much time like two months ago you cant get the information sometimes, the other thing is when you do a vulnerability scanner you cant do anything because all the performance are using for the task, the other think is the dificult to follow a behaviour that you want to investigate so you have to add the alarm id and find it manually

Recommendations to others considering the product

the best you can do is buy a AV Appliance have all that you need that include like 24 gb ram 1 tb of hdd 16 n so that is one option to buy.

What business problems are you solving with the product? What benefits have you realized?

monitoring and saving time finding threats in the network.

AlienVault USM review by <span>Paul R.</span>
Paul R.
Validated Reviewer
Verified Current User
G2 Gives Campaign
Reviewed On

No Fuss, No Muss, Does what it says on the Tin

What do you like best?

The solution "just works"... once you've got it set up. Support is usually great and the community surrounding the product is top notch.

What do you dislike?

KB Articles leave a bit to be desired and sometimes lack depth or go into too much detail where none is needed, a second pass through technical writers would be a good idea.

Recommendations to others considering the product

You owe it to yourself to at least eval the OSSIM product if you're shopping around, it should give you a good idea of the product without investment.

What business problems are you solving with the product? What benefits have you realized?

SIEM first, ask questions later. The USM thrives as a SIEM and does this at a lower cost of entry than many competitors. Everything else can be hit or miss but it always works... just not necessarily the way you want or in a way that is immediately intuitive.

AlienVault USM review by User in Information Technology and Services
User in Information Technology and Services
Validated Reviewer
Verified Current User
Invitation from the software vendor
Reviewed On

AlienVault Pefect for InfoSec SMB

What do you like best?

1. It's an appliance.

2. It's easy to setup.

3. It's a ton of information.

4. Integrated ticketing system allows for assignment of vulns and closure.

5. UI is good. Easy to use.

What do you dislike?

1. Customization capabilities are limiting:

- We want the AlienVault to be the dashboard for state of health. You get some things.

- Reports are good, but that data can't be put on the dashboard in many cases.

2. AlienVault has BI capabilities, but doesn't leverage BI on the dashboard effectively.

3. AlienVault advertises it's central solution for InfoSec. True for SIEM, but not true for many other aspects. Frustratingly, it could be as the solution is very capable through it's modularity of functions.

Recommendations to others considering the product

1. Give it a chance. It has many features that compete with other more expensive products, like Rapid7.

2. Work with the sales engineering team to put the product through it's paces in POC.

3. Negotiate training when purchashing. Training is essential for full experience.

What business problems are you solving with the product? What benefits have you realized?

1. Security Vulnerability Assessment and tracking of production systems.

2. SIEM Logging and alerting of all security products.

3. Monthly reporting audit requirements.

Learn more about AlienVault USM

AlienVault USM Videos

Kate avatar
Kate from G2 Crowd

Learning about AlienVault USM?

I can help.
* We monitor all AlienVault USM reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. Validated reviews require the user to submit a screenshot of the product containing their user ID, in order to verify a user is an actual user of the product.