AlienVault USM

AlienVault USM

4.4
(77)

AlienVault Unified Security Management (USM) is a platform that provides five essential security capabilities in a single console to manage both compliance and threats, understanding the sensitive nature of IT environments, include active, passive and host-based technologies to match the requirements of each particular environment.

Work for AlienVault USM?

Learning about AlienVault USM?

We can help you find the solution that fits you best.

AlienVault USM Reviews

Write a Review
Filter Reviews
Filter Reviews
  • Ratings
  • Company Size
  • User Role
  • For Category
  • Industry
Ratings
Company Size
User Role
For Category
Industry
Showing 77 AlienVault USM reviews
LinkedIn Connections
Sign in to G2 Crowd to see what your connections have to say about AlienVault USM
AlienVault USM review by Matthew W.
Matthew W.
Validated Reviewer
Verified Current User
Review Source

"AlienVault USM Anywhere - SIEM in the Cloud"

What do you like best?

AlienVault USM Anywhere is easy to deploy with their Cloud-based model and deploying the required agents on-prem (or in the Cloud) is quick and easy. With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon Cloudwatch Logs. Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response. USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moments notice.

What do you dislike?

We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.

Recommendations to others considering the product

If you SIEM on a budget and want a Cloud-based product with great support, consider this

What business problems are you solving with the product? What benefits have you realized?

AlienVault USM Anywhere provides us with SIEM, at a low price-point and with a great array of functionality. SIEM is critical to our security operations and feeds incident response efforts.

What Security Information and Event Management (SIEM) solution do you use?

Thanks for letting us know!
AlienVault USM review by Layla B.
Layla B.
Validated Reviewer
Verified Current User
Review Source

"AlienVault USM Review"

What do you like best?

AlienVault is overall an easy product to use that has a significant amount of documentation and a growing community to help learn the product rather quickly. Our company has only been using AlienVault for a couple of years and we have a pretty solid understanding of the product.

What do you dislike?

The UI can be rather buggy. There isn't a day that goes by that we don't run into an error banner from trying to view an alarm that "doesn't exist in the database" or that the UI page isn't found. My personal favorite is viewing an event through the alarm information page and getting the "this event doesn't exist in the database". These types of errors make it significantly harder to do investigations.

Recommendations to others considering the product

The product is definitely getting better - the features are being more refined and as an MSSP there is a significant amount of resources Alienvault offers. It's definitely worthwhile to check-out, but it isn't for everyone.

What business problems are you solving with the product? What benefits have you realized?

Reporting on vulnerabilities. The vulnerability scans are nice for getting an overall view of an asset. If you need more in depth, the open source tool AlienVault uses won't be enough. But for giving an overall "security health checkup" to a customer it gets the job done.

AlienVault USM review by Karl H.
Karl H.
Validated Reviewer
Verified Current User
Review Source

"Security that is out of this world"

What do you like best?

The ease of use and customization. The USM is a work horse, no matter what devices or the number of logs we throw at it, the system processes them in real-time, correlates the events, and alerts on only events that need human review.

What do you dislike?

The one thing I continue to dislike about the USM is the limitation on reports. Hard to get what you need in a report and once you do there is no control over the formatting.

Recommendations to others considering the product

Compare how AlienVault does Events Per Second (EPS) compared to others. Most other products charge based on EPS, the more events the more you have to pay. This causes most companies to limit the amount of logs sent and processed. AlienVault charges by the number of devices managed, you can send anything and everything to the USM. The more logs you can process the better correlation you will have. I have found that companies that limit their logs then have a security incident would have been able to identify the attack if they would have been monitoring all events in their logs.

What business problems are you solving with the product? What benefits have you realized?

We are able to get a real-time view on of our security that is accurate. We have seen a dramatic increase in the productivity and efficiency of our security team. We are now able to identify and stop security issues before they get out of control, usually before anyone else even notices.

AlienVault USM review by Mikhail K.
Mikhail K.
Validated Reviewer
Review Source

"Great SIEM product"

What do you like best?

We deployed AlienVault as an Open-Source SIEM for continuous traffic monitoring and behavioural analysis. Another great features of AlienVault are file integrity monitoring, HISD/NIDS, integration with external systems via API. The implementation was straightforward. The customization of product is not quite simple, but it depends on your needs and time you are ready to invest to SIEM. We found that training directly from vendor was really helpful. It allowed us to implement the system in our environment with minimal issues. AlienVault's correlation engine is well designed and it understands a huge number of log types.

What do you dislike?

Limited alerting out of the box. Nothing special to say here. AlienVault is very good at communications on the right things at the right time.

Recommendations to others considering the product

This is one of the best SIEM we tried. I would definitely to try it, at least to go with the proof of concept.

What business problems are you solving with the product? What benefits have you realized?

AlienVault USM is a great tool for medium-size organizations. It helps us collect and log from a variety of sources. We use that information to generate security events. AlienVault also helped us to track which systems are most vulnerable to security issues so we can prioritise patching. AlienVault is an excellent company with a great product.

AlienVault USM review by Erlon S.
Erlon S.
Validated Reviewer
Verified Current User
Review Source

"An excellent tool that delivered us much more than we were looking for."

What do you like best?

The way the tool handles several extremely important areas in security management. At the same time, we have a vulnerability scanner, we have a SIEM and a cloud event analyzer. Several crucial tools delivered in just one platform.

What do you dislike?

The licensing model based on monthly traffic brings a recurring concern so that the monthly limit is not reached.

Recommendations to others considering the product

strongly recommend joining the official training of the tool. This allowed us to discuss with other users, various situations as well as best practices.

What business problems are you solving with the product? What benefits have you realized?

In our case, the main thing is the adequacy to the GDPR and the delivery of information that allow us to fulfill our security policy.

AlienVault USM review by Brett C.
Brett C.
Validated Reviewer
Review Source

"AlienVault USM Anywhere SEIM"

What do you like best?

The product is easy to use for small organizations that require network and security monitoring. It allows us to monitor systems that are located in geographically different areas than our business office. We can now monitor remote and mobile endpoints with ease.

What do you dislike?

There are times when it can be difficult to get a plugin to work with the USM software. This seems to be getting better as they courteously add and update features but it is still little troublesome at times.

Recommendations to others considering the product

Make sure your monitoring interfaces are located properly within your organization.

What business problems are you solving with the product? What benefits have you realized?

AlienVault USM has helped with issues such as risk management. We are better able to identified potential risk associated with IT. The benefits we have received are such that we can now better to respond to risks that affect our business. With this being the USM Anywhere version, we are able to solve the problem of protecting remote and mobile endpoints from one plane of view with ease.

AlienVault USM review by James E.
James E.
Validated Reviewer
Verified Current User
Review Source

"Simple and understandable security interface"

What do you like best?

I do not have to 'dig' within multiple levels of information to see what is going on. I can view the current alarm notifications in 1 large readable format. If an event catches my attention I can then delve into the details from here.

What do you dislike?

The inability for assets that have been identified to be tracked by MAC address. After spending the time to identify all our assets in the network I have found that devices with DHCP address can be incorrectly identified. Example hostname frplabws02-pc is currently recognized as:

frplabws02-pc (192.168.***.***)

jack-win7.***.local,mikes-pc.***.local,frplabws02-pc.***.local

But DHCP lease has identified the system as : lorettas-iphone.***.local

What business problems are you solving with the product? What benefits have you realized?

To monitor computer systems for vulnerabilities not previously identified. The system discovered an ongoing port scan against our servers that was not identified before. Our main server was getting hit with a port scan to RDP 3389 (default port). Once this was discovered I changed the default port, created firewall rule on the desktop and our cisco firewall to allow legitimate access. Once configured the random port scan stopped and our network seemed to be more responsive.

AlienVault USM review by Javier R.
Javier R.
Validated Reviewer
Verified Current User
Review Source

"Is the SIEM you want"

What do you like best?

Best of USM is that you have all tools in one place, vulnerability scanner, netflow, hids...the other thing is the easy way to implement this product you have a wizard in the beggining that help step by step using the best practice like scan your network to find assets and adding to the usm inventory, next initiate the logger from security devices or other programs like, switches, firewalls, AV, you can add a span port to help improve your security this help to see malwares, danger applications, or if you have compromised the netflow help to see if there is a stranger behavior in the network. The USM have a ticket system that help to follow the alarms

What do you dislike?

some times the system have database problem, like generating reports that have too much time like two months ago you cant get the information sometimes, the other thing is when you do a vulnerability scanner you cant do anything because all the performance are using for the task, the other think is the dificult to follow a behaviour that you want to investigate so you have to add the alarm id and find it manually

Recommendations to others considering the product

the best you can do is buy a AV Appliance have all that you need that include like 24 gb ram 1 tb of hdd 16 n so that is one option to buy.

What business problems are you solving with the product? What benefits have you realized?

monitoring and saving time finding threats in the network.

AlienVault USM review by Paul R.
Paul R.
Validated Reviewer
Verified Current User
Review Source

"No Fuss, No Muss, Does what it says on the Tin"

What do you like best?

The solution "just works"... once you've got it set up. Support is usually great and the community surrounding the product is top notch.

What do you dislike?

KB Articles leave a bit to be desired and sometimes lack depth or go into too much detail where none is needed, a second pass through technical writers would be a good idea.

Recommendations to others considering the product

You owe it to yourself to at least eval the OSSIM product if you're shopping around, it should give you a good idea of the product without investment.

What business problems are you solving with the product? What benefits have you realized?

SIEM first, ask questions later. The USM thrives as a SIEM and does this at a lower cost of entry than many competitors. Everything else can be hit or miss but it always works... just not necessarily the way you want or in a way that is immediately intuitive.

AlienVault USM review by User in Information Technology and Services
User in Information Technology and Services
Validated Reviewer
Verified Current User
Review Source

"AlienVault Pefect for InfoSec SMB"

What do you like best?

1. It's an appliance.

2. It's easy to setup.

3. It's a ton of information.

4. Integrated ticketing system allows for assignment of vulns and closure.

5. UI is good. Easy to use.

What do you dislike?

1. Customization capabilities are limiting:

- We want the AlienVault to be the dashboard for state of health. You get some things.

- Reports are good, but that data can't be put on the dashboard in many cases.

2. AlienVault has BI capabilities, but doesn't leverage BI on the dashboard effectively.

3. AlienVault advertises it's central solution for InfoSec. True for SIEM, but not true for many other aspects. Frustratingly, it could be as the solution is very capable through it's modularity of functions.

Recommendations to others considering the product

1. Give it a chance. It has many features that compete with other more expensive products, like Rapid7.

2. Work with the sales engineering team to put the product through it's paces in POC.

3. Negotiate training when purchashing. Training is essential for full experience.

What business problems are you solving with the product? What benefits have you realized?

1. Security Vulnerability Assessment and tracking of production systems.

2. SIEM Logging and alerting of all security products.

3. Monthly reporting audit requirements.

AlienVault USM review by Trevor S.
Trevor S.
Validated Reviewer
Verified Current User
Review Source

"Well Rounded Product"

What do you like best?

This product was easy to get up and running, has a great support team behind it, and has a variety of great tools built into one package.

What do you dislike?

The main problem I have with the USM solution is the tendency for the information to easily overwhelm and thus be ignored. For instance, filtering out expected events tends to be more cumbersome than I would hope.

Recommendations to others considering the product

When selecting a USM solution make sure you speak with a representative about their free trial options. They have different products depending on organization size and their trails are fully functional.

What business problems are you solving with the product? What benefits have you realized?

Alienvault was purchased to meet our needs pertaining to PCI Compliance standards. We were able to use Alienvault to complete four different requirements for monitoring rather than using multiple programs.

AlienVault USM review by Jason G.
Jason G.
Validated Reviewer
Review Source

"Fantastic Value for a SIEM Solution"

What do you like best?

I am speaking to USM Anywhere specifically as that is now the primary solution. It is easy to deploy and very easy to manage. The GUI is modern, user-friendly, and intuitive.

What do you dislike?

As far as AI goes, it's only using graph-based machine learning. However, from what I hear, they're working on more advanced implementations of AI for the next year or 2.

Recommendations to others considering the product

Although they use machine learning, be prepared, if a client really wants to know, that it is graph-based.

What business problems are you solving with the product? What benefits have you realized?

As do most SIEMs, AlienVault allows us to monitor the security of the organization as a whole in a central location. It has great integration with several different technologies and an API for more support if necessary. All the added features, such as vulnerability scanning, make it a great product.

AlienVault USM review by David C.
David C.
Validated Reviewer
Verified Current User
Review Source

"Making my job easier or harder depending on how you look at it."

What do you like best?

I like that it one dashboard I get a great overview of what my network is doing.

What do you dislike?

I dislike the agent deployment process and which it were more flexible.

Recommendations to others considering the product

Really do like the software as any company should they continue to improve their product. As I use the product more I begin to realize the cost savings we are actually accumulating such as with the new WannaCry. I hear company after company getting hit by this malware as we had already closed up the vulnerability of SMBv1 in our network due to it showing on my vuln list weeks prior. This alone has saved my company quite a bit of funds.

What business problems are you solving with the product? What benefits have you realized?

We are utilizing this software to prevent and secure our network from malicious attacks and also providing a means to measure our compliance actively.

AlienVault USM review by Administrator in Management Consulting
Administrator in Management Consulting
Validated Reviewer
Verified Current User
Review Source

"Its the People that make a great product"

What do you like best?

Ease of use, clarity, the support and training - enthusiasm of the support and training teams - training is fantastic - we also had a day of consultancy and that was extremely insightful - the product brings a broad feature stack in one clean unified interface - its easy to install, and maintain - the OTX pulses are very helpful and provide a powerful platform for almost instant detection of emerging threats - worth subscribing to whilst you eval the product

What do you dislike?

Some aspects of the upgrade process - the fact that you backup, upgrade the system, but that backup is worthless as it can only be used on the previous build version, which would require a downgrade install and fresh build - fine in a VM world if you are using the virtualised version of the product and can take a snapshot, but could be improved upon. We run another backup post upgrade for completeness and compatibility. Some of the menus/features are over nested - not always clear where to find things.

Recommendations to others considering the product

Run an Eval, give yourself time - its a comprehensive product- make sure you understand the networking requirements - do the training - its great value and very well taught - understand the need for remote sensors - only log what you need to!

What business problems are you solving with the product? What benefits have you realized?

The primary purpose of AlienVault USM is to provide us with additional insight in to the unknown - what's happening on our network, and servers and to provide an SIEM platform to help reduce risk and improve management, bring insight in to our logs.

AlienVault USM review by Administrator in Computer & Network Security
Administrator in Computer & Network Security
Validated Reviewer
Review Source

"Okay Solution that does not play well with others"

What do you like best?

The log analysis component works well and adding additional alerting rules is pretty simple.

They have a large number of modules for ingesting logs from a variety of systems.

Support is pretty good.

Open threat exchange is an excellent idea and well implemented.

The UI is ok

Annual cost is better than most

Using the USM client is a quick and easy way to forward system logs into USM.

They have a easy to read task list of what is in their pipeline for new features.

What do you dislike?

The lack integration with other tools. They have a ticket system that is ok, it would be better if they had integration with third party tools like Jira.

They have assets that are used to conduct scans and assign modules for understanding logs taken from it. Again there is no integration with any third party asset management system.

They have a vulnerability scanner however its not as through as some of the alternatives and you can not initiate scans via an api.

They claim to have a compliance scanner what they really have is a set of canned reports that you can provide to an auditor. A compliance scanner is something like openscap.

They only allow in the ingesting and processing of Office 365 logs in their cloud solution. There is no reason why this couldn't also be done with their on premise solution as well.

It would seem that development of their USM product has slowed to a crawl. If you monitor their change lists on their website the upcoming changes to their USM product is woefully lacking. It would be better if they used the same code base for both platforms and when one feature was added to one platform it would also be available to the other.

Recommendations to others considering the product

Do a feature comparison and go with the system that has the best cost for the features you need.

Qualys appears to be the most featured product but the most expensive.

Rapid 7 is a little more expensive but has a few more features that Alienvault needs to add.

I would take another look at tenable's solution as its changed a good bit since my last eval.

Alienvault may be missing some of the features I was looking for but they have provided great support and their features cover most of what I was looking for.

The Alienvault USM Appliance seems to be lagging behind their USM Anywhere product as far as development goes. If you are not required to have Fedramp certified cloud services I would recommend going with USM anywhere over the USM appliance. However USM Anywhere does cost a bit more.

What business problems are you solving with the product? What benefits have you realized?

AlienVault USM analyses our logs and reports vulnerabilities.

AlienVault USM review by Marcela  G.
Marcela G.
Validated Reviewer
Verified Current User
Review Source

"Alienvault is a good choice as SIEM"

What do you like best?

It is easy to understand and use, the training by the staff is excellent and fast since they have solved several doubts. . Alienvault is a product that works well for companies that do not have personal security insurance, which is quite easy to start up and manage.

What do you dislike?

I have nothing that I dislike about AlienVault

What business problems are you solving with the product? What benefits have you realized?

DS, vulnerability scanning, activity time monitoring, notification of when a server or device is disconnected, network mapping, network asset detection, malware monitoring, network traffic monitoring, record consolidation, activity alert suspicious etc.

AlienVault USM review by Administrator in Investment Management
Administrator in Investment Management
Validated Reviewer
Verified Current User
Review Source

"Great Product, very flexible but difficult to get started"

What do you like best?

The product is amazing in terms of what it can do, it is very flexible and powerful. Lots of features relating to alerts on potential threats. In addition the ability to package a SIEM into the same product is great.

What do you dislike?

It is complicated to get started. It takes a big learning curve to get up and running. The online training is basic at best and their online courses are "In Person" so you have to sit through an entire session at one time. I don't have 5 full days to take a training class (EVER).

Recommendations to others considering the product

Make sure you have the bandwidth to dedicate for setup and training. This is not a product that is set and forget. You must install and customize it to your environment before it will be useful.

What business problems are you solving with the product? What benefits have you realized?

I was looking for a vulnerability scanner to solve a business requirement of being able to scan my entire network and prioritize vulnerabilities.

AlienVault USM review by Ruben H.
Ruben H.
Validated Reviewer
Review Source

"Alienvault Good Choice For All Around SIEM"

What do you like best?

Integration of security tools in one platform, I think is a differential on the market with the others SIEM's, the ease of modify and create my own plugins although is need have a deep linux knowledge.

I think the reports is very good, the solution have the templates to get information and take decisions to improve the security controls.

What do you dislike?

It's not just AV, I think all platforms in the market needs to improve the GUI to have a better manage and I think the preformance in the appliances need improve and last, more documentation or improve the KB to have a better knowledge to do troubleshooting.

Recommendations to others considering the product

Deployment, integration and scalability

What business problems are you solving with the product? What benefits have you realized?

It is perfect to have the best visibility of the behavior of the network with reports and to give evidence to the compliances such as ISO 27001, also is great tool to begin to established indicators to the SOC with the data recollected

AlienVault USM review by Eric S.
Eric S.
Validated Reviewer
Verified Current User
Review Source

"It's a Swiss Army Knife of Functionality"

What do you like best?

One pane of glass covers a lot of functionality. Alienvault provides an awful lot of coverage at a very reasonable price. And, over time the user interface has improved and the linkages between functionality has become better. We are looking forward to being a long term customer.

What do you dislike?

Updating could be better. Occassionally there is regression in small pieces of functionality during an update. Most updates are just fine; however, some of the updates have caused problems - especially with vulnerability scanning (slower scanning). This is usually resolved fairly quickly, but it would have been helpful for this to be better QA'd first.

Recommendations to others considering the product

If you need a lot of functionality in one solution - this is a great tool. It may not be 100% of the best point solution, but it will be 80-90% of the functionality and nearly 100% of what you would actually use anyway.

What business problems are you solving with the product? What benefits have you realized?

SIEM, VulnManagement, HIDS, Asset Discovery - Basically, excellent coverage on required toolsets to manage an InfoSec Program.

AlienVault USM review by Philip G.
Philip G.
Validated Reviewer
Review Source

"Industry Tools from the College Classroom to the Field"

What do you like best?

The executive dashboards give an immediate presence when displayed in the classroom environment on a big screen television as a dashboard. Students become inquisitive to learn what a product like USM or SIEM is, as buzz words become alive to touch an actual product. It is one thing to read about a Unified Security Manager (USM), or a Security Incident Event Manager (SIEM), but to actually visually see in a production environment and use it is another story.

What do you dislike?

There is a huge learning curve to understand the product. False positives provide a means for the students to do adequate research on a particular event and determine if what actually happened in the environment did indeed happen.

Recommendations to others considering the product

Have a dedicated person understand the product and give them the time to use it.

What business problems are you solving with the product? What benefits have you realized?

Many of our students are using AV in their required internship jobs as the companies they go to work for in the field are using the product. This is a great way for students to learn the product in a production lab environment without fear of breaking something.

AlienVault USM review by Clark B.
Clark B.
Validated Reviewer
Review Source

"It does the job"

What do you like best?

The software is user-friendly, and anyone can be trained to use it. New employees don't take a LOT of time trying to get used to it. In my organization's scenario, the on-premise appliance provides great value as we are a small company with site inter-connectivity. Where I am not too sure of is how exactly the product scales with very large networks with separate Windows and network domains.

What do you dislike?

Could be a little less expensive for other companies to try out. Walking through all the devices after a Nmap or device discovery scan can be tedious to get the data correct

What business problems are you solving with the product? What benefits have you realized?

The vault helps protect all kinds of data and helps with encryption as well

AlienVault USM review by Kevin W.
Kevin W.
Validated Reviewer
Review Source

"AlienVault Locks it Down"

What do you like best?

AlienVault provides a simple, customizable dashboard to easily see the most important things going on in your environment. It goes beyond traditional SIEM by providing things like File Integrity Monitoring, IDS and Asset Management. It also has very simple integration with common cloud services (USM Anywhere only).

What do you dislike?

From a volume perspective, if you have a ton of log data, it isn't the best tool for traditional SIEM activities. There is also no migration from USM Appliance to USM Anywhere. You basically have to start over if you move some things to the cloud and want to capture that information.

What business problems are you solving with the product? What benefits have you realized?

Besides being a SIEM platform, I consider AlienVault to be a security/threat management platform. It provides IDS, SIEM, and active threat monitoring.

AlienVault USM review by Richard P.
Richard P.
Validated Reviewer
Review Source

"Keeping an Eye of your Network"

What do you like best?

AlienVault's ability to monitor all HIDS and NIDS traffic and to correlate security events to warn you of breaches or malware is exceptional. They constantly update their intelligence and will provide a view of the network for the cyber security engineer that ordinarily he or she would not have.

What do you dislike?

I would recommend that the installation be done by a certified engineer. The setup is critical and not intuitive.

Recommendations to others considering the product

Powerful product. Setup is crucial and monitoring a must.

What business problems are you solving with the product? What benefits have you realized?

Firewalls, Endpoint protection, IDS, Sandboxing are all necessary components of network security. They usually do a great job in keeping malware and threats from penetrating their defenses. However, nothing is 100% effective. AlienVault makes sure that if anything does get through, AlienVault let's me know so I can handle the intrusion. Without it, I wouid be network blind.

AlienVault USM review by Karel .
Karel .
Validated Reviewer
Verified Current User
Review Source

"AlienVault USM - technology of data distillation to information"

What do you like best?

One graphic enviroment can orchestrate six security tools. Every tool is so connected with everyone. Together they achieve higher values. Information context, graphical form and interactivity also give this community a tool of a special spirit. Good idea, good execution.

What do you dislike?

AlienVault USM use MySQL like main database engine. I would like to be able to connect to another database, for example some graph database (Neo4J) or object database (CEPH).

Recommendations to others considering the product

Please - try to create a better environment for parser creation and correlation.

What business problems are you solving with the product? What benefits have you realized?

we provide more secure security for clients who are unattainable for better security.

AlienVault USM review by Shaun S.
Shaun S.
Validated Reviewer
Verified Current User
Review Source

"More than just a SIEM"

What do you like best?

I like all the features in AlienVault. Vulnerability Scanning, SIEM, IDS, File Integrity Monitoring are all critical functions we use daily

What do you dislike?

It does take some configuration of plugins, but AV will create ones given log files. Additionally, the vulnerability scans can take some tweaking but they are always updated with new vulnerabilities.

What business problems are you solving with the product? What benefits have you realized?

We started looking for a SIEM and found AlienVault did so much more. We were able to convert older systems and consolidate all our logging and alarms in one system. I appreciate all the functionality AV gathers into one windows pane.

AlienVault USM review by Administrator in Information Technology and Services
Administrator in Information Technology and Services
Validated Reviewer
Verified Current User
Review Source

"Alienvault USM"

What do you like best?

I love the ability to see anything and everything that is going on in my network. The dashboard and alarms page are the beginning and end of my days and it makes my daily life easier!

What do you dislike?

Without training, the product is quite usable, but even with some training, there is usually a need for additional training in order to fully utilize all of the capabilities. I wish it were easier to mark events as false-positives instead of having to create custom policies that can take a bit to configure properly.

Recommendations to others considering the product

Alienvault is the only SIEM that I've used, but I've worked with former federal agents and they swear by Alien Vault so you know it's good.

What business problems are you solving with the product? What benefits have you realized?

We are concerned with HIPAA regulations and the built-in reporting is great.

AlienVault USM review by Corey S.
Corey S.
Validated Reviewer
Verified Current User
Review Source

"Secure Compliance Solutions uses AlienVault to provide Managed Security Services"

What do you like best?

The Visibility it provides into the traffic traversing the network. From the moment it is set up and configured, it is providing value.

What do you dislike?

It can get be expensive to install. Also, the product requires a handsome supply of system resources.

Recommendations to others considering the product

Consider going with USM Anywhere if you plan on managing it internally.

What business problems are you solving with the product? What benefits have you realized?

Information security management and general piece of mind. The news is inundated with stories of system breaches. With AlienVault installed and configured, there is always a team of security researchers on your payroll.

AlienVault USM review by Consultant in Computer & Network Security
Consultant in Computer & Network Security
Validated Reviewer
Review Source

"It Has Powerful Threat Detection, Incident Response, And Compliance Management"

What do you like best?

AlienVault Unified Security Management (USM) has powerful threat detection, incident response, and compliance management. We can use this across cloud, on-premise and hybrid environments.

The reason to use USM is that it has the following components in its package:

Asset Discovery

Vulnerability Assessment

Intrusion Detection

Behavioral Monitoring

SIEM & Log Management.

What do you dislike?

AlienVault must improve their correlation feature. Some of the events do not match with the correlation rules and some of the correlation events are false-positive.

What business problems are you solving with the product? What benefits have you realized?

AlienVault has an advanced component within one package. With this, we can cover more area with one solution.

As a example, it has vulnerability assessment component built-in. From this, we can do the vulnerability assessment easily and we do not have to buy another solution for the vulnerability assessment. It is easy to use and we can take better advantage from an all-in-one solution like USM.

AlienVault USM review by Administrator in Financial Services
Administrator in Financial Services
Validated Reviewer
Verified Current User
Review Source

"Great data aggregation and monitoring"

What do you like best?

The more data you feed into AV, the better reporting and analytics you get out of it. Since AV can cross correlate different sources of data, it notifies our team much more quickly of any potential issues.

What do you dislike?

The amount of granularity can become overwhelming. However, it becomes much easier after a bit of time with the rules.

Recommendations to others considering the product

If you need data aggregation for your security events, this is the tool to use. On top of the standard SIEM features, AV's OTX community is great resource for security events that happen around the world.

What business problems are you solving with the product? What benefits have you realized?

Security monitoring and awareness. We now have a single pane of glass to all things related to security on the network.

AlienVault USM review by Consultant in Information Technology and Services
Consultant in Information Technology and Services
Validated Reviewer
Verified Current User
Review Source

"AlienVault USM Anywhere"

What do you like best?

AlienVault USM Anywhere is a great product. Its ability to post threat data to a cloud console is a huge improvement over the previous reporting functionality.

What do you dislike?

It can still be difficult to integrate with 3rd party products. Digesting logs from some devices still requires plugins to be build manually - but they have made great strides in including more plugins by default. DHCP-based networks are still quite challenging to deal with.

What business problems are you solving with the product? What benefits have you realized?

It is a great tool for knowing what types of activities are happening on your network. It has enabled the mitigation of several benign but unwanted applications on the network.

AlienVault USM review by Jose S.
Jose S.
Validated Reviewer
Verified Current User
Review Source

"I am a tier 2 analyst for an MSP."

What do you like best?

The interface is clean and easy to use.

What do you dislike?

There are certain reporting and search functions that I would think would be standard that Alien Vault is unable to do such as attach an automatically generated spreadsheet to an email. Make columns sortable in the web view, easily seach multiple chriteria in the siem, etc.

What business problems are you solving with the product? What benefits have you realized?

We use AlienVault to notify customers of malicious events, policy violations, vulnerable systems and misconfiguration issues that occur on their networks.

AlienVault USM review by Administrator in Education Management
Administrator in Education Management
Validated Reviewer
Verified Current User
Review Source

"AlienVault USM is the guard dog you need"

What do you like best?

The quick out of the box setup. The easy to figure out settings because their documentation is not very good. The customization ability for plugins, rules and alerts. The integration with OTX makes it feel being part of a world wide Infosec Operation.

What do you dislike?

Documentation and training are not good. The product itself is pretty solid and has never given me issues and i've implemented it at 2 different companies. Their support is very solid and responsive.

What business problems are you solving with the product? What benefits have you realized?

It has given both companies i have implemented this at the ability to get into the SEIM space at a nice price. My teams have been small so being able to implement, tune and train has been very important.

AlienVault USM review by Kevin M.
Kevin M.
Validated Reviewer
Verified Current User
Review Source

"AlienVault USM Single Pain of Glass"

What do you like best?

All the monitoring is right at your finger tips.

Easy to navigate with plenty of features to do the job,

What do you dislike?

It does take a little while to learn where all the features are located.

The appliance does so much right out of the box, maybe there could be different user levels.

Recommendations to others considering the product

Defiantly is worth the investment, you won't be sorry.

What business problems are you solving with the product? What benefits have you realized?

Keeping our environment safe.

Definitely helps with alerting the threats. Great device for log collection and reporting.

AlienVault USM review by Karl S.
Karl S.
Validated Reviewer
Verified Current User
Review Source

"Feature packed but unrefined"

What do you like best?

AlienVault is made of well known open source tools which makes it highly customization.

What do you dislike?

The UI is a bit unrefined and the reporting is not the best to look at. The software can also be unreliable.

Recommendations to others considering the product

Be knowledgeable with linux and take their training course to become familiar with the product.

What business problems are you solving with the product? What benefits have you realized?

Security visibility and monitoring.

AlienVault USM review by David I.
David I.
Validated Reviewer
Review Source

"Alienvault USM for Security professionals"

What do you like best?

AlienVault is an all-in-one SIEM device for monitoring events on your network. Not only does it monitor everything on your network, but also comes with a built-in vulnerability scanner.

What do you dislike?

Some of the reporting capabilities are not quite as robust as I would like.

Recommendations to others considering the product

For the price that AlienVault is; it is hard to beat everything you get; Events plus a vulnerability scanner.

What business problems are you solving with the product? What benefits have you realized?

Solving the issue of having tons and tons of events scattered throughout the organization, but no way to have one place to find what all is happening. With Alienvault we have been able to see everything for the organization, in one nice dashboard.

AlienVault USM review by Juan Carlos G.
Juan Carlos G.
Validated Reviewer
Verified Current User
Review Source

"The best USM"

What do you like best?

the simplicity of the administration console.

What do you dislike?

There really is not much to say, but I have problems with the false positives detected.

Recommendations to others considering the product

Vulnerability scan of anywhere solution.

does not works same at the usm aio

What business problems are you solving with the product? What benefits have you realized?

We was can detect with the anywhere solution a brute force attack and stop the attack before that the incident increased.

AlienVault USM review by Administrator
Administrator
Validated Reviewer
Verified Current User
Review Source

"Stability of the platform"

What do you like best?

The platform is stable in a virgin installation, has good speed, has ease of use, has good whiteboards for summary of statistics, integrates in a good way to several IDS and IPS, has a very good amount of pluing, has its free version that Is OSSIM, it is easy to install and configure, Has a friendly interface, has very good details about the events, the design is sober is professional, Everything can be handled from a click from the web interface or from the CLI that provides this gives a very large ease and maneuverability

What do you dislike?

The installation after its constant patching becomes unstable, the database is saturated to such a level that it comes to think that it does not have a good architecture or index relation, has very poor description of logs makes you investigate out of the tool each Code detected to make your diagnosis, has a poor information of the activity of the users, the support in the version USM they serve but they do not solve

Recommendations to others considering the product

Improve the support, in the aspect that reaches a point where nobody can fix the problem and you stay with the platform unstable and with bad modules, and support in other languages

What business problems are you solving with the product? What benefits have you realized?

Helped me to keep track of network traffic and traffic analysis good traffic bad and possible amanezas the analysis panel is very friendly and easy to use when you take the practice, its management in correlations creates ideas that serve you to power Seek and deepen some vulnerability

AlienVault USM review by Patrick N.
Patrick N.
Validated Reviewer
Review Source

"AlienVault after 1 year of usage"

What do you like best?

All logs in one place, simply dashboards and IDS to detect what we cannot see at firts.

What do you dislike?

Detection on systems - manual and automatic if you mix them you will end with two same systems. Plugins which sometimes do not recognize logs details.

Recommendations to others considering the product

Please write yourself all bullet point why you need SIEM solution and search until you find something what match most of them as otherwise you end up with costly system changes.

What business problems are you solving with the product? What benefits have you realized?

It saved my daily time of systems logs check - 2h a day.

AlienVault USM review by Administrator in Financial Services
Administrator in Financial Services
Validated Reviewer
Verified Current User
Review Source

"Alienvault Good Choice For All Around SIEM"

What do you like best?

Alienvault was straightforward to set up and start using. Training was good and allowed us to immediately customize the product to our needs. Support has been good when needed. This product gives us much more insight as to what is happening on our network than we had previously. The included scanner is good and allowed us to cancel our subscription with another vendor for the service. Alienvault is a product that works well for businesses that do not have a dedicated security staff since it is pretty straightforward to get up and running and to manage. Asset discovery is fair, OS is typically incorrectly identified though. Support is typically pretty good, fairly quick to respond and provide a solution to the reported issue.

What do you dislike?

Data organization could be better. Need to be able to sort scan results on the vulnerability for example. I currently rely on a system built in-house that I then export scan data from Alienvault and input into this system in order to then view in a more readable format. Vulnerabilities within USM itself have been identified but not yet corrected. For being a security product, you expect this to be addressed quickly.

Recommendations to others considering the product

Take the training when you can dedicate your full attention to it.

What business problems are you solving with the product? What benefits have you realized?

Enable/improve behavioral analysis of users and other entities

Enable/improve log collection, reporting and retention capabilities

Enable/improve security event alerting, investigation

Enable/improve security incident workflow and reporting

Meet regulatory or commercial compliance requirements

AlienVault USM review by Consultant in Computer & Network Security
Consultant in Computer & Network Security
Validated Reviewer
Verified Current User
Review Source

"Best Tool to Learn SIEM"

What do you like best?

ALL In One (Logger, Vuln. Management, Ticketing Mgmt Etc) Centralized Monitor of IT Environment.

Easy to understand, Implement and make it run. Huge number of Pluggins for the variety of devices

What do you dislike?

In Asset discovery, Not Host getting all the Information (Even we deploy Ossec)

Max No of Correlation available only based on NIDS. if Some where not possible to implement to use NIDS, You have to write own Correlation.

Offline Updates Not available (If Air gaped networks ie isolated from the internet)

Recommendations to others considering the product

It is Suitable for the Middle size Organization.

What business problems are you solving with the product? What benefits have you realized?

Data Security(USB Detection), Asset Management, Vulnerability Scanning & Reporting.

Centralized Monitor of IT Environment. (Federated Environment Monitoring)

Integration of MS SQL Audits.

AlienVault USM review by Rogelio c.
Rogelio c.
Validated Reviewer
Review Source

"AlienVault USM Anywhere"

What do you like best?

The best thing you can do is buy an AV device that has everything you need and that includes 24 gb ram 1 tb hard disk 16 n, so that is an option to buy and take advantage of the full potential of the team.

What do you dislike?

At the moment nothing, the truth is that the service provided is very incredible and has not had any kind of problem.

Recommendations to others considering the product

Yes

What business problems are you solving with the product? What benefits have you realized?

Evaluate all the assets of your red ... before someone else does! (Active Scanning of Red - Passive Monitoring of Red - Inventory of Assets - Inventory of Software)

AlienVault USM review by Stephen K.
Stephen K.
Validated Reviewer
Verified Current User
Review Source

"AlienVault USM Anywhere "

What do you like best?

The Ease of implementation is nice. It is very easy to get up and running in a environment.

What do you dislike?

It could use some better customization. It can be difficult to filter out all the noise of the alerts.

What business problems are you solving with the product? What benefits have you realized?

We are solving reporting and remediation required for PCI compliance. It is also to Identify Potential security breaches to our infrastructure.

AlienVault USM review by Administrator in Higher Education
Administrator in Higher Education
Validated Reviewer
Verified Current User
Review Source

"AlienVault USM AIO"

What do you like best?

The fact that it incorporates many different utilities into one product.

What do you dislike?

It is slightly difficult to navigate until you figure out where everything is located in the menus. You have to use it a good bit to get used to where things are.

Recommendations to others considering the product

Get on a Webinar with Alien Vault and let them live demo it for you. Also, sign up for the many videos and webinars they offer on how to do certain things you are interested in doing. Download the free trial a play with it in your environment.

What business problems are you solving with the product? What benefits have you realized?

IDS, vulnerability scanning, uptime monitoring, notification of when a server or device goes offline, network mapping, asset discover on the network, malware monitoring, network traffic monitoring, log consolidation, suspicious activity alerting, OTX, notification of threat risk around the world to watch out for, and many more things too numerous to list here.

AlienVault USM review by Sergio S.
Sergio S.
Validated Reviewer
Verified Current User
Review Source

"Nice SIEM nut with a few cons"

What do you like best?

I like the policy rules because we can analyze all out traffic with it

What do you dislike?

i don't like have to reload all the filters whe I create a new tab

What business problems are you solving with the product? What benefits have you realized?

We aboard all the traffic and analyze the payloads

AlienVault USM review by Baillio, A.
Baillio, A.
Validated Reviewer
Verified Current User
Review Source

"Best budget friendly commercial SIEM and all-in-one tool available"

What do you like best?

The best part of this product is that even right out of the box, you get instant utility. With the NIDS feature, you get instant alerting and security insight. Adding syslog, vulnerability scans and asset tracking is icing on the cake.

What do you dislike?

Coming from an open source background, the reporting and UI have that homegrown feel. Not the most intuitive or professional, but functional.

What business problems are you solving with the product? What benefits have you realized?

This helps cover so many areas...compliance, security operations, vulnerability management. Biggest benefit is the IDS functionality and syslog correlation. This helps us with visibility and incident response. We can easily respond to the results of the correlation and alerting.

AlienVault USM review by Administrator in Information Technology and Services
Administrator in Information Technology and Services
Validated Reviewer
Verified Current User
Review Source

"AlienVault USM"

What do you like best?

Alien Vault USM provides an all in one solution to compliance and network monitoring. With advanced intrusion detection and logging.

What do you dislike?

I have nothing to dislike about AlienVault

Recommendations to others considering the product

Easy to use and deploy

Nice GUI easy to setup users and user levels

What business problems are you solving with the product? What benefits have you realized?

Unified Security Management (USM) Delivers Advanced Security in the Cloud & On-Premises

Asset Discovery / Asset Management

Vulnerability Assessment / Network Vulnerability Scanning

Vulnerability Management

Intrusion Detection

Network IDS

Host Based IDS

File Integrity Monitoring

SIEM / Event Correlation

SIEM

Event Correlation

Threat Detection

Insider Threats

Advanced Persistent Threats

Ransomware

AlienVault USM review by Dan D.
Dan D.
Validated Reviewer
Verified Current User
Review Source

"Great product with an awesome support staff behind it."

What do you like best?

Very easy to setup and monitor new assets, Like the ability to setup policy t be alerted on. scheduling auto scans to meet compliance needs. It very easy to train staff to use and working with AlienVault.

What do you dislike?

I dislike not having this AlienVault soon.

Recommendations to others considering the product

Great product with excellent support

What business problems are you solving with the product? What benefits have you realized?

This solves compliance requirements such as pci, hipaa and Judicial court systems compliance

AlienVault USM review by Administrator
Administrator
Validated Reviewer
Verified Current User
Review Source

"AlienVault USM "

What do you like best?

Alarms for bad actors. Notifications to email on specific events. Reporting on custom events is nice for tracking usage.

What do you dislike?

Couple of dislikes... HIDS is very slow so if you're trying to audit Active directory logons for a specific user forget it. Plugins are just too hard to write if you aren't a programmer. Need a professional to do any real "tweaking" as support only does break fix.

Recommendations to others considering the product

Learn Regex/Python

What business problems are you solving with the product? What benefits have you realized?

SIEM window pane for threats and HIPAA compliance through audits and notifications.

AlienVault USM review by Administrator in Mechanical or Industrial Engineering
Administrator in Mechanical or Industrial Engineering
Validated Reviewer
Verified Current User
Review Source

"Newbie that's very impressed so far"

What do you like best?

I like the ease of deployment and the fact that everything is managed from a single pane

What do you dislike?

Nothing comes to mind so far as it's living up to it's hype

Recommendations to others considering the product

Give the trial a shot - you won't be disappointed

What business problems are you solving with the product? What benefits have you realized?

Our company has now a real-time view of threats and can act upon these if/when they happen. Previously we may never have noticed or found out that we were being targeted

Learn more about AlienVault USM

AlienVault USM Videos

Kate from G2 Crowd

Learning about AlienVault USM?

I can help.
* We monitor all AlienVault USM reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. Validated reviews require the user to submit a screenshot of the product containing their user ID, in order to verify a user is an actual user of the product.