LevelBlue USM Anywhere

Score4.2 out of 10

733 Reviews and Ratings

Community insights

TrustRadius Insights for AlienVault USM are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Business Problems Solved

Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.

AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.

AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.

The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.

Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.

Reviews

390 Reviews

Great product for small IT teams

Rating: 10 out of 10

Incentivized

July 18, 2019

Use Cases and Deployment Scope

AlienVault is being used by our IT department to monitor and control network and server access, as well as our internal security audit tool (using the vulnerability scanning functions that comes built-in).
I also use the vulnerability scanner to keep track of how my update process is behaving, as well as track software on the system that is not allowed by the company.

Pros

Network monitoring -- all activity is logged, and you can have as many or as little alerts as you need.
The vulnerability scanner is great and can be scheduled!
The dashboard when you log in is outstanding and very clear, so you can see issues easily.

Cons

Out of the box there is a lot of "noise," and it requires a significant effort to reduce that down to a manageable level.
The interface can be a bit clunky at times.
Results from forensics info are difficult to locate, as they register as events. This should pop up in a window when you send the command, or email you when done, so that you can go retrieve it, ideally from a dedicated section on the interface.

Likelihood to Recommend

AlienVault is a very good NIDS and HIDS system and it is suited for a fairly small security team (as long as someone can put the effort into removing or reducing the noise and non-relevant notifications).
I also like the fact that you can view any and all events on the network.

Verified User

Manager in Information Technology (501-1000 employees)

Vetted Review

AlienVault USM: Simplifying Security with Cost-Effective Threat Detection.

Rating: 10 out of 10

Incentivized

February 23, 2024

Use Cases and Deployment Scope

Our organization uses AlienVault USM to enhance the security posture and streamline our clients' threat detection and response. The product helps us address critical business problems, such as identifying and mitigating security threats, monitoring network activity, and ensuring compliance with regulations. Our use case involves deploying USM across our network to monitor logs, detect anomalies, and respond to incidents effectively.

Pros

Asset discovery.
Real-time threat detection.
Centralized log management.
Provides actionable insights into emerging threats.
Intrusion detection.

Cons

Enhancing user interface intuitiveness.
Granular customization options for alerts and reporting.
Integration with third-party tools and expanding support for emerging threat intelligence sources would be beneficial since the alien app only supports a few.

Likelihood to Recommend

AlienVault USM is well-suited for organizations needing a centralized solution for threat detection, log management, and compliance. It's less appropriate for large enterprises requiring highly customized or specialized security solutions.

Verified User

Professional in Information Technology (501-1000 employees)

Vetted Review

3 years of experience

Empowering Security Zenith with Unified Vigilance.

Rating: 8 out of 10

Incentivized

June 3, 2023

Use Cases and Deployment Scope

As an IT researcher at a university, we use AlienVault USM for centralized security monitoring, threat detection, incident response, compliance reporting, and vulnerability assessment to enhance our security posture. The scope includes network infrastructure, servers, and critical systems.

Pros

Unified Security Monitoring and Threat Detection.
Integrated Incident Response.
Compliance Management and Reporting.

Cons

User Interface and Ease of Use.
Customization and Flexibility.
Enhanced Automation and Orchestration.

Likelihood to Recommend

AlienVault USM is well-suited for scenarios such as small to medium-sized businesses (SMBs) with limited resources, compliance-driven environments, and organizations with dedicated Security Operations Centers (SOCs). It simplifies security operations for SMBs, aids in compliance monitoring and reporting, and streamlines activities for security teams in SOCs.However, there are scenarios where AlienVault USM may be less appropriate. These include large enterprises with complex environments that require more specialized and scalable solutions, organizations with extensive existing security infrastructure, and highly customized environments where out-of-the-box capabilities may not align perfectly with unique requirements.

Verified User

Engineer in Information Technology (1-10 employees)

Vetted Review

1 year of experience

will I continue to use USM, Yes I would

Rating: 8 out of 10

Incentivized

June 1, 2023

Use Cases and Deployment Scope

USM is our primary SIEM solution. The solution is not a standard SIEM but rather a SOAR, where one can add orchestration rules as well as run investigations. All of our network devices, servers, IPS IDS FW and more then all send the logs to this solution. Then the SIEM creates events which derive alerts and alarms.

Pros

Investigations
Event collection and alerting
correlation rules

Cons

N/A
CBT training
training

Likelihood to Recommend

Investigations, The investigation process is very well planned where, all items can be linked and any asset, time line, or threat can be linked to a single investigation. This assists in solving the purpose of the investigation and getting to the bottom of the cause of the threat. Either an action plan is derived or the investigation can be closed with comments for future.

Verified User

Professional in Information Technology (501-1000 employees)

Vetted Review

3 years of experience

Excellent security for your machine

Rating: 9 out of 10

June 1, 2023

Use Cases and Deployment Scope

It's a very effective security level for industries. We had a security breach sometime back and we opted for AlienVault. It looks like high technology since the multi level security is added. It maintains our logs which helps me as a developer to debug if anything required. Since we use connection in VPN it tracks all the websites we have accessed and blocks it if unnecessary.

Pros

Security
User operations tracking

Cons

Notifications pop up is annoying
Little more improvement in UI side

Likelihood to Recommend

It's well suited because I can work from home with thinking of my data getting beached. The multi level security will allow only a particular sites allowed by IT and thus no afraid of machine being misused when used privately to watch movies. Log maintaing is effective as a developer.

Verified User

Engineer in Information Technology (10,001+ employees)

Vetted Review

2 years of experience

MSSP Review

Rating: 8 out of 10

October 4, 2021

Use Cases and Deployment Scope

AlienVault offers a different experience as opposed to other SIEM tools where it can be set up and configured properly in a shorter amount of time. The built-in correlation rules are of great quality with little-to-no setup required to switch on. Asset management and scanning is a great feature to keep on top of the list of assets to monitor, as well as dynamic and static asset lists. OTX is one of the best features to implement directly into USM Anywhere, with up-to-date threat intelligence as well as pulses to subscribe to.

Pros

Threat intelligence look-ups
Asset management
Vulnerability scanning

Cons

Better UI/workflow for alarms
Better alarm management (add notes/set status)

Likelihood to Recommend

AlienVault is a great all-in-one SIEM appliance to apply to both small and large-scale environments. Asset management and vulnerability scanning as built-in features are useful tools to keep on top of asset management. OTX threat intelligence is a highly valuable feature to correlate with threat alarms, providing up-to-date threat intel.

Verified User

Employee in Engineering (11-50 employees)

Vetted Review

1 year of experience

Great product but out of the box it needs a lot of work.

Rating: 7 out of 10

Incentivized

May 20, 2021

Use Cases and Deployment Scope

Implemented in a SaaS company with resources in colocation and AWS. All server assets are covered however workstations are not. We like that it provides the opportunity of granular logging on all systems and networks.

Pros

UX/UI responsive and easy to navigate.
Covers wide variety of systems and devices.
Ease of getting sensors up and running.

Cons

More simplified dashboards would help not overwhelm new users.
Use more industry-standard terms for items.
Tech support that actually reads your questions prior to replying with canned responses.
Update their KBs to reflect real-world scenarios. We've ran across several places where NxLog's settings in the KB were incorrect and support had no idea, kept telling us that we were wrong despite demonstrating to them the correct settings.

Likelihood to Recommend

AlienVault is well-suited for the customer that needs compliance reports for PCI/HIPAA/etc. The price will hinder some customers from being able to afford it. This tool does the same thing that dozens of others do, so concentrating more on security scanning, vulnerability, and threats would prevent it from too much overlapping of features. Every vendor who tries to do a "single pane of glass" and be a "single source" always does this poorly.

Verified User

Technician in Information Technology (1-10 employees)

Vetted Review

Great if you can deploy and manage on-premises SIEMs

Rating: 7 out of 10

Incentivized

March 22, 2021

Use Cases and Deployment Scope

It is being used department-wide. We offer professional services and deploy it for customers and ensure that the SIEM is configured properly. Our current customers are extremely satisfied with the product; the only drawback is that the absence of a skilled technician experienced in AlienVault USM can have trouble configuring and troubleshooting any problems.

Pros

OTX
HIDS
Asset discovery

Cons

Literal terminology used
UI
Troubleshooting

Likelihood to Recommend

It is well suited for companies having the resources to deploy on-premises SIEMs and the technically skilled staff to manage it. It's ideal for big companies which require an SOC. It is not suitable for companies with fewer resources, a lack of skilled staff to manage the SIEM, and less financing in security budgets.

Verified User

Analyst in Engineering (11-50 employees)

Vetted Review

Reseller

AlienVault - Not Worth the Price

Rating: 4 out of 10

Incentivized

November 11, 2020

Use Cases and Deployment Scope

AlienVault was purchased to provide the security department with a security operations center overview of the infrastructure of our environment. It is currently only being used as a SIEM for the Security Department for client compliance. This is due to the the lack of resources to manage the day to day management of the tool.

Pros

Log collection

Cons

Users cannot share views across an organization.
Views and reports could be more interchangeable.
Descriptions of events are based upon each individual asset reporting and not a general grouping of events according to any framework or standards. This makes it difficult for the administrator/user as they would need to know each and every asset and their respective event descriptions.

Likelihood to Recommend

At this point I'm saying a 4. While the marketing material make it appear to be easy to use and it was relatively easy to set up, as previously mentioned, each event description is based upon the individual asset making it nearly impossible for the administrator to be a SME for each asset. For example, if one of the assets reporting is a router, the administrator monitoring alerts would need to know what the various events are that can be triggered as an event for the particular router; however, if the asset is a workstation, the administrator would need to know the various events that are triggered for workstations.

Verified User

Manager (501-1000 employees)

Vetted Review

1 year of experience

AlienVault USM Anywhere, a SIEM that is easy on your pocket.

Rating: 8 out of 10

Incentivized

August 29, 2020

Use Cases and Deployment Scope

We are a reseller of Alienvault USM and provide managed SOC services. We recently deployed for a telecom operator to monitor business-critical services including Windows and Linux. It's not for all departments, mainly for agents deployed on critical servers only to monitor the activities and discover anamolies.

Pros

Deployment is straight forward
AlienVault USM forensic and response app is great. You can create rules to shut down, disable networking, etc. automatically if Windows becomes infected.
AlienVault allows seamless integration with third-party products like Cisco, Office365 etc.

Cons

A lot of false-positive alarms

Likelihood to Recommend

Overall AlienVault USM is a great product.

Verified User

Professional in Information Technology (201-500 employees)

Vetted Review

2 years of experience

Loading Reviews List....