Chart Key
Average Rating
Average rating based on reviews
Views
Number of total page views
Comparisons
Number of times compared to another product
Reviews
Total number of reviews on IT Central Station
Followers
Number of followers on IT Central Station
The total ranking of a product, represented by the bar length, is based on a weighted aggregate score. The score is calculated as follows: The product with the highest count in each area gets the highest available score. (20 points for Reviews; 16 points for Views, Comparisons, and Followers.) Every other product gets assigned points based on its total in proportion to the #1 product in that area. For example, if a product has 80% of the number of reviews compared to the product with the most reviews then the product's score for reviews would be 20% (weighting factor) * 80% = 16. For Average Rating, the maximum score is 32 points awarded linearly based on our rating scale of 1-10. If a product has fewer than ten reviews, the point contribution for Average Rating is reduced (one-third reduction in points for products with 5-9 reviews; two-thirds reduction for products with fewer than five reviews). Reviews that are more than 24 months old, as well as those written by resellers, are completely excluded from the ranking algorithm.
Most Views
From IT Central Station visitors
Most Reviews
Within the last 24 months
Most Followed
By IT Central Station users
Most Compared
From IT Central Station visitors

Threat Intelligence Platforms Reviews

Read top reviews of Threat Intelligence Platforms solutions from the IT Central Station community:
Your trust is our top concern, so companies can't alter or remove reviews.
AlienVault
Consultant
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Jul 06 2017

What is most valuable?

Flexible Deployment Architecture – This is where the Open Source roots really start to flex their muscles when it comes to AV USM. The main components of the architecture are as follows: * AV Sensor: AV Sensors perform Asset Discovery,... more»

How has it helped my organization?

A jack-of-all trades: The best thing about AlienVault USM is it being a “Jack-of-All Trades” solution. It provides SIEM, HIDS/NIDS, FIM, NetFlow, Asset Management, Vulnerability Management, etc., under one USM platform. None of the commercial... more»

What needs improvement?

This product is jack-of-all trades, but master of none. As mentioned in the good, being a jack-of-all trades is well suited for certain organizations. However, the lack of mature functionality and expertise in any of those areas is a strong... more»
AlienVault
Consultant
Security Consultant at a tech consulting company with 51-200 employees
Jul 24 2016

What is most valuable?

As an information security consultant that works across many diverse networks, these features offer by far the most critical information when analysing a client’s environment for issues that need to be addressed:

How has it helped my organization?

We run this product on our network 24/7 and it has helped identify many important events. We take the security of our network very seriously, and this helps to quickly identify and lock down any potential vulnerabilities or events that could... more»

What needs improvement?

My biggest challenge has always been the fine tuning that is sometimes required for some networks. It requires a solid understanding of Linux and databases and how networks work. So a non-technical user may become frustrated, or not configure... more»

Have A Question About Threat Intelligence Platforms?

Our experts can help. 279,835 professionals have used our research on 6,323 solutions.
AlienVault
Reseller
Information Security Consultant at Securepoint Nederland B.V.
Jul 24 2016

What is most valuable?

Vulnerability scanning and OTX are powerful. The alerting and security intelligence is the engine of the product. Looking at the cockpit and monitoring your IT environment is now almost a one man job. There is no complex alerting or code... more»

How has it helped my organization?

AlienVault does not stop a security breach, but it detects and notifies the responsible people and they can immediately interact and take the necessary actions. Identifying security risks and minimizing downtime is the added value.

What needs improvement?

The next release will include cloud security and it will support a hybrid IT environment, furthermore the OTX has a great added value but it will help when there is more OTX information in the database. Future releases will definitely need to... more»
AlienVault
Real User
Systems Engineer at a university with 201-500 employees
Jun 04 2017

What is most valuable?

* Real-time email alerts * Event correlations * Log management * System monitoring * Network monitoring * Up-time monitoring * OTX threat intelligence * Vulnerability scanning reporting There are too many to list.

How has it helped my organization?

It has given us insight into our network: * What is on it * What traffic is on it * What is happening on our servers It is one location to view many things.

What needs improvement?

The menu system can be a little confusing, until you use it for a while. Such as at the top right there is a “settings” menu. Which is more of a user profile menu. I would like that to say what it is “My Profile.” Under the “Settings” menu I... more»
AlienVault
Real User
SOC Intrusion Analyst at a tech services company with 51-200 employees
Jul 24 2016

What is most valuable?

* Raw logs * Alarm section * Security events

How has it helped my organization?

Once we placed AlienVault in the product we have now, the time it takes to find and respond to real anomalies has dropped from hours to minutes, it has so much potential to be an amazing product despite it's many issues. After working with so... more»

What needs improvement?

Directives and searches within security events. So many issues with directives. Creating directives is a pain on it's own, but editing them can be a nightmare filled with tedious unnecessary steps. You do not have an option to whitelist or... more»
AlienVault
Consultant
Security Consultant at a tech consulting company with 51-200 employees
Jul 24 2016

What is most valuable?

AlienVault provides excellent visibility into your network by combining centralized logging, host-based IDS and network IDS. This enables me to detect quite a lot of potential issues that have gone through AlienVault's correlation engine and... more»

How has it helped my organization?

On several occasions we have detected attacks (DDoS) just as they are starting and have been able to rapidly mitigate them. We have also noticed outdated Java and Flash versions due to the snort rules included in the appliance.

What needs improvement?

The biggest improvement they could do is to provide full support for IPv6 addressing. It currently has quite lightweight support for IPv6 addresses in the sense that it will record the source/destination addresses in all cases, but currently... more»
Real User
Technical Architect at a financial services firm with 10,001+ employees
Oct 24 2017

What is most valuable?

* The overall view of the solution: It encompasses end-to-end analysis and response. * Log management * Threat management: Threat hunting is going to be a large topic for us as well, which being a big data engine, will go a long way for us,... more»

How has it helped my organization?

It has improved our ability to see incidents when they occur, instead of maybe a few weeks or a few months down the road. Overall effectiveness is very good. I like how it is oriented to both analysts and technical support people. It's easily... more»

What needs improvement?

I would like to see case management become more independent from LogRhythm itself. Right now, it is very oriented to LogRhythm based events, but not manual events, such as user reported things and incidents where we might have large volumes... more»
AlienVault
Real User
Network Security Administrator at a comms service provider with 501-1,000 employees
Jul 14 2016

What is most valuable?

The most important part of the product is the event correlation and alerting that it provides. Sifting through tens of millions of logs a day looking for the proverbial needle in a haystack is impossible for a single person or even a team... more»

How has it helped my organization?

Being able to identify security issues as they occur at near real time. Being able to then respond to them as soon as they occur is priceless.

What needs improvement?

We have a relatively large deployment that spans multiple locations and domains. Having the ability to authenticated users across multiple domains would be useful, but is not critical. The log query capability is pretty restrictive and I find... more»
AlienVault
Real User
Information Security Manager at a tech services company with 201-500 employees
Jun 30 2017

What is most valuable?

The ease of use and customization. The USM is a work horse, no matter what devices or the number of logs we throw at it, the system processes them in real time, correlates the events, and alerts on only events that need human review.

How has it helped my organization?

We used to have to monitor and review logs for each device. Now, everything comes into AlienVault and it alerts us when we need to respond. We now have real-time monitoring 24x7x365 using an in-house team.

What needs improvement?

The one thing I continue to dislike about the USM is the limitation on reports. Hard to get what you need in a report and once you do, there is no control over the formatting.
AlienVault
Real User
Chief Information Security Officer at a tech services company with 51-200 employees
Jul 14 2016

What is most valuable?

Flexibility. As the source of AlienVault is based on an Open Source product, it is possible to implement nearly everything including fully customized plugins, scripts, etc. We haven't yet found any limitations.

How has it helped my organization?

We are now able to track any kind of threat including external (malware) or internal (people trying to bypass restrictions, USB keys etc.). We are able to track changes in the authentication integrity (new user created, domain admin... more»

What needs improvement?

The search capabilities are not optimal and are going to be optimized in the next versions. For example, it is possible to search both username and IPs but not usernames and specific fields (aka user data) at the same time. Documentation... more»
AlienVault
Real User
Security Analyst at a legal firm with 501-1,000 employees
Jul 14 2016

What is most valuable?

* Correlation * Customization

How has it helped my organization?

No, but that’s not really their fault, rather ours. I think this has a lot of valuable functions that really could be leveraged quite nicely.

What needs improvement?

They have the advantage of having a large community that uses the free version, and they really could use this as a sort of beta testing population for new releases. Yet, a lot of the releases break things that are used. I think they need to... more»
AlienVault
Real User
Manager, Information Security at a retailer with 1,001-5,000 employees
Jul 13 2016

What is most valuable?

The fact that I am a very small security team and AlienVault allows me to have a SIEM, FIM and Vulnerability scanner all in one.

How has it helped my organization?

I am able to scan for vulnerabilities quickly on existing devices and also for new devices being deployed. Since I don’t have a lot of time to learn new and complicated tools, being an e-commerce company, this allows me to increase the... more»

What needs improvement?

With all these products there is always room for improvement. Whether it’s making the filtering of anomalies better, making setup and deployment faster, streamlining more of the functional aspects of the product, etc. There is really not one... more»
AlienVault
Real User
SOC Analyst II at a comms service provider with 11-50 employees
Apr 10 2018

What is most valuable?

The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the... more»

How has it helped my organization?

AlienVault has provided a nice, unified system for monitoring and reporting. Since we use this for customer security services, the vulnerability scans have come in handy for overall system health checks, for making sure customers aren't... more»

What needs improvement?

The UI and overall processes need a little bit more love. The development job postings have the requirement, for prospective candidates, of "values progress over perfection". This shows in the error banners that come up when you select... more»
AlienVault
Real User
Chief Security Officer at a financial services firm with 501-1,000 employees
Jul 14 2016

What is most valuable?

The integration of IDS and OSSEC is valuable as it enables correlation between Network IDS events and host system event logs.

How has it helped my organization?

AlienVault USM has improved how we manage events and incidents in our infrastructure. With AlienVault we are able to respond to incidents and take necessary action faster than we could before without the solution in place.

What needs improvement?

Some customizations with the integration between AlienVault components have room for improvement and enabling users with WebUI interfaces instead of having to edit configuration files on the system to achieve certain actions would be a good... more»
AlienVault
Real User
admin at a non-tech company with self employed
Jun 13 2018

What is most valuable?

* Centralized logs: All the details are in one place. This is helpful if you have over 100 servers. * Centralized IDS: We need this as we are able to see what is happening in (almost) real time.

How has it helped my organization?

From my perspective, it saves me about two to seven hours weekly. Now, I can easily check (in one place) all the logs and data in relation to attacks. It also gives me an overview if a server is not configured properly.

What needs improvement?

* Plugins could be better utilized, as some of them do not recognize all logs. * We could add little more customization to dashboards.
AlienVault
Real User
Information Systems Network Technician at a local government with 501-1,000 employees
Nov 21 2016

What do you think of AlienVault?

Valuable Features It's a single solution that is meeting the needs of multiple of my PCI compliance objectives. • Improvements to My Organization I was able to replace our log management solution with this product. A single server that allows for log management, vulnerability scanning, and file integrity monitoring. • Room for Improvement The alarms section of the USM is very robust, yet I still find myself having to look back through the events to find more details. It would be nice if I could navigate straight to the event from the alarm. • Use of Solution I've been using it for six months. • Stability Issues I had a renegade plugin that was installed by the company who helped me with the initial setup. The plugin was missing a command to rotate logs and would...
AlienVault
Real User
Network Operations Manager / Systems Engineer at a tech services company
Jan 14 2018

What is most valuable?

The asset management of nodes has been a large help in terms of being able to track applications with more detail and have changes made being monitored into one source. The vulnerability scanning has also been an aide of reviewing the systems... more»

How has it helped my organization?

The all-in-one source for the needs of compliance has put everything into one location without the need of other applications and tools to accomplish the tasks. It brought our logs into one place for review and set up alarms based on changes... more»

What needs improvement?

Source material on the forums to be more up-to-date with the changes happening within the product. Forums being out-of-date with information due to the changes makes troubleshooting a little more difficult - specific to the HIDS agents.... more»
AlienVault
Real User
Group Information Security Officer at a Consumer Goods with 1,001-5,000 employees
Jun 27 2016

What is most valuable?

The correlation from the Host Based Intrusion to Network Intrusion against the vulnerabilities in my network.

How has it helped my organization?

We had no visibility of our vulnerabilities without looking up WSUS and matching this against the Windows bulletins. This completely missed the mark when it came to third party patches and poor configuration and waster hours upon hours for... more»

What needs improvement?

The reporting could do with some improvements for example the vulnerability report only tells you what vulnerabilities are open and lists them but there is no indication of how old they are at a glance and what vulnerabilities have been... more»
AlienVault
Real User
IT Supervisor at a energy/utilities company
May 25 2017

What is most valuable?

The best feature of this product is the ease of use. It is extremely easy to set up and get going. This is a very useful tool for a small organization.

How has it helped my organization?

This has helped improve our overall IT security by allowing us to implement a full suite of security tools that allows us to roll out log management on clients and servers, host-based IDS, and network-based IDS. It also provides vulnerability... more»

What needs improvement?

I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job.
AlienVault
Real User
Security Architecture and Operations Lead at a university with 1,001-5,000 employees
Jan 25 2017

What is most valuable?

The NIDS/HIDS features have probably been the best features for us in our environment. We've had some open-source options and, while they work, it isn't the same as having commercial support. SIEM is the second-most useful feature.

How has it helped my organization?

We've been able to professionally generate alerts for IDS, SIEM and vulnerabilities where we didn't have those capabilities before.

What needs improvement?

Reporting still needs a lot of work, especially on the vulnerability side. Vulnerability management UI could be improved as well. Vulnerability reports are clunky and difficult to manage. The layout is not really professional or intuitive and... more»

Have A Question About Threat Intelligence Platforms?

Our experts can help. 279,835 professionals have used our research on 6,323 solutions.
25,203
Manager, Enterprise Risk Consulting
Dynamic 9 years of IT career, reflecting progressive experience and performance in the computer and Internet industries. Specialized in providing cutting-edge solutions to traditional Security issues; establishing strategic ideas in various domains and demonstrating self-motivation, creativity,... more>>
Reviewed Fortinet FortiSIEM (AccelOps): The product is a well rounded performer when it...

Sign Up with Email