AlienVault Reviews

4.2 out of 5 stars
 (55)
Security information and event management %28siem%29 report from it central station 2017 12 24 thumbnail
Find out what your peers are saying about AlienVault, Splunk, LogRhythm and others in Security Information and Event Management (SIEM).
246,941 professionals have used our research since 2012.
Security information and event management %28siem%29 report from it central station 2017 12 24 thumbnail
Find out what your peers are saying about AlienVault, Splunk, LogRhythm and others in Security Information and Event Management (SIEM).
246,941 professionals have used our research since 2012.

Articles

A5223938 eed9 42af 9f16 9a9bd1568f21 avatar
Content and Community Manager
IT Central Station
Anders lundkvist li?1414335464
Anders LundkvistVery strange that there is no mention of Splunk in this article! more »
Anonymous avatar x30
Christian SteinWhile I accept that products may be ranked according to different criteria... more »
9dc9441e 2536 4da2 a211 6f58fc24d2aa avatar
Ly Binh LapNot Splunk. Why? more »
Picture 1135 1356968943
ctsandersAnders brings up a valid point, however, splunk, based on the definition of... more »
Anonymous avatar x30
Altug DorumLogsign with well-designed architecture and key features improves your... more »
586a0b95 d1a9 4d98 8969 0ea1d5dc95c8 avatar
Naomi GoldbergRatings are based on user reviews, not analyst reports. Feel free to add your... more »

User Assessments By Topic About AlienVault

A jack-of-all trades: The best thing about AlienVault USM is it being a “Jack-of-All Trades” solution. It provides SIEM, HIDS/NIDS, FIM, NetFlow, Asset Management, Vulnerability Management, etc., under one USM platform. None of the commercial SIEM vendors like ArcSight, McAfee, etc., can boast of such a diverse feature set. * QRadar is the closest to AV USM in terms of feature diversity. While all the features are formerly isolated Open Source community projects, the USM does a good job of integrating them into a feature set. While they are not great as individual parts, they more than make up as a sum of the parts. * OTX – Open Threat Exchange is a wonderful community sharing platform that helps clients to share IP and URL reputation information so that all AV customers can benefit. This is true community sharing modeled on the likes of the Splunk Community (for app development). This has the potential to grow into a large source of Real World Intelligence and what AlienVault intends to do with this data remains to be seen. For now, it is being used by USM Correlation engine to provide better context and content for Security monitoring. AlienVault Labs, is also utilizing this infrastructure to constantly update Detection rules for malware vectors, vulnerability exploits etc. QRadar and ArcSight provide Intelligence, but it is commercial intelligence and not community intelligence. With community intelligence, you get more hits than misses. * Multi-Tenancy – While this feature may not elucidate an interest from many readers, those who have worked in an MSSP environment can understand why this is a very important feature to have. AV USM does support Multi-Tenancy out of the box. This, when combined with the Architecture flexibility provide great MSSP models to sell and operate. The key is to understand how the multi-tenancy works. Basically, a single database is used to store data of several customers using a Data isolation Logic and Permission control. The data isolation logic is based on Entities created in USM (Assets, Users, Components Assigned (Sensors) etc., are grouped together as a Single Entity) and Permissions (applied in a granular fashion to data sets related to the Entities). QRadar, ArcSight and other major SIEM products provide this as well. * Integration – While AV USM is known for being customization friendly, the amount of out-of-the-box plugins for Log Monitoring and Correlation is limited to the well-known products. It does not have comprehensive integration capabilities with say legacy applications, Directory services, databases, etc., that other SIEM vendors boast of. Similarly, it relies mostly on its own “pre-packaged” tools for data enrichment and hence has poor “Third Party” Integration capabilities. However, if you really are a developer of open source products, the integration challenge can be overcome. But how many are willing in the real world enterprise? * Correlation and Workflow – What good is a SIEM product if it cannot perform advanced Correlation and Operational workflow? AV USM has a strong foundation in Correlation using XML driven Directives and Alarms thresholds. However, when it comes Head-to-Head with the Industry leaders like ArcSight, QRadar, Splunk, etc. it falls terribly short. We particularly like the Cyber Kill Chain flow which a lot of customers are using for complete visibility, but this is not the end game in real world enterprise operations where not all the data points required for the directive are available. Same thing goes for the workflow, where the integration with external ticketing or issue tracking system is very limited, and hence acts as a deterrent in large scale deployments.

AlienVault Questions

Anonymous avatar x80
Security Solution Architect at a comms service provider with 501-1,000 employees

AlienVault Projects By Members

Check out these projects from our community members.
Project management
Performed full security assessment to set security strategy
Performed full security assessment to set security strategy for the next year.

AlienVault Consultants


Request a call with one of our top consultants and experts in AlienVault. (Add me to this list.)
Vinod shankar li?1414336887
24,370
Manager, Enterprise Risk Consulting
Dynamic 9 years of IT career, reflecting progressive experience and performance in the computer and Internet industries. Specialized in providing cutting-edge solutions to traditional Security issues; establishing strategic ideas in various domains and demonstrating self-motivation, creativity,... more>>
Reviewed Fortinet FortiSIEM (AccelOps): The product is a well rounded performer when it...

What is AlienVault?

Unified Security Management (USM) is AlienVault’s comprehensive approach to security monitoring, delivered in a unified platform. The USM platform includes five core security capabilities that provide resource-constrained organizations with all the security essentials needed for effective threat detection, incident response, and compliance, in a single pane of glass. Designed to monitor cloud, hybrid cloud and on-premises environments, AlienVault USM significantly reduces complexity and reduces deployment time so that users can go from installation to first insight in minutes for the fastest threat detection.

The vendor says unlike traditional security point technologies, AlienVault Unified Security Management does the following:

o   Unifies essential security controls into a single all-in-one security monitoring solution

o   Monitors your cloud, hybrid cloud, and on-premises infrastructure

o   Delivers continuous threat intelligence to keep you aware of threats as they emerge and change

o   Provides comprehensive threat detection and actionable incident response directives

o   Deploys quickly, easily, and with minimal effort

o   Reduces TCO over traditional security solutions

Also known as
AlienVault Unified Security Management
AlienVault customers

Big Fish Games, SaveMart, Subaru, Ziosk, Ricoh, Nemo Express, Pepco Holdings, Regis University, TaxAct, McKinsey & Company, Bank of Ireland, Claire's, New York Times, Ubisoft, Hays Medical Center, Richland School District, University of Oklahoma, Florida Heart, Lush Cosmetics, Hope International 

Vendor 28943 screenshot 1515865525
BUYER'S GUIDE
Not sure which Security Information and Event Management (SIEM) solution is right for you?

Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about AlienVault, Splunk, LogRhythm, and more!
Security information and event management %28siem%29 report from it central station 2017 12 24 thumbnail

Sign Up with Email