Most Helpful Review
Researched LogRhythm NextGen SIEM but chose AT&T AlienVault USM: I can easily check all logs and data in relation to attacks in one place
Researched AT&T AlienVault USM but chose LogRhythm NextGen SIEM: We use it to examine traffic patterns and anomalies, but have a hard time visually sifting through the noise
Find out what your peers are saying about AT&T AlienVault USM vs. LogRhythm NextGen SIEM and other solutions. Updated: January 2020.
398,259 professionals have used our research since 2012.
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
The most valuable feature of this solution is security management for PCI DSS.
This solution can identify many threats inside the organization (compromised endpoints, configuration issues), as well as "outside" threats (botnets, network scanners, web-attacks, etc).
AlienVault provides a checklist answer when using SIEM.
It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts, NIDS, HIDS, etc. - provides a very efficient way of dealing with things.
The IDS and the threat intelligence are very useful. They are very intuitive and data-rich.
On any given day I could give you a different answer regarding the most valuable features of the product. The feature that is most important is the fact that it has a lot of features, that it's not just a log collection and correlation system, that it has a lot of other components built in. The bundle of features is really the killer feature.
Log-monitoring and alerting enable us to know when things happen that we need to know about.
The dashboards are very descriptive and contain just the right amount of information. The activity alarms and events contain a plethora of data that is very descriptive and useful.
We use this solution to examine disparate log sources and provide a cohesive method to search for anomalous behavior.
The feature that makes it usable is the web interface.
The ability to investigate a particular period of time where you can analyze logs is its most valuable feature.
It has centralized monitoring for our security operations. Therefore, it improves our analysts' work.
The most valuable features would be the automation, reporting, and the support.
The Web Console is my favorite. It enables me, at a glance, to see the health of the environments.
Even other products we have that feed into it, instead of having to watch all of them we only have to watch one. For example, we have CrowdStrike, so instead of having to pay attention that solution - because their dashboard doesn't really pop when an alarm comes up - we can see issues with the red on the LogRhythm alarm. That is very nice.
We take in around 750 million logs a day. We have a lot of products and that would be a lot of different panes of glass that we would have to look through otherwise. By centralizing, we can triage and take steps much more quickly than if we tried to man that many interfaces that come with the products.
This solution could be easier to use.
It would be nice to see some machine learning and monitoring of the configuration in network devices.
We develop additional rules and scripts to make it more usable.
The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management.
One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs... The logger can only hold so much data. If they improved that, that would help.
Search performance can be slow. The Raw Logs feature is painfully slow. And if we're talking about the newer, the Anywhere product, you can't even schedule reports on the thing. There are probably a dozen other features I'd really like to see there, but that would be one of the biggies.
We've had some stability problems, not a lot, but a few. Updates seem to be the worst. That seems to be when the stability problems come up.
they seem to have bugs from time to time that go unfixed for a while and that is frustrating. I'm not saying the product needs to be bug-free, but they need to be responsive to bugs.
I would like to see support added for Exchange 2016, and CheckPoint OPSec Lea.
It is a product that is very hard to use.
I would like to see more integration with more products that are out there within the same security field.
Stability has probably been one area where Health Checks have not been great with the product. We have been told that they are going to improve Health Checks on product, though we do struggle with them on a daily basis.
Scalability misses the mark sometimes, especially when you have an integrated disaster recovery built into the solution.
My biggest issue - I know that they say they're doing it - is that the API-building is extremely important. They keep saying it's coming, it's coming. It's not coming fast enough. I don't care if they need to double their team size to get it out there quicker, the world is already in the cloud and we can't monitor it. That's a big problem for us. My boss keeps coming to me about it. That's an issue.
My biggest complaint is documentation. Everyone tells me, "We have documentation on the Community site." I have searched for different types of documentation on numerous occasions, and it might be there, but it's not easily findable.
My big thing is the easability. I don't like to go to two different systems. The fat client that you have to install to configure it, then the web console which is just for reporting and analysis. These features need to collapse, and it needs to be in a single solution. Going through the web solution in the future is the way to do it, because right now, it is a bit cumbersome.
Pricing and Cost Advice
The vulnerability management solution is worse than buying a Nessus Professional license.
So far, it has been a good solution for a tight budget.
It allows you to do a lot with a small price tag... The pricing is the best on the market.
It's very reasonably priced. It was one of the lowest among the ones I looked at. Licensing is pretty flexible. They can do a two-year or a three-year, even a one-year, perhaps.
The pricing is a good value. The key thing is that for the new product, the licensing of it, is subscription-based and it's based on data. Clients need to be really careful when thinking about that, because odds are they're going to need to put a lot more data into it than what they initially estimate, which is going to drive their subscription costs up.
I don't think the product's pricing is a good value because they try to raise the price 50 percent every year... AlienVault needs to understand that not all customers are huge enterprises... Their sales team is way too aggressive. The price they advertise is not always the price you get.
So far, I feel the product's pricing is a good value. The technology is decent. You get what you pay for. I think it's fair.
The ROI is quite good.
Everything is expensive with LogRhythm, and you don't get anything for free.
When it comes time to renew, they say, "This is what you are using. This is what we can do for you." So, they work with you on pricing.
We have seen a measurable decrease in the mean time to detect and respond to threats. As it comes out new features and new releases, the window is becoming a lot narrower because you can pivot a lot more with the data. Therefore, the new features and enhancements are reducing that.
The nice thing about LogRhythm is you can either use the agents, getting a certain number of agents with your license depending on how you want to go, and those agents do a lot of cool things, or you can use CIS Log host, then you have like an unlimited number of them.
The solution has provided us with consistency and increased staff productivity through orchestrated automated work flows by at least 20 percent.
I have seen a measurable decrease in the mean time to detect and respond to threats. We went from not detecting them to detecting them. We can actually pick up what is anomalous in our network now.
In comparison to the competition, they are more affordable. This allows us to do more with less.
out of 43 in Security Information and Event Management (SIEM)
Average Words per Review
out of 43 in Security Information and Event Management (SIEM)
Average Words per Review
Compared 23% of the time.
Compared 10% of the time.
Compared 9% of the time.
Compared 23% of the time.
Compared 17% of the time.
Compared 8% of the time.
Also Known As
|AlienVault, AlienVault USM, Alienvault Cybersecurity||LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM|
AlienVault USM Anywhere is a cloud-based security management solution that accelerates and centralizes threat detection, incident response, and compliance management for your cloud, hybrid cloud, and on-premises environments. USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physical IT infrastructure.
With USM Anywhere, you can rapidly deploy sensors into your cloud and on-premises environments while centrally managing data collection, security analysis, and threat detection from the AlienVault Secure Cloud.
Five Essential Security Capabilities in a Single SaaS Platform
AlienVault USM Anywhere provides five essential security capabilities in a single SaaS solution, giving you everything you need for threat detection, incident response, and compliance management—all in a single pane of glass. With USM Anywhere, you can focus on finding and responding to threats, not managing software. An elastic, cloud-based security solution, USM Anywhere can readily scale to meet your threat detection needs as your hybrid cloud environment changes and grows.
Try USM Anywhere in your environment—free for the first 14 days.
LogRhythm is a world leader in NextGen SIEM, empowering thousands of enterprises on six continents to successfully reduce cyber and operational risk by rapidly detecting, responding to and neutralizing damaging cyberthreats. The LogRhythm NextGen SIEM Platform combines advanced security analytics; user and entity behavior analytics (UEBA); network detection and response (NDR); and security orchestration, automation, and response (SOAR) in a single end- to-end solution.
LogRhythm’s technology serves as the foundation for the world’s most modern enterprise security operations centers (SOCs), helping customers measurably secure their cloud, physical, and virtual infrastructures for both IT and OT environments. Built for security professionals by security professionals, the LogRhythm NextGen SIEM Platform has won countless customer and industry accolades. For more information, visit logrhythm.com.
Learn more about AT&T AlienVault USM
Learn more about LogRhythm NextGen SIEM
|Abel & Cole, Bank of Ireland, Bluegrass Cellular, CareerBuilder, Claire's, Hays Medical Center, Hope International, McCurrach, McKinsey & Company, Party Delights, Pepco Holdings, Richland School District, Ricoh, SaveMart, Shake Shack, Steelcase, TaxAct, Taylor Morrison, Vonage and Zoom||Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill|
Financial Services Firm22%
Comms Service Provider9%
Software R&D Company20%
Comms Service Provider19%
Financial Services Firm6%
Financial Services Firm28%
Software R&D Company23%
Comms Service Provider11%
Financial Services Firm7%
See also AT&T AlienVault USM Reviews, LogRhythm NextGen SIEM Reviews, and our list of Best Security Information and Event Management (SIEM) Companies.