---
title: LevelBlue USM Anywhere Reviews
meta_title: 'LevelBlue USM Anywhere Reviews 2026: Details, Pricing, & Features | G2'
meta_description: Filter 114 reviews by the users' company size, role or industry
  to find out how LevelBlue USM Anywhere works for a business like yours.
aggregate_rating:
  rating_value: 4.4
  review_count: 114
  scale: '5'
date_modified: '2026-06-22'
parent_category:
  name: System Security
  url: https://www.g2.com/categories/system-security
---

# LevelBlue USM Anywhere Reviews
**Vendor:** LevelBlue  
**Category:** [Security Information and Event Management (SIEM) Software](https://www.g2.com/categories/security-information-and-event-management-siem)  
**Average Rating:** 4.4/5.0  
**Total Reviews:** 114
## About LevelBlue USM Anywhere
LevelBlue USM Anywhere is a cloud-based security management solution that accelerates and centralizes threat detection, incident response, and compliance management for your cloud, hybrid cloud, and on-premises environments. USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physical IT infrastructure. With USM Anywhere, you can rapidly deploy sensors into your cloud and on-premises environments while centrally managing data collection, security analysis, and threat detection from the AlienVault Secure Cloud. Five Essential Security Capabilities in a Single SaaS Platform AlienVault USM Anywhere provides five essential security capabilities in a single SaaS solution, giving you everything you need for threat detection, incident response, and compliance management—all in a single pane of glass. With USM Anywhere, you can focus on finding and responding to threats, not managing software. An elastic, cloud-based security solution, USM Anywhere can readily scale to meet your threat detection needs as your hybrid cloud environment changes and grows. 1. Asset Discovery 2. Vulnerability Assessment 3. Intrusion Detection 4. Behavioral Monitoring 5. SIEM




## LevelBlue USM Anywhere Reviews
  ### 1. Comprehensive cloud security and monitoring platform

**Rating:** 5.0/5.0 stars

**Reviewed by:** Luis Emmanuel M. | Gerente de Operaciones de Cuentas Black, Information Technology and Services, Mid-Market (51-1000 emp.)

**Reviewed Date:** September 23, 2025

**What do you like best about LevelBlue USM Anywhere?**

The complete visibility of the infrastructure and the ease of correlating security events in real time.

Its ability to integrate SIEM, intrusion detection, vulnerability analysis, and incident management into a single panel; in addition to the intuitive dashboards and proactive alerts that reduce response time.

**What do you dislike about LevelBlue USM Anywhere?**

It may take time to adjust the policies and custom rules; additionally, some advanced reports could be more flexible in formats and filters.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

In general, LevelBlue USM Anywhere is a comprehensive and reliable platform that centralizes security, accelerates incident response, and facilitates regulatory compliance, becoming a strategic ally to keep critical infrastructure protected.

  ### 2. Impressive Cloud Based SIEM

**Rating:** 4.5/5.0 stars

**Reviewed by:** Goodness  I. | Information Security Analyst , Financial Services, Mid-Market (51-1000 emp.)

**Reviewed Date:** May 24, 2024

**What do you like best about LevelBlue USM Anywhere?**

I like the automated asset discovery feature, once we created the network tap, we could easily discover assets on the dashboard.

Another feature that I absolutely love is the integration with Alienvault OTX, having to group/categorise IP addresses and hostnames based on pulses from OTX gives you an idea of what you're about to investigate before you even get started.

**What do you dislike about LevelBlue USM Anywhere?**

The least helpful thing would be the need to spend more for EPS.

If you have a large on-prem environment and you decide to use Alienvault, you could be regularly over-shooting the EPS count for your license, this increases cost.

The more your environment grows, the more you have to pay for licenses.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

We can use the Vulnerability Scanner without having to pay for another Vulnerability Scanning software, and not incur the risks associated with open source scanners.

Running a hybrid environment means we need full visibility on both cloud and on-prem assets, and Alienvault gives us that coverage.

  ### 3. Super easy to use and works well for all of our clients

**Rating:** 5.0/5.0 stars

**Reviewed by:** Chris E. | Security Engineer, Mid-Market (51-1000 emp.)

**Reviewed Date:** January 20, 2023

**What do you like best about LevelBlue USM Anywhere?**

This is a great SIEM with all the features we need.  It has central management which is huge for us since we are an MSSP and have many clients in many different environments.  It also has some built in connections with tools that are super helpful.

**What do you dislike about LevelBlue USM Anywhere?**

I don't really dislike anything about Alienvault.  The cost isn't very high and the services offered are pretty wide.  If I had to change anything I think I would add rules based on time.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

We use this for every client as a SIEM And a way to generate alerts for anything that seems unusual.  This has been working great and it integrates with many of their tools.

  ### 4. It is good for the small org. to start with security monitoring.

**Rating:** 2.5/5.0 stars

**Reviewed by:** Nisarg S. | Cyber Security Expert, Enterprise (> 1000 emp.)

**Reviewed Date:** June 23, 2022

**What do you like best about LevelBlue USM Anywhere?**

They have an easy-to-understand UI, the case management is really good. Also, suppression of the false-positive area is very easily available. Onboarding of the data sources are easy.

**What do you dislike about LevelBlue USM Anywhere?**

Availability of the SIEM tool is the major issue here. They have a lot of downtimes and even sometimes without prior notice, it is not accessible. Also the performance is very poor. It takes minutes after clicking once.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

We have multiple security data sources, so it was a bit difficult to monitor all at the same time. But AlienVault allows us to monitor all things at one place and allowed us to configure rules over there.

  ### 5. Simple and secure network monitoring and SIEM

**Rating:** 4.0/5.0 stars

**Reviewed by:** Javier A. | Cybersecurity Consultant, Enterprise (> 1000 emp.)

**Reviewed Date:** May 19, 2022

**What do you like best about LevelBlue USM Anywhere?**

A SIEM in all-in-one format, with which you can easily have the functionalities of a SIEM, network behavior analysis and vulnerability analysis.
Plus, it's easy to deploy and has plenty of integrations available to use.

**What do you dislike about LevelBlue USM Anywhere?**

In very large environments, it is very heavy to manage and servers can consume a lot of RAM. 
High availability is not well designed, so you have to look for workarounds to secure the solution.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

It allows to deploy a complete and simple solution in small clients, who cannot afford other much more expensive solutions. Being able to have a complete security solution.

  ### 6. I couldn't do my job without AlienVault.

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Information Services | Small-Business (50 or fewer emp.)

**Reviewed Date:** August 31, 2021

**What do you like best about LevelBlue USM Anywhere?**

Alien Vault is essential to the day to day operations of our entire intel team. Being able to pivot on related files and prove maliciousness of a domain makes AV one of the best OSINT tools on the market.

**What do you dislike about LevelBlue USM Anywhere?**

I dislike how much Alien Vault charges for their enterprise accounts.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

I am solving internet security issues by being able to perform my daily duties.

  ### 7. Simple SIEM

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.)

**Reviewed Date:** December 11, 2021

**What do you like best about LevelBlue USM Anywhere?**

Simple SIEM, easy to set-up, great actionable results,  clear reporting features. Easy to work with assistance team.

**What do you dislike about LevelBlue USM Anywhere?**

Some false positives take time to correct.

**Recommendations to others considering LevelBlue USM Anywhere:**

Good price point to product value proposition

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

Meeting security guidelines, ensuring network safety, reporting requirements, system security awareness

  ### 8. Security that is out of this world

**Rating:** 5.0/5.0 stars

**Reviewed by:** Karl H. | Information Security Manager, Mid-Market (51-1000 emp.)

**Reviewed Date:** March 31, 2017

**What do you like best about LevelBlue USM Anywhere?**

The ease of use and customization.  The USM is a work horse, no matter what devices or the number of logs we throw at it, the system processes them in real-time, correlates the events, and alerts on only events that need human review. USM Anywhere was a great progression of the product, whether you are a small business with no security team or a large enterprise with a large team, AlienVault will meet your needs.

**What do you dislike about LevelBlue USM Anywhere?**

The one thing I continue to dislike about the USM Anywhere the lack of an on-prem deployment option.

**Recommendations to others considering LevelBlue USM Anywhere:**

Compare how AlienVault does Events Per Second (EPS) compared to others.  Most other products charge based on EPS, the more events the more you have to pay.  This causes most companies to limit the amount of logs sent and processed.  AlienVault charges by the number of devices managed, you can send anything and everything to the USM.  The more logs you can process the better correlation you will have.  I have found that companies that limit their logs then have a security incident would have been able to identify the attack if they would have been monitoring all events in their logs.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

We are able to get a real-time view on of our security that is accurate.  We have seen a dramatic increase in the productivity and efficiency of our security team.  We are now able to identify and stop security issues before they get out of control, usually before anyone else even notices.

**Official Response from Tami Andrews:**

> Thank you Karl for your time & remarks!

  ### 9. ATT transformed AlienVault for enterprises but not for MSPs

**Rating:** 3.5/5.0 stars

**Reviewed by:** Verified User in Accounting | Small-Business (50 or fewer emp.)

**Reviewed Date:** November 01, 2020

**What do you like best about LevelBlue USM Anywhere?**

the rich interface and the ThreatIntell overall was pretty good.

**What do you dislike about LevelBlue USM Anywhere?**

the management and maintenance are too cumbersome.

**Recommendations to others considering LevelBlue USM Anywhere:**

Make sure you have 3 engineers to manage, maintain, and Operate the SIEM platform alone. You also need 6 security analyst. The training is expensive so make sure you have one SME to teach others.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

we are solving SIEM required by regulators

  ### 10. Good SIEM tool for monitoring and tracking events.

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in E-Learning | Mid-Market (51-1000 emp.)

**Reviewed Date:** October 03, 2020

**What do you like best about LevelBlue USM Anywhere?**

Great to monitor events and provide feedback. Good product coverage. It has integration with SQL, AWS and other cloud infrastructure with ease. Better than cloudwatch. This tool is cheaper than splunk.

**What do you dislike about LevelBlue USM Anywhere?**

Sometimes becomes overly complicated to analyze DDoS attacks. Not very user friendly.

**Recommendations to others considering LevelBlue USM Anywhere:**

The UI is complicated to use. Basic tasks are easy.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

To timely monitor suspicious events within AWS. Utilization within load balancer.

  ### 11. A Cost Effective SIEM

**Rating:** 4.0/5.0 stars

**Reviewed by:** Joe L. | Cyber Security Deputy Manager / Cyber Engineer, Mid-Market (51-1000 emp.)

**Reviewed Date:** March 23, 2020

**What do you like best about LevelBlue USM Anywhere?**

In comparison to other SIEM tools, the cost vs feature prospect is very good. USM offers all the basics you would expect from a SIEM tool in an easy to configure package

**What do you dislike about LevelBlue USM Anywhere?**

Some features are unavailable that are available in other SIEM tools such as the use of advanced searching languages, custom correlation rules and custom parsers.

**Recommendations to others considering LevelBlue USM Anywhere:**

Alienvault USM is great as a SIEM for cost conscious companies. If high end functionality and configuration is a high priority  at the expense of a far higher cost however I would recommend Logrhythm as an alternate SIEM choice

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

As an MSP we use USM to pull in all required log sources from our customers for monitoring without direct access to their infrastructure.

  ### 12. The best SIEM

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Computer Software | Mid-Market (51-1000 emp.)

**Reviewed Date:** July 29, 2020

**What do you like best about LevelBlue USM Anywhere?**

Easy to use for  such a sophisticated software and tech support.

**What do you dislike about LevelBlue USM Anywhere?**

There is nothing that I don't like. If you need high security, you know when a product is good.

**Recommendations to others considering LevelBlue USM Anywhere:**

None

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

When your network has lots of different software that protects it, USM gives you an instant panorama.

  ### 13. AlienVault has been a huge help

**Rating:** 4.5/5.0 stars

**Reviewed by:** Eric M. | Security Analyst, Enterprise (> 1000 emp.)

**Reviewed Date:** May 09, 2019

**What do you like best about LevelBlue USM Anywhere?**

AlienVault has given us the opportunity to get a better look at what is going on within the network of our organization.  The events shown have opened our eyes to many more activities than we ever knew about before, and implementing the NIDS piece only increased our visibility.  The SIEM is easy to use and navigate, and resolution steps are very easy to follow and helpful.

**What do you dislike about LevelBlue USM Anywhere?**

At times, the online portal can be a bit sluggish or sometimes not respond at all.  We have hit a wall when running scans at the wrong time and had to adjust groups and automatic scan times.  We used to manually run scans on servers as we identified them, but had to relegate to adding them to groups to scan on off hours to help system usability.

**Recommendations to others considering LevelBlue USM Anywhere:**

Great product for a very affordable price.  Has helped us see things happening in and outside our network that we never knew about before hand.  The NIDS also adds an extra layer of events that help see even more.  The SIEM is easy to navigate and makes it easy to see everything in one place.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

AlienVault has helped us see outside scans and prodding we never knew existed.  It has helped us monitor suspicious activity and malware within our network, and keep an eye on all network activity.  The auditing features have helped us stay compliant with PCI DSS and other external audits we use.

**Official Response from Tami Andrews:**

> Eric - Thank you for providing your comments on your experience!

  ### 14. Comprehensive SIEM Tool

**Rating:** 5.0/5.0 stars

**Reviewed by:** Chris M. | Director of IT Support, Mid-Market (51-1000 emp.)

**Reviewed Date:** May 08, 2019

**What do you like best about LevelBlue USM Anywhere?**

Alienvault USM gives us the ability to monitor our on premise and cloud infrastructure via a single web based portal. It helps us to maintain our PCI compliance. We check our portal daily and i also get email alerts about  alarms generated by the system. The system is relatively easy to set up and there are lots of plugins to translate the different log files generated by different manufacturers to give richer more useful information. Dashboards allow us to see trends and activity across all our areas of responsibility. We now get information from sources such as our Cisco Meraki switches, Office 365 Azure AD, One drive, SharePoint,  Windows, and vmware systems. More integrations are being added all the time. It is also possible to create customized alarms and filters so that you can focus in on the things that are important to you. We like to run the joval (oval) scans on our in-scope systems weekly out of business hours so that end users are not impacted.

**What do you dislike about LevelBlue USM Anywhere?**

In order to get a fully compliant solution we had to go for a premium subscription. This allows 90 days of real-time search and a year of cold storage. 

**Recommendations to others considering LevelBlue USM Anywhere:**

Get an eval and have a play. The documentation is very good

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

Alienvault USM has simplified our monitoring, vulnerability scanning, and ability to remain PCI Compliant.
We are now able to get logs from a much wider range of sources than was possible with our previous systems.

**Official Response from Tami Andrews:**

> Chris - I appreciate your time & feedback!

  ### 15. Growing from 250GB of logging to 1TB with Alienvault USM

**Rating:** 4.0/5.0 stars

**Reviewed by:** Damien S. | Director of Cybersecurity, Mid-Market (51-1000 emp.)

**Reviewed Date:** September 10, 2019

**What do you like best about LevelBlue USM Anywhere?**

Ease of deployment, after sale support and the out-of-box alerting have all been great.  If you outgrow your initial deployment, it's super easy to buy more capacity.

**What do you dislike about LevelBlue USM Anywhere?**

In regards to the sensors, the USM sensor offering only allows a single IP for you to ship logs.  You can't attached multiple vNICs to the appliance.  So if you have non-routable networks inside, you must deploy multiple sensors.  Other vendors don't have the limited.  The sensor costs are cheap, just more work.  My other huge complaint is you can't audit who made changes to event filtering rules because those changes are logged.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

We're logging more than we ever have before, so our visibility has drastically increased.  The plugin to O365 in-particular has been tremendously helpful. 

  ### 16. Good experience with Alienvault USM

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Pharmaceuticals | Mid-Market (51-1000 emp.)

**Reviewed Date:** February 07, 2020

**What do you like best about LevelBlue USM Anywhere?**

I like the clean UI and it is easy to administer

**What do you dislike about LevelBlue USM Anywhere?**

The cloud console can be slow to refresh

**Recommendations to others considering LevelBlue USM Anywhere:**

Recommended to all security engineers in organizations where data privacy and security is at the forefront

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

USM allows us to gather all our events and monitor information in one console

  ### 17. The best USM Anywhere

**Rating:** 5.0/5.0 stars

**Reviewed by:** Juan Carlos G. | Managed Services Coordinator, Mid-Market (51-1000 emp.)

**Reviewed Date:** April 06, 2018

**What do you like best about LevelBlue USM Anywhere?**

With the USM Alienvault we can detect threats in real time unlike other solutions, is a very good tool, easy to implement and use, and has a low cost.
I have a very good satisfaction with Alienvault nywhere technology because we only need to install the sensor at the customer's office because we are MSSP, does not require much configuration and neither radical changes in the client's network, once the sensor is well configured we can see real-time alerts on the central console in the cloud, this experience is very satisfactory because it does not require the server or logger at the customer's office.

**What do you dislike about LevelBlue USM Anywhere?**

There really is not much to say, but I have problems with the false positives detected.
Actually the only flaw I had was that I detected skype activity as a threat being a false positive, I spoke with alienvault and they explained me how to make a rule to omit from ids such behavior that was not malicious.

**Recommendations to others considering LevelBlue USM Anywhere:**

Vulnerability scan of anywhere solution.
does not works same at the usm aio

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

We was can detect with the anywhere solution a brute force attack and stop the attack before that the incident increased.
In a real case they talked to us to detect a malware infection, they had more than 400 computers and did not know where the propagation originated, they wanted to eliminate the root of the problem and thanks to Alienvault anywhere we found the problem, we isolated the computer that was infecting the entire network and the customer was satisfied.

**Official Response from Tami Andrews:**

> Juan Carlos - thank you so much for your time & feedback!

  ### 18. threat detection capabilities unleashed

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Pharmaceuticals | Mid-Market (51-1000 emp.)

**Reviewed Date:** January 31, 2020

**What do you like best about LevelBlue USM Anywhere?**

The sensors are very sensitive, the authentication based scans, scheduled authentication scans and reporting

**What do you dislike about LevelBlue USM Anywhere?**

The reports size is reduced now, earlier it was 50k lines

**Recommendations to others considering LevelBlue USM Anywhere:**

This is complete tool for analyzing and reacting to threats

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

We were not sure of who was using brute force method or something similar to get through firewall and hence we decided to use this product to understand the vulnerabilities and reporting feature helped us to track them

  ### 19. AlienVault USM Anywhere

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Insurance | Mid-Market (51-1000 emp.)

**Reviewed Date:** September 10, 2019

**What do you like best about LevelBlue USM Anywhere?**

Easy to get running, easy to create rules for notifications, suppression of known good events, etc.  Very intuitive.  By far the easiest SIEM to get up and running quickly.  Very thorough visibility into an entire environment.

**What do you dislike about LevelBlue USM Anywhere?**

Filtering events can be a little difficult.  Tagging assets as PCI / CDE was not as straight forward as we expected.

**Recommendations to others considering LevelBlue USM Anywhere:**

Best bang for the buck compared to other SIEM products, it does what we need for PCI and general security monitoring without being a hassle to manage.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

Finding odd but normal traffic patterns, finding actual security issues and having data to quickly resolve them.

  ### 20. AlienVault an E-commerce

**Rating:** 4.5/5.0 stars

**Reviewed by:** Zoran G. | Security Consultant, Mid-Market (51-1000 emp.)

**Reviewed Date:** April 03, 2019

**What do you like best about LevelBlue USM Anywhere?**

AlienVault USM Anywhere provided us excellent platform to offer managed security services for our clients deploying E-commerce solutions (online stores). Best features for our clients and us are out-of-box log analysis and alarms, help in achieving PCI DSS compliance and OTX cyber threat intelligence. Day to day monitoring is very easy with AlienVault USM Anywhere. Interface is very modern. AlienVault USM Central is a big plus for MSSPs.


**What do you dislike about LevelBlue USM Anywhere?**

Shortcomings of current AlienVault USM Anywhere version is reports automation and lack of robust rule engine as it is in AlienVault USM Appliance.


**Recommendations to others considering LevelBlue USM Anywhere:**

Very good solution for quick deployment


**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

It was very easy for us to create our managed security services offer using AlienVault USM Anywhere. We are mostly software company so we are glad to be able to mostly avoid hardware administration and concentrate on security.


**Official Response from Tami Andrews:**

> Thank you Zoran for your time & feedback! 

  ### 21. Great tool for security team

**Rating:** 5.0/5.0 stars

**Reviewed by:** Cary W. | Cloud Operations Engineer, Mid-Market (51-1000 emp.)

**Reviewed Date:** March 26, 2019

**What do you like best about LevelBlue USM Anywhere?**

It is easy to setup and use, especially for a small team. Support is great as well. 

**What do you dislike about LevelBlue USM Anywhere?**

Rules can sometimes get a little complex, but there is good documentation and support for this.

**Recommendations to others considering LevelBlue USM Anywhere:**

spend some time checking out the online demo. Also, make a list of what you need in a tool, and do a demo with an account manager and support person to make sure you understand fully what they offer. 

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

Primarily intrustion detection and ingest of AWS logs for risk analysis. For a small team it is a great tool when you need to have logs audited on a daily basis for compliance. This tool allows us to check multiple boxes for our PCI compliance all at once. 

**Official Response from Tami Andrews:**

> Thank you Cary for taking time to provide your valuable feedback on USM!

  ### 22. Outstanding SIEM for small security teams. Lacking some valuable features though.

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Computer Software | Mid-Market (51-1000 emp.)

**Reviewed Date:** June 18, 2019

**What do you like best about LevelBlue USM Anywhere?**

Outstanding SIEM for small security teams. Fairly robust out of the box feature set and integrations from a SIEM point of view. Integrations with AWS, Slack and other industry leading security and back office SaaS apps, combined with AlienVault's OTX threat intel and AlienVault labs rules are the big reasons we went with this. Platform is easy to stand up and doesn't require a ton of maintenance. 

**What do you dislike about LevelBlue USM Anywhere?**

Vulnerability scanning and management platform is bare-bones and lacking; primarily because it doesn't allow for closing vulnerabilities due to false positive (back-ported linux patches are a good example). This makes the entire scanning module and reporting for it unusable. The cloud offering doesn't have a way to consume logs via webhook or API. Only options are really for syslog, graylog, and some Windows logging. MacOS and Linux agents don't allow for any remote management or forensic response like the Windows agents do and also instead of leveraging the agent for authentication, you still need administrative credentials; which can be a big pain if you are an agille, cloud-based company that doesn't employ a Windows Domain/AD. AlienVault NIDS can't really deal with layer 2 traffic and thus it causes a challenge to accurately identify endpoints in a DHCP environment. For example, if I have a malware alert on a machine, I really only see that machines IP address from the NIDS sensor. Having the MAC address tracking the machine (a static value) rather than the IP address (variable layer 3 value), would make the process of machine identification and isolation during a malware alarm immensely easier. 

**Recommendations to others considering LevelBlue USM Anywhere:**

Good for small security teams and/or small companies that leverage SaaS platforms. 

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

It solves our need for a low-maintenance, easy SIEM and centralized log analysis and storage platform for our disparate SaaS platforms and integrates with most of them natively.

**Official Response from Tami Andrews:**

> Thank you for your feedback & comments!

  ### 23. AlienVault USM Anywhere

**Rating:** 5.0/5.0 stars

**Reviewed by:** Jorge R. | Ingeniero de Soporte Post Venta, Mid-Market (51-1000 emp.)

**Reviewed Date:** March 26, 2019

**What do you like best about LevelBlue USM Anywhere?**

The solution is very complete due to the way it operates in the user's resources, which makes it very intuitive and innovative. Each one of the modules complements it as well as the solutions that are being added for monitoring make it unique in the market with high value. I totally like the tool and it has helped me too much here in the company to detect attacks in real time and have reaction time to prevent them. On the other hand what I love the most is that the solution recommends you to do for prevention. It would have been a plus if the solution had an agent to check the health status of the team or perform tasks as an endpoint that I hope in the future can be added as an option. I think he is on the right track and I don't doubt that in the future he will be number 1 in his category. Your user training program is excellent as it helps us become familiar with the tool and apply good practices in our environment and also for personal knowledge. Alientvault is wonderful and maybe I will use it for a long time as it helps me too much. Thank you Alienvault.


**What do you dislike about LevelBlue USM Anywhere?**

We would like in the future to include an agent in the equipment and interact more with the other security solutions, for the time being is complete but I think it might help to have an agent to notify you of the health status of the endpoint.

**Recommendations to others considering LevelBlue USM Anywhere:**

None so far.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

Prevention of cyber attacks and constant monitoring of my users to validate their activity.

**Official Response from Tami Andrews:**

> Thanks so much Jorge for your candid feedback & thoughts!

  ### 24. Excellent Compliance Basis 

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Financial Services | Small-Business (50 or fewer emp.)

**Reviewed Date:** May 09, 2019

**What do you like best about LevelBlue USM Anywhere?**

USM Anyway agent which protects our cloud environments with integrated thread intelligence hub one of the best security our security upgrade within last year. SEIM makes us feel that we have a virtual security office which cares about us

**What do you dislike about LevelBlue USM Anywhere?**

I would be happy to collect all application logs withing AV, but our current plan doesn't allow this. And sure we want to have more features.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

AV USM was introduced as a required part of SOC  2  compliance and we a happy to get such an integrated solution. Also, we managed to find and fix the number of existing for years security issues in the infrastructure. 

**Official Response from Tami Andrews:**

> Thank you for your feedback & comments!

  ### 25. AlienVault USM Anywhere - SIEM in the Cloud

**Rating:** 5.0/5.0 stars

**Reviewed by:** Matthew W. | Senior Security Engineer, Mid-Market (51-1000 emp.)

**Reviewed Date:** October 24, 2018

**What do you like best about LevelBlue USM Anywhere?**

AlienVault USM Anywhere is easy to deploy with their Cloud-based model and deploying the required agents on-prem (or in the Cloud) is quick and easy.  With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon Cloudwatch Logs.  Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response.  USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moments notice.

**What do you dislike about LevelBlue USM Anywhere?**

We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force.  It does this for things like OKTA already, so control over which events this applies to would be great.  

**Recommendations to others considering LevelBlue USM Anywhere:**

If you SIEM on a budget and want a Cloud-based product with great support, consider this

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

AlienVault USM Anywhere provides us with SIEM, at a low price-point and with a great array of functionality.  SIEM is critical to our security operations and feeds incident response efforts.

**Official Response from Tami Andrews:**

> Thanks Matthew for your time & feedback!

  ### 26. Alien Vault USM

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Consumer Electronics | Mid-Market (51-1000 emp.)

**Reviewed Date:** March 26, 2019

**What do you like best about LevelBlue USM Anywhere?**

Is a complete security solution and is easy to install. I think is a transversal security solution, can give a full vision of network. Enables companies to optimize security investments and increase the efficiency of their technology infrastructure. It has essential security features that allow an organization to monitor applications and systems, in addition to its network services, gives us the ability to understand the vulnerabilities of such systems, identify new threats that actively compromise the network, as well as make detections for suspicious behavior that could indicate a compromised system.

AlienVault USM generates and stores records and events from all your local and cloud environments for 12 months, simplifying records management and review and helping you meet regulatory record retention requirements.

In addition to the benefits of the solution allows a correct and high compliance with security standards such as ISO/IEC 27001, HIPAA, Payment Card Industry Data Security Standard (PCI DSS), CIS Critical Security Controls, among others.This is possible because of:

- asset discovery, 
- vulnerability assessment, 
- file integrity monitoring,
- SIEM
- logs
- Reports for PCI-DSS, HIPAA, NIST and more

Recently in Mexico, companies are being required to comply with regulations, including as a requirement to banks by the CNBV.

**What do you dislike about LevelBlue USM Anywhere?**

I would like to have more training material, preferably in Spanish language, as well as training in this language since most of the content is in English language. There could even be practical laboratories with real scenarios in virtual environments.

**Recommendations to others considering LevelBlue USM Anywhere:**

only learning material in Spanish

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

- Compliance
- Monitoring
- Vulnerability Detection
- Asset Discovery
- Event correlation


**Official Response from Tami Andrews:**

> Thank you for your valuable feedback & comments!

  ### 27. Excellent cost effective security for smb

**Rating:** 4.5/5.0 stars

**Reviewed by:** Aden L. | Systems Engineer, Enterprise (> 1000 emp.)

**Reviewed Date:** April 02, 2019

**What do you like best about LevelBlue USM Anywhere?**

Ease of use, flexibility and feeling secure.

**What do you dislike about LevelBlue USM Anywhere?**

nothing bad to really say. There's a small learning curve involved in turning alerts to your environment but the documentation and support team are stellar in helping you along the way. 

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

PCI and SOX compliance are a breeze. Effective Intrusion detection and unifying our security tooling into a single pane of glass view were also big wins.

**Official Response from Tami Andrews:**

> Thank you Aden for your time & thoughtful comments!

  ### 28. AlienVault Recommendation 

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Mechanical or Industrial Engineering | Mid-Market (51-1000 emp.)

**Reviewed Date:** August 01, 2019

**What do you like best about LevelBlue USM Anywhere?**

AlienVault monitor all logs and send alarms and point to risks

**What do you dislike about LevelBlue USM Anywhere?**

I think that I faced two issues one of them with the support and the other that the AlienVault is complicated 

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

ransomware- internet - logins 

  ### 29. AlienVault gives us detailed insight into what is happening on our network as it occurs 

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Automotive | Enterprise (> 1000 emp.)

**Reviewed Date:** May 10, 2019

**What do you like best about LevelBlue USM Anywhere?**

AlienVault has all the tools needed to get a complete view of what is happening on our network, from network traffic to to log management, even to what suspicious processes are being executed on our client workstations.

**What do you dislike about LevelBlue USM Anywhere?**

The only fault with AlienVault is that the dashboards can be a bit slow to render.

**Recommendations to others considering LevelBlue USM Anywhere:**

Get your business processes in order so that you can fix all the issues that you are going  to find with your network

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

We are now able to easily prove PCI compliance and ISO 27001 compliance around the areas of log managment and FIM. AlienVault makes it very easy where as before we had multiple systems that did not tie together.

**Official Response from Tami Andrews:**

> Thank you for your feedback & comments!

  ### 30. Easily navigable powerful Tool

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Biotechnology | Mid-Market (51-1000 emp.)

**Reviewed Date:** September 12, 2019

**What do you like best about LevelBlue USM Anywhere?**

It makes it easy monitor things such as unusual logins from our Azure AD

**What do you dislike about LevelBlue USM Anywhere?**

The interface can be slow to reload when navigating through different tabs such as events, alarms etc

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

Monitoring multiple AWS accounts through deploying USM sensors on each, and monitoring user Cllud/AD activity and firewall events

  ### 31. More than just a SIEM

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.)

**Reviewed Date:** May 10, 2019

**What do you like best about LevelBlue USM Anywhere?**

AlienVault got it right wuth integration of their product. It makes compliance very handy. It make it easy to customer to become fully compliant

**What do you dislike about LevelBlue USM Anywhere?**

Console might get cluttered if not keep it clean.Sometimes it takes too much RAM. If you implement it a VM, it can impact the performance

**Recommendations to others considering LevelBlue USM Anywhere:**

Its more than just a SIEM. Try it without thinking twice

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

Using it in my company to help customer to become fully compliant

**Official Response from Tami Andrews:**

> Thank you for your feedback & comments!

  ### 32. Alien Vault USM

**Rating:** 5.0/5.0 stars

**Reviewed by:** Kristopher H. | Coach, Small-Business (50 or fewer emp.)

**Reviewed Date:** January 09, 2019

**What do you like best about LevelBlue USM Anywhere?**

I like the fact they provide a free version of their flagship product in a .ova or vmdk file format so it is quickly loaded into VMWare or Virtualbox and can be deployed on the network quickly. Also, love the logo similiar to my Alienware laptop. I like how AlienVault targets capabilities for small IT security teams of up to
about 20 people, regardless of the size of the organization.

**What do you dislike about LevelBlue USM Anywhere?**

Bit of a learning curve, but there are lots of great tutorials and their support on their website is top notch.  

**Recommendations to others considering LevelBlue USM Anywhere:**

Easy to pick up, check out the free OSSIM if you're concerned about cost or adoption. 

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

Automated Monitoring, Logging, etc. Incident response and integration of various systems to get a better picture of the threat landscape. 

**Official Response from Tami Andrews:**

> Thank you Kristopher for your feedback!

  ### 33. Alien as a MSSP

**Rating:** 5.0/5.0 stars

**Reviewed by:** Jorge L. | SE, Mid-Market (51-1000 emp.)

**Reviewed Date:** December 17, 2018

**What do you like best about LevelBlue USM Anywhere?**

The order of the data, is esay to find an incident and have a security over view of the network to more eficiente in our plan of incident respone 

**What do you dislike about LevelBlue USM Anywhere?**

More AlienApps, that permit have more iteraction with other solucion and make esay to get the info for the antimalware or the antispam looking and be able to to actions directo form the console to solucion and event in the network 

**Recommendations to others considering LevelBlue USM Anywhere:**

More Alien Apps

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

Can incomporate multiples solucion in one security view make easy to identify and take action over an security event and make reportes of the activity 

**Official Response from Tami Andrews:**

> Jorge - thank you for your feedback & comments!

  ### 34. Busy school

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Education Management | Mid-Market (51-1000 emp.)

**Reviewed Date:** June 19, 2019

**What do you like best about LevelBlue USM Anywhere?**

Comprehensive sources of data, integration with PaloAlto and Office 365, multi-factor authentication.

**What do you dislike about LevelBlue USM Anywhere?**

Cannot have a webpage that auto-refreshes showing status and alerts.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

Continuous confirmation of status rather than waiting for pen tests.

**Official Response from Tami Andrews:**

> Thank you for your feedback & comments!

  ### 35. Great SIEM product

**Rating:** 4.5/5.0 stars

**Reviewed by:** Mikhail K. | Security Architect, Computer & Network Security, Mid-Market (51-1000 emp.)

**Reviewed Date:** October 20, 2018

**What do you like best about LevelBlue USM Anywhere?**

We deployed AlienVault as an Open-Source SIEM for continuous traffic monitoring and behavioural analysis. Another great features of AlienVault are file integrity monitoring, HISD/NIDS, integration with external systems via API. The implementation was straightforward. The customization of product is not quite simple, but it depends on your needs and time you are ready to invest to SIEM. We found that training directly from vendor was really helpful. It allowed us to implement the system in our environment with minimal issues. AlienVault's correlation engine is well designed and it understands a huge number of log types.

**What do you dislike about LevelBlue USM Anywhere?**

Limited alerting out of the box. Nothing special to say here. AlienVault is very good at communications on the right things at the right time. 

**Recommendations to others considering LevelBlue USM Anywhere:**

This is one of the best SIEM we tried. I would definitely to try it, at least to go with the proof of concept.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

AlienVault USM is a great tool for medium-size organizations. It helps us collect and log from a variety of sources. We use that information to generate security events. AlienVault also helped us to track which systems are most vulnerable to security issues so we can prioritise patching. AlienVault is an excellent company with a great product. 

**Official Response from Tami Andrews:**

> Mikhail - thank you for your time & comments!

  ### 36. Unbeatable SIEM

**Rating:** 5.0/5.0 stars

**Reviewed by:** Matthew F. | GRC Analyst/Penetration Tester, Information Technology and Services, Enterprise (> 1000 emp.)

**Reviewed Date:** June 01, 2017

**What do you like best about LevelBlue USM Anywhere?**

The ease of implementation and use is better then anything else out there.  That you can do a POC with OSSIM to get your feet wet, then roll-out AlienVault is awesome!  I have it deployed across multiple buildings, and it's dashboard is exactly the type you need - when something changes, it motivates you to do something.  It's not just pretty lights for management.

The depth of the product is alos unbelievable - if you tried to coble together your own system to do everything AlienVault does, it would take you months - and then you still would not get the simple, easy to use consolidated reporting it provides.

**What do you dislike about LevelBlue USM Anywhere?**

It doesn't make my coffee?  No, seriously, I can't find any flaws - it stays current, was easy to balance for my environment, it just works like it's supposed to!

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

Real-time intelligence.  Knowing what is happening on my network; ability to detect what is strange for MY network; ability to pinpoint issues AND resolve them quickly.  This product is what ALL products should strive for - the ability to quickly find information on what matters to me and then drill down to tell the story.

  ### 37. Fantastic Value for a SIEM Solution

**Rating:** 5.0/5.0 stars

**Reviewed by:** Jason G. | Market Development Manager, Small-Business (50 or fewer emp.)

**Reviewed Date:** October 19, 2018

**What do you like best about LevelBlue USM Anywhere?**

I am speaking to USM Anywhere specifically as that is now the primary solution. It is easy to deploy and very easy to manage. The GUI is modern, user-friendly, and intuitive.

**What do you dislike about LevelBlue USM Anywhere?**

As far as AI goes, it's only using graph-based machine learning. However, from what I hear, they're working on more advanced implementations of AI for the next year or 2.

**Recommendations to others considering LevelBlue USM Anywhere:**

Although they use machine learning, be prepared, if a client really wants to know, that it is graph-based.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

As do most SIEMs, AlienVault allows us to monitor the security of the organization as a whole in a central location. It has great integration with several different technologies and an API for more support if necessary. All the added features, such as vulnerability scanning, make it a great product.

**Official Response from Tami Andrews:**

> Thank you Jason for your feedback!

  ### 38. An excellent tool that delivered us much more than we were looking for.

**Rating:** 4.5/5.0 stars

**Reviewed by:** Erlon S. | DevOps Engineer, Information Technology and Services, Small-Business (50 or fewer emp.)

**Reviewed Date:** September 17, 2018

**What do you like best about LevelBlue USM Anywhere?**

The way the tool handles several extremely important areas in security management. At the same time, we have a vulnerability scanner, we have a SIEM and a cloud event analyzer. Several crucial tools delivered in just one platform.

**What do you dislike about LevelBlue USM Anywhere?**

The licensing model based on monthly traffic brings a recurring concern so that the monthly limit is not reached.

**Recommendations to others considering LevelBlue USM Anywhere:**

strongly recommend joining the official training of the tool. This allowed us to discuss with other users, various situations as well as best practices.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

In our case, the main thing is the adequacy to the GDPR and the delivery of information that allow us to fulfill our security policy.

**Official Response from Tami Andrews:**

> Thank you Erlon for your time to provide your feedback!

  ### 39. Analysts point of view

**Rating:** 3.5/5.0 stars

**Reviewed by:** Pedro Luis V. | Security Operations Center Analyst Tier I, Computer & Network Security, Small-Business (50 or fewer emp.)

**Reviewed Date:** December 14, 2018

**What do you like best about LevelBlue USM Anywhere?**

Talking specifically from a performance stand point I really like the interface and the smoothness of the platform as most of our clients use USM Appliance its a nice change of pace not having to deal with the physical appliance it self.

**What do you dislike about LevelBlue USM Anywhere?**

I feel like reporting is not as well built as it is on USM Appliance or lacks customization.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

Most of our clients are looking to migrate to the cloud to reduce their infrastructure, using AWS or Azure and this system helps us provide them with a solution that we are comfortable with. 

**Official Response from Tami Andrews:**

> Thanks Pedro for providing your feedback!

  ### 40. Anywhere is amazing!

**Rating:** 4.5/5.0 stars

**Reviewed by:** Juan W. | SOC Analyst, Information Technology and Services, Mid-Market (51-1000 emp.)

**Reviewed Date:** December 17, 2018

**What do you like best about LevelBlue USM Anywhere?**

The search and filters is a huge step up from Appliance. Having OTX is comparable to have a large family that helps you even at your lowest point. The plugins are great to have.

**What do you dislike about LevelBlue USM Anywhere?**

The Search and Filters Advanced option. I wish it was always advanced. 

**Recommendations to others considering LevelBlue USM Anywhere:**

N/A

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

Advanced Security Analysis

**Official Response from Tami Andrews:**

> Thank you Juan for your feedback!

  ### 41. Alienvault Security

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Telecommunications | Mid-Market (51-1000 emp.)

**Reviewed Date:** May 11, 2019

**What do you like best about LevelBlue USM Anywhere?**

We have had alienvault watching our network for years and everytime we have a problem, much sooner than Sophos, Alienvault detects it!

**What do you dislike about LevelBlue USM Anywhere?**

They are faster to detect intruders and malware than our primary antivirus software.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

They will make sure we are ahead of the hackers who are trying to compromise our systems.

**Official Response from Tami Andrews:**

> Thank you for your feedback & comments!

  ### 42. Good product that solves a lot of issues in the security sector

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Computer Networking | Mid-Market (51-1000 emp.)

**Reviewed Date:** November 26, 2018

**What do you like best about LevelBlue USM Anywhere?**

I like that we solve a lot of issues such as vulnerability assessments, correlated to alerts under one solution

**What do you dislike about LevelBlue USM Anywhere?**

support is not the greatest. They can be good depending on who you get, or they can be not great. The issues we have had have sometimes been resolved in a timely manner, and others that were more pressing have taken way too long. 

**Recommendations to others considering LevelBlue USM Anywhere:**

Good product for small/medium businesses. It does not do as well once it gets to a certain point. 

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

solves SIEM solution, continuous vulnerability assessments, potentially HIDS, as well as reporting/compliance. 

**Official Response from Tami Andrews:**

> Thank you for taking time to provide your feedback!

  ### 43. Great Insights Into Your Environment

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Higher Education | Mid-Market (51-1000 emp.)

**Reviewed Date:** December 19, 2018

**What do you like best about LevelBlue USM Anywhere?**

AlienVault can really be your one stop shop for security data, especially for a small organization.

**What do you dislike about LevelBlue USM Anywhere?**

It's unfortunate that they sold out to AT&T, I fear for the product and team's future

**Recommendations to others considering LevelBlue USM Anywhere:**

It's a solid product that does what it would take several separate products to do. AKA, it's an all-in-one system.

I would just tread lightly now that they are owned by AT&T. AT&T doesn't have the best reputation when it comes to buying companies.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

AlienVault gives us one spot to get our cybersecurity data, and we don't have to worry about maintianing the system. Inevitably problems strike when you need the system the most.

**Official Response from Tami Andrews:**

> Thank you for taking time to provide your valuable feedback on USM.

  ### 44. AlienVault USM and cyber security

**Rating:** 5.0/5.0 stars

**Reviewed by:** Joseph J. | Manager, Mid-Market (51-1000 emp.)

**Reviewed Date:** March 04, 2019

**What do you like best about LevelBlue USM Anywhere?**

It has many useful features.
Dashboard is easy to use, highly customizable. 

**What do you dislike about LevelBlue USM Anywhere?**

Slow support.
Need more ability to filter logs form.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

Threat and Malware Detection.
Log Management, Monitoring and Archiving.

**Official Response from Tami Andrews:**

> Thank you Joseph for your feedback on USM!

  ### 45. AlienVault USM Review

**Rating:** 4.0/5.0 stars

**Reviewed by:** Layla B. | SOC Analyst II, Telecommunications, Small-Business (50 or fewer emp.)

**Reviewed Date:** March 27, 2018

**What do you like best about LevelBlue USM Anywhere?**

AlienVault is overall an easy product to use that has a significant amount of documentation and a growing community to help learn the product rather quickly.  Our company has only been using AlienVault for a couple of years and we have a pretty solid understanding of the product.   

**What do you dislike about LevelBlue USM Anywhere?**

The UI can be rather buggy.  There isn't a day that goes by that we don't run into an error banner from trying to view an alarm that "doesn't exist in the database" or that the UI page isn't found.  My personal favorite is viewing an event through the alarm information page and getting the "this event doesn't exist in the database".  These types of errors make it significantly harder to do investigations.

**Recommendations to others considering LevelBlue USM Anywhere:**

The product is definitely getting better - the features are being more refined and as an MSSP there is a significant amount of resources Alienvault offers.  It's definitely worthwhile to check-out, but it isn't for everyone.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

Reporting on vulnerabilities.  The vulnerability scans are nice for getting an overall view of an asset.  If you need more in depth, the open source tool AlienVault uses won't be enough.  But for giving an overall "security health checkup" to a customer it gets the job done.

**Official Response from Tami Andrews:**

> Thank you Layla for taking the time to provide your candid feedback of your experience with AlienVault and USM. 

  ### 46. Critical Information at your fingertips

**Rating:** 5.0/5.0 stars

**Reviewed by:** Brad S. | Information Network Manager, Mid-Market (51-1000 emp.)

**Reviewed Date:** December 17, 2018

**What do you like best about LevelBlue USM Anywhere?**

I like the entire package. I cannot think of just one thing

**What do you dislike about LevelBlue USM Anywhere?**

Nothing at all. Very impressed with everything.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

easier to view everything in one place

**Official Response from Tami Andrews:**

> Brad - thank you for your time & feedback!

  ### 47. Detect everything in system

**Rating:** 3.5/5.0 stars

**Reviewed by:** Verified User in Medical Devices | Small-Business (50 or fewer emp.)

**Reviewed Date:** April 29, 2019

**What do you like best about LevelBlue USM Anywhere?**

Cheap pricing. Great support. Easy to use. Detect everything. 

**What do you dislike about LevelBlue USM Anywhere?**

Only for big enterprises. Console gets cluttered. RAM extensive.

**Recommendations to others considering LevelBlue USM Anywhere:**

The free version is great to use, though needs major updates.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

Threat detection and compliance.

**Official Response from Tami Andrews:**

> Thank you for your feedback & comments!

  ### 48. It does the job

**Rating:** 3.0/5.0 stars

**Reviewed by:** Clark B. | Small-Business (50 or fewer emp.)

**Reviewed Date:** July 21, 2018

**What do you like best about LevelBlue USM Anywhere?**

The software is user-friendly, and anyone can be trained to use it. New employees don't take a LOT of time trying to get used to it. In my organization's scenario, the on-premise appliance provides great value as we are a small company with site inter-connectivity. Where I am not too sure of is how exactly the product scales with very large networks with separate Windows and network domains.


**What do you dislike about LevelBlue USM Anywhere?**

Could be a little less expensive for other companies to try out. Walking through all the devices after a Nmap or device discovery scan can be tedious to get the data correct

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

The vault helps protect all kinds of data and helps with encryption as well


**Official Response from Tami Andrews:**

> Clark - Thank you for taking time to provide your feedback!

  ### 49. Okay Solution that does not play well with others

**Rating:** 2.5/5.0 stars

**Reviewed by:** Verified User in Computer & Network Security | Mid-Market (51-1000 emp.)

**Reviewed Date:** April 24, 2018

**What do you like best about LevelBlue USM Anywhere?**

The log analysis component works well and adding additional alerting rules is pretty simple.
They have a large number of modules for ingesting logs from a variety of systems.
Support is pretty good.
Open threat exchange is an excellent idea and well implemented.
 The UI is ok
Annual cost is better than most
Using the USM client is a quick and easy way to forward system logs into USM.
They have a easy to read task list of what is in their pipeline for new features.

**What do you dislike about LevelBlue USM Anywhere?**

The lack integration with other tools.  They have a ticket system that is ok, it would be better if they had integration with third party tools like Jira.
They have assets that are used to conduct scans and assign modules for understanding logs taken from it.  Again there is no integration with any third party asset management system.
They have a vulnerability scanner however its not as through as some of the alternatives and you can not initiate scans via an api.
They claim to have a compliance scanner what they really have is a set of canned reports that you can provide to an auditor.  A compliance scanner is something like openscap.
They only allow in the ingesting and processing of Office 365 logs in their cloud solution.  There is no reason why this couldn't also be done with their on premise solution as well.
It would seem that development of their USM product has slowed to a crawl.  If you monitor their change lists on their website the upcoming changes to their USM product is woefully lacking.  It would be better if they used the same code base for both platforms and when one feature was added to one platform it would also be available to the other.

**Recommendations to others considering LevelBlue USM Anywhere:**

Do a feature comparison and go with the system that has the best cost for the features you need.
Qualys appears to be the most featured product but the most expensive.
Rapid 7 is a little more expensive but has a few more features that Alienvault needs to add.
I would take another look at tenable's solution as its changed a good bit since my last eval.
Alienvault may be missing some of the features I was looking for but they have provided great support and their features cover most of what I was looking for.

The Alienvault USM Appliance seems to be lagging behind their USM Anywhere product as far as development goes.  If you are not required to have Fedramp certified cloud services I would recommend going with USM anywhere over the USM appliance.  However USM Anywhere does cost a bit more.

**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

AlienVault USM analyses our logs and reports vulnerabilities.


**Official Response from Tami Andrews:**

> Thank you for your feedback and comments. I would like to connect you with someone on the product and/or support team so that the issues you've raised can be addressed and hopefully resolved. If you'd like to reach out to me directly, please do so on my corporate email: tandrews@alienvault.com. I would be more than happy to get your review escalated to the proper team(s). Thank you again!

  ### 50. AlienVault Pefect for InfoSec SMB

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.)

**Reviewed Date:** May 04, 2018

**What do you like best about LevelBlue USM Anywhere?**

1.  It's an appliance.
2.  It's easy to setup.
3.  It's a ton of information.
4.  Integrated ticketing system allows for assignment of vulns and closure.
5.  UI is good.  Easy to use.


**What do you dislike about LevelBlue USM Anywhere?**

1.  Customization capabilities are limiting:
 -  We want the AlienVault to be the dashboard for state of health.  You get some things.
 -  Reports are good, but that data can't be put on the dashboard in many cases.

2.  AlienVault has BI capabilities, but doesn't leverage BI on the dashboard effectively.

3.  AlienVault advertises it's central solution for InfoSec.  True for SIEM, but not true for many other aspects.  Frustratingly, it could be as the solution is very capable through it's modularity of functions.


**Recommendations to others considering LevelBlue USM Anywhere:**

1.  Give it a chance.  It has many features that compete with other more expensive products, like Rapid7.
2.  Work with the sales engineering team to put the product through it's paces in POC.
3.  Negotiate training when purchashing.  Training is essential for full experience.


**What problems is LevelBlue USM Anywhere solving and how is that benefiting you?**

1.  Security Vulnerability Assessment and tracking of production systems.
2.  SIEM Logging and alerting of all security products.
3.  Monthly reporting audit requirements.


**Official Response from Tami Andrews:**

> Thanks so much for your time & thoughtful feedback!


## LevelBlue USM Anywhere Discussions
  - [How is AlienVault, Splunk and Vijilan compared in terms of pricing?](https://www.g2.com/discussions/33327-how-is-alienvault-splunk-and-vijilan-compared-in-terms-of-pricing) - 1 comment, 1 upvote

- [View LevelBlue USM Anywhere pricing details and edition comparison](https://www.g2.com/products/levelblue-usm-anywhere/reviews?section=pricing&secure%5Bexpires_at%5D=2026-07-04+21%3A05%3A27+-0500&secure%5Bsession_id%5D=2aae7ef8-4c38-470b-a8db-701d52cb8ef7&secure%5Btoken%5D=1beae79f8b5799b633c8afeda8f322312c2e22a5a75eb6fe17aedbf8b22cca5f&format=llm_user)

## LevelBlue USM Anywhere Features
**Prevention**
- Intrusion Prevention
- Firewall
- Encryption
- Security hardening
- Cloud Data Protection

**Security**
- Compliance Monitoring
- Anomoly Detection
- Data Loss Prevention
- Cloud Gap Analytics

**Performance**
- Issue Tracking
- Detection Rate
- False Positives
- Automated Scans

**Response**
- Resolution Automation
- Resolution Guidance
- System Isolation
- Threat Intelligence
- Incident Investigation

**Cloud Visibility**
- Data Discovery
- Cloud Registry
- Cloud Gap Analytics

**Network Management**
- Activity Monitoring
- Asset Management
- Log Management

**Detection**
- Intrusion Detection
- Security Monitoring
- Anti-Malware / Malware Detection

**Compliance**
- Governance
- Data Governance
- Sensitive Data Compliance

**Network**
- Compliance Testing
- Perimeter Scanning
- Configuration Monitoring

**Records**
- Incident Logs
- Incident Reports

**Security**
- Data Security
- Data loss Prevention
- Security Auditing

**Incident Management**
- Event Management
- Automated Response
- Incident Reporting

**Administration**
- Compliance
- Administration Console -
- API / integrations

**Administration**
- Policy Enforcement
- Auditing
- Workflow Management

**Application**
- Manual Application Testing

**Management**
- Incident Alerts
- Incident Case Management
- Workflow Management

**Identity**
- SSO
- Governance
- User Analytics

**Security Intelligence**
- Threat Intelligence
- Vulnerability Assessment
- Advanced Analytics
- Data Examination

**Generative AI**
- AI Text Summarization

**Agentic AI - Security Information and Event Management (SIEM)**
- Autonomous Task Execution
- Multi-step Planning
- Proactive Assistance
- Decision Making

**Agentic AI - Vulnerability Scanner**
- Autonomous Task Execution
- Proactive Assistance

**Generative AI**
- AI Text Generation
- AI Text Summarization

**Agentic AI - Intrusion Detection and Prevention Systems (IDPS)**
- Autonomous Task Execution
- Proactive Assistance

## Top LevelBlue USM Anywhere Alternatives
  - [IBM QRadar SIEM](https://www.g2.com/products/ibm-ibm-qradar-siem/reviews) - 4.4/5.0 (281 reviews)
  - [Microsoft Sentinel](https://www.g2.com/products/microsoft-sentinel/reviews) - 4.4/5.0 (272 reviews)
  - [Splunk Enterprise Security](https://www.g2.com/products/splunk-enterprise-security/reviews) - 4.3/5.0 (222 reviews)

