AlienVault OSSIM vs USM Anywhere comparison

AT&T and LevelBlue are both solutions in the Security Information and Event Management (SIEM) category. AT&T is ranked #8 with an average rating of 7.4, while LevelBlue is ranked #30 with an average rating of 7.3. AT&T holds a 3.7% mindshare in SIEM, compared to LevelBlue’s 0.9% mindshare. Additionally, 80% of AT&T users are willing to recommend the solution, compared to 92% of LevelBlue users who would recommend it.

AlienVault OSSIM

Read 31 AlienVault OSSIM reviews

5,448 Views
3,744 Comparison Views

80% willing to recommend

USM Anywhere

Read 115 USM Anywhere reviews

1,986 Views
1,353 Comparison Views

92% willing to recommend

AlienVault OSSIM

USM Anywhere

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 18, 2024

Both USM Anywhere and AlienVault OSSIM are network security management solutions with distinct strengths. Users are generally happier with USM Anywhere due to its advanced features and support compared to the cost-effective but less feature-rich AlienVault OSSIM.

Features: USM Anywhere offers comprehensive threat detection, user-friendly incident response, and superior integration capabilities. AlienVault OSSIM provides value through its open-source nature, basic security monitoring features, and cost-effectiveness. USM Anywhere also excels in advanced security analytics and customer support.

Room for Improvement: USM Anywhere can benefit from better customization options, enhanced detailed reporting, and more versatile functionality. AlienVault OSSIM needs improvements in integration, scalability, and more robust feature sets.

Ease of Deployment and Customer Service: USM Anywhere is known for its simpler deployment process and responsive customer service. In contrast, AlienVault OSSIM requires more manual configuration and has limited formal support.

Pricing and ROI: USM Anywhere has higher initial costs but offers a better ROI due to its reliable support and advanced features. AlienVault OSSIM is more budget-friendly but sacrifices some advanced functionalities and requires more manual oversight, impacting its long-term value.

To learn more, read our detailed AlienVault OSSIM vs. USM Anywhere Report (Updated: April 2025).

Buyer's Guide

AlienVault OSSIM vs. USM Anywhere

April 2025

Download the complete report

Helped 850,760 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

AlienVault OSSIM

Ranking in Security Information and Event Management (SIEM)

8th

Average Rating

7.4

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

No ranking in other categories

USM Anywhere

Ranking in Security Information and Event Management (SIEM)

30th

Average Rating

8.4

Reviews Sentiment

7.0

Number of Reviews

115

Ranking in other categories

Log Management (44th), Endpoint Detection and Response (EDR) (51st), Compliance Management (12th)

Mindshare comparison

As of May 2025, in the Security Information and Event Management (SIEM) category, the mindshare of AlienVault OSSIM is 3.7%, down from 3.8% compared to the previous year. The mindshare of USM Anywhere is 0.9%, down from 1.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Information and Event Management (SIEM)

Featured Reviews

Aman Aijaz

Assistant Manager Global Security at Convergys Corporation

An easy-to-scale open-source solution used for monitoring events on devices

The area for improvement is a lot. When I started using it on our enterprise side, the issue we faced was, for example, if we were running at that time on AlienVault OSSIM v5.7.4. So, for some orders, we had to install some packages, and when we tried installing that package, some dependencies got upgraded to a new version. Now once that dependency got upgraded, the SQL, since you might be aware that OSSIM uses SQL database, now SQL and all the dependency in everything was not on the same version, and that caused the database to crash. The aforementioned area should be eased out by upgrading the patches and upgrading dependencies. This kind of thing is a disadvantage of OSSIM, and I would like them to work on this. But I have also raised service requests many times and gave it a push on the community section too. However, since it is a local source, they don't reply much over there. That is why I don't like to work on OSSIM because it is unpredictable. Once the storage goes above 50 percent, it starts behaving unpredictably. If you get stuck with a situation, then you need to drill a lockdown into that. Sometimes you get no luck. Then you have to just reimage the server with the new fresh OS of AlienVault. As for additional features, not much because if you move to the newer version, it is kind of getting more stable. But, to make my life easier, then I would say try to give more features. I know it's open source, so they also cannot provide me with more features. But still, if they can provide me with more features because right now it's becoming old. Right now, we are even moving from SIEM to Security Data Lake. So when we move to it, this will be literally outdated. No one can even expect anything out of it. The way security is moving, it will be outdated very soon. They have to also provide something new to keep this going for the future also.

Read full review

Kris Nawani

Co-Founder/Director at Bangkok MSP Company Limited

Offers complete coverage without the need to install additional software

USM Anywhere is used for threat detection and investigation. It provides a solution with built-in threat intelligence and various other investigation tools The solution offers complete coverage without the need to install additional software, as it is maintained by the vendor. It helps in saving…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The solution has a very good open source community, and whenever we have problems, we are always able to resolve it online."

"With AlienVault you get everything in one box."

"AlienVault OSSIM is an enterprise solution that sells easily. It is rated highly by organizations."

"The product is easy to use."

"It has helped us remediate threats in the past by providing significant events that assisted in identifying suspicious activities, such as logins from multiple countries."

"The most valuable feature is the logging capability."

"The solution is very stable. Compared to Qradar and Splunk, it's very stable."

"The most valuable features of AlienVault OSSIM are case management, ease of configuration, and investigation."

More AlienVault OSSIM pros

"Having everything in a central place has been helpful."

"Reports are customized, so you can present them to executives or engineers."

"The asset discovery and inventory capabilities in USM Anywhere is quite good."

"AlienVault has an advanced component within one package. With this, we can cover more area with one solution."

"The IDS and the threat intelligence are very useful. They are very intuitive and data-rich."

"The AlienVault solution has enabled us to create a SOC on a budget with smaller than usual staff requirements, offering a wider range of solutions for our customers."

"The solution also provides basic log storage options for periods of 15, 30, and 90 days."

"The most valuable features of AT&T AlienVault USM are the ease of management and knowledge of what is on the network of my customers. It's easy to understand the problems, and management our alarms and events."

More USM Anywhere pros

Cons

"It's under heavy traffic. If you have heavy traffic, the system is slow."

"There are somewhat more false positives with the user behavior analytics, which could benefit from an additional machine learning model to detect user patterns more rapidly."

"AlienVault OSSIM on-premise version is more difficult to implement than the cloud version. Additionally, they should add integration between several different environments at once and improve their online knowledge base."

"The initial setup was a bit complex. You've got to do a lot of reading. It's not an intuitive implementation."

"It's so hard to configure and explore something new on it."

"AlienVault OSSIM gives unwanted notifications."

"AlienVault OSSIM could improve by having better integration with some of the newer tools."

"When comparing AlienVault OSSIM to other solutions it looks a bit outdated. Additionally, they need to improve their integration."

More AlienVault OSSIM cons

"More complimentary training needs to be done for use with this tool. If you get into a bind, then it will cost you."

"Plugins could be better utilized, as some of them do not recognize all logs."

"One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs... The logger can only hold so much data. If they improved that, that would help."

"The reporting tools are a bit lacking for building reports to give directly to customers, but support has been helpful in giving our requests for new features to the development team and following up with us."

"The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing."

"There could be some type of integration with our existing portal. We have our own customer portals, and it would be good if there was an integration so that our portal can provide reports. There could be some type of API into the AlienVault system with the USM system so that it is easy to show the customers high-level reports of the system through our portal."

"In the future, I would like to see all these features of the solution working properly."

"AlienVault needs to continue to integrate with other third-party technologies that clients want to have monitored."

More USM Anywhere cons

Pricing and Cost Advice

"AlienVault OSSIM is an open-source solution."

"OSSIM is open source, and USM is the paid license. So, if you want, you can switch to USM. There you will have to buy a license, and they have a support team that helps you out on issues you face."

"I used the paid version of the tool and found it to be expensive. It has been a while since I changed to Securonix. I will have to check whether AlienVault charges per device, user, or log."

"We are using a free version of the solution. If you purchase a license there are more features available but the price is a little high. The solution should be cheaper to allow more customers to be able to afford it."

"OSSIM is free."

"The tool's licensing costs are yearly."

"The solution is open source, so it's free to use."

"The price of AlienVault OSSIM is too high sometimes for us to present to our customers. The price should be lower. We are on a three-year license to use the solution. We had to pay extra for the support."

More AlienVault OSSIM pricing and cost advice

"AlienVault is flexible on their pricing for unlimited licenses."

"The pricing is a good value. The key thing is that for the new product, the licensing of it, is subscription-based and it's based on data. Clients need to be really careful when thinking about that, because odds are they're going to need to put a lot more data into it than what they initially estimate, which is going to drive their subscription costs up."

"So far, I feel the product's pricing is a good value. The technology is decent. You get what you pay for. I think it's fair."

"The ROI is quite good."

"Do the one month trial and try to work out the kinks during it, as it has free support and service hours."

"I don't know exactly, but I know it is based on the number of logs and the retention duration, such as 30 days or something like that. So, the smallest package is about 500 a month for 30 days of logs. There is a virtual machine. You need resources for it. It is a log collecting VM. They provide the software, and you just have to load a virtual machine. So, you're going to incur some CPU RAM and storage for wherever this log collecting appliance is running, which typically is in our cloud and on our platform for the customer."

"It's affordable for most customers."

"The licensing fees are dependent on usage."

More USM Anywhere pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

850,760 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

17%

Comms Service Provider

11%

Financial Services Firm

University

Computer Software Company

20%

Financial Services Firm

Comms Service Provider

Educational Organization

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about AlienVault OSSIM?

Asset discovery is good.

See all answers

What is your experience regarding pricing and costs for AlienVault OSSIM?

It depends. I would need to review their cost models, but generally, they are on a scaled basis based on throughput usage. Because it's a software as a service solution for their core product for U...

See all answers

What needs improvement with AlienVault OSSIM?

Scaling for USM is always challenging for any product unless it is purpose-built or overbuilt at the front end. They will use Palo Alto and its competitors, and LevelBlue will manage that implement...

See all answers

What do you like most about AT&T AlienVault USM?

The most valuable feature of the solution is the ease of deployment that it provides to users. The integrations that the product has with third-party applications are useful.

See all answers

What is your experience regarding pricing and costs for AT&T AlienVault USM?

The pricing is amazing and really cheap.

See all answers

What needs improvement with AT&T AlienVault USM?

There are scalability issues due to a 60 TB limit, which restricts its use for large customers like banks. It is also limited when used with bigger products and has complex password requirements.

See all answers

Comparisons

Wazuh vs AlienVault OSSIM

Compared 79% of the time

Elastic Security vs AlienVault OSSIM

Compared 4% of the time

Splunk Enterprise Security vs AlienVault OSSIM

Compared 2% of the time

Rapid7 InsightIDR vs AlienVault OSSIM

Compared 2% of the time

Microsoft Defender XDR vs AlienVault OSSIM

Compared 2% of the time

More AlienVault OSSIM Competitors

Splunk Enterprise Security vs USM Anywhere

Compared 13% of the time

Wazuh vs USM Anywhere

Compared 11% of the time

Rapid7 InsightIDR vs USM Anywhere

Compared 10% of the time

IBM Security QRadar vs USM Anywhere

Compared 9% of the time

CrowdStrike Falcon vs USM Anywhere

Compared 8% of the time

More USM Anywhere Competitors

Product Reports

Buyer's Guide

AlienVault OSSIM

May 2025

Download AlienVault OSSIM product report

Buyer's Guide

USM Anywhere

April 2025

Download USM Anywhere product report

Also Known As

OSSIM

AT&T AlienVault USM, AlienVault, AlienVault USM, Alienvault Cybersecurity

Overview

AlienVault OSSIM, Open Source Security Information and Event Management (SIEM), provides you with a feature-rich open source SIEM complete with event collection, normalization and correlation. Launched by security engineers because of the lack of available open source products, AlienVault OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.

AT&T

USM Anywhere centralizes security monitoring of networks and devices in the cloud, on premises, and in remote locations, helping you to detect threats virtually anywhere.

Discover

Network asset discovery
Software & services discovery
AWS asset discovery
Azure asset discovery
Google Cloud Platform asset discovery

Analyze

SIEM event correlation, auto-prioritized alarms
User activity monitoring
Up to 90-days of online, searchable events

Detect

Cloud intrusion detection (AWS, Azure, GCP)
Network intrusion detection (NIDS)
Host intrusion detection (HIDS)
Endpoint Detection and Response (EDR)

Respond

Forensics querying
Automate & orchestrate response
Notifications and ticketing

Assess

Vulnerability scanning
Cloud infrastructure assessment
User & asset configuration
Dark web monitoring

Report

Pre-built compliance reporting templates
Pre-built event reporting templates
Customizable views and dashboards
Log storage

LevelBlue

Sample Customers

Council Rock School District

Abel & Cole, Bank of Ireland, Bluegrass Cellular, CareerBuilder, Claire's, Hays Medical Center, Hope International, McCurrach, McKinsey & Company, Party Delights, Pepco Holdings, Richland School District, Ricoh, SaveMart, Shake Shack, Steelcase, TaxAct, Taylor Morrison, Vonage and Zoom

Buyer's Guide

AlienVault OSSIM vs. USM Anywhere

April 2025

Free Report: AlienVault OSSIM vs. USM Anywhere

Find out what your peers are saying about AlienVault OSSIM vs. USM Anywhere and other solutions. Updated: April 2025.

DOWNLOAD NOW

850,760 professionals have used our research since 2012.

See our AlienVault OSSIM vs. USM Anywhere report.

See our list of best Security Information and Event Management (SIEM) vendors.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.