The LevelBlue USM Anywhere XDR platform (replacing the former AlienVault USM) delivers threat detection, incident response, and compliance management.
$1,075
per month
Mandiant Advantage Threat Intelligence
Score 8.8 out of 10
Enterprise companies (1,001+ employees)
Since 2004, Mandiant has been a partner to security-conscious organizations. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instills confidence in their readiness to defend against and respond to cyber threats.
N/A
Pricing
LevelBlue USM Anywhere
Mandiant Advantage Threat Intelligence
Editions & Modules
Essentials
$1,075
per month
Standard
$1,695
per month
Premium
$2,595
per month
No answers on this topic
Offerings
Pricing Offerings
LevelBlue USM Anywhere
Mandiant Advantage Threat Intelligence
Free Trial
Yes
Yes
Free/Freemium Version
Yes
Yes
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
Optional
Optional
Additional Details
—
Priced by company size
More Pricing Information
Community Pulse
LevelBlue USM Anywhere
Mandiant Advantage Threat Intelligence
Features
LevelBlue USM Anywhere
Mandiant Advantage Threat Intelligence
Endpoint Security
Comparison of Endpoint Security features of Product A and Product B
LevelBlue USM Anywhere
-
Ratings
Mandiant Advantage Threat Intelligence
7.2
Ratings
0% below category average
Infection Remediation
00 Ratings
7.20 Ratings
Threat Intelligence
Comparison of Threat Intelligence features of Product A and Product B
AlienVault Unified Security Management (USM) Anywhere is a cloud-based security information and event management solution that provides effective and affordable threat detection, incident response, and compliance management capabilities. USM Anywhere is well suited to mid-size enterprise environments operating in the cloud. USM Anywhere is also well suited to enterprises whose operations teams require easy deployment and management. Last, USM Anywhere is considered a highly affordable option compared to competitors. USM Anywhere lags competitors in several areas, such as application monitoring, database monitoring, and integrations with third-party solutions such as cloud access security brokers (CASB), DAM, DAP, and DLP.
Mandiant Advantage Threat Intelligence is well suited to data enrichment tasks and surfacing additional potential indicators of compromise based on observables found in an environment. Difficulties arise if the given data is classified in multiple platform modules, each requiring a different subscription. When tracking an indicator of compromise and wanting to see what actors it relates to and further understand the actor, you often end up with one side of the data or the other. IOCs with little campaign context or actor details with no tactical data.
The USM platform provides the essential security capabilities that work together for a fast and cost-effective way for organizations to have complete visibility into the security of their environment.
With the information gathered during asset discovery, USM will correlated that information with known vulnerabilities for continuous vulnerability awareness. In addition, USM contains an active scanner capable of scanning for over 30,000 known vulnerabilities.
To give better visibility into your network, and possibly detect intrusions that don’t follow behavioral patterns, we offer Netflow information, bandwidth monitoring, and traffic capture, all part of our behavioral monitoring capabilities built into USM.
USM Anywhere doesn't allow you to multi-home sensors. So if you have non-routable networks, you'll need to investigate the on-premise solution too.
You have to be on top of tuning else a constant stream of alerts will cause your SOC staff to begin ignoring alarms.
You have to be on top of tuning else you'll eat your allotment of storage for that month. It is really easy to exceed your storage quota if you don't proactively monitor log sources. USM could do a better job letting you know if a log source is too chatty.
The centralized logging and retention for PCI compliance was our main driver, and it is meeting that need. Otherwise there has been enough frustration with the lack of documentation and the need to customize through the CLI that I would be open to alternatives.
Once you are able to navigate the different panels, finding what you need is quite easily. Before getting used it it can be a bit of challenge . Each panel is quite well laid out and the filtering search capabilities are quite strong.
Mandiant Advantage Threat Intelligence is a great cyber intelligence service with a great team of professional analysts. They provide quick responses to queries or incidents that require further investigation or information. Additionally, they provide personalized treatment as well as monthly meetings to coordinate teams. We have high reliability in the results obtained, as well as a large number of daily reports and trends.
We do have issues with maintenance on the AlienVault USM as the disk fills up from time to time with other data sources. Sources for scanning logs and net flow data isn't calculated in regular disk maintenance and can easily fill up our disk if we do not keep an eye on it with some custom Nagios plugins. The system does properly trim logging data from logging sources properly.
With the latest release of AlienVault USM overall performance has not been an issue. We have noticed single source events per second does not scale well with the overall system. 2,000eps on a vmware system with a single source produces delays of up to an hour for us. Pages, reporting and even raw log searches are rather quick though.
Support is friendly but response time has been spotty. Also initially when we signed up there was a lot of pointing us at the documentation, which has been spotty and ad-hoc for what is supposed to be a commercial product. Overall the feel of AlienVault and the support has been of a very new and startup company that is trying to grow up out of it's open source roots, and I'm not sure if they've totally been able to make the transition to being able to meet the expectations of the enterprise customers.
I did not have any experience with "in person" training directly. The free online classes offered for a half a day are based on the actual training offered. These little teasers are very good and well worth your time to learn a few quick and dirty ways of getting more information from your SIEM
The instructor gave detailed overview and went through the labs before allowing us to attempt using them. I enjoyed the balance of time and level of instruction received. The content went deeper that usual and the lab environment was easy to use and all results were consistent. I came away from the course knowing more than i did if I had just read the course notes.
AlienVault USM was a very simple to implement and get up and running. We started with a trial version and had that up and going within an hour of receiving email instructions from the sales engineer. We never had to contact support to get the system up and going. It was extremely easy to convert over to a full license once we started with a paid version.
The cost of AlienVault is what sold us on AlienVault. However, considering the amount of time and effort that has gone into getting it set up and realizing that views and reports cannot be shared across groups makes it not worth the savings.
There are multiple SaaS based players offering Threat Intel. But Mandiant TI has the following features which makes it one of the best among the competitors: 1.It understands recent actor, malware or vulnerability trends making it very easy for the analysts to do the research 2.Threat Profiling of the organization and setting the rules proactively hunt threat actors targeting the organization. 3.Accelerating the threat response by prioritizing the threats that matter most helping the analysts priortize the threats. 4.Access threat intelligence via the platform, the browser plugin or APIs
The AlienVault USM is not very scalable. Some scalability can be achieved by installing additional sensors, but this only offers 500eps per sensor and is still overall limited by the installation type of VM or physical. We have also noticed the EPS (events per second) is rated overall and not towards a single source. A single source on a very healthy VMware partition tops out at 2,000eps for us, no matter how we configure it. Maybe this is a problem of the 5.2 release?
Once you hit the 150 asset mark, you have to jump to their unlimited license. There is no middle ground. We were only 10 or so assets above the 150 so we had to chose to either not monitor those assets or pay the price of the upgrade.
AlienVault brings all the information to one place which makes it much quicker to track down problems.
