Illumio ASP vs AlienVault USM For Continuous Security Monitoring

Last updated by UpGuard on November 1, 2018

It's been said many times before, but is always worth repeating: enterprises need a layered approach to security for combating today's cyber threats. Illumio ASP and AlienVault USM provide just that: working in conjunction with traditional security solutions like firewalls and IDS/IDPS solutions (or in USM's case, providing its own), the two platforms further smooth the attack surface area with features such as policy-based controls, security analytics, and crowd-sourced threat intelligence, among others. Let's see how they stack up in this comparison.

Illumio Adaptive Security Platform (ASP)

Illumio—as its name implies—focuses around what the firm refers to as "illumination," or the understanding and visualizing of application and workload relationships. modeling/testing security policies, and identifying/alerting on threats behind the firewall. Illuminations essentially creates a live interactive map of all application traffic, displaying any policy violations across data centers.


Illumio ASP dependency modeling. Source:

Additionally, Illumio ASP shifts its security focus on workloads as opposed to environments. Agents are installed on all managed nodes, applying policies to workloads from the policy engine. This gives firms an agile and resilient security model, effectively delivering network security without the network.

AlienVault Unified Security Management (USM) Platform

Alienvault USM packs a myriad of security tools and capabilities into one comprehensive platform: SIEM, Host-based Intrusion Detection Systems (HIDS), Network IDS, Wireless IDS, automated asset discovery, vulnerability scanning, netflow analysis, and log management, among others.

AlienVault USM dashboard. Source: AlienVault.

Crowdsourced security intelligence is a central component of AlienVault USM, as the platform utilizes what is purportedly the world's largest crowdsourced threat data networkthe AlienVault Open Threat Exchange— for informing its security mechanisms.

Side-By-Side Scoring: Illumio ASP vs. AlienVault USM

1. Capability Set

Illumio breaks with infosec tradition by focusing on workload-based, policy-driven security; as such, the product does not offer typical features such as firewalling or packet analysis. The firm is for the most part betting the bank on "illumination" while AlienVault USM features a wide variety of common enterprise security tools rolled into one offering. The latter features crowdsourced security data provided by the AlienVault OTE for ongoing, continuously updated threat intelligence. 

Capability Set
Illumio ASP score_3
AlienVault USM score_5


2. Ease Of Use

AlienVault USM's web-based management GUI is logically laid out and organized, with every page customizable and interactive. Setup is wizard-driven, from getting the main appliance up and running to pushing out agents to all devices under management. Illumio ASP uses a non-traditional approach to security and may present a steeper learning curve.

Ease Of Use
Illumio ASP score_3
AlienVault USM score_5


3. Community Support

A search on AlienVault USM yields more customer-based resources and discussions online than Illumio ASP. This isn't surprising, as the latter is marketed (and priced) as an SMB solution and has been on the market longer. That said, both solutions are commercial products with ample vendor-provided support resources available on each company's respective website. AlienVault in particular has a vibrant, active customer base/following, and its community web forums are a common source of knowledge around its suite of offerings.

Community Support
Illumio ASP score_3
AlienVault USM score_5


4. Security and Surface Attack Probability

Illumio ASP has no documented vulnerabilities per the CVE database, while AlienVault USM has 1. Additionally, USM's built-in SIEM is based on the Open Source Security Information Management (OSSIM) platform, which itself has 21 CVE entries.

Earlier this year, Alienware's perceived slow reaction time to reported XSS, SQLi, and command execution vulnerabilities in the USM product made some headlines.

Illumio ASP score_5
AlienVault USM score_2


5. Release Rate

Though founded in 2013, Illumio has only had about a year on the market thus far with its ASP offering. AlienVault USM released its 5.2 version in October 2015 and its venerable OSSIM SIEM tool is currently at version 5.0.3.

Release Rate
Illumio ASP score_3
AlienVault USM score_4


6. Pricing And Support

Again, AlienVault is designed to be an all-in-one security solution—and is priced for SMBs and mid-market organizations looking to receive as much bang for the buck. Pricing starts at around $3,900 per appliance. Illumio ASP is priced per virtual enforcement node/per use, so overall pricing can get costly in large environments.

Pricing and Support
Illumio ASP score_3
AlienVault USM score_4


7. API and Extensibility

Illumio ASP provides a RESTful API for automating security deployments, integrating with tools like Puppet, Chef, and Ansible for remediation. AlienVault USM also provides an open API—or what it calls its Open Extension API—for integrating additional data sources and vendor devices.


API and Extensibility
Illumio ASP score_5
AlienVault USM score_5 


Top 10 Red Hat Linux Security Checks


8. 3rd Party Integrations

Much of AlienVault USM and OSSIM's functionality comes from 3rd party integrations; open source tools like Snort, nmap, Ntop, and OCS, among others give the platform considerable breadth in security monitoring capabilities. As with most startups, Illumio has approached 3rd party integrations on a case-by-case basis—with the most recent being support for Docker in the Mesosphere Data Center OS (DCOS).


3rd Party Integrations
Illumio ASP score_4
AlienVault USM score_5


9. Bug Bounty Program

Neither Illumio or AlienVault have instituted bug bounties, despite leadership's admission that bug bounties "are probably a good idea."

Bug Bounty Programs
Illumio ASP score_0-10
AlienVault USM score_0-10


*Update (2/22/2017): Illumio now has a bug bounty program in place.


10.  Companies That Use It

Illumio counts Morgan Stanley, Plantronics, Creative Artists Agency, Yahoo, and NTT I3 as some of its customers. AlienVault USM customers include Ubisoft, Pepco Holdings, Peets, The New York Times, and a legion of SMBs.

Companies That Use It
Illumio ASP score_5
AlienVault USM score_5 


11.  Platform Supported

Illumio ASP supports both Windows and *nix-based workloads in any hypervisor/cloud environment, while AlienVault USM has rather specific requirements for its security appliance. Specifically, its virtual appliances are only supported on VMware ESXi 4.x/5x.

Platforms Supported
Illumio ASP score_5
AlienVault USM score_5


12.  Learning Curve

Networking and security professionals with some experience managing basic security tools like SIEMs and HIDS will find AlienVault USM easy to comprehend. In contrast, Illumio ASP's novel approach to security has a steeper learning curve—because the platform enables nano-segmentation of enterprise applications down to individual processes on workloads, learning how to fine-tune and configure this security minutiae is no trivial task.

Learning Curve
Illumio ASP score_3
AlienVault USM score_5


Scoreboard and Summary

The following is the scoreboard for Illumio ASP vs. AlienVault USM based on the 12 criteria listed above:


Illumio ASP

AlienVault USM

Capability Set  score_3 score_5
Ease Of Use  score_3 score_5
Community Support  score_3 score_5
Security score_5 score_2
Release Rate  score_3 score_4
Pricing And Support  score_3 score_4
API and Extensibility  score_5 score_5
3rd Party Integrations score_4 score_5
Bug Bounty Program  score_0-10 score_0-10
Companies That Use It score_5 score_5
Platforms Supported score_5 score_3
Learning Curve score_4 score_5
Total 42 48
Average Score score_4 score_4


In summary, AlienWare USM is appropriate for budget-minded organizations in need of a competent, comprehensive platform for continous security monitoring. On the other hand, Illumio ASP can provide enterprises with existing/traditional security mechanisms already in place with a dynamic, declarative software-based protection layer to further smooth the attack surface. In either case, for continuous security monitoring and vulnerability assessment, ScriptRock is the platform to beat. Try it today, the first 10 nodes are on us. 


Get your free Continuous Security Ebook