LevelBlue (AlienVault USM)
Unified security management with built-in threat intelligence — AT&T cybersecurity business (including AlienVault) sold to LevelBlue joint venture in 2024
LevelBlue USM Anywhere (formerly AT&T AlienVault) delivers a fully integrated threat detection platform with unified SIEM, vulnerability assessment, intrusion detection, and threat intelligence in a single pane — purpose-built for mid-market organizations that cannot staff or budget for best-of-breed point solutions.
SWOT Analysis
- All-in-one SIEM + IDS + vulnerability management eliminates multi-tool integration overhead
- Open Threat Exchange (OTX) community provides real-time crowdsourced threat intelligence
- MSSP-ready with multi-tenant management console for managed security providers
- Rapid deployment — SaaS delivery eliminates infrastructure procurement and setup
- Independent operations under LevelBlue (AT&T/WillJam JV) provides focused cybersecurity investment
- Mid-market security consolidation — replacing 3–5 point tools with one platform
- MSSP growth as small and mid-size businesses outsource security operations
- OTX community expansion deepening collaborative threat intelligence differentiation
- New independence from AT&T allows faster product development and partnership flexibility
- Feature depth limited vs. enterprise SIEMs — advanced customization constrained
- Log ingestion volume limits can constrain high-data environments
- Detection quality requires OTX correlation — standalone rule engine less sophisticated
- Brand transition from AT&T AlienVault to LevelBlue creates market awareness challenges
- Microsoft Sentinel and Defender for Business provide integrated SIEM for M365 shops
- CrowdStrike and SentinelOne expanding into SIEM/log analytics from endpoint
- Rapid7 InsightIDR and LogRhythm targeting same mid-market SIEM segment
- Commoditization of SIEM-as-a-service reducing AlienVault's bundled value proposition
User Sentiment
Synthesized from G2, Gartner Peer Insights, and analyst review data.
- Single platform eliminates integration complexity between SIEM, IDS, and VM tools
- OTX community provides timely, community-validated threat intelligence at no extra cost
- Quick to deploy and operationalize — teams are detecting threats within days not months
- Cost-effective for mid-market — delivers enterprise capabilities at SMB-friendly pricing
- Log volume limits require careful source prioritization in high-traffic environments
- Customization of detection rules is limited compared to enterprise SIEMs
- Brand transition to LevelBlue creates support and account continuity questions
Pricing & TCO
Analyst-synthesized pricing signals — directional only, contact vendor for current terms.
Starting Price
$1,075/month for USM Anywhere Essentials
Typical ACV (Mid-Enterprise)
$13K–$75K
Market Segments
Deployment
Key Cost Drivers
- Assets monitored (servers, endpoints, network devices)
- Log events per second (EPS) tier selected
- Add-on modules: vulnerability scanning, compliance reporting
LevelBlue USM Anywhere (formerly AT&T AlienVault) is one of the most affordable all-in-one SIEM+IDS+VM platforms for mid-market — the Essentials tier provides strong value at a price point accessible for 100–500 employee organizations.
Full comparisonCustomer Profile
Typical segments
Typical buyer
IT Security Manager or MSSP SOC Manager at a 100–2,000 employee organization
- 1All-in-one SIEM + IDS + vulnerability scanning for lean security teams
- 2MSSP-managed threat detection across small-to-mid-size customer environments
- 3Compliance monitoring for PCI, HIPAA, and GDPR with built-in report templates
Future Focus Areas
AI-powered alert triage to reduce analyst workload on OTX-driven detections
Expanded SOAR capabilities to automate response for MSSP managed playbooks
Cloud security posture management integration for cloud workload visibility
Product investment acceleration now that LevelBlue operates as an independent cybersecurity company