What is our primary use case?
We were trying to get into the security market to be able to offer something to our clients who are asking for a monitoring event management system. We started looking at what we could offer as an MSP to our clients; that's what drove us into evaluating different SIEM products, to get a better understanding of how the billing is set up as a partner. Alien Vault had the best set up for MSPs — the way they are set up for billing and the way they set up their USM account.
What is most valuable?
The reason why we went with AT&T AlienVault USM, was because we liked their reporting capability a little better than some of the other ones we evaluated; however, the biggest draw for us was how AT&T has their MSP program set up. In most cases, you have to buy a certain number of either agents or sensors which are, more or less, the program. With an MSP, our clients don't have to buy any — there are no minimum requirements. Alien Vault provided us with really good worksheets to detail the number of sensors needed when we are in negotiations with prospective clients. We can also use them to determine the number of devices that are going to be monitored, and how we can tailor the customer setup based on what the customer requirement is.
The other big selling feature for us was its integration capabilities with all the other security-based products, not just security-based, but application settings in general. It works with Google Drive, Gmail, and Microsoft 365. It also works with different antivirus software from Proof Point to Okta — all of the different pieces of applications that we normally provide as a best practice to our clients. This software can interact with them all and pull the event data and the security data from all of these different applications, and more.
What needs improvement?
I'd like to see a dashboard that's a little more descriptive. We can customize the dashboards, but the out-of-the-box dashboards are kind of bland. Since we give our customers access to their dashboards, it would be nice if they were a little bit more intuitive. We can go easily drill into it and show them everything, but the customer just sees the writing on the page.
I'd like to see them dress up their out-of-the-box dashboard a little bit. We have the ability to do a lot of that.
Since they have this image — they have a strong MSP program. I would love to see them allow branding, which they don't at this point.
For how long have I used the solution?
We deployed the demo roughly eight months ago.
What do I think about the stability of the solution?
AT&T AlienVault USMIt's has been very stable.
How are customer service and technical support?
Their support has been stellar, any issues that we had with trying to get it configured or trying to interpret instructions, we could just make a quick phone call and they were there to help us.
How was the initial setup?
I'd say it was kind of in the middle, complexity-wise. It's actually fairly easy to deploy a new client.
What's my experience with pricing, setup cost, and licensing?
It's competitive with other similar solutions; however, I don't do the billing so I can't properly comment on it.
What other advice do I have?
Most of our clients are small to medium-sized businesses; they can't afford to go out and purchase a SIEM on their own. They're looking for us to provide something for them. This was why we provide HCZ cybersecurity and Alien Vault, etc.
If you're in an MSP and you're servicing small to medium-sized clients, this is definitely a product that you want to look at and evaluate. When we were doing our evaluations, we were looking at the applications that are supported out-of-the-box, without having to develop any special ATIs — we wanted a pre-built application that supported most of the applications that we use within our client base.
On a scale from one to ten, I would give this solution a rating of eight.
I'd like to see a little bit more work, out-of-the-box, regarding the dashboards. I'd like to see them provide us with branding capabilities, to be able to put our logos on the dashboard so that the client understands that it's coming from Ice Consulting instead of Alien Vault.
Which deployment model are you using for this solution?