AT&T AlienVault USM Review

It has a lot of capabilities, but make sure there’s someone that can devote daily time to it.


What is most valuable?

  • Correlation
  • Customization

How has it helped my organization?

No, but that’s not really their fault, rather ours. I think this has a lot of valuable functions that really could be leveraged quite nicely.

What needs improvement?

They have the advantage of having a large community that uses the free version, and they really could use this as a sort of beta testing population for new releases. Yet, a lot of the releases break things that are used. I think they need to do more QA before releases. For example, I have custom rules written for the Suricata function. Some releases ago, there was a code change and now every single update requires that I reinstall the custom rules, and I am still waiting for the fix. They need to either stop allowing customization (which would be a mistake) or they need to embrace that a majority of their customer base does this and put in safe guards. I understand putting in limits to what’s supported, but simple things like this are part of the appeal of the product. Another example is that a few releases back, they broke the Nagios availability monitoring portion. All the functionality to watch your systems is there, and of course, I used it. When it broke, support told me it was really only meant to watch the AlienVault system itself, yet the entire interface is there, the options to enable the monitoring on hosts is there. I believe, first of all, that what I was told was wrong as availability monitoring is one of the core functions AlienVault touts, and secondly, that they need to be more careful with testing before releasing updates. It took like twp more updates before the functionality was restored.

For how long have I used the solution?

I've used it for three years.

What do I think about the stability of the solution?

Some, but they are hard to pin down. This is a system that has a lot of things that can stop working, and unless you are paying close attention, to the background processes, you would never realize it.

How are customer service and technical support?

Some people are excellent, and others not so much. They also seem to sometimes have conflicting information. I often rely more on the community for answers than I do on support, depending on the issue.

Which solution did I use previously and why did I switch?

We didn't have anything in place previously.

How was the initial setup?

We had a consultant that was provided by AlienVault, which was great. Otherwise, it would have been a little confusing and though they have made improvements in the documentation, it was horrible initially.

What's my experience with pricing, setup cost, and licensing?

Fair for all of the capabilities it has.

Which other solutions did I evaluate?

We looked at some but I can't remember which ones.

What other advice do I have?

It has a lot of capabilities, but make sure there’s someone that can devote daily time to it and that there is buy in from all segments, or a majority of the capabilities become pointless.

**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
More AT&T AlienVault USM reviews from users
...who work at a Financial Services Firm
...who compared it with McAfee ESM
Find out what your peers are saying about AT&T, Splunk, LogRhythm and others in Security Information and Event Management (SIEM). Updated: July 2021.
523,535 professionals have used our research since 2012.
Add a Comment
ITCS user
Guest
1 Comment

author avatarTami Andrews (AlienVault)
Real User

Thank you for the feedback you've provided on your experience with using USM.