AT&T AlienVault USM Review

​The integration of IDS and OSSEC is valuable as it enables correlation between Network IDS events and host system event logs


What is most valuable?

The integration of IDS and OSSEC is valuable as it enables correlation between Network IDS events and host system event logs.

How has it helped my organization?

AlienVault USM has improved how we manage events and incidents in our infrastructure. With AlienVault we are able to respond to incidents and take necessary action faster than we could before without the solution in place.

What needs improvement?

Some customizations with the integration between AlienVault components have room for improvement and enabling users with WebUI interfaces instead of having to edit configuration files on the system to achieve certain actions would be a good improvement.

For how long have I used the solution?

Three years.

What do I think about the stability of the solution?

No issues with instability has been encountered in our environment.

What do I think about the scalability of the solution?

No issues with scalability has been encountered in our environment.

How are customer service and technical support?

The AlienVault Technical support is good and has helped out several time with some really specific configurations in our environment.

Which solution did I use previously and why did I switch?

We used an outsourced MSSP solution but we needed to get the solution in-house in order to better integrate with our datacenters and systems and comply with financial regulatory and PCI-DSS requirements.

How was the initial setup?

The initial setup was straightforward and quite easy to setup. Requires Linux knowledge to manage but given that we use Linux for our critical infrastructure services it was no problem for us.

What's my experience with pricing, setup cost, and licensing?

We chose AlienVault partly do the the many features and functionalities that was bundled with the product to the pricing and licensing models that was offered. Many other solutions did not have the full spectrum of features but was significantly more expensive so we would have been forced to get additional solutions to cover all our requirements. With AlienVault we got a all-in-one solution that covered our needs.

Which other solutions did I evaluate?

We had a look at the current offerings at that time, including Tripwire, McAfee, SourceFire, etc., but concluded that we would get the best-bang-for-the-bucks with AlienVault solution

What other advice do I have?

As with any Security solution, you still need to have knowledgeable people to manage the solution and the solution is not a silver-bullet that takes care of all your issues without being properly managed. Make sure you have the necessary knowledge and headcount to use the solution before implementing this or any other solution. With Security, the most of the cost is in OPEX, not CAPEX, so make sure you have the necessary expertise to operate the solution as efficiently as possible.

Which version of this solution are you currently using?

5.2.5
**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
More AT&T AlienVault USM reviews from users
...who work at a Financial Services Firm
...who compared it with McAfee ESM
Find out what your peers are saying about AT&T, Splunk, LogRhythm and others in Security Information and Event Management (SIEM). Updated: July 2021.
522,946 professionals have used our research since 2012.
Add a Comment
ITCS user
Guest
1 Comment

author avatarTami Andrews (AlienVault)
Real User

thanks for your feedback.