AT&T AlienVault USM Review

We used to have to monitor and review logs for each device, now everything comes into AlienVault and it alerts us when we need to respond.


How has it helped my organization?

We used to have to monitor and review logs for each device. Now, everything comes into AlienVault and it alerts us when we need to respond. We now have real-time monitoring 24x7x365 using an in-house team.

What is most valuable?

The ease of use and customization. The USM is a work horse, no matter what devices or the number of logs we throw at it, the system processes them in real time, correlates the events, and alerts on only events that need human review.

What needs improvement?

The one thing I continue to dislike about the USM is the limitation on reports. Hard to get what you need in a report and once you do, there is no control over the formatting.

What do I think about the stability of the solution?

There used to be some issues with database stability in versions pre 5.x but the database has since been tuned and rock solid since.

What do I think about the scalability of the solution?

The only issue I have run into with scalability is the 1TB limit for raw log storage. When you collect as many logs as I do you need additional space to keep logs for compliance.

How is customer service and technical support?

Customer Service:

I give customer service five stars, they are always available and very helpful.

Technical Support:

Technical support gets 4 1/2 stars. Like any support, it varies on the person that gets your ticket.

Which solutions did we use previously?

I have used many solutions with different companies but always move to AlienVault. You get so many more features for the money. AlienVault always comes in way less in price than any other solution.

How was the initial setup?

Initial install is easy, the complexity only comes in as you start to add logs to the system to collect. If you do not take the time to plan out your installation and get a complete list of devices to collect from you could run into issues.

What about the implementation team?

We implemented using our in-house team.

What was our ROI?

We are able to monnitor 24x7x365 with minimal staffing. Once it is tuned you only get the alerts you need to see. We used to have to monitor and review logs for each device. Now, everything comes into AlienVault and it alerts us when we need to respond.

What's my experience with pricing, setup cost, and licensing?

Have a look at how AlienVault does Events Per Second (EPS) compared to others. Most other products charge based on EPS, the more events the more you have to pay. This causes most companies to limit the amount of logs sent and processed. AlienVault charges by the number of devices managed. You can send anything and everything to the USM. The more logs you can process the better correlation you will have. I have found that companies that limit their logs and then have a security incident would have been able to identify the attack if they would have been monitoring all events in their logs.

Which other solutions did I evaluate?

Splunk, QRadar, LogRythm, etc.

What other advice do I have?

If you are thinking about a solution, give their free product OSSIM a try and once you see all it does you will want to upgrade to the commercial USM to get even more.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 Comment
Tami AndrewsVendor

Thank you Karl for your time to review AlienVault USM and for your candid feedback!

16 July 18
Guest
Sign Up with Email