AT&T AlienVault USM Review

Incoming alarms provide an overview of suspicious traffic going through the network


What is our primary use case?

We are an MSSP. We have a distributed environment that spans multiple networks and customers in various locations. We have one federated that receives information from all of our children servers deployed at customer locations.

How has it helped my organization?

AlienVault has provided a nice, unified system for monitoring and reporting.  Since we use this for customer security services, the vulnerability scans have come in handy for overall system health checks, for making sure customers aren't vulnerable to known attacks.

What is most valuable?

The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure.

What needs improvement?

The UI and overall processes need a little bit more love. The development job postings have the requirement, for prospective candidates, of "values progress over perfection". This shows in the error banners that come up when you select certain things. There isn't a day that goes by that the UI doesn't error out and I can't view events for an alarm. It's nice that they have new features rolling, keeping up with demand, but fixing the events/alarm database errors would be nice too.

The reporting tools are a bit lacking for building reports to give directly to customers, but support has been helpful in giving our requests for new features to the development team and following up with us.

Network Breach

We have not, but being a 24/7 SOC we have someone checking at all hours.

Efficiency of Security Team

Yes.

Events per Day

500,000.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

No issues with scalability.

How is customer service and technical support?

AV support has never been anything less than amazing.

Which solutions did we use previously?

We did not use anything else prior. We tried the free version of AV then decided to go with the paid option and become an MSSP, since it fit our company needs for the right price.

How was the initial setup?

Straightforward, once going through a course.

What about the implementation team?

In-house.

What's my experience with pricing, setup cost, and licensing?

Our company normally handles everything from setup to configuration, refinement, and monitoring. We are an MSSP so we all handle this for the customer when they inquire about services.

Which other solutions did I evaluate?

No, AlienVault fit what we needed for the phase we were in with the SOC.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 Comment
Tami AndrewsVendor

Thank you Layla for your time to review AlienVault USM and for your candid feedback!

16 July 18
Guest
Sign Up with Email