AT&T AlienVault USM Review

I can easily check all logs and data in relation to attacks in one place

What is our primary use case?

My company wanted to get software which would be able to monitor resources in AWS, mainly IDS in one cumulative GUI, then add extra requirements with AlienVault match. 

How has it helped my organization?

From my perspective, it saves me about two to seven hours weekly. Now, I can easily check (in one place) all the logs and data in relation to attacks. It also gives me an overview if a server is not configured properly.  

What is most valuable?

  • Centralized logs: All the details are in one place. This is helpful if you have over 100 servers.
  • Centralized IDS: We need this as we are able to see what is happening in (almost) real time.

What needs improvement?

  • Plugins could be better utilized, as some of them do not recognize all logs.
  • We could add little more customization to dashboards.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Everything has worked fine since we have had this tool.

What do I think about the scalability of the solution?

We have been adding more servers, and it has been working. We have run out of storage space once or twice, so we had to check and choose which logs that we needed to minimize this problem.

How are customer service and technical support?

It has very good customer service. I have opened about five cases. They were ones which I did not have time to search or could not find information on the support website.

Which solution did I use previously and why did I switch?

I previously worked with Nagios, SolarWinds, and Big Brother. Though, this was at a different company. 

These products did not match the requirements in AWS at the time that we were getting AlienVault.

How was the initial setup?

Setup required time. It will take time to set it up and utilize it at a percentage with which you will be satisfied. 

It was easy on PoC, but when we got to the product it was different story. We had to learn the product again and got feeling that the PoC was a different product.

Which other solutions did I evaluate?

We were also looking at LogRhythm, Splunk, and few others. We decided on AlienVault, as they had a nice presentation (which told us what we wanted to hear) and the PoC proved it could do what we needed.

What other advice do I have?

Check other products, do POC as change from one to other get be very pricey and time consuming. Also training of people and changes cost lots of resources and not all employees like such changes every year.

Which version of this solution are you currently using?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More AT&T AlienVault USM reviews from users
Find out what your peers are saying about AT&T, Splunk, LogRhythm and others in Security Information and Event Management (SIEM). Updated: January 2021.
457,459 professionals have used our research since 2012.
Add a Comment
1 Comment

author avatarTami Andrews (AlienVault)

Thank you Patrick for your time to review AlienVault USM and for your candid feedback!