AT&T AlienVault USM Review

I can easily check all logs and data in relation to attacks in one place


What is our primary use case?

My company wanted to get software which would be able to monitor resources in AWS, mainly IDS in one cumulative GUI, then add extra requirements with AlienVault match. 

How has it helped my organization?

From my perspective, it saves me about two to seven hours weekly. Now, I can easily check (in one place) all the logs and data in relation to attacks. It also gives me an overview if a server is not configured properly.  

What is most valuable?

  • Centralized logs: All the details are in one place. This is helpful if you have over 100 servers.
  • Centralized IDS: We need this as we are able to see what is happening in (almost) real time.

What needs improvement?

  • Plugins could be better utilized, as some of them do not recognize all logs.
  • We could add little more customization to dashboards.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Everything has worked fine since we have had this tool.

What do I think about the scalability of the solution?

We have been adding more servers, and it has been working. We have run out of storage space once or twice, so we had to check and choose which logs that we needed to minimize this problem.

How is customer service and technical support?

It has very good customer service. I have opened about five cases. They were ones which I did not have time to search or could not find information on the support website.

Which solutions did we use previously?

I previously worked with Nagios, SolarWinds, and Big Brother. Though, this was at a different company. 

These products did not match the requirements in AWS at the time that we were getting AlienVault.

How was the initial setup?

Setup required time. It will take time to set it up and utilize it at a percentage with which you will be satisfied. 

It was easy on PoC, but when we got to the product it was different story. We had to learn the product again and got feeling that the PoC was a different product.

Which other solutions did I evaluate?

We were also looking at LogRhythm, Splunk, and few others. We decided on AlienVault, as they had a nice presentation (which told us what we wanted to hear) and the PoC proved it could do what we needed.

What other advice do I have?

Check other products, do POC as change from one to other get be very pricey and time consuming. Also training of people and changes cost lots of resources and not all employees like such changes every year.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 Comment
Tami AndrewsVendor

Thank you Patrick for your time to review AlienVault USM and for your candid feedback!

16 July 18
Guest
Sign Up with Email