What is our primary use case?
As a product-agnostic Managed Security Services Provider (MSSP), AlienVault USM is one of several SIEM solutions we utilize in our Security Operation Center (SOC). We deploy, manage, and monitor the solution for other clients, and we use it for ourselves. As do most SIEMs, AlienVault allows us a central location to monitor the cybersecurity of an IT environment. It's impossible to avoid 100% of attacks, so after setting up defenses, the next best thing is to have 24/7 eyes-on-glass to be able to quickly respond to incidents as they happen.
How has it helped my organization?
As stated before, the solution allows us to continuously detect cybersecurity incidents that may occur throughout our environment.
What is most valuable?
AlienVault USM Anywhere has a modern, user-friendly, and intuitive GUI, making it easy to use. It is a cloud-based solution that is easy to deploy and easy to scale as well. On top of having built-in support with several technologies, AlienVault USM Anywhere has an API that allows you to develop additional plugins if necessary.
What needs improvement?
Although they use machine learning, the algorithms that they use are graph-based. Their AI/ML capabilities could be improved a bit.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
The solution is very stable.
What do I think about the scalability of the solution?
It's a cloud-based solution so it's easy to scale.
How is customer service and technical support?
In our experience, AlienVault has good customer service.
Which solutions did we use previously?
I did use other solutions with different clients, and we do so now. We find AlienVault to have the best price to performance value. There are better solutions, but the price is reflected.
How was the initial setup?
It's straightforward and relatively easy for someone who is tech-oriented.
What about the implementation team?
What was our ROI?
It's difficult to judge the ROI on cybersecurity, but just look at the news to see the cost of breaches and how detrimental they could be.
What's my experience with pricing, setup cost, and licensing?
As stated before, I believe this is the best SIEM solution for its value, especially for SMB.
Which other solutions did I evaluate?
Yes, I myself have had experience with IBM QRadar, Splunk Enterprise, and Logrhythm, but my company has experience with several others.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Oct 29 2018