What is our primary use case?
We use AWS for our application platform and wanted a SIEM that was easy to deploy as a service and that had functionality and integrations focused on AWS. We found AlienVault was the best on price vs features and the team at AlienVault worked hard to make sure we were happy during our on-boarding. Features are rolled out fast and issues addressed quickly. The integration of OTX out-of-box and at no additional cost was a real selling point and the AWS features made it a clear winner.
How has it helped my organization?
AlienVault USM Anywhere provides us with SIEM, at a low price-point and with a great array of functionality. SIEM is critical to our security operations and feeds incident response efforts and USM Anywhere enables us to filter the noise and concentrate the efforts of our small team on the real issues and threats.
What is most valuable?
AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the Cloud) is quick and easy. With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon Cloudwatch Logs. Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response. USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice.
What needs improvement?
We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
No major issues and problems are rectified quickly.
What do I think about the scalability of the solution?
Scales well, no on-prem requirement other than 1 sensor per network and these are cost-effective. AlienVault handles the performance and scalability for you for the backend.
How is customer service and technical support?
Technical support and very quick to respond and follow up well on issues.
How was the initial setup?
Very simple; follow a walk-through to deploy sensors and the back-end is provisioned for you by AlienVault.
What about the implementation team?
In-house deployment; simple to setup.
What's my experience with pricing, setup cost, and licensing?
Cost is very competitive and if your log ingestion is not huge, then you can get a SIEM for a small budget; AlienVault listen well to customers and work with you on the needs of your business.
Which other solutions did I evaluate?
Alert Logic, Cloud Passage and Event Tracker.
What other advice do I have?
Efficiency Of Security Team: Yes, a team of 2 managing a reasonable sized network has been achieved.
Events Per Day: 700,000
Which version of this solution are you currently using?