AT&T AlienVault USM Review

Makes it easy to aggregate, correlate, and view different security logs in a single place


What is our primary use case?

We use it to gain security visibility and to meet compliance.

We're not just a customer but we're a partner as well. We've deployed this into thousands of organizations and we continue to see that happening. It's a great tool.

How has it helped my organization?

It's really easy to aggregate and correlate and view several different security logs and several different data pieces in a single place. That's what allows us to see the security logs that we need to see to determine if there is something malicious on our network or not.

Also, aggregating the logs and putting them in a central place helps us to comply with certain regulations, the details of which I can't go into.

We have been able to use AlienVault to find critical vulnerabilities in our network and it has helped reduce the time it takes to respond to a threat.

What is most valuable?

The IDS and the threat intelligence are very useful. They are very intuitive and data-rich.

What needs improvement?

One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs. AlienVault has three components to it, a sensor, a server, and a logger. Sensors grab data, servers correlate data, and loggers store data. The logger can only hold so much data. If they improved that, that would help.

For how long have I used the solution?

More than five years.

What do I think about the scalability of the solution?

It has great scale. We have brought it into several publicly traded global organizations, with thousands of users. The users are anything from a CCO down to a network administrator.

For a large deployment like that, the number of our staff required depends on a few things but, generally, it would take one to three people. It also requires about three people for maintenance. Their roles would likely be anyone who is leading or managing an InfoSec team.

How is customer service and technical support?

The technical support team is responsive and helpful. They communicate and they are engaged. We work with them on a daily basis and they're on it.

Which solutions did we use previously?

We did not work with a previous solution. We decided to bring it into our organization based on its value. It allows you to do a lot with a small price tag.

How was the initial setup?

As partners, we think the setup is pretty straightforward but I imagine it depends on whom you ask. There are a lot of people who don't think so, but we think it's pretty straightforward. It has an easy-to-go-along Start menu, and the overall GUI is easy to navigate. It's pretty step-by-step, as long as you can follow those directions.

It can be as simple or complex as you want it to be. But for the most part, it's just a very easy tool to be able to engage with, to click on. They make it intuitive.

Sometimes deployment takes a couple of hours, sometimes it takes a couple of days, depending on the size of deployment.

We definitely have an implementation strategy but there are a lot of details to that. Just stay organized, pay attention to the details, cross your T's and dot your I's.

What was our ROI?

There is an ROI although I don't have the exact figures on it. The ROI is in the area of technology products that we have to go purchase: Instead of having to go buy a million dollars worth of cybersecurity products, we have saved a lot of money on that. It has also saved us loads of time as a result of not having to integrate it with a ton of other things.

What's my experience with pricing, setup cost, and licensing?

The pricing is the best on the market.

Which other solutions did I evaluate?

We evaluated every single SIEM on the market. The major difference that made AlienVault stand out is the unification, meaning the integration of technologies out-of-the-box, as opposed to having to do it on your own.

What other advice do I have?

Have an idea of a plan and know where things in your network are and know who can give you access to certain things you might need.

In terms of how extensively we're using it, I'd be surprised if there was anyone outside of our team that is using it more extensively then we are.

I would rate AlienVault at ten out of ten.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner.
1 Comment
Tami AndrewsVendor

Thank you for your feedback!

01 April 19
Guest
Sign Up with Email