The primary use cases for this solution are log management, security events correlation, and any other enterprise use cases for SIEM (new plugins development, correlation rules development, risk assessment, and asset management).
AT&T AlienVault USM Review
Easy to deploy and flexible enough to create your own plugins
What is our primary use case?
How has it helped my organization?
This solution can identify many threats inside the organization, like compromised endpoints, configuration issues, as well as "outside" threats (botnets, network scanners, web-attacks, etc). During the first two weeks post-deployment, our client's cybersecurity certainly improves by using AT&T AlienVault USM.
What is most valuable?
The features that we have found most valuable are the out-of-box vulnerability scanner, Network IDS, Host IDS, Netflow Monitoring, and more than four thousand pre-installed correlation rules.
What needs improvement?
Having automatic agent deployment would be a great feature. It would be nice to see some machine learning and monitoring of the configuration in network devices.
For how long have I used the solution?
One to three years.
How was the initial setup?
This solution is very easy to deploy and integrates comfortably with data sources. AT&T AlienVault USM has a user-friendly engine for custom plugins development, so you can develop your own plugin for your own application without any problems.
Which version of this solution are you currently using?
5.7
**Disclosure: My company has a business relationship with this vendor other than being a customer: Aurhorized distributor
Last updated: Apr 29 2019
More AT&T AlienVault USM reviews from users
Find out what your peers are saying about AT&T, Splunk, LogRhythm and others in Security Information and Event Management (SIEM). Updated: February 2021.
464,594 professionals have used our research since 2012.
Add a Comment
1 Comment
Author
Denis L
Sales Solutions Engineer at a tech services company with 501-1,000 employees
Reseller
Top 5LeaderboardHighlights
Pros
This solution can identify many threats inside the organization (compromised endpoints, configuration issues), as well as "outside" threats (botnets, network scanners, web-attacks, etc).
Cons
It would be nice to see some machine learning and monitoring of the configuration in network devices.
Popular Comparisons
AlienVault OSSIM
ELK Logstash
IBM QRadar
LogRhythm NextGen SIEM
Fortinet FortiSIEM
Fortinet FortiAnalyzer
Rapid7 InsightIDR
ArcSight Enterprise Security Manager (ESM)
SolarWinds Security Event Manager
IBM X-Force
LogPoint
McAfee ESM
Buyer's Guide
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about AT&T, Splunk, LogRhythm, and more!
Quick Links
Learn More: Questions:
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
- What is the difference between SIEM and SOAR platforms?
- What is the difference between log management and SIEM?
- Are you using a SIEM platform with AWS Cloudwatch?
- What is the best SIEM tool for a large financial services firm?
- What is your SIEM buying cycle like?
- PoC template for SIEM