AT&T AlienVault USM Benefits

Vinod Shankar
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
A jack-of-all trades: The best thing about AlienVault USM is it being a “Jack-of-All Trades” solution. It provides SIEM, HIDS/NIDS, FIM, NetFlow, Asset Management, Vulnerability Management, etc., under one USM platform. None of the commercial SIEM vendors like ArcSight, McAfee, etc., can boast of such a diverse feature set. * QRadar is the closest to AV USM in terms of feature diversity. While all the features are formerly isolated Open Source community projects, the USM does a good job of integrating them into a feature set. While they are not great as individual parts, they more than make up as a sum of the parts. * OTX – Open Threat Exchange is a wonderful community sharing platform that helps clients to share IP and URL reputation information so that all AV customers can benefit. This is true community sharing modeled on the likes of the Splunk Community (for app development). This has the potential to grow into a large source of Real World Intelligence and what AlienVault intends to do with this data remains to be seen. For now, it is being used by USM Correlation engine to provide better context and content for Security monitoring. AlienVault Labs, is also utilizing this infrastructure to constantly update Detection rules for malware vectors, vulnerability exploits etc. QRadar and ArcSight provide Intelligence, but it is commercial intelligence and not community intelligence. With community intelligence, you get more hits than misses. * Multi-Tenancy – While this feature may not elucidate an interest from many readers, those who have worked in an MSSP environment can understand why this is a very important feature to have. AV USM does support Multi-Tenancy out of the box. This, when combined with the Architecture flexibility provide great MSSP models to sell and operate. The key is to understand how the multi-tenancy works. Basically, a single database is used to store data of several customers using a Data isolation Logic and Permission control. The data isolation logic is based on Entities created in USM (Assets, Users, Components Assigned (Sensors) etc., are grouped together as a Single Entity) and Permissions (applied in a granular fashion to data sets related to the Entities). QRadar, ArcSight and other major SIEM products provide this as well. * Integration – While AV USM is known for being customization friendly, the amount of out-of-the-box plugins for Log Monitoring and Correlation is limited to the well-known products. It does not have comprehensive integration capabilities with say legacy applications, Directory services, databases, etc., that other SIEM vendors boast of. Similarly, it relies mostly on its own “pre-packaged” tools for data enrichment and hence has poor “Third Party” Integration capabilities. However, if you really are a developer of open source products, the integration challenge can be overcome. But how many are willing in the real world enterprise? * Correlation and Workflow – What good is a SIEM product if it cannot perform advanced Correlation and Operational workflow? AV USM has a strong foundation in Correlation using XML driven Directives and Alarms thresholds. However, when it comes Head-to-Head with the Industry leaders like ArcSight, QRadar, Splunk, etc. it falls terribly short. We particularly like the Cyber Kill Chain flow which a lot of customers are using for complete visibility, but this is not the end game in real world enterprise operations where not all the data points required for the directive are available. Same thing goes for the workflow, where the integration with external ticketing or issue tracking system is very limited, and hence acts as a deterrent in large scale deployments. View full review »
Consulta85d2
Consultant at a tech services company with 11-50 employees
There are probably a billion examples I could give. As a service provider, it helps us because we have all of our clients connected in through our management platform, and we're able to leverage the tools that AlienVault provides to monitor and collect data from all of those systems and identify security incidents for all of our clients. It provides network and host-level visibility and it's easy to tune and manage. View full review »
Vpf4dc
VP at Castra Consulting
It's really easy to aggregate and correlate and view several different security logs and several different data pieces in a single place. That's what allows us to see the security logs that we need to see to determine if there is something malicious on our network or not. Also, aggregating the logs and putting them in a central place helps us to comply with certain regulations, the details of which I can't go into. We have been able to use AlienVault to find critical vulnerabilities in our network and it has helped reduce the time it takes to respond to a threat. View full review »
SystemsA3512
Systems Administrator at a healthcare company
This product has streamlined productivity by having all the information in one place. It has really helped eliminate a lot of manual work because its automation is pretty robust and important. It puts everything in one place for me. It is also helping us get HITRUST certified, which is a certification we need for New York State. So this tool is a requirement, and it's going to help us stand out with New York State. View full review »
reviewer673236
Systems Engineer at a university with 201-500 employees
It has given us insight into our network: * What is on it * What traffic is on it * What is happening on our servers It is one location to view many things. View full review »
Karl Hart, Acse, Ceh, Chfi, Cissp
Information Security Manager at a tech services company with 201-500 employees
We used to have to monitor and review logs for each device. Now, everything comes into AlienVault and it alerts us when we need to respond. We now have real-time monitoring 24x7x365 using an in-house team. View full review »
Matthew White
Production DBA at a financial services firm with 51-200 employees
AlienVault USM Anywhere provides us with SIEM, at a low price-point and with a great array of functionality. SIEM is critical to our security operations and feeds incident response efforts and USM Anywhere enables us to filter the noise and concentrate the efforts of our small team on the real issues and threats. View full review »
Lorenzo Ciolfi
VP IT Operations at a financial services firm with 51-200 employees
Previous to this, we really didn't have any protection, any intrusion system in place. It's made me more comfortable, since I'm in charge of IT for this company. I sleep better at night. Using the solution, we have been able to look for critical vulnerabilities in our network. Thankfully, we haven't found any. It takes just a couple of hours. View full review »
Layla Bartram
SOC Analyst II at a comms service provider with 11-50 employees
AlienVault has provided a nice, unified system for monitoring and reporting. Since we use this for customer security services, the vulnerability scans have come in handy for overall system health checks, for making sure customers aren't vulnerable to known attacks. View full review »
Patrick Noc
admin at a non-tech company with self employed
From my perspective, it saves me about two to seven hours weekly. Now, I can easily check (in one place) all the logs and data in relation to attacks. It also gives me an overview if a server is not configured properly. View full review »
Jason G.
Market Development Manager, Cyber Security Consultant at a tech services company with 11-50 employees
As stated before, the solution allows us to continuously detect cybersecurity incidents that may occur throughout our environment. View full review »
reviewer980886
I.T. Manager at a non-profit with 51-200 employees
Before AlienVault, we had no central log collection tool of any kind, let alone security monitoring. AlienVault provides us with a very easy to use, central spot to view log files, and take appropriate action. It allows our small team the ability to take cybersecurity seriously. View full review »
Phillip Short
Network Operations Manager / Systems Engineer at a tech services company
The all-in-one source for the needs of compliance has put everything into one location without the need of other applications and tools to accomplish the tasks. It brought our logs into one place for review and set up alarms based on changes we were missing due to lack of having one place for everything to go. Vulnerability scanning helped out shortcomings of what was not patched in the past and what needed to be patched. This assisted with fine tuning the environment for compliance. The reports also helped upper management with the ease the product was doing in its job and holes that were being filled. View full review »
Corey Bussard
Manager, Security Operation Center at a tech services company with 51-200 employees
It answered a bunch of questions for us, such as what will we use for vulnerability assessments on a continual basis, how do we tie those reports into alerts/incidents, log aggregation, correlation, etc. View full review »
RubenHernandez
IT Security Analyst at a tech services company with 10,001+ employees
Report modules now allows us to get a visualization of the activity of the main assets to continue the business and lets us take decisions to the stakeholders. View full review »
Christian Caldarone
ISO (Information Security Officer) with 10,001+ employees
Undoubtedly having all security core technology under one roof, as provided by the all-in-one USM solution from AlienVault, is a big advantage for day-to-day business security operations. From real experience, it has enabled total transparency in terms of security information and events, from day one. View full review »
Chris Stokes-Pham
Sr. Networking & EMS Analyst
It provides a good platform to start looking at the traffic on your network. View full review »
David Ignash - CEH,CNDA
Security Administrator at a financial services firm with 501-1,000 employees
It has allowed us to gain a better understanding of how data flows within our network, and has helped us think about what type of things we want to be alerted on, or not alerted on. View full review »
seniorbu978126
Senior Buyer & Operations Specialist at Nth Generation Computing
AlienVault is very user-friendly. We've had a great experience with asset discovery, compliance reporting, endpoint detection and response. Our team uses the network infrastructure monitoring as well. View full review »
reviewer847167
Network and Securirty Engineer at a tech vendor with 501-1,000 employees
It has allowed us to see what is happening on our servers. You can do a similar setup with AWS, but monitoring it can give you a headache if you ave over 10 servers. View full review »
reviewer339099
IS Manager at a financial services firm with 501-1,000 employees
It has allowed us to centralize our logging. We had used previous products and found AlienVault centralized the logging for our security. Additionally, we are better able to meet our compliance needs. View full review »
CoFoundef572
Co-Founder at a photography company with 11-50 employees
We didn't have any system before, so everything has been an improvement. View full review »
Jon McFarland
IT Systems Administrator at a financial services firm with 201-500 employees
It has streamlined log aggregation and analysis to meet organizational and regulatory needs. View full review »
Tyler M
Professional Services Engineer at a tech services company with 11-50 employees
I came into the company with USM Appliance already in place. However, from my previous experience with logging and security appliances, there have been many tasks that used to be a manual process like asset discovery, that are now automated and easy to implement through the UI. View full review »
Adrian Throssell
System Administrator at a tech services company with 10,001+ employees
We have been able to ensure the health of our servers. We can also use vulnerability scans to ensure our system is as good as it could be. Any unusual behaviour, we can monitor. We have alerts set up to be sent when we receive signs of any unusual behaviour. The ranking can be modified to allow us to apply a standard rule and also be customized, which suits our business needs. View full review »
Kalana Chandrasiri
Network and Security Engineer at a tech services company with 11-50 employees
We are the Partners in Sri Lanka. We are doing deployments in Sri Lanka, Maldives, and Bangladesh. This is a USM, so being able to get all the features under one roof makes it a good product with good new features. View full review »
Sukanya Chandrashekar
Technical Writer at a tech services company with 11-50 employees
The USM has been instrumental in the discovery and tracking down of emerging threats which has helped us instantly evaluate and resolve security incidents for our clients. View full review »
reviewer690780
Network Administrator at a legal firm with 51-200 employees
We were able to use the product to identify two security issues already. We had one situation where the appliance identified that a workstation on our network was infected with a DNS Blackhole virus. We were able to remove the computer from the network and replace it. We've also been able to use the scanning to identify security issues and take care of them before they become a problem. View full review »
Paruvathakumar P
Delivery Manager at a tech services company with 11-50 employees
It helps to monitor the entire office in in a single point. View full review »
reviewer833982
Cybersecurity Analyst at a tech company with 51-200 employees
We have benefited greatly due to gaining the visibility we need for different instances. It has improved our security posture and has helps us respond to alarms/events as they have come down through the pipeline to our ticketing system we use. All in all, it has improved our SOC. View full review »
Dan Dumas
Information Technology Security Administrator at a healthcare company with 1,001-5,000 employees
* Identifying the sending of clear text account information * Identifying and fixing vulnerabilities that we were not aware of View full review »
Rajnikant Bhandare
Security Analyst SOC at a tech services company
* The system slows down considerably when a large number of events are fed in. * Also, AlienVault support has to make some improvements. View full review »
reviewer672663
Information Security Analyst at a insurance company
AlienVault has streamlined our security functions by combining several different functions into one package. View full review »
reviewer695217
IT User
Increased visibility, threat detection. View full review »
Scrubbylady
IT Assistant at a financial services firm with 51-200 employees
I can monitor less things and just read reports or alarms. View full review »
headofit746328
Head of IT at a consultancy with 201-500 employees
We have much greater visibility in what is happening on our network. View full review »
reviewer829383
Engineer - Network Security at a tech company with 11-50 employees
It has helped me to give some InfoSec guidance to my customer after deployed the AlienVault in their premises. Now they were able to get to know what kind of traffic passing through the firewalls and what kind of traffic hits the traffic. View full review »
Kevin Marsh
IT Security Engineer II at a retailer with 5,001-10,000 employees
The single pane of glass that shows threats that are in the environment. View full review »
Stephen Raju
Security Expert at a tech services company
It helps to identify external and internal security threats to the organization, on time. View full review »
reviewer103734
IT Officer with 51-200 employees
Recently, we used the NetFlow capability to find a bottleneck in the network and the offending computer. View full review »
Paul Reissner
Security Engineer at a tech services company with 201-500 employees
The low cost of entry SIEM functionality has increased due to network views and network traffic. View full review »
Javier Ramirez
Network Security Specialist at SEFISA
It has helped not only in the security, but also on the network when we have problems with slowness, we can go to the NetFlow section and see who is generating a lot of traffic. Using the communication within the security device, it is easier to create plugins. Therefore, if you want to create plugins, there is an option called plugin creator to assist with this. View full review »
Dan Gavin
Network Architect at a tech services company with 11-50 employees
Alienvault USM Anywhere is a great evolution of a proven product. While the feedback and customization requirements remain largely the same, the user interface has been significantly improved. This significantly improves the interaction our clients have with their data, and we have received significant positive feedback. View full review »
Tharaka Ranasinghe
Network and Security Engineer at a tech services company with 51-200 employees
AlienVault has an advanced component within one package. With this, we can cover more area with one solution. As a example, it has vulnerability assessment component built-in. From this, we can do the vulnerability assessment easily and we do not have to buy another solution for the vulnerability assessment. It is easy to use and we can take better advantage from an all-in-one solution like USM. View full review »
Denys Lahutin
User
This solution can identify many threats inside the organization, like compromised endpoints, configuration issues, as well as "outside" threats (botnets, network scanners, web-attacks, etc). During the first two weeks post-deployment, our client's cybersecurity certainly improves by using AT&T AlienVault USM. View full review »
Shayanthan Karunaharan
Engineer - Information Security at a tech services company with 11-50 employees
Since we are re-seller, AlienVault helped us because of their cheaper price compared to other SIEM solutions and the addition of FIM in the solution. Implementation took few days and it's easy to complete the task within the given project time line. View full review »
reviewer752880
Security Analyst at a tech services company with 1-10 employees
Its powerful correlation engine helps reduce time in manually correlating events. View full review »
Kirk Crespin
IT/IS Officer - Marketing Director at a tech services company
AlienVault gave our organization a centralized tool to manage our security with its intrusion detection, asset management, vulnerability assessments, along with all of its other features, it has become an invaluable asset for our small organization. View full review »
ScottHolland
CEO at a tech services company with 1-10 employees
The AlienVault solution has enabled us to create an SOC on a budget with smaller than usual staff requirements, offering a wider range of solutions for our customers. View full review »
Tim Mehrley, CISSP, MBA
Security Analyst at a tech services company
Quickly got insight into my environment. View full review »
Adam Rauh
Infrastructure Engineer at a tech services company with 1,001-5,000 employees
Holistic view of SIEM environment. View full review »
kr1spy84
Security Systems Administrator at a security firm with 501-1,000 employees
AlienVault provides a checklist answer when using SIEM. We currently develop additional rules and scripts to make it more usable, but the overall solution is lackluster. View full review »
reviewer829533
IT Manager at a manufacturing company with 51-200 employees
AlienVault has provided me with a management console which gives me alerts and other information about the traffic on my network. AlienVault is my "security person" looking at irregularities and letting me know when something has occurred. I also see vulnerabilities in my systems and can assign tickets to other staff members. View full review »
Guilherme Peralta
Consultant at a comms service provider with 10,001+ employees
AlienVault has helped us in improving our visualization and incident response during cybersecurity situations. I have also used it in a project to comply with PCI DSS requirements. View full review »
Erlon Sousa Pinheiro
DevOps Engineer at a tech services company with 11-50 employees
Beyond provided us with an IDS as was our initial need, but AlienVault gave us more useful resources, as SIEM, and as a vulnerability scanner (the last, one of my favourite resources). View full review »
BrianMiller
Head of MSS Platform and Product Management at a tech services company with 51-200 employees
It allows for a lot of out-of-the-box features: vuln scanning, HIDS/HIPS, and IDS. The Suricata rule set is pretty lame View full review »

Sign Up with Email