AT&T AlienVault USM Room for Improvement

Consultant at a tech services company with 11-50 employees
Search performance can be slow. The Raw Logs feature is painfully slow. And if we're talking about the newer, the Anywhere product, you can't even schedule reports on it. There are probably a dozen other features I'd really like to see there, but that would be one of the biggies. Also, there is no visibility into the NIDS or HIDS agent configurations and no easy way to augment them. The same is true for vulnerability scanning, it's all or nothing; there are no fine-grain controls as there was in their older product. There is a lack of "real" visibility into the correlation rules, and the inability to create our own sophisticated rules (only very simple ones) is a big miss. View full review »
VP at Castra Consulting
One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs. AlienVault has three components to it, a sensor, a server, and a logger. Sensors grab data, servers correlate data, and loggers store data. The logger can only hold so much data. If they improved that, that would help. View full review »
Systems Administrator at a healthcare company
Honestly, the product itself is great. The only room for improvement I can mention is the initial installation procedures. I found that the online installation instructions for the product were missing important details, they lacked necessary steps. The product itself is fine. View full review »
Find out what your peers are saying about AT&T, Splunk, LogRhythm and others in Security Information and Event Management (SIEM). Updated: September 2019.
370,827 professionals have used our research since 2012.
Matthew White
Production DBA at a financial services firm with 51-200 employees
We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great. View full review »
Lorenzo Ciolfi
VP IT Operations at a financial services firm with 51-200 employees
The only that I can think of is that is not ideal is sending Windows Server logs to their device, to the system. That has to be done on each server. I don't know if they have changed that. View full review »
Layla Bartram
SOC Analyst II at a comms service provider with 11-50 employees
The UI and overall processes need a little bit more love. The development job postings have the requirement, for prospective candidates, of "values progress over perfection". This shows in the error banners that come up when you select certain things. There isn't a day that goes by that the UI doesn't error out and I can't view events for an alarm. It's nice that they have new features rolling, keeping up with demand, but fixing the events/alarm database errors would be nice too. The reporting tools are a bit lacking for building reports to give directly to customers, but support has been helpful in giving our requests for new features to the development team and following up with us. View full review »
Patrick Noc
admin at a non-tech company with self employed
* Plugins could be better utilized, as some of them do not recognize all logs. * We could add little more customization to dashboards. View full review »
Jason G.
Market Development Manager, Cyber Security Consultant at a tech services company with 11-50 employees
Although they use machine learning, the algorithms that they use are graph-based. Their AI/ML capabilities could be improved a bit. View full review »
I.T. Manager at a non-profit with 51-200 employees
Long-term I'm genuinely concerned about AT&T's ownership of AlienVault. I have never had a good relationship with AT&T in +15 years, and fear they will destroy this good product. View full review »
Phillip Short
Network Operations Manager / Systems Engineer at a tech services company
Source material on the forums to be more up-to-date with the changes happening within the product. Forums being out-of-date with information due to the changes makes troubleshooting a little more difficult - specific to the HIDS agents. Troubleshooting connectivity is limited to very view articles with very little information. Perhaps adding templates into the HIDS agents for collection based on systems or a clickable addition of files to collect with check boxes rather than configuring the HIDS agents through text. Also, more information on how specific sections relate to PCI and how to use/setup the SIEM to follow the guidelines of the areas. Some information is vague on how to accomplish specific items within PCI on help forums through AlienVault. View full review »
Corey Bussard
Manager, Security Operation Center at a tech services company with 51-200 employees
The support could absolutely be better. It seems to have gotten worse with the AT&T acquisition. We have been hearing some not so great things from our associates in the field as well. View full review »
Christian Caldarone
ISO (Information Security Officer) with 10,001+ employees
The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management. View full review »
David Ignash - CEH,CNDA
Security Administrator at a financial services firm with 501-1,000 employees
The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing. The views are also very static and do not give you a lot of options on how the data is presented. View full review »
Senior Buyer & Operations Specialist at Nth Generation Computing
The only recommended changes I can think of is to have the ability to filter logs. Also, being able to navigate the dashboard. That seems to have been quite a challenge. View full review »
Network and Securirty Engineer at a tech vendor with 501-1,000 employees
As this software is in the cloud, you do not have control on updates and general changes which are happening. It can be a somewhat annoying that DC sensors are updated and you will not have control when this happens. View full review »
Jon McFarland
IT Systems Administrator at a financial services firm with 201-500 employees
Reporting and Windows log collection is the biggest drawback. Reporting is convoluted and difficult at times, although they claim to have hundreds of pre-built reports, very few of them are actually useful for anything but what the USM is doing. Windows log collection works with HIDS, but documentation is sparse and confusing. You have to trace back to how Windows Event ID ultimately correlates with AlienVault events through HID's IDs. View full review »
Adrian Throssell
System Administrator at a tech services company with 10,001+ employees
For creating new rules, you have to be familiar with regular expressions. I feel there could be something built-in to make sure that process is easier. View full review »
Kalana Chandrasiri
Network and Security Engineer at a tech services company with 11-50 employees
The Log Management and configuration of email notifications should be user-friendly. Pay attention to false-positive event automatic correlations. View full review »
Cybersecurity Analyst at a tech company with 51-200 employees
A tailored OTX map for each customer's central would be awesome to have for displays. A lot of companies like to have visuals for their central instance in order to be able to see when an IOC comes through and it would help have something in front of analysts/engineers to respond to promptly if they were away from central working downstream. View full review »
Rajnikant Bhandare
Security Analyst SOC at a tech services company
While it is relatively easy to use, it takes a little time to get used to where everything is located in the web interface. I do wish that their support would help a bit more with the analysis of alarms. View full review »
Engineer - Network Security at a tech company with 11-50 employees
Still I was working on the implementation I have found difficulties in searches within security events. Configuring some areas looks complicated. I had issues while installing OSSEC agent in Solaris and CentOS Servers. A workaround for this issue will give some value for users. View full review »
Paul Reissner
Security Engineer at a tech services company with 201-500 employees
Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement. View full review »
‎SOC Manager at a tech services company with 11-50 employees
This solution could be easier to use. It is hard for some people to understand, and they need to get training and certification just to understand what it's showing them. View full review »
Javier Ramirez
Network Security Specialist at SEFISA
Maybe logs are the problem, as the database query is too slow. If you want to search something, you need time to find it. The other thing is the agent is OSSEC. They needed to create its own agent to help to find threats on the devices that it happens to be installed. View full review »
Dan Gavin
Network Architect at a tech services company with 11-50 employees
It can still be difficult to feed products that are not supported out-of-the-box. It would be good if they had a better plugin exchange/store with AlienVault QA to ensure data is being processed properly. View full review »
Tharaka Ranasinghe
Network and Security Engineer at a tech services company with 51-200 employees
AlienVault must improve their correlation feature. Some of the events do not match with the correlation rules and some of the correlation events are false-positive. View full review »
Sales Engineer at a tech vendor with 51-200 employees
Having automatic agent deployment would be a great feature. It would be nice to see some machine learning and monitoring of the configuration in network devices. View full review »
Shayanthan Karunaharan
Engineer - Information Security at a tech services company with 11-50 employees
User friendly interface could be an advantage. Sometimes we may face trouble when we were going through the settings of AlienVault SIEM. View full review »
Security Analyst at a tech services company with 1-10 employees
It should be able to communicate with other security solutions to stop threats. View full review »
Kirk Crespin
IT/IS Officer - Marketing Director at a tech services company with 51-200 employees
As with many of its users, I have submitted suggestions in the past and AlienVault has seemed to listen to suggestions from its users and have implemented them every time. I am happy with the product as it is today. View full review »
CEO at a tech services company with 1-10 employees
All products have room for improvement. AlienVault is always looking at ways to improve their solution. We would like more plugins. This being the main point of improvement which would benefit the users. View full review »
Security Systems Administrator at a security firm with 501-1,000 employees
Many of the tasks on features are useless in our situation. NetFlow is worthless. Many of the built-in correlation engine solutions are just okay. View full review »
IT Manager at a manufacturing company with 51-200 employees
More complimentary training needs to be done for use with this tool. If you get into a bind, then it will cost you. View full review »
Guilherme Peralta
Consultant at a comms service provider with 10,001+ employees
* They should improve the reporting capabilities. * Different functions to customize reports should be added. * Export features should not be limited to spreadsheets (.XLS) only. View full review »
Erlon Sousa Pinheiro
DevOps Engineer at a tech services company with 11-50 employees
Taking into account that server access credentials are controlled by the tool, some more management-focused actions could be performed from AlienVault. View full review »
Head of MSS Platform and Product Management at a tech services company with 51-200 employees
Scaling, and it has no APIs! It would be hard for any legitimate MSSP to use it. View full review »
Find out what your peers are saying about AT&T, Splunk, LogRhythm and others in Security Information and Event Management (SIEM). Updated: September 2019.
370,827 professionals have used our research since 2012.
Sign Up with Email