AT&T AlienVault USM Valuable Features

Consultant at a tech services company with 11-50 employees
On any given day I could give you a different answer regarding the most valuable features of the product. The feature that is most important is the fact that it has a lot of features, that it's not just a log collection and correlation system, that it has a lot of other components built in. The bundle of features is really the killer feature. In particular though: * ease of use and deployment * excellent cloud integration * dynamic asset management * vulnerability scanning * network intrusion detection * host-based agent monitoring and collection. All of these features combined create a compelling "one-stop" package for a business that needs security monitoring and analytics. View full review »
VP at Castra Consulting
The IDS and the threat intelligence are very useful. They are very intuitive and data-rich. View full review »
Systems Administrator at a healthcare company
It's hard to pick just one valuable feature for this product. I like everything the product has to offer. The dashboards are very descriptive and contain just the right amount of information. The activity alarms and events contain a plethora of data that is very descriptive and useful. Vulnerability scans, IDS scans, asset scans. It's pretty much the whole USM Anywhere tool. Everything in here is pretty important. It gives you all the vulnerabilities of your assets. It goes through and it actually shows you the software on there, if it's missing patches, the operating system. Overall, I find that this product is amazing. View full review »
Find out what your peers are saying about AT&T, Splunk, LogRhythm and others in Security Information and Event Management (SIEM). Updated: March 2020.
407,401 professionals have used our research since 2012.
Matthew White
AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the Cloud) is quick and easy. With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon Cloudwatch Logs. Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response. USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice. View full review »
Lorenzo Ciolfi
VP IT Operations at a financial services firm with 51-200 employees
The most valuable feature is what it can block, what it can prevent from coming in. View full review »
Layla Bartram
SOC Analyst II at Shatter I.T.
The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure. View full review »
Patrick Noc
admin at KIL A&T
* Centralized logs: All the details are in one place. This is helpful if you have over 100 servers. * Centralized IDS: We need this as we are able to see what is happening in (almost) real time. View full review »
Jason G.
Market Development Manager, Cyber Security Consultant at Abacode LLC
AlienVault USM Anywhere has a modern, user-friendly, and intuitive GUI, making it easy to use. It is a cloud-based solution that is easy to deploy and easy to scale as well. On top of having built-in support with several technologies, AlienVault USM Anywhere has an API that allows you to develop additional plugins if necessary. View full review »
I.T. Manager at a non-profit with 51-200 employees
The fact that AlienVault is several tools in one is most valuable to our small team. We can collect logs, and also actively scan our network for vulnerabilities all from one tool. View full review »
Corey Bussard
Manager, Security Operation Center at Ideal Integrations
* Vulnerability assessments and log aggregation/correlation These were the two answers we needed for our solution. It gave those solutions very easily. It is easy to implement, and effective. View full review »
Christian Caldarone
ISO (Information Security Officer) with 10,001+ employees
It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts - NIDS, HIDS, etc., provides a very efficient way of dealing with things. Their OTX intel is also great, as one needs to know who is running around threatening the IT infrastructure with a "crowbar." View full review »
Senior Buyer & Operations Specialist at Nth Generation Computing
* In my experience, I've found the vulnerability assessment very valuable because it identifies vulnerabilities and AWS configuration issues, so we are less likely to have potential risks. * The compliance reporting is also valuable for reporting purposes. View full review »
Network and Securirty Engineer at a tech vendor with 501-1,000 employees
The main menu: You can see everything there, what is happening on the servers, and in the logs, you can view more details of each event. Everything you need is in 'one place'. View full review »
Co-Founder at a photography company with 11-50 employees
Log-monitoring and alerting, so we can find out when things happen that we need to know about. View full review »
Rajnikant Bhandare
Security Analyst SOC at Sumasoft Pvt Ltd
A vulnerability assessment feature is very helpful for me. Because of this feature, I can schedule a vulnerability assessment for my critical server. View full review »
‎SOC Manager at a tech services company with 11-50 employees
The most valuable feature of this solution is security management for PCI DSS. View full review »
Dan Gavin
Network Architect at Envision IT LLC
The cloud console is by far the best improvement of the product. In the past, our less technical clients had trouble sorting through the dashboards within the USM console, and we had received complaints on viewing the real-time data versus our prepared reports. The new cloud-based panel is excellent both for client review as well as for our SOC to review and respond to threats. It is much easier to configure and use than the previous solution from AlienVault. View full review »
Security Analyst at a tech services company with 1-10 employees
* Alarms * Correlation View full review »
Denis L
Sales Engineer at BAKOTECH LLC
The features that we have found most valuable are the out-of-box vulnerability scanner, Network IDS, Host IDS, Netflow Monitoring, and more than four thousand pre-installed correlation rules. View full review »
Security Systems Administrator at Vertical Screen
IDS is a nice capability to have. In the past, I have implemented standalone Suricata sensors and having this bundled in is very helpful. OTX is good when implemented correctly. View full review »
Guilherme Peralta
Consultant at Embratel
I have found the host-based intrusion detection system (HIDS) extremely useful, as it * Allows me to identify possible threats and vulnerabilities. * Allows anyone with little knowledge of a cybersecurity devise to work with a high level threat discovery solution. View full review »
Erlon Sousa Pinheiro
DevOps Engineer at Two Hat Security
My favourite one is the vulnerability scanner because while using it, our environment is always updated about security threats. View full review »
Find out what your peers are saying about AT&T, Splunk, LogRhythm and others in Security Information and Event Management (SIEM). Updated: March 2020.
407,401 professionals have used our research since 2012.