AT&T AlienVault USM Valuable Features

Vinod Shankar
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Flexible Deployment Architecture – This is where the Open Source roots really start to flex their muscles when it comes to AV USM. The main components of the architecture are as follows: * AV Sensor: AV Sensors perform Asset Discovery, Vulnerability Assessment, Threat Detection, and Behavioral Monitoring in addition to receiving raw data from event logs and helping in monitoring network traffic (including Flow). The sensors also perform normalization of the received raw events and communicates them to the AV Server for correlation and reporting. * AV Server: AV Server is the Central Management Console that provides USM capabilities under a single GUI. The server receives normalized data from the sensors, correlates, and prioritizes the events and generates security alerts or alarms. The server also provide a variety of reporting and dashboarding capabilities as well. * AV Logger: AV Logger provides the capability to archive log files for purposes of forensic analysis and to meet compliance requirements for long term retention and management. All the architecture components including the Sensor, the Logger, the Correlation Engine, etc., can be deployed tier-based, isolated, or in a consolidated all-in-one style. This wide variety of deployment options help customers to have flexible and open architectures. This also helps control cost depending on the budget at hand. Very rarely can products boast of such flexibility. View full review »
Javad Kamyabi
Network & Software Security at Shiraz University
The most important feature of AlienVault is the alert system because it helps to validate penetration tests. It also helps inform users when outside attacks occur within the network. You can see what is happening at any time. View full review »
Consulta85d2
Consultant at a tech services company with 11-50 employees
On any given day I could give you a different answer regarding the most valuable features of the product. The feature that is most important is the fact that it has a lot of features, that it's not just a log collection and correlation system, that it has a lot of other components built in. The bundle of features is really the killer feature. In particular though: * ease of use and deployment * excellent cloud integration * dynamic asset management * vulnerability scanning * network intrusion detection * host-based agent monitoring and collection. All of these features combined create a compelling "one-stop" package for a business that needs security monitoring and analytics. View full review »
Vpf4dc
VP at Castra Consulting
The IDS and the threat intelligence are very useful. They are very intuitive and data-rich. View full review »
SystemsA3512
Systems Administrator at a healthcare company
It's hard to pick just one valuable feature for this product. I like everything the product has to offer. The dashboards are very descriptive and contain just the right amount of information. The activity alarms and events contain a plethora of data that is very descriptive and useful. Vulnerability scans, IDS scans, asset scans. It's pretty much the whole USM Anywhere tool. Everything in here is pretty important. It gives you all the vulnerabilities of your assets. It goes through and it actually shows you the software on there, if it's missing patches, the operating system. Overall, I find that this product is amazing. View full review »
Karl Hart, Acse, Ceh, Chfi, Cissp
Information Security Manager at a tech services company with 201-500 employees
The ease of use and customization. The USM is a work horse, no matter what devices or the number of logs we throw at it, the system processes them in real time, correlates the events, and alerts on only events that need human review. View full review »
Matthew White
Production DBA at a financial services firm with 51-200 employees
AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the Cloud) is quick and easy. With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon Cloudwatch Logs. Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response. USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice. View full review »
Lorenzo Ciolfi
VP IT Operations at a financial services firm with 51-200 employees
The most valuable feature is what it can block, what it can prevent from coming in. View full review »
Layla Bartram
SOC Analyst II at a comms service provider with 11-50 employees
The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure. View full review »
Patrick Noc
admin at a non-tech company with self employed
* Centralized logs: All the details are in one place. This is helpful if you have over 100 servers. * Centralized IDS: We need this as we are able to see what is happening in (almost) real time. View full review »
Jason G.
Market Development Manager, Cyber Security Consultant at a tech services company with 11-50 employees
AlienVault USM Anywhere has a modern, user-friendly, and intuitive GUI, making it easy to use. It is a cloud-based solution that is easy to deploy and easy to scale as well. On top of having built-in support with several technologies, AlienVault USM Anywhere has an API that allows you to develop additional plugins if necessary. View full review »
reviewer980886
I.T. Manager at a non-profit with 51-200 employees
The fact that AlienVault is several tools in one is most valuable to our small team. We can collect logs, and also actively scan our network for vulnerabilities all from one tool. View full review »
Phillip Short
Network Operations Manager / Systems Engineer at a tech services company
The asset management of nodes has been a large help in terms of being able to track applications with more detail and have changes made being monitored into one source. The vulnerability scanning has also been an aide of reviewing the systems and having feedback of what is missing patches and holes in our environment that need review and remediation. The all-in-one aspect has been helpful to see items and correlate within one source rather then multiple. View full review »
Corey Bussard
Manager, Security Operation Center at a tech services company with 51-200 employees
* Vulnerability assessments and log aggregation/correlation These were the two answers we needed for our solution. It gave those solutions very easily. It is easy to implement, and effective. View full review »
RubenHernandez
IT Security Analyst at a tech services company with 10,001+ employees
OTX is a great module that lets staff maintain and monitor updates regarding events in the infrastructure and takes decision to improve the security perimeter. View full review »
Christian Caldarone
ISO (Information Security Officer) with 10,001+ employees
It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts - NIDS, HIDS, etc., provides a very efficient way of dealing with things. Their OTX intel is also great, as one needs to know who is running around threatening the IT infrastructure with a "crowbar." View full review »
David Ignash - CEH,CNDA
Security Administrator at a financial services firm with 501-1,000 employees
AlienVault provides you with a unified view for all aspects of what is going on in your environment. It allows you to define what alerts you want to see, or not to see, as well as if you want them grouped, or ungrouped. View full review »
seniorbu978126
Senior Buyer & Operations Specialist at Nth Generation Computing
* In my experience, I've found the vulnerability assessment very valuable because it identifies vulnerabilities and AWS configuration issues, so we are less likely to have potential risks. * The compliance reporting is also valuable for reporting purposes. View full review »
reviewer847167
Network and Securirty Engineer at a tech vendor with 501-1,000 employees
The main menu: You can see everything there, what is happening on the servers, and in the logs, you can view more details of each event. Everything you need is in 'one place'. View full review »
reviewer339099
IS Manager at a financial services firm with 501-1,000 employees
We use several features extensively. Logging, vulnerability scanning, file integrity monitoring, and threat information. View full review »
CoFoundef572
Co-Founder at a photography company with 11-50 employees
Log-monitoring and alerting, so we can find out when things happen that we need to know about. View full review »
Jon McFarland
IT Systems Administrator at a financial services firm with 201-500 employees
The most useful feature is the customization for alarms, alerts, and reports. AlienVault is situated to be adapted and changed to meet many different needs and use cases, but still being effective at most of them. View full review »
Tyler M
Professional Services Engineer at a tech services company with 11-50 employees
The tool is a great way to meet logging requirements for PCI and HIPAA standards. It is very flexible and customizable. View full review »
Adrian Throssell
System Administrator at a tech services company with 10,001+ employees
I have used the asset discovery and the vulnerability scans the most. As a system administrator, it is important that we are prepared for any eventualities. I also like how you can use the hardware “out-of-the-box”, or using logs you can actually customise the performance to fit your environment and needs. View full review »
Kalana Chandrasiri
Network and Security Engineer at a tech services company with 11-50 employees
Unified Security Manager (USM). In every SIEM, having only SIEM features (log management, alerting, notifications, etc.) is typical. Here we can get file integrity monitoring and a vulnerability assessment tool together with SIEM. I have never seen a tool like this. View full review »
Sukanya Chandrashekar
Technical Writer at a tech services company with 11-50 employees
I have worked with a Managed Security Team that uses AlienVault USM for the past two years. The user interface is as good as it gets. The setup is greatly simplified with intensive documentation and a great tech support. View full review »
reviewer690780
Network Administrator at a legal firm with 51-200 employees
The vulnerability scans and network scans and alarms. View full review »
reviewer833982
Cybersecurity Analyst at a tech company with 51-200 employees
AlienApps that we use to integrate with our current setup is awesome! Not only that, they have roadmapped being able to open up their API so we can integrate and flex the USM Anywhere as much as we want and when we want to. The staff has been incredibly helpful on getting us further down the line with our constructive feedback and have worked on implementing changes to their system to help improve their product. View full review »
Rajnikant Bhandare
Security Analyst SOC at a tech services company
A vulnerability assessment feature is very helpful for me. Because of this feature, I can schedule a vulnerability assessment for my critical server. View full review »
reviewer695217
IT User
SIEM capabilities, vulnerability scanning, asset discovery/management features. View full review »
Scrubbylady
IT Assistant at a financial services firm with 51-200 employees
The customizable reports View full review »
headofit746328
Head of IT at a consultancy with 201-500 employees
* Network monitoring * SIEM View full review »
reviewer829383
Engineer - Network Security at a tech company with 11-50 employees
SIEM and the FIM are the first preferences when I started the deployment. Because the customer wanted to monitor network security incidents of the Servers and any file modification done to their critical files residing in the production servers. Vulnerability scanning and OTX helped us to manage all in one single point. The alerting and security intelligence is the heart of the product. Monitoring customer's critical network is now almost a one man job. View full review »
reviewer103734
IT Officer with 51-200 employees
The most valuable aspect of AlienVault is the visibility into the network. You have the capability to gather logs from multiple sources and easily see what is going on in the network. View full review »
Paul Reissner
Security Engineer at a tech services company with 201-500 employees
* General SIEM tool functionality. * Ease of deployment across various environments. View full review »
Javier Ramirez
Network Security Specialist at SEFISA
AlienVault has the necessary all-in-one product with the function of vulnerability scanner integrated with detections, so when you detect an incident in a vulnerable port you can act faster and prevent more incidents. View full review »
Dan Gavin
Network Architect at a tech services company with 11-50 employees
The cloud console is by far the best improvement of the product. In the past, our less technical clients had trouble sorting through the dashboards within the USM console, and we had received complaints on viewing the real-time data versus our prepared reports. The new cloud-based panel is excellent both for client review as well as for our SOC to review and respond to threats. It is much easier to configure and use than the previous solution from AlienVault. View full review »
Tharaka Ranasinghe
Network and Security Engineer at a tech services company with 51-200 employees
AlienVault USM has a vulnerability assessment feature and only one SIEM feature compared to other SIEM solutions. View full review »
Denys Lahutin
User
The features that we have found most valuable are the out-of-box vulnerability scanner, Network IDS, Host IDS, Netflow Monitoring, and more than four thousand pre-installed correlation rules. View full review »
Shayanthan Karunaharan
Engineer - Information Security at a tech services company with 11-50 employees
Raw logs: Clients require to store their raw logs in a data-store rather than keep it in the actual device. Alarm section: It's very easy to see the Alarms for any incidents rather than going through all the logs. Security events: Categorization of Security events helps our SOC analyst for further analysis. View full review »
reviewer752880
Security Analyst at a tech services company with 1-10 employees
* Alarms * Correlation View full review »
Kirk Crespin
IT/IS Officer - Marketing Director at a tech services company
We have found the AIO USM the most valuable because of its centralized grouping of all of the tools necessary to manage our security in an "All In One" solution. Of its parts, the scheduled vulnerability assessment tool has been helpful as a preventative measure to help keep ahead of security threats! View full review »
ScottHolland
CEO at a tech services company with 1-10 employees
The below features are what make the solution so powerful, particularly saving time and money (most importantly): * Real-time email alerts * Event correlations * Log management * System monitoring * Network monitoring * Uptime monitoring * OTX threat intelligence * Vulnerability scanning/reporting * Compliance reporting View full review »
Tim Mehrley, CISSP, MBA
Security Analyst at a tech services company
Deployment was very easy. I got my servers and devices reporting very quickly. View full review »
Adam Rauh
Infrastructure Engineer at a tech services company with 1,001-5,000 employees
The UI is clean and easy to use. Lots of documentation, training, and community involvement available as well. View full review »
kr1spy84
Security Systems Administrator at a security firm with 501-1,000 employees
IDS is a nice capability to have. In the past, I have implemented standalone Suricata sensors and having this bundled in is very helpful. OTX is good when implemented correctly. View full review »
reviewer829533
IT Manager at a manufacturing company with 51-200 employees
SIEM log collection is great, and all of the rules that support updates with maintenance. View full review »
Guilherme Peralta
Consultant at a comms service provider with 10,001+ employees
I have found the host-based intrusion detection system (HIDS) extremely useful, as it * Allows me to identify possible threats and vulnerabilities. * Allows anyone with little knowledge of a cybersecurity devise to work with a high level threat discovery solution. View full review »
Erlon Sousa Pinheiro
DevOps Engineer at a tech services company with 11-50 employees
My favourite one is the vulnerability scanner because while using it, our environment is always updated about security threats. View full review »
BrianMiller
Head of MSS Platform and Product Management at a tech services company with 51-200 employees
Asset discovery seems to be good. Nice that everything is bundled. View full review »

Sign Up with Email