AT&T AlienVault USM Overview

AT&T AlienVault USM is the #11 ranked solution in our list of Log Management Software. It is most often compared to Splunk: AT&T AlienVault USM vs Splunk

What is AT&T AlienVault USM?

AlienVault USM Anywhere is a cloud-based security management solution that accelerates and centralizes threat detection, incident response, and compliance management for your cloud, hybrid cloud, and on-premises environments. USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physical IT infrastructure.

With USM Anywhere, you can rapidly deploy sensors into your cloud and on-premises environments while centrally managing data collection, security analysis, and threat detection from the AlienVault Secure Cloud.

Five Essential Security Capabilities in a Single SaaS Platform

AlienVault USM Anywhere provides five essential security capabilities in a single SaaS solution, giving you everything you need for threat detection, incident response, and compliance management—all in a single pane of glass. With USM Anywhere, you can focus on finding and responding to threats, not managing software. An elastic, cloud-based security solution, USM Anywhere can readily scale to meet your threat detection needs as your hybrid cloud environment changes and grows.

  1. Asset Discovery
  2. Vulnerability Assessment
  3. Intrusion Detection
  4. Behavioral Monitoring
  5. SIEM

Try USM Anywhere in your environment—free for the first 14 days. 
www.alienvault.com/products/usm-anywhere/free-trial

AT&T AlienVault USM is also known as AlienVault, AlienVault USM, Alienvault Cybersecurity.

Buyer's Guide

Download the Security Information and Event Management (SIEM) Buyer's Guide including reviews and more. Updated: May 2021

AT&T AlienVault USM Customers

Abel & Cole, Bank of Ireland, Bluegrass Cellular, CareerBuilder, Claire's, Hays Medical Center, Hope International, McCurrach, McKinsey & Company, Party Delights, Pepco Holdings, Richland School District, Ricoh, SaveMart, Shake Shack, Steelcase, TaxAct, Taylor Morrison, Vonage and Zoom

AT&T AlienVault USM Video

Filter Archived Reviews (More than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Sales Solutions Engineer at a tech services company with 501-1,000 employees
Reseller
Top 5Leaderboard
Easy to deploy and flexible enough to create your own plugins

What is our primary use case?

The primary use cases for this solution are log management, security events correlation, and any other enterprise use cases for SIEM (new plugins development, correlation rules development, risk assessment, and asset management).

Pros and Cons

  • "This solution can identify many threats inside the organization (compromised endpoints, configuration issues), as well as "outside" threats (botnets, network scanners, web-attacks, etc)."
  • "It would be nice to see some machine learning and monitoring of the configuration in network devices."
DevOps Engineer at Two Hat Security
Consultant
The vulnerability scanner keeps our environment always updated about security threats

What is our primary use case?

Our initial need which brought us to acquire this solution was to be in compliance with GDPR requirements. Our environment is cloud-based (specifically AWS).

How has it helped my organization?

Beyond provided us with an IDS as was our initial need, but AlienVault gave us more useful resources, as SIEM, and as a vulnerability scanner (the last, one of my favourite resources).

What is most valuable?

My favourite one is the vulnerability scanner because while using it, our environment is always updated about security threats.

What needs improvement?

Taking into account that server access credentials are controlled by the tool, some more management-focused actions could be performed from AlienVault.

For how long have I used the solution?

Less…
Find out what your peers are saying about AT&T, Splunk, LogRhythm and others in Security Information and Event Management (SIEM). Updated: May 2021.
479,894 professionals have used our research since 2012.
JM
I.T. Manager at a non-profit with 51-200 employees
Real User
We can collect logs, and also actively scan our network for vulnerabilities all from one tool

What is our primary use case?

We use AlienVault to collect all mission-critical logs and to pull data directly from G Suite. It provides our small IT operation with an easy-to-use tool to assess our security operations.

What other advice do I have?

Be careful with AT&T, make sure you are confident the tool will be what you expect throughout the life of your contract. Make sure AT&T isn't going to change anything on you suddenly.
Senior Buyer & Operations Specialist at Nth Generation Computing
Real User
I've found the vulnerability assessment very valuable because it identifies vulnerabilities and AWS configuration issues

What is our primary use case?

We have used AlienVault for our security monitoring for threat protection and compliance management. We've seen an improvement against malware and viruses. It has definitely eased our concerns so we can focus on other things.

What other advice do I have?

AlienVault is an amazing product that I would highly recommend.
Security Systems Administrator at Vertical Screen
User
We develop additional rules and scripts to make it more usable. It provides a checklist answer when using SIEM. I believe we are on the verge of outgrowing this platform.

What is our primary use case?

This is a jack of all trades (master of none) SIEM/IDS/vulnerability management/OSSEC/NetFlow solution. We use it primarily as a SIEM and IDS solution.

Pros and Cons

  • "AlienVault provides a checklist answer when using SIEM."
  • "We develop additional rules and scripts to make it more usable."
ISO (Information Security Officer) with 10,001+ employees
Real User
Enables managing everything from one place, including vulnerability assessments and asset management

What is our primary use case?

Our primary use case is Security Information and Event Management, as well as forensic analysis.

Pros and Cons

  • "It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts, NIDS, HIDS, etc. - provides a very efficient way of dealing with things."
  • "The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management."

What other advice do I have?

AlienVault is a great fit, especially for smaller organizations, as it will enable you to produce quick results with no need to worry about too many details.
PF
VP at Castra Consulting
Real User
Makes it easy to aggregate, correlate, and view different security logs in a single place

What is our primary use case?

We use it to gain security visibility and to meet compliance. We're not just a customer but we're a partner as well. We've deployed this into thousands of organizations and we continue to see that happening. It's a great tool.

Pros and Cons

  • "The IDS and the threat intelligence are very useful. They are very intuitive and data-rich."
  • "One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs... The logger can only hold so much data. If they improved that, that would help."

What other advice do I have?

Have an idea of a plan and know where things in your network are and know who can give you access to certain things you might need. In terms of how extensively we're using it, I'd be surprised if there was anyone outside of our team that is using it more extensively then we are. I would rate AlienVault at ten out of ten.
Manager, Security Operation Center at Ideal Integrations
Real User
Top 10
It is easy to implement, and effective

What is our primary use case?

* MDR provider * Logs aggregation * Vulnerability assessments * Some automation. We needed a way to see all of these items under one pane of glass without spending incredible amounts of money on log aggregation, vulnerability assessments, etc., then putting it all together with an IR platform.
Security Analyst SOC at Sumasoft Pvt Ltd
Real User
It is easy to deploy with their cloud-based model, and deploying the required agents is quick and easy

What is our primary use case?

AlienVault USM is a single pane of glass solution. It has not only SIEM capabilities but also other capabilities. AlienVault USM Anywhere is easy to deploy with their cloud-based model, and deploying the required agents on-prem (or in the cloud) is quick and easy. USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment's notice.

What other advice do I have?

They should have to improve support. So they can solve customers' problems in less time.
VP IT Operations at a financial services firm with 51-200 employees
Real User
Top 20
Enables us to search for critical vulnerabilities in our network

What is our primary use case?

We use it for the intrusion protection on our firewall. It's monitoring all our incoming traffic from the outside world through a firewall.

What other advice do I have?

Compare it to the other vendors in the field, some of the top vendors. Make sure it fits your needs. It's more for a mid-sized company or a small company, not a large enterprise. Regarding using it for discovering assets in our network which do not belong, our network isn't that big so we really don't use it for that. We also don't use the solution for compliance with regulations. When it comes to staff using the solution, at the moment it is me and a monitoring service. We're the only ones who log into the solution. As for deployment, one person could probably do it because they help you…
TS
Consultant at a tech services company with 11-50 employees
Reseller
Top 20
The bundle of features is the killer feature, but search performance and Raw Logs are slow

What is our primary use case?

Our use of the solution is all over the map. We use it for our own internal use. We use it in our security operations center. We're a reseller, we're an MSSP, and a Professional Services provider, so we do a lot of professional services on the platform. It's a standard SIEM solution and is used for log collection, log management, event correlation, alarming, and reporting.

Pros and Cons

  • "On any given day I could give you a different answer regarding the most valuable features of the product. The feature that is most important is the fact that it has a lot of features, that it's not just a log collection and correlation system, that it has a lot of other components built in. The bundle of features is really the killer feature."
  • "Search performance can be slow. The Raw Logs feature is painfully slow. And if we're talking about the newer, the Anywhere product, you can't even schedule reports on the thing. There are probably a dozen other features I'd really like to see there, but that would be one of the biggies."
  • "We've had some stability problems, not a lot, but a few. Updates seem to be the worst. That seems to be when the stability problems come up."

What other advice do I have?

Overall, the automation features of this solution are good. The issue here is that there are really two solutions. There's the AlienVault Appliance product and then there's the AlienVault Anywhere product. The Appliance product, which is the older product, has a lot more customization and automation capabilities because it's very extensible. The newer product, the Anywhere product, is still very limited. We're very dependent on AlienVault to build in any kind of connections or integration. If you are a mostly-cloud environment this is a good fit. If you have very few other security controls…
RS
Co-Founder at a photography company with 11-50 employees
Real User
Log-monitoring and alerting tell us when things happen that we need to know about

What is our primary use case?

It's part of our PCI compliance.

Pros and Cons

  • "Log-monitoring and alerting enable us to know when things happen that we need to know about."
  • "they seem to have bugs from time to time that go unfixed for a while and that is frustrating. I'm not saying the product needs to be bug-free, but they need to be responsive to bugs."

What other advice do I have?

In terms of the product itself, it depends on what features you're looking for. We just use it for PCI compliance and it works for us. You need to do your own evaluation. I would give the product an eight out of 10. The reason it's an eight is that it seems to have bugs from time to time that go unfixed for a while and that is frustrating. I'm not saying the product needs to be bug-free, but they need to be responsive to bugs.
BS
Systems Administrator at a healthcare company
Real User
Activity alarms and events contain a plethora of useful and very descriptive data

What is our primary use case?

Our primary use of AlienVault is as a SIEM tool.

Pros and Cons

  • "The dashboards are very descriptive and contain just the right amount of information. The activity alarms and events contain a plethora of data that is very descriptive and useful."
  • "The only room for improvement I can mention is the initial installation procedures. I found that the online installation instructions for the product were missing important details, they lacked necessary steps."

What other advice do I have?

It is a great product. Just get it.
Market Development Manager, Cyber Security Consultant at Abacode LLC
User
Cloud-based solution that is easy to deploy and easy to scale as well.

What is our primary use case?

As a product-agnostic Managed Security Services Provider (MSSP), AlienVault USM is one of several SIEM solutions we utilize in our Security Operation Center (SOC). We deploy, manage, and monitor the solution for other clients, and we use it for ourselves. As do most SIEMs, AlienVault allows us a central location to monitor the cybersecurity of an IT environment. It's impossible to avoid 100% of attacks, so after setting up defenses, the next best thing is to have 24/7 eyes-on-glass to be able to quickly respond to incidents as they happen.
Production DBA at BLUE MOTOR FINANCE LIMITED
Real User
Easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the Cloud) is quick and easy.

What is our primary use case?

We use AWS for our application platform and wanted a SIEM that was easy to deploy as a service and that had functionality and integrations focused on AWS. We found AlienVault was the best on price vs features and the team at AlienVault worked hard to make sure we were happy during our on-boarding. Features are rolled out fast and issues addressed quickly. The integration of OTX out-of-box and at no additional cost was a real selling point and the AWS features made it a clear winner.

What other advice do I have?

Efficiency Of Security Team: Yes, a team of 2 managing a reasonable sized network has been achieved. Events Per Day: 700,000
GP
Consultant at Embratel
User
It has helped us in improving our visualization and incident response during cybersecurity situations

What is our primary use case?

I use AlienVault to comply with PCI DSS requirements. For on-premises, I am using the AlienVault USM All-In-One 150A Virtual Appliance.

Pros and Cons

  • "AlientVault has helped us in improving our visualization and incident response during cybersecurity situations."
  • "Different functions to customize reports should be added."
admin at KIL A&T
Real User
I can easily check all logs and data in relation to attacks in one place

What is our primary use case?

My company wanted to get software which would be able to monitor resources in AWS, mainly IDS in one cumulative GUI, then add extra requirements with AlienVault match.

Pros and Cons

  • "I can easily check (in one place) all the logs and data in relation to attacks. It also gives me an overview if a server is not configured properly."
  • "Plugins could be better utilized, as some of them do not recognize all logs."
  • "It was easy on PoC, but when we got to the product it was different story. We had to learn the product again and got feeling that the PoC was a different product."

What other advice do I have?

Check other products, do POC as change from one to other get be very pricey and time consuming. Also training of people and changes cost lots of resources and not all employees like such changes every year.
Security Analyst at a tech services company with 1-10 employees
User
Its powerful correlation engine helps reduce time in manually correlating events

How has it helped my organization?

Its powerful correlation engine helps reduce time in manually correlating events.

What is most valuable?

Alarms Correlation

What needs improvement?

It should be able to communicate with other security solutions to stop threats.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No stability issues.

What do I think about the scalability of the solution?

No scalability issues.

How are customer service and technical support?

Customer Service: I would rate customer service as a nine out of 10. Technical Support: I would rate technical support as a nine out of 10.

Which solution did I use previously and why did I switch?

We did not previously use a different…
Client Development Manager at a tech services company with 51-200 employees
Consultant
Allowed us to help our customers satisfy compliance needs around logging and monitoring

What is our primary use case?

I work for a Managed Service Provider, who uses AlienVault USM Anywhere as the backbone of our vulnerability management and logging solution, which we deliver to our clients.

Pros and Cons

  • "The asset management functionality (active and passive scans) is also really important. You can't protect what you do not know about, so having an inventory of all your devices and software is critical to a security management program."
  • "Allowed us to help our customers satisfy compliance needs around logging and monitoring."
  • "AlienVault needs to continue to integrate with other third-party technologies that clients want to have monitored."
Network and Securirty Engineer at a tech vendor with 501-1,000 employees
User
It has allowed us to see what is happening on our servers

What is our primary use case?

We have devices in AWS and in the data center. The main reason is to do an IDS inspection in the cloud, as it was really hard to get proper software to do this and we did not want to install a virtual firewall in each timezone. We have over 200 servers being protected with this software.

Pros and Cons

  • "The main menu: You can see everything there, what is happening on the servers, and in the logs, you can view more details of each event."
  • "It has allowed us to see what is happening on our servers."
  • "As this software is in the cloud, you do not have control on updates and general changes which are happening."
SOC Analyst II at Shatter I.T.
Real User
Incoming alarms provide an overview of suspicious traffic going through the network

What is our primary use case?

We are an MSSP. We have a distributed environment that spans multiple networks and customers in various locations. We have one federated that receives information from all of our children servers deployed at customer locations.

Pros and Cons

  • "The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure."
  • "The UI and overall processes need a little bit more love. This shows in the error banners that come up when you select certain things. There isn't a day that goes by that the UI doesn't error out and I can't view events for an alarm."
  • "The reporting tools are a bit lacking for building reports to give directly to customers, but support has been helpful in giving our requests for new features to the development team and following up with us."
Network Architect at Envision IT LLC
Reseller
Cloud-based panel is excellent, enabling our SOC to review and respond to threats

What is our primary use case?

We are an MSP and we utilize an AlienVault USM Anywhere solution for threat detection in client networks.

Pros and Cons

  • "The new cloud-based panel is excellent both for client review as well as for our SOC to review and respond to threats. It is much easier to configure and use than the previous solution from AlienVault.​"
    Engineer - Network Security at a tech company with 11-50 employees
    User
    Review about AlienVault

    What is our primary use case?

    I'm a System Engineer working for a IT Security Solution Provider. My organization received a request for SIEM and FIM solution to be deployed for a Financial Organization. We have found AlienVault provide SIEM and FIM features in USM All In One This was my first ever SIEM deployment and started from the scratch after doing a good POC with the customer.
    Cybersecurity Analyst at a tech company with 51-200 employees
    User
    Review about AlienVault

    What is our primary use case?

    SIEM, Log ingestion and evaluation. We use this not only for internal but also for clients that we manage. It has proven its worth and more. We are currently very pleased with this product and has performed as advertised. We obviously use this for being able to ascertain visibility on each network in which it is deployed not only from the NIDS/HIDS side but also evaluation of each interaction every device has.
    Network Security Specialist at SEFISA
    Real User
    This solution can completely detect and prevent incidents on your network

    What is our primary use case?

    The solution has everything that you want: SIEM, vulnerability management, NetFlow, IDS, and more. This solution can completely detect and prevent incidents on your network. This solution can completely detect and prevent incidents on your network

    Pros and Cons

    • "Using the communication within the security device, it is easier to create plugins."
    • "This solution can completely detect and prevent incidents on your network."
    • "Reports are customized, so you can present them to executives or engineers.​"
    • "The other thing is the agent is OSSEC. They needed to create its own agent to help to find threats on the devices that it happens to be installed."
    • "Maybe logs are the problem, as the database query is too slow. If you want to search something, you need time to find it."
    CEO at a tech services company with 1-10 employees
    Reseller
    Enabled us to create an SOC on a budget with smaller than usual staff requirements

    What is our primary use case?

    As a cyber security company, we have used AlienVault to set the foundations of our security solutions offerings. Giving our customers all the services that they require via a single console environment, either self-managed or managed by ourselves, enabling companies with little to no IT department to have an all-in-one security compliance and reporting solution.

    Pros and Cons

    • "The AlienVault solution has enabled us to create a SOC on a budget with smaller than usual staff requirements, offering a wider range of solutions for our customers."
    • "We would like more plugins. This being the main point of improvement which would benefit the users."
    IT Manager at a manufacturing company with 51-200 employees
    User
    It is my "security person" looking at irregularities and letting me know when something has occurred

    What is our primary use case?

    We were looking to add another layer of security to our network, which included intrusion detection, intrusion prevention, SIEM collection, and more. After looking at a few solutions, we ended up purchasing AlienVault. We are located in a physical location with a 100 users.

    Pros and Cons

    • "SIEM log collection is great, and all of the rules that support updates with maintenance."
    • "It is my "security person" looking at irregularities and letting me know when something has occurred."
    • "More complimentary training needs to be done for use with this tool. If you get into a bind, then it will cost you."
    Network and Security Engineer at a tech services company with 51-200 employees
    Real User
    It has powerful threat detection, incident response, and compliance management

    What is our primary use case?

    AlienVault Unified Security Management (USM) has powerful threat detection, incident response, and compliance management. We can use this across cloud, on-premise and hybrid environments. The reason to use USM is that it has the following components in its package: * Asset Discovery * Vulnerability Assessment * Intrusion Detection * Behavioral Monitoring * SIEM & Log Management.

    Pros and Cons

    • "It has powerful threat detection, incident response, and compliance management."
    • "AlienVault has an advanced component within one package. With this, we can cover more area with one solution."
    • "AlienVault must improve their correlation feature. Some of the events do not match with the correlation rules and some of the correlation events are false-positive."

    What other advice do I have?

    It is the most valuable tool that I have seen of the SIEM solutions.
    Network and Security Engineer at a tech services company with 11-50 employees
    Real User
    We are able to get alerts perfectly with FIM and VA features

    What is our primary use case?

    This has an OTX feed. With it, we are able to get notifications about every incident that happens. By forwarding device logs, we are able to get alerts perfectly with FIM and VA features.

    Pros and Cons

    • "This is a USM, so being able to get all the features under one roof makes it a good product with good new features."
    • "We are able to get alerts perfectly with FIM and VA features."
    • "Pay attention to false-positive event automatic correlations."

    What other advice do I have?

    Our customers have good references about AlienVault.
    Head of MSS Platform and Product Management at a tech services company with 51-200 employees
    Consultant
    Allows for a lot of out-of-the-box features but it does not have APIs

    What is our primary use case?

    Supporting an MSSP. Supporting clients with minimum on-premise install. We are rolling out a USM appliance.

    How has it helped my organization?

    It allows for a lot of out-of-the-box features: vuln scanning, HIDS/HIPS, and IDS. The Suricata rule set is pretty lame

    What is most valuable?

    Asset discovery seems to be good. Nice that everything is bundled.  

    What needs improvement?

    Scaling, and it has no APIs!  It would be hard for any legitimate MSSP to use it.  

    For how long have I used the solution?

    Still implementing.

    What's my experience with pricing, setup cost, and licensing?

    The price point is good.
    Engineer - Information Security at a tech services company with 11-50 employees
    Reseller
    Top 5
    Categorization of Security Events Helps Our Soc Analyst for Further Analysis.

    What is our primary use case?

    I'm a re-seller of AlienVault SIEM in Sri Lanka. We have deployed AlienVault SIEM in one of the bank in Sri Lanka three months back. Currently we are working on the fine tuning. It took me two weeks to complete the basic deployment and integration of devices up-to 50 with the clients technical team.
    IT/IS Officer - Marketing Director at a tech services company with 51-200 employees
    Real User
    It Has Become an Invaluable Asset for Our Small Organization

    What is our primary use case?

    Working as the CIO for a small community bank, resources for staffing and manpower can be limited. AlienVault helps to simplify the management of Information Security and helps me to detect threats and manage alerts with ease!
    System Administrator at a tech services company with 10,001+ employees
    MSP
    We have been able to ensure the health of our servers

    What is our primary use case?

    We use the appliance in a few of ways: monitoring network behaviour, asset discovery, and running vulnerability scans. We can monitor the availability of servers and any particular software. As we have to service several servers, we can manage them in a economical way, which is beneficial to our team and business.

    Pros and Cons

    • "As we have to service several servers, we can manage them in a economical way, which is beneficial to our team and business."
    • "Any unusual behaviour, we can monitor. We have alerts set up to be sent when we receive signs of any unusual behaviour."
    • "For creating new rules, you have to be familiar with regular expressions. I feel there could be something built-in to make sure that process is easier."
    Network Operations Manager / Systems Engineer at a tech services company
    Real User
    Asset management of nodes has been a large help in terms of being able to track applications with more detail

    What is our primary use case?

    AlienVault is used in our infrastructure for compliance purposes. It was brought in as a replacement for use in multiple products at the time, such as Kiwi and Nexpose scanner. With the environment being new, it was the best place to start with being everything into one location for Syslog and Asset management. The vulnerability scanner also made the difference where the scans created tickets for remediation.

    Pros and Cons

    • "Vulnerability scanning helped out shortcomings of what was not patched in the past and what needed to be patched. This assisted with fine tuning the environment for compliance."
    • "It brought our logs into one place for review and set up alarms based on changes we were missing due to lack of having one place for everything to go."
    • "The asset management of nodes has been a large help in terms of being able to track applications with more detail and have changes made being monitored into one source."
    • "Source material on the forums to be more up-to-date with the changes happening within the product. Forums being out-of-date with information due to the changes makes troubleshooting a little more difficult - specific to the HIDS agents."
    IT Systems Administrator at a financial services firm with 201-500 employees
    Real User
    It has streamlined log aggregation and analysis to meet organizational and regulatory needs

    What is our primary use case?

    The primary use case for AlienVault is Log Management and SIEM functionality with the added benefit of IDS.

    Pros and Cons

    • "It has streamlined log aggregation and analysis to meet organizational and regulatory needs."
    • "Reporting is convoluted and difficult at times, although they claim to have hundreds of pre-built reports, very few of them are actually useful for anything but what the USM is doing."
    • "Windows log collection works with HIDS, but documentation is sparse and confusing."
    Security Administrator at a financial services firm with 501-1,000 employees
    Vendor
    It has allowed us to gain a better understanding of how data flows within our network

    Pros and Cons

    • "It allows you to define what alerts you want to see, or not to see, as well as if you want them grouped, or ungrouped."
    • "The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing."

    What other advice do I have?

    Once set up, for the most part, it is a "set it and forget it" solution. There is some upkeep with making sure all the things are monitored, but other than that AlienVault provides what you need out-of-the-box.
    Security Engineer at a tech services company with 201-500 employees
    MSP
    The low cost of entry SIEM functionality has increased due to network views and network traffic

    Pros and Cons

    • "Ease of deployment across various environments."
    • "Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement."

    What other advice do I have?

    The solution is improving steadily, particularly in relation to the quality and breadth of documentation. Though some areas are still weak.
    Head of IT at a consultancy with 201-500 employees
    Consultant
    We use the HIDS to monitor our servers, which track user account locks and logon failures

    What other advice do I have?

    We are very happy. The training was excellent, and the interaction with AlienVault is first rate - real leader in customer service, the OTX pulse feature is very useful.
    GP
    IT Officer with 51-200 employees
    User
    Visibility For Your Network and To Find Bottlenecks
    Security Analyst at a tech services company
    Consultant
    Quickly got insight into my environment
    Infrastructure Engineer at a tech services company with 1,001-5,000 employees
    Consultant
    Holistic view of SIEM environment

    What is most valuable?

    The UI is clean and easy to use. Lots of documentation, training, and community involvement available as well.

    How has it helped my organization?

    Holistic view of SIEM environment.

    What needs improvement?

    API, ETL, or connector to support BI tools such as Tableau, Power BI, etc.

    For how long have I used the solution?

    Only for a few months. We just went live with the USM when we transitioned away from on-prem.

    What was my experience with deployment of the solution?

    Not on the AV side, pretty easy to use.

    What do I think about the stability of the solution?

    No.

    What do I think about the scalability of the solution?

    No.

    How are customer service and technical support?

    Customer Service: Very good. Technical Support: Very good.

    Which

    IT User
    Vendor
    We haven't suffered a true breach, but it has helped identify weaknesses.

    What is most valuable?

    SIEM capabilities, vulnerability scanning, asset discovery/management features.

    How has it helped my organization?

    Increased visibility, threat detection.

    What needs improvement?

    The web UI can be clunky at times, with poor error handling. Updates need more QC before release.

    For how long have I used the solution?

    One year.

    What was my experience with deployment of the solution?

    Deployment has always been smooth.

    What do I think about the stability of the solution?

    No, it has been quite stable.

    What do I think about the scalability of the solution?

    Nothing except for networking challenges.

    How are customer service and technical support?

    Customer Service: Seven out of 10. Technical Support: Seven out of 10. First level of support is hit…
    Network Administrator at a tech services company
    Consultant
    The product has been very stable

    What needs improvement?

    The setup was somewhat complex.

    For how long have I used the solution?

    We have had this solution in place for about 10 months.

    What was my experience with deployment of the solution?

    There were deployment issues. At the time, it was right after USM Anywhere had been released, and not all of the documentation was posted. This made the deployment have some issues.

    What do I think about the stability of the solution?

    The product has been very stable.

    What do I think about the scalability of the solution?

    We have had no issues with scalabilty.

    How are customer service and technical support?

    Customer Service: I would give customer service a rating of four out of five. Technical Support: I would give technical support a rating of four out of…
    Professional Services Engineer at a tech services company with 11-50 employees
    Consultant
    Meets logging requirements for PCI and HIPAA standards

    What other advice do I have?

    AlienVault support is what really makes this product a great investment. They are constantly improving their product and happy to help with anything that comes up.
    Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
    Consultant
    Provides us with flexible deployment architecture

    Pros and Cons

    • "The best thing about AlienVault USM is it being a “Jack-of-All Trades” solution. It provides SIEM, HIDS/NIDS, FIM, NetFlow, Asset Management, Vulnerability Management, etc., under one USM platform. None of the commercial SIEM vendors like ArcSight, McAfee, etc., can boast of such a diverse feature set."
    • "The lack of mature functionality and expertise in any of those areas is a strong negative."

    What other advice do I have?

    Product Vision Stagnation: This may not be much of an issue for potential users of AV USM. However, it is important to note that the product has not gone through major leaps in the last four years. It had more than three major releases and 20+ minor releases, but nothing path-breaking has been brought to the market. It has still remained in the “promising products to watch” for way too long. One of the main reasons we think this is the case is because of economies of scale. Since they are priced lower and cater to the SME segment, the amount of money invested in development is less, and hence…
    Technical Writer at a tech services company with 11-50 employees
    Consultant
    AlienVault USM - bang for your buck.
    IT Assistant at a financial services firm with 51-200 employees
    Vendor
    I can monitor less things and just read reports or alarms.

    What is most valuable?

    The customizable reports

    How has it helped my organization?

    I can monitor less things and just read reports or alarms.

    What needs improvement?

    I don't have any, as I've been pretty satisfied with the product.

    For how long have I used the solution?

    1 Year

    What was my experience with deployment of the solution?

    No, it was pretty smooth. There's a little bit of a learning curve out the gate, but they have lots of help available.

    What do I think about the stability of the solution?

    No

    What do I think about the scalability of the solution?

    Just learning the language, it's a new product, and it takes time to learn all of it's capabilities.

    How are customer service and technical support?

    Customer Service: 10, they have great customer Service…
    Information Security Manager at a tech services company with 201-500 employees
    Real User
    We used to have to monitor and review logs for each device, now everything comes into AlienVault and it alerts us when we need to respond.

    Pros and Cons

    • "The USM is a work horse, no matter what devices or the number of logs we throw at it, the system processes them in real time, correlates the events, and alerts on only events that need human review."
    • "The one thing I continue to dislike about the USM is the limitation on reports."

    What other advice do I have?

    If you are thinking about a solution, give their free product OSSIM a try and once you see all it does you will want to upgrade to the commercial USM to get even more.
    Network Administrator at a legal firm with 51-200 employees
    Vendor
    We've been able to use the scanning to identify security issues and take care of them before they become a problem.
    IT Security Analyst at a tech services company with 10,001+ employees
    Real User
    Report modules now allow us to get a visualization of the activity of the main assets.

    Pros and Cons

    • "OTX is a great module that lets staff maintain and monitor updates regarding events in the infrastructure and takes decision to improve the security perimeter."
      IS Manager at a financial services firm with 501-1,000 employees
      Vendor
      It has allowed us to centralize our logging. We had used previous products and found AlienVault centralized the logging for our security.

      Pros and Cons

      • "We had used previous products and found AlienVault centralized the logging for our security."
      • "There are many reports included but would be nice to have better access to the data."

      What other advice do I have?

      No, good solid product
      Information Technology Security Administrator at a healthcare company with 1,001-5,000 employees
      Vendor
      We use policies as alerts on many compliance requirements and concerns.

      What is most valuable?

      Policies have been very valuable. We use them as alerts on many compliance requirements and concerns.

      How has it helped my organization?

      Identifying the sending of clear text account information Identifying and fixing vulnerabilities that we were not aware of

      For how long have I used the solution?

      We have been using AlienvVault for the past two years.

      What was my experience with deployment of the solution?

      There was an issue in setting up the log storage location.

      What do I think about the stability of the solution?

      I did not encounter any issues with stability.

      What do I think about the scalability of the solution?

      I did not encounter any issues with scalability.

      How are customer service and technical support?

      Customer Service: There is…
      IT Security Engineer II at a retailer with 5,001-10,000 employees
      Vendor
      Provides a single pane of glass that shows threats that are in the environment.

      What is most valuable?

      The dashboard.

      How has it helped my organization?

      The single pane of glass that shows threats that are in the environment.

      What needs improvement?

      Sub menus: Sometimes you really have to drill down to get to where you want to go.

      For how long have I used the solution?

      We have been using this solution for three years.

      What was my experience with deployment of the solution?

      I did not encounter any issues with deployment.

      What do I think about the stability of the solution?

      There were stability issues due to lack of memory.

      What do I think about the scalability of the solution?

      I did not encounter any issues with scalability.

      How are customer service and technical support?

      Customer Service: I would rate customer service as excellent.…
      BG
      Systems Engineer at a university with 201-500 employees
      Real User
      Some of the valuable features are real-time email alerts, event correlations, and log management.

      What other advice do I have?

      If you are interested, sign up for some of their webinars, download the free trial or open source versions, and play with it.
      Security Expert at a tech services company
      Consultant
      Provides threat detection powered by signatures and advanced correlation rules.

      What is most valuable?

      Threat detection powered by signatures and advanced correlation rules.

      How has it helped my organization?

      It helps to identify external and internal security threats to the organization, on time.

      What needs improvement?

      Accuracy of threat detection Advance reporting Reliable asset and vulnerability management feature

      For how long have I used the solution?

      We have been using this solution for three years.

      What was my experience with deployment of the solution?

      I did not encounter any issues with deployment.

      What do I think about the stability of the solution?

      I did not encounter any issues with stability.

      What do I think about the scalability of the solution?

      I did not encounter any issues with scalability.

      How are customer service and

      Delivery Manager at a tech services company with 11-50 employees
      Consultant
      Provides vulnerability scanning and OTX for threat intelligence.

      What other advice do I have?

      I do not have any additional comments.
      Information Security Analyst at a insurance company
      Vendor
      Some of the valuable features are log aggregation, correlation, and threat intel.

      What is most valuable?

      Log aggregation, correlation, and threat intel.

      How has it helped my organization?

      AlienVault has streamlined our security functions by combining several different functions into one package.

      What needs improvement?

      I think expanding their vendor-specific plugins would beneficial.

      For how long have I used the solution?

      We have been using this solution for one year.

      What was my experience with deployment of the solution?

      I did not encounter any issues with deployment.

      What do I think about the stability of the solution?

      I did not encounter any issues with stability.

      What do I think about the scalability of the solution?

      I did not encounter any issues with scalability.

      How are customer service and technical support?

      Customer Service: Their…
      Sr. Networking & EMS Analyst
      Vendor
      Provides a good platform to start looking at the traffic on your network.
      IT Supervisor at a energy/utilities company
      Real User
      Allows us to roll out log management on clients and servers, host-based IDS, and network-based IDS.

      Pros and Cons

      • "The best feature of this product is the ease of use. It is extremely easy to set up and get going. This is a very useful tool for a small organization."
      • "I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job."

      What other advice do I have?

      I highly recommend AlienVault USM for anybody that is seeking a SIEM solution that is easy to implement and easy to manage. It works very well for small- and medium-size businesses.
      IT Security Analyst at a financial services firm with 201-500 employees
      Vendor
      You can customize the "Overview" dashboard to you or your company's needs.
      Professor at a university with 201-500 employees
      Vendor
      It is set up as a dashboard in the security lab. Students can view and analyze the monitoring techniques of the product.
      System Administrator at a financial services firm with 201-500 employees
      Vendor
      The alarms dashboard shows any threats that may need further investigation.

      Pros and Cons

      • "The vulnerability scanning is helpful to identify the areas that need patching or fixes installed."
      • "The vulnerability reporting needs to have options to be able to sort or customize the output."

      What other advice do I have?

      If you take the training virtually, make sure you can dedicate the week with uninterrupted time. The training is quite in-depth and you want to have your undivided attention on it.
      Tech Support Engineer at a tech services company with 501-1,000 employees
      MSP
      Offers an Open Threat Exchange for IP reputation and vulnerability scanning.
      AVP & Information Security Officer at a financial services firm with 501-1,000 employees
      Real User
      Automated alarms help identify what is happening on your network that should be investigated.

      What other advice do I have?

      If you are considering this solution, I highly recommend that you have someone in-house who is familiar with Unix/Linux. The underpinnings of this solution is *nix. It will make deployment and ongoing maintenance much easier.
      Security Architecture and Operations Lead at a university with 1,001-5,000 employees
      Vendor
      AlienVault helped take us from semi-Pro to Pro

      What other advice do I have?

      We've been very happy with the purchase. While the list of supported vendors in the SIEM continues to grow, I do wish that creating plugins was a little easier.
      InfoSec at a tech services company with 1,001-5,000 employees
      Consultant
      Cost effective solution.
      AlienVault is a full featured cost effective SIEM that provides quality threat intelligence for a lot less than the competition. I knocked off a point [from my rating] for the learning curve compared to some of the competition and another point for the lack of native user behavior analytics but for the money you really can't do any better. 
      SOC Lead / Sr. SOC Analyst at a tech services company with 501-1,000 employees
      MSP
      Out of the box features for easy asset discovery, vulnerability scans, IDS setup are all beneficial.
      Information Systems Network Technician at a local government with 501-1,000 employees
      Vendor
      Allows for log management, vulnerability scanning, and file integrity monitoring.​

      What other advice do I have?

      Use AlienVault's free trial of the USM. They will help you get the system installed which is very helpful to make sure you get test best test possible.
      Security Consultant at a tech consulting company with 51-200 employees
      Consultant
      We run this product on our network 24/7 and it has helped identify important events.

      What other advice do I have?

      Remember, there are many good products on the market, however affordability is usually a key factor. Sit down and properly analyse your network, and list expectation from whatever product you are considering. Identify what are your most critical assets, your “Crown Jewels”, and know how it needs to be protected. Then look at solutions within your budget, remembering that the most expensive is no necessarily always the best. There are many world class products out there, you need to find one that will fulfil your needs, within your budget. Also, remember running a system like this means…
      SOC Intrusion Analyst at a tech services company with 51-200 employees
      Consultant
      Once we placed AlienVault into the product we have now, the time it takes to find and respond to real anomalies dropped. Creating directives is a pain.

      What other advice do I have?

      Take advantage of the support team at AlienVault, and read through the documentation. If you get lost, their is a good chance the information is in there. Also, you will quickly discover the limitations of AlienVault, so you should take your time to figure out workarounds for your issues.
      Information Security Consultant at Securepoint Nederland B.V.
      Consultant
      There is no complex alerting or code reviewing, just click and go.

      What other advice do I have?

      The price is the unique selling point for AlienVault. The product is now stable and it is a Swiss army knife packed with lot of tools. All other professional products that compare to AlienVault are somewhat different but deliver the same result, but it is the price that tips the balance in favor of AlienVault. Check the latest Gartner report on SIEM/USM 2016, and test the other products. Do not stick to one product for testing, but when you do not have the time to test all products (who does have the time), choose only two or three products to check out. Compare the prices and always ask for a…
      Security Consultant at a tech consulting company with 51-200 employees
      Consultant
      We have noticed outdated Java and Flash versions due to the snort rules included in the appliance.

      What other advice do I have?

      As this is a product that will give you a lot of visibility into everything you can throw at it, it is good to note that you should have good working relations with the *people* in charge of the assets you have visibility over (e.g. with network mirroring). You will get alarms about a plethora of things you couldn't have imagined, things that people have forgotten, that have been misconfigured and that are under attack. You will need to explain the remedies and mitigations to people. And that is possibly the biggest hurdle. This product will not help you if you cannot fix the problems it…
      Senior Network and Security Consultant SI at a tech services company
      Consultant
      We can gather all data from different devices, analyze theme and extract the correct information.​

      What other advice do I have?

      It's a powerfull solution and contain more features than other products.
      Network Security Administrator at a comms service provider with 501-1,000 employees
      Vendor
      The most important part of the product is the event correlation and alerting. The ability to authenticated users across multiple domains would be useful, but is not critical.

      What other advice do I have?

      Do your research in SIEM solutions and realize that it is not going to be a set and forget product. For 10 sensors like what we run there are weeks that it requires logging in and closing tickets and there are weeks where you will spend 10+ hours working on the deployment. There are some things that are great and some that are annoying, this is not a perfect product. Most security products are never perfect especially based on different organizations that will run them.
      Security Analyst at a legal firm with 501-1,000 employees
      Vendor
      It has a lot of capabilities, but make sure there’s someone that can devote daily time to it.

      What other advice do I have?

      It has a lot of capabilities, but make sure there’s someone that can devote daily time to it and that there is buy in from all segments, or a majority of the capabilities become pointless.
      Chief Information Security Officer at a tech services company with 51-200 employees
      Consultant
      It's based on an open source product and therefore fully customizable.

      What other advice do I have?

      If you don’t want to overpay, and want to have something working, you have to make an assessment based on: - what are your assets? - what is the criticality of each one? - what use cases do you want to implement? From there create a plan on how to implement them to limit the number of collection to the minimum to avoid flooding of data/high costs due to over-sized infrastructure.
      Director of Information Technology at a healthcare company with 51-200 employees
      Vendor
      ​Simplified log analysis and log management​.

      Valuable Features

      Alerts derived from logs.

      Improvements to My Organization

      Simplified log analysis and log management.

      Room for Improvement

      More information about what the alerts mean and how they are derived would be useful when determining their significance. Support is good to provide this information though.

      Use of Solution

      >12 months

      Stability Issues

      No.

      Customer Service and Technical Support

      Excellent.

      Initial Setup

      Fairly straightforward. It does take some time to tune the system to your environment – to prevent getting alerts on activity your find acceptable in your environment.

      Pricing, Setup Cost and Licensing

      They do give discounts towards the end of quarters if your renewal is due.

      Other Advice

      You will wonder how you lived without it.
      Chief Security Officer at a financial services firm with 501-1,000 employees
      Vendor
      ​The integration of IDS and OSSEC is valuable as it enables correlation between Network IDS events and host system event logs

      What other advice do I have?

      As with any Security solution, you still need to have knowledgeable people to manage the solution and the solution is not a silver-bullet that takes care of all your issues without being properly managed. Make sure you have the necessary knowledge and headcount to use the solution before implementing this or any other solution. With Security, the most of the cost is in OPEX, not CAPEX, so make sure you have the necessary expertise to operate the solution as efficiently as possible.
      Information Security Officer at a healthcare company with 1,001-5,000 employees
      Vendor
      Valuable features include integrated vulnerability assessment, intrusion/anomaly detection and monitoring, with a simple management interface.

      What other advice do I have?

      As with any SIEM, it is not a “turn-key” or “set it and forget it” solution. It requires resources and skills to deploy, although this can be done in stages. Appropriate resources for maintenance is also key so the information is accurate, relevant and timely. Otherwise it becomes a repository of stale ignored events and alarms.
      Manager, Information Security at a retailer with 5,001-10,000 employees
      Vendor
      I'm able to scan for vulnerabilities quickly on existing devices and also for new devices being deployed.

      What other advice do I have?

      I would say to implement it. It has all the components needed to help secure your environment as long as you have someone who can dedicate some time to it. But even if you don’t, like in my case, it is a much better solution that the others.
      IT Security Administrator at a local government with 501-1,000 employees
      Vendor
      The basic setup was straightforward. I'd like to see built in support to detect more security incidents.

      What is most valuable?

      Security alarms Log collection

      How has it helped my organization?

      We now get a better view into what is happening on our network and to the servers than previously.

      What needs improvement?

      I'd like to see built in support to detect more security incidents.

      For how long have I used the solution?

      I've been using it for 10 months.

      What do I think about the stability of the solution?

      We had no issues with the stability.

      What do I think about the scalability of the solution?

      It's been able to scale for our needs.

      How are customer service and technical support?

      They're very good.

      Which solution did I use previously and why did I switch?

      This is the first time we've used a solution of this type.

      How was the initial setup?

      The basic setup…
      IT Security Architect at a healthcare company with 1,001-5,000 employees
      Vendor
      I can see all HIDS and IDS events in one place. Setup is complex when playing with custom plugins.

      What other advice do I have?

      To take full advantage of the product you have to work under the hood.
      IT Engineer at a energy/utilities company with 501-1,000 employees
      Vendor
      Due to the logger feature, everything is centralized on the AlientVault Server.

      What other advice do I have?

      It’s a very good SIEM with plenty of functionalities which helped improve our KPI.
      Group Information Security Officer at a consumer goods company with 1,001-5,000 employees
      Vendor
      Before AlientVault we had no visibility of our vulnerabilities without looking up WSUS and matching this against the Windows bulletins.

      What other advice do I have?

      Being the only Security professional in an organisation of well over 1000 people AlienVault lets me keep a watchful eye whilst getting on with my day job. This is a very good product with excellent support. Personally I would have preferred to go on the AlienVault System Engineers course as I believe this would help in fine tuning the system.
      Information Security Administrator at a government with 1,001-5,000 employees
      Vendor
      It provides greater visibility of host based and network activity through its HIDS and NIDS functionality. They should simplify the HIDS agent reporting/custom rule creation.

      What other advice do I have?

      If you have any questions, AlienVault's support team is more than willing to help with your installation, implementation, and integration.
      Network Engineer II at a healthcare company
      Vendor
      We now can find the source of where Windows account lockouts are occurring.

      What other advice do I have?

      It’s pretty easy to setup but to really take advantage you should have a dedicated person who will devote their time, to customizing and utilizing the power this solution has.
      IT Field Support Manager at a consumer goods company with 1,001-5,000 employees
      Vendor
      We already used a lot of the open source products in this suite. This brought them all under one roof and allowed one person do all the work.

      What other advice do I have?

      Go slow and get everything into your SIEM so you can do some really neat correlations and alerts.
      Senior Infrastructure Analyst at a pharma/biotech company with 1,001-5,000 employees
      Vendor
      Provides a single way to analyze traffic and threats on our network.

      What other advice do I have?

      The initial onboarding during the trial period, including assisted setup, was most useful. Ensure you get the most from this, as if you require further setup assistance, it comes under (paid-for) professional services. AV is a very useful tool, but must be configured correctly in order to get the most out of it.
      Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
      Consultant
      Cost effective, quick and easy SIEM solution which still needs to be improved to better compete with other solutions.
      At Infosecnirvana, we did a post on SIEM Comparison – 101 and a lot of readers were interested in evaluating AlienVault SIEM and how it stacks up against the usual suspects like ArcSight, QRadar, McAfee Nitro, Splunk etc. Well, we listened and this post is about our take on AlienVault SIEM, its strengths, weakness and many more. Introduction: AlienVault is the enterprise avatar of Open Source SIM (OSSIM). AlienVault has a number of software components, which when put together provides what is now called a Unified Security Management tool or USM in short. The components are: Arpwatch, used for MAC address anomaly detection. P0f, used for passive OS detection and OS change analysis. PADS – Passive Asset Detection System, used for service anomaly detection.…
      Buyer's Guide
      Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about AT&T, Splunk, LogRhythm, and more!