Most Helpful Review
Find out what your peers are saying about AT&T AlienVault USM vs. Fortinet FortiSIEM and other solutions. Updated: September 2020.
437,323 professionals have used our research since 2012.
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
Even if it's a relatively technical tool or platform, it's very intuitive and graphical. It's very appealing in terms of the user interface. The UI has a graphically interface with the raw data in a table. The table can be as big as you want it, depending on your use case. You can easily get a report combining your data, along with calculations and graphical dashboards. You don't need a lot of training, because the UI is relatively very intuitive.
The user interface is really modern. As an end-user, there are a lot of possibilities to tailor the platform to your needs, and that can be done without needing much support from Devo. It's really flexible and modular. The UI is very clean.
One of the biggest features of the UI is that you see the actual code of what you're doing in the graphical user interface, in a little window on the side. Whatever you're doing, you see the code, what's happening. And you can really quickly switch between using the GUI and using the code. That's really useful.
Being able to build and modify dashboards on the fly with Activeboards streamlines my analyst time because my analysts aren't doing it across spreadsheets or five different tools to try to build a timeline out themselves. They can just ingest it all, build a timeline out across all the logging, and all the different information sources in one dashboard. So, it's a huge time saver. It also has the accuracy of being able to look at all those data sources in one view. The log analysis, which would take 40 hours, we can probably get through it in about five to eight hours using Devo.
The most valuable feature is threat intelligence.
The most valuable feature of this solution is security management for PCI DSS.
This solution can identify many threats inside the organization (compromised endpoints, configuration issues), as well as "outside" threats (botnets, network scanners, web-attacks, etc).
AlienVault provides a checklist answer when using SIEM.
It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts, NIDS, HIDS, etc. - provides a very efficient way of dealing with things.
The IDS and the threat intelligence are very useful. They are very intuitive and data-rich.
On any given day I could give you a different answer regarding the most valuable features of the product. The feature that is most important is the fact that it has a lot of features, that it's not just a log collection and correlation system, that it has a lot of other components built in. The bundle of features is really the killer feature.
Log-monitoring and alerting enable us to know when things happen that we need to know about.
We find the solution to be stable.
It's very easy for anyone to work with.
To add workers and even collectors is pretty easy.
The seamless integration with FortiGate is the solution's most valuable aspect.
Both the collecting logs and duo correlation are valuable features for us.
The solution is very stable. It's run for years without the need to do anything except, add new patches when they are available, which are always a good idea to install.
Analytics is the most valuable feature. The business service summaries in the dashboards and the correlations for the SIEM are also valuable features.
The most valuable feature is the dashboard. CMDB database collects data from a lot of pre-configured devices.
There's always room to reduce the learning curve over how to deal with events and machine data. They could make the machine data simpler.
The Activeboards feature is not as mature regarding the look and feel. Its functionality is mature, but the look and feel is not there. For example, if you have some data sets and are trying to get some graphics, you cannot change anything. There's just one format for the graphics. You cannot change the size of the font, the font itself, etc.
Their documentation could be better. They are growing quickly and need to have someone focused on tech writing to ensure that all the different updates, how to use them, and all the new features and functionality are properly documented.
The reporting is mediocre and is something that needs to be improved.
This solution could be easier to use.
It would be nice to see some machine learning and monitoring of the configuration in network devices.
We develop additional rules and scripts to make it more usable.
The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management.
One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs... The logger can only hold so much data. If they improved that, that would help.
Search performance can be slow. The Raw Logs feature is painfully slow. And if we're talking about the newer, the Anywhere product, you can't even schedule reports on the thing. There are probably a dozen other features I'd really like to see there, but that would be one of the biggies.
We've had some stability problems, not a lot, but a few. Updates seem to be the worst. That seems to be when the stability problems come up.
The solution needs to do a better job with third party integration. Right now, that's lacking on the solution. I specifically am talking about the AWS environment. Most of the AWS environment products do not have that capability to integrate.
We need to see incident reports about the event log, without events from the administrator or through human interaction.
The dashboard needs to improve.
When compared with some competitors, in terms of performance, the CPU and RAM requirements and the capability of coordination with development all need some improvement.
The support of the product changed recently, and I don't think it's for the better. They should work to improve the support they offer to clients.
They could work on their documentation. If there's anything about the solution that needs improvement, it's that. For example, documentation already is on a very high level but specifically on the CLI there are tons of features which can be fine-tuned and thousands of commands are very difficult to document. If they could make this easier, it would improve the overall solution.
Their product support, in general, is not that great. The product support is in the same ecosystem. Their support is improving but it's not that great.vvv
The performance can be improved. Sometimes it takes a long time to fetch data.
Pricing and Cost Advice
We have an OEM agreement with Devo. It is very similar to the standard licensing agreement because we are charged in the same way as any other customer, e.g., we use the backroom.
I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money.
It's a per gigabyte cost for ingestion of data. For every gigabyte that you ingest, it's whatever you negotiated your price for. Compared to other contracts that we've had for cloud providers, it's significantly less.
The licensing fees are dependent on usage.
The vulnerability management solution is worse than buying a Nessus Professional license.
So far, it has been a good solution for a tight budget.
It allows you to do a lot with a small price tag... The pricing is the best on the market.
It's very reasonably priced. It was one of the lowest among the ones I looked at. Licensing is pretty flexible. They can do a two-year or a three-year, even a one-year, perhaps.
The pricing is a good value. The key thing is that for the new product, the licensing of it, is subscription-based and it's based on data. Clients need to be really careful when thinking about that, because odds are they're going to need to put a lot more data into it than what they initially estimate, which is going to drive their subscription costs up.
I don't think the product's pricing is a good value because they try to raise the price 50 percent every year... AlienVault needs to understand that not all customers are huge enterprises... Their sales team is way too aggressive. The price they advertise is not always the price you get.
So far, I feel the product's pricing is a good value. The technology is decent. You get what you pay for. I think it's fair.
Pricing is acceptable for more than 90% of our customers, as they normally get discounts.
We bought the perpetual license, so we own the product, but there is a three-year support renewal fee for that.
Questions from the Community
Question: What do you like most about Devo?
Top Answer: Even if it's a relatively technical tool or platform, it's very intuitive and graphical. It's very appealing in terms of the user interface. The UI has a graphically interface with the raw data in a… more »
Top Answer: We have an OEM agreement with Devo. It is very similar to the standard licensing agreement because we are charged in the same way as any other customer, e.g., we use the backroom. However, we built… more »
Top Answer: We perform a lot of AlienVault implementations (both USM Appliance and USM Anywhere) for AlienVault/AT&T Cybersecurity as well as see a lot of other SIEM technologies on the market. With the exception… more »
Top Answer: To add workers and even collectors is pretty easy.
Top Answer: When they started out after acquiring AccelOps, the user interface wasn't that great. But from version 5.0 they have obviously radically changed the interface, aligning it to the rest of the Forti… more »
Top Answer: We run a Manage Security Services company and we use it in-house and for some of our clients. The service is a multitenant platform where our clients can log on to view and access various… more »
Compared 57% of the time.
Compared 18% of the time.
Compared 10% of the time.
Compared 6% of the time.
Compared 3% of the time.
Compared 19% of the time.
Compared 9% of the time.
Compared 8% of the time.
Compared 8% of the time.
Compared 4% of the time.
Compared 23% of the time.
Compared 9% of the time.
Compared 5% of the time.
Compared 5% of the time.
Compared 5% of the time.
Also Known As
|Logtrust||AlienVault, AlienVault USM, Alienvault Cybersecurity||FortiSIEM, AccelOps|
Devo unlocks the full value of machine data for the world’s most instrumented enterprises by putting more data to work now. With Devo, IT executives finally realize the transformational promise of machine data to drive breakthrough projects that move the entire business forward.
AlienVault USM Anywhere is a cloud-based security management solution that accelerates and centralizes threat detection, incident response, and compliance management for your cloud, hybrid cloud, and on-premises environments. USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physical IT infrastructure.
With USM Anywhere, you can rapidly deploy sensors into your cloud and on-premises environments while centrally managing data collection, security analysis, and threat detection from the AlienVault Secure Cloud.
Five Essential Security Capabilities in a Single SaaS Platform
AlienVault USM Anywhere provides five essential security capabilities in a single SaaS solution, giving you everything you need for threat detection, incident response, and compliance management—all in a single pane of glass. With USM Anywhere, you can focus on finding and responding to threats, not managing software. An elastic, cloud-based security solution, USM Anywhere can readily scale to meet your threat detection needs as your hybrid cloud environment changes and grows.
Try USM Anywhere in your environment—free for the first 14 days.
FortiSIEM (formerly AccelOps 4) provides an actionable security intelligence platform to monitor security, performance and compliance through a single pane of glass.
Companies around the world use FortiSIEM for the following use cases:
See Devo in Action
See how Devo allows you to free yourself from data management, and make machine data and insights accessible.
Learn more about AT&T AlienVault USM
Learn more about Fortinet FortiSIEM
|NHL, Panda Security, Telefonica, CaixaBank, Public Library of Science, OpenText||Abel & Cole, Bank of Ireland, Bluegrass Cellular, CareerBuilder, Claire's, Hays Medical Center, Hope International, McCurrach, McKinsey & Company, Party Delights, Pepco Holdings, Richland School District, Ricoh, SaveMart, Shake Shack, Steelcase, TaxAct, Taylor Morrison, Vonage and Zoom||FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government. Customers include Aruba Networks, Compushare, Port of San Diego, Cleveland Indians, Infoblox, Healthways, and Referentia.|
Computer Software Company43%
Comms Service Provider10%
Financial Services Firm22%
Comms Service Provider9%
Computer Software Company30%
Comms Service Provider18%
Comms Service Provider14%
Computer Software Company29%
Comms Service Provider20%
No Data Available
See our list of best Security Information and Event Management (SIEM) vendors.