Most Helpful Review
Find out what your peers are saying about AT&T AlienVault USM vs. RSA NetWitness Logs and Packets (RSA SIEM) and other solutions. Updated: September 2020.
442,283 professionals have used our research since 2012.
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"Being able to build and modify dashboards on the fly with Activeboards streamlines my analyst time because my analysts aren't doing it across spreadsheets or five different tools to try to build a timeline out themselves. They can just ingest it all, build a timeline out across all the logging, and all the different information sources in one dashboard. So, it's a huge time saver. It also has the accuracy of being able to look at all those data sources in one view. The log analysis, which would take 40 hours, we can probably get through it in about five to eight hours using Devo."
"The user interface is really modern. As an end-user, there are a lot of possibilities to tailor the platform to your needs, and that can be done without needing much support from Devo. It's really flexible and modular. The UI is very clean."
"One of the biggest features of the UI is that you see the actual code of what you're doing in the graphical user interface, in a little window on the side. Whatever you're doing, you see the code, what's happening. And you can really quickly switch between using the GUI and using the code. That's really useful."
"Even if it's a relatively technical tool or platform, it's very intuitive and graphical. It's very appealing in terms of the user interface. The UI has a graphically interface with the raw data in a table. The table can be as big as you want it, depending on your use case. You can easily get a report combining your data, along with calculations and graphical dashboards. You don't need a lot of training, because the UI is relatively very intuitive."
"The ability to have high performance, high-speed search capability is incredibly important for us. When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. You need to be able to answer questions quickly. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to do that quickly. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events."
"The dashboards are very descriptive and contain just the right amount of information. The activity alarms and events contain a plethora of data that is very descriptive and useful."
"Log-monitoring and alerting enable us to know when things happen that we need to know about."
"On any given day I could give you a different answer regarding the most valuable features of the product. The feature that is most important is the fact that it has a lot of features, that it's not just a log collection and correlation system, that it has a lot of other components built in. The bundle of features is really the killer feature."
"It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts, NIDS, HIDS, etc. - provides a very efficient way of dealing with things."
"The IDS and the threat intelligence are very useful. They are very intuitive and data-rich."
"AlienVault provides a checklist answer when using SIEM."
"This solution can identify many threats inside the organization (compromised endpoints, configuration issues), as well as "outside" threats (botnets, network scanners, web-attacks, etc)."
"The most valuable feature of this solution is security management for PCI DSS."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"Their technical support responds quickly and are knowledgable."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"Their documentation could be better. They are growing quickly and need to have someone focused on tech writing to ensure that all the different updates, how to use them, and all the new features and functionality are properly documented."
"The Activeboards feature is not as mature regarding the look and feel. Its functionality is mature, but the look and feel is not there. For example, if you have some data sets and are trying to get some graphics, you cannot change anything. There's just one format for the graphics. You cannot change the size of the font, the font itself, etc."
"There's always room to reduce the learning curve over how to deal with events and machine data. They could make the machine data simpler."
"There is room for improvement in the ability to parse different log types. The breadth of overall log parsers that exists right now is an area that they could improve. Natively, there's more that could be done by Devo then what it can and can't understand from a parsing perspective."
"The only room for improvement I can mention is the initial installation procedures. I found that the online installation instructions for the product were missing important details, they lacked necessary steps."
"they seem to have bugs from time to time that go unfixed for a while and that is frustrating. I'm not saying the product needs to be bug-free, but they need to be responsive to bugs."
"Search performance can be slow. The Raw Logs feature is painfully slow. And if we're talking about the newer, the Anywhere product, you can't even schedule reports on the thing. There are probably a dozen other features I'd really like to see there, but that would be one of the biggies."
"We've had some stability problems, not a lot, but a few. Updates seem to be the worst. That seems to be when the stability problems come up."
"The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management."
"One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs... The logger can only hold so much data. If they improved that, that would help."
"We develop additional rules and scripts to make it more usable."
"It would be nice to see some machine learning and monitoring of the configuration in network devices."
"We have encountered issues with unresolved crashes."
"The implementation needs assistance."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"The initial setup is very complex and should be simplified."
Pricing and Cost Advice
"It's a per gigabyte cost for ingestion of data. For every gigabyte that you ingest, it's whatever you negotiated your price for. Compared to other contracts that we've had for cloud providers, it's significantly less."
"I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money."
"We have an OEM agreement with Devo. It is very similar to the standard licensing agreement because we are charged in the same way as any other customer, e.g., we use the backroom."
"We have seen ROI. We have seen cost savings in maintenance, upkeep, and support."
"So far, I feel the product's pricing is a good value. The technology is decent. You get what you pay for. I think it's fair."
"I don't think the product's pricing is a good value because they try to raise the price 50 percent every year... AlienVault needs to understand that not all customers are huge enterprises... Their sales team is way too aggressive. The price they advertise is not always the price you get."
"The pricing is a good value. The key thing is that for the new product, the licensing of it, is subscription-based and it's based on data. Clients need to be really careful when thinking about that, because odds are they're going to need to put a lot more data into it than what they initially estimate, which is going to drive their subscription costs up."
"It's very reasonably priced. It was one of the lowest among the ones I looked at. Licensing is pretty flexible. They can do a two-year or a three-year, even a one-year, perhaps."
"So far, it has been a good solution for a tight budget."
"It allows you to do a lot with a small price tag... The pricing is the best on the market."
"The vulnerability management solution is worse than buying a Nessus Professional license."
"The licensing fees are dependent on usage."
"It is cheap."
"The licenses are good but the cost is very expensive."
"This is a pricey solution; it's not cheap."
"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."
"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
"Our license is for one year."
Answers from the Community
Questions from the Community
Question: What do you like most about Devo?
Top Answer: Even if it's a relatively technical tool or platform, it's very intuitive and graphical. It's very appealing in terms of… more »
Top Answer: We have an OEM agreement with Devo. It is very similar to the standard licensing agreement because we are charged in the… more »
Top Answer: The easiest solution is for the client to obtain a static IP address from AV which are really cheap.
Top Answer: Performance and reporting are very good.
Question: What is your experience regarding pricing and costs for RSA NetWitness Logs and Packets (RSA SIEM)?
Top Answer: Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends… more »
Top Answer: The user interface is a little bit difficult for new users and it needs to be improved. It takes a lot of time to… more »
Compared 55% of the time.
Compared 18% of the time.
Compared 9% of the time.
Compared 5% of the time.
Compared 3% of the time.
Compared 18% of the time.
Compared 9% of the time.
Compared 8% of the time.
Compared 8% of the time.
Compared 7% of the time.
Compared 21% of the time.
Compared 19% of the time.
Compared 10% of the time.
Compared 7% of the time.
Compared 2% of the time.
Also Known As
|Logtrust||AlienVault, AlienVault USM, Alienvault Cybersecurity||RSA Security Analytics|
Devo unlocks the full value of machine data for the world’s most instrumented enterprises by putting more data to work now. With Devo, IT executives finally realize the transformational promise of machine data to drive breakthrough projects that move the entire business forward.
AlienVault USM Anywhere is a cloud-based security management solution that accelerates and centralizes threat detection, incident response, and compliance management for your cloud, hybrid cloud, and on-premises environments. USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physical IT infrastructure.
With USM Anywhere, you can rapidly deploy sensors into your cloud and on-premises environments while centrally managing data collection, security analysis, and threat detection from the AlienVault Secure Cloud.
Five Essential Security Capabilities in a Single SaaS Platform
AlienVault USM Anywhere provides five essential security capabilities in a single SaaS solution, giving you everything you need for threat detection, incident response, and compliance management—all in a single pane of glass. With USM Anywhere, you can focus on finding and responding to threats, not managing software. An elastic, cloud-based security solution, USM Anywhere can readily scale to meet your threat detection needs as your hybrid cloud environment changes and grows.
Try USM Anywhere in your environment—free for the first 14 days.
If you’re relying on log data to detect and prevent cyber threats, you’re in trouble. Attackers increasingly evade detection of log-centric security and network monitoring tools. But logs combined with full packet, endpoint NetFlow data are proven to provide the essential details for early threat detection. Here’s a closer look at our solution.
See Devo in Action
See how Devo allows you to free yourself from data management, and make machine data and insights accessible.
Learn more about AT&T AlienVault USM
Learn more about RSA NetWitness Logs and Packets (RSA SIEM)
|United States Air Force, Rubrik, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, Public Library of Science, OpenText||Abel & Cole, Bank of Ireland, Bluegrass Cellular, CareerBuilder, Claire's, Hays Medical Center, Hope International, McCurrach, McKinsey & Company, Party Delights, Pepco Holdings, Richland School District, Ricoh, SaveMart, Shake Shack, Steelcase, TaxAct, Taylor Morrison, Vonage and Zoom||Los Angeles World Airports, Reply|
Computer Software Company33%
Comms Service Provider19%
Financial Services Firm21%
Comms Service Provider9%
Computer Software Company28%
Comms Service Provider20%
Comms Service Provider38%
Financial Services Firm25%
Computer Software Company25%
Computer Software Company41%
Comms Service Provider21%
No Data Available
See our list of best Security Information and Event Management (SIEM) vendors.