USM Anywhere Benefits
The benefits experienced by our company from the use of the solution stem from the fact that it has been working pretty well in terms of getting the events correlated and getting the alarms on suspicious activities.
JV
Jomel Varghese
Network and Security Infrastructure Manager at a wholesaler/distributor with 201-500 employees
AT&T AlienVault USM has helped our organization by highlighting known vulnerabilities in our network and full visibility of our network to figure out if there is anything that we are not aware of. If there are any missing pieces, they would be found by the AT&T AlienVault USM.
View full review »As stated before, the solution allows us to continuously detect cybersecurity incidents that may occur throughout our environment.
View full review »Buyer's Guide
USM Anywhere
April 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
769,976 professionals have used our research since 2012.
VS
Vinod Shankar
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
A jack-of-all trades:
The best thing about AlienVault USM is it being a “Jack-of-All Trades” solution. It provides SIEM, HIDS/NIDS, FIM, NetFlow, Asset Management, Vulnerability Management, etc., under one USM platform. None of the commercial SIEM vendors like ArcSight, McAfee, etc., can boast of such a diverse feature set.
- QRadar is the closest to AV USM in terms of feature diversity. While all the features are formerly isolated Open Source community projects, the USM does a good job of integrating them into a feature set. While they are not great as individual parts, they more than make up as a sum of the parts.
- OTX – Open Threat Exchange is a wonderful community sharing platform that helps clients to share IP and URL reputation information so that all AV customers can benefit. This is true community sharing modeled on the likes of the Splunk Community (for app development). This has the potential to grow into a large source of Real World Intelligence and what AlienVault intends to do with this data remains to be seen. For now, it is being used by USM Correlation engine to provide better context and content for Security monitoring. AlienVault Labs, is also utilizing this infrastructure to constantly update Detection rules for malware vectors, vulnerability exploits etc. QRadar and ArcSight provide Intelligence, but it is commercial intelligence and not community intelligence. With community intelligence, you get more hits than misses.
- Multi-Tenancy – While this feature may not elucidate an interest from many readers, those who have worked in an MSSP environment can understand why this is a very important feature to have. AV USM does support Multi-Tenancy out of the box. This, when combined with the Architecture flexibility provide great MSSP models to sell and operate. The key is to understand how the multi-tenancy works. Basically, a single database is used to store data of several customers using a Data isolation Logic and Permission control. The data isolation logic is based on Entities created in USM (Assets, Users, Components Assigned (Sensors) etc., are grouped together as a Single Entity) and Permissions (applied in a granular fashion to data sets related to the Entities). QRadar, ArcSight and other major SIEM products provide this as well.
- Integration – While AV USM is known for being customization friendly, the amount of out-of-the-box plugins for Log Monitoring and Correlation is limited to the well-known products. It does not have comprehensive integration capabilities with say legacy applications, Directory services, databases, etc., that other SIEM vendors boast of. Similarly, it relies mostly on its own “pre-packaged” tools for data enrichment and hence has poor “Third Party” Integration capabilities. However, if you really are a developer of open source products, the integration challenge can be overcome. But how many are willing in the real world enterprise?
- Correlation and Workflow – What good is a SIEM product if it cannot perform advanced Correlation and Operational workflow? AV USM has a strong foundation in Correlation using XML driven Directives and Alarms thresholds. However, when it comes Head-to-Head with the Industry leaders like ArcSight, QRadar, Splunk, etc. it falls terribly short. We particularly like the Cyber Kill Chain flow which a lot of customers are using for complete visibility, but this is not the end game in real world enterprise operations where not all the data points required for the directive are available. Same thing goes for the workflow, where the integration with external ticketing or issue tracking system is very limited, and hence acts as a deterrent in large scale deployments.
I am able to scan for vulnerabilities quickly on existing devices and also for new devices being deployed. Since I don’t have a lot of time to learn new and complicated tools, being an e-commerce company, this allows me to increase the security posture of the overall organization and also to help pass PCI compliance.
View full review »PF
Vpf4dc
VP at Castra Consulting
It's really easy to aggregate and correlate and view several different security logs and several different data pieces in a single place. That's what allows us to see the security logs that we need to see to determine if there is something malicious on our network or not.
Also, aggregating the logs and putting them in a central place helps us to comply with certain regulations, the details of which I can't go into.
We have been able to use AlienVault to find critical vulnerabilities in our network and it has helped reduce the time it takes to respond to a threat.
View full review »CB
Corey Bussard
Manager, Security Operation Center at Ideal Integrations
It answered a bunch of questions for us, such as what will we use for vulnerability assessments on a continual basis, how do we tie those reports into alerts/incidents, log aggregation, correlation, etc.
View full review »DO
reviewer981528
Principal DevOps Engineer at a tech vendor with 11-50 employees
AlienVault gives us greater visibility into our security and tells us what we need to address. We haven't had any breaches, but if we were to have some, we would get alerts.
View full review »MW
Matthew White
Production DBA at BLUE MOTOR FINANCE LIMITED
AlienVault USM Anywhere provides us with SIEM, at a low price-point and with a great array of functionality. SIEM is critical to our security operations and feeds incident response efforts and USM Anywhere enables us to filter the noise and concentrate the efforts of our small team on the real issues and threats.
View full review »GP
Guilherme Peralta
Consultant at Embratel
AlienVault has helped us in improving our visualization and incident response during cybersecurity situations.
I have also used it in a project to comply with PCI DSS requirements.
View full review »From my perspective, it saves me about two to seven hours weekly. Now, I can easily check (in one place) all the logs and data in relation to attacks. It also gives me an overview if a server is not configured properly.
View full review »KH
Karl Hart, Acse, Ceh, Chfi, Cissp
Information Security Manager at a tech services company with 201-500 employees
We used to have to monitor and review logs for each device. Now, everything comes into AlienVault and it alerts us when we need to respond. We now have real-time monitoring 24x7x365 using an in-house team.
View full review »SL
Subramaniam L.
Senior Talent Sourcer, Digital at Digitaltrack
AT&T AlienVault USM has improved detection of the potential threats and helped us to proactively take action against these threats. AT&T USM has enabled us to identify the weaknesses and has helped in strengthening the weaknesses.
View full review »MM
seniorbu978126
Senior Buyer & Operations Specialist at Nth Generation Computing
AlienVault is very user-friendly. We've had a great experience with asset discovery, compliance reporting, endpoint detection and response. Our team uses the network infrastructure monitoring as well.
View full review »LC
Lorenzo Ciolfi
VP IT Operations at a financial services firm with 51-200 employees
Previous to this, we really didn't have any protection, any intrusion system in place. It's made me more comfortable, since I'm in charge of IT for this company. I sleep better at night.
Using the solution, we have been able to look for critical vulnerabilities in our network. Thankfully, we haven't found any. It takes just a couple of hours.
View full review »TS
Consulta85d2
Consultant at a tech services company with 11-50 employees
There are probably a billion examples I could give. As a service provider, it helps us because we have all of our clients connected in through our management platform, and we're able to leverage the tools that AlienVault provides to monitor and collect data from all of those systems and identify security incidents for all of our clients. It provides network and host-level visibility and it's easy to tune and manage.
View full review »The all-in-one source for the needs of compliance has put everything into one location without the need of other applications and tools to accomplish the tasks. It brought our logs into one place for review and set up alarms based on changes we were missing due to lack of having one place for everything to go. Vulnerability scanning helped out shortcomings of what was not patched in the past and what needed to be patched. This assisted with fine tuning the environment for compliance. The reports also helped upper management with the ease the product was doing in its job and holes that were being filled.
BS
SystemsA3512
Systems Administrator at a healthcare company
This product has streamlined productivity by having all the information in one place. It has really helped eliminate a lot of manual work because its automation is pretty robust and important. It puts everything in one place for me.
It is also helping us get HITRUST certified, which is a certification we need for New York State. So this tool is a requirement, and it's going to help us stand out with New York State.
View full review »It has allowed us to see what is happening on our servers. You can do a similar setup with AWS, but monitoring it can give you a headache if you ave over 10 servers.
View full review »AlienVault has provided a nice, unified system for monitoring and reporting. Since we use this for customer security services, the vulnerability scans have come in handy for overall system health checks, for making sure customers aren't vulnerable to known attacks.
View full review »We were able to use the product to identify two security issues already. We had one situation where the appliance identified that a workstation on our network was infected with a DNS Blackhole virus. We were able to remove the computer from the network and replace it. We've also been able to use the scanning to identify security issues and take care of them before they become a problem.
It has allowed us to centralize our logging. We had used previous products and found AlienVault centralized the logging for our security. Additionally, we are better able to meet our compliance needs.
View full review »Students becoming acclimated to the product can go out into the field and have first-hand knowledge on how to use a USM or SIEM product. This is a win-win solution for the vendor and future employers.
View full review »We've been able to professionally generate alerts for IDS, SIEM and vulnerabilities where we didn't have those capabilities before.
View full review »RS
CoFoundef572
Co-Founder at a photography company with 11-50 employees
We didn't have any system before, so everything has been an improvement.
View full review »AlienVault has brought more awareness to the activity on our network. Security risks are identified and addressed to reduce any possible security breach.
View full review »JM
reviewer980886
I.T. Manager at a non-profit with 51-200 employees
Before AlienVault, we had no central log collection tool of any kind, let alone security monitoring. AlienVault provides us with a very easy to use, central spot to view log files, and take appropriate action. It allows our small team the ability to take cybersecurity seriously.
View full review »BG
reviewer673236
Systems Engineer at a university with 201-500 employees
It has given us insight into our network:
- What is on it
- What traffic is on it
- What is happening on our servers
It is one location to view many things.
It provides a good platform to start looking at the traffic on your network.
View full review »We had no visibility of our vulnerabilities without looking up WSUS and matching this against the Windows bulletins. This completely missed the mark when it came to third party patches and poor configuration and waster hours upon hours for half a story. Not to mention we have a much better understanding of how and when we are being attacked.
View full review »CC
Christian Caldarone
ISO (Information Security Officer) with 10,001+ employees
Undoubtedly having all security core technology under one roof, as provided by the all-in-one USM solution from AlienVault, is a big advantage for day-to-day business security operations. From real experience, it has enabled total transparency in terms of security information and events, from day one.
View full review »We have been able to ensure the health of our servers. We can also use vulnerability scans to ensure our system is as good as it could be.
Any unusual behaviour, we can monitor. We have alerts set up to be sent when we receive signs of any unusual behaviour. The ranking can be modified to allow us to apply a standard rule and also be customized, which suits our business needs.
View full review »It has allowed us to gain a better understanding of how data flows within our network, and has helped us think about what type of things we want to be alerted on, or not alerted on.
View full review »BC
Brett Carson
Director Of Information Technology at a tech services company with 51-200 employees
This has helped improve our overall IT security by allowing us to implement a full suite of security tools that allows us to roll out log management on clients and servers, host-based IDS, and network-based IDS. It also provides vulnerability scanning; however, we use a separate product for that.
View full review »I now have the ability to report all vulnerabilities and threats hitting our network to upper management in an easy-to-understand format.
View full review »I was able to replace our log management solution with this product. A single server that allows for log management, vulnerability scanning, and file integrity monitoring.
View full review »We are now able to track any kind of threat including external (malware) or internal (people trying to bypass restrictions, USB keys etc.).
We are able to track changes in the authentication integrity (new user created, domain admin elevation, etc.) and get mail or tickets in cases of suspicious behavior.
It helps us with our ISO27001 compliance.
AlienVault provided improved visibility into the environment as well as the ability to report on the organization’s security posture.
View full review »We already used a lot of the open source products in this suite but they were too cumbersome for our IT team to handle. This brought them all under one roof and allowed one person to do what 10 could not in a few hours a day.
View full review »We have benefited greatly due to gaining the visibility we need for different instances. It has improved our security posture and has helps us respond to alarms/events as they have come down through the pipeline to our ticketing system we use. All in all, it has improved our SOC.
View full review »It has streamlined log aggregation and analysis to meet organizational and regulatory needs.
View full review »Once we placed AlienVault in the product we have now, the time it takes to find and respond to real anomalies has dropped from hours to minutes, it has so much potential to be an amazing product despite it's many issues. After working with so many other SIEMs, AlienVault is among my top three favorites, and I believe it has earned that spot well.
View full review »AlienVault does not stop a security breach, but it detects and notifies the responsible people and they can immediately interact and take the necessary actions. Identifying security risks and minimizing downtime is the added value.
View full review »AlienVault has provided me with a management console which gives me alerts and other information about the traffic on my network. AlienVault is my "security person" looking at irregularities and letting me know when something has occurred. I also see vulnerabilities in my systems and can assign tickets to other staff members.
View full review »I came into the company with USM Appliance already in place. However, from my previous experience with logging and security appliances, there have been many tasks that used to be a manual process like asset discovery, that are now automated and easy to implement through the UI.
View full review »It helps to monitor the entire office in in a single point.
View full review »Previously we had no single way to analyze traffic and threats on our network, relying instead on multiple, independent systems. We can now correlate reported threats and anomalies to better determine what threats we face.
View full review »Alienvault USM Anywhere is a great evolution of a proven product. While the feedback and customization requirements remain largely the same, the user interface has been significantly improved. This significantly improves the interaction our clients have with their data, and we have received significant positive feedback.
We run this product on our network 24/7 and it has helped identify many important events. We take the security of our network very seriously, and this helps to quickly identify and lock down any potential vulnerabilities or events that could escalate.
View full review »AlienVault USM has improved how we manage events and incidents in our infrastructure. With AlienVault we are able to respond to incidents and take necessary action faster than we could before without the solution in place.
View full review »AlienVault has allowed us to help our customers satisfy compliance needs around logging and monitoring (HIPAA, PCI, etc.) and has also provided a comprehensive platform that goes beyond just being a SIEM. It allows us to serve our customers in many different ways.
View full review »AlienVault has streamlined our security functions by combining several different functions into one package.
View full review »With AlienVault we have been able to reduce lag times by not having to invest into specialized research for which we rely on AlienVault Security Labs and OTX (Open Threat Exchange).
View full review »We are the Partners in Sri Lanka. We are doing deployments in Sri Lanka, Maldives, and Bangladesh.
This is a USM, so being able to get all the features under one roof makes it a good product with good new features.
Report modules now allows us to get a visualization of the activity of the main assets to continue the business and lets us take decisions to the stakeholders.
View full review »The single pane of glass that shows threats that are in the environment.
View full review »DL
Denis L
Sales Solutions Engineer at a tech services company with 201-500 employees
This solution can identify many threats inside the organization, like compromised endpoints, configuration issues, as well as "outside" threats (botnets, network scanners, web-attacks, etc). During the first two weeks post-deployment, our client's cybersecurity certainly improves by using AT&T AlienVault USM.
View full review »Beyond provided us with an IDS as was our initial need, but AlienVault gave us more useful resources, as SIEM, and as a vulnerability scanner (the last, one of my favourite resources).
View full review »AlienVault provides a checklist answer when using SIEM. We currently develop additional rules and scripts to make it more usable, but the overall solution is lackluster.
View full review »The AlienVault solution has enabled us to create an SOC on a budget with smaller than usual staff requirements, offering a wider range of solutions for our customers.
View full review »It allows for a lot of out-of-the-box features: vuln scanning, HIDS/HIPS, and IDS. The Suricata rule set is pretty lame
View full review »We have much greater visibility in what is happening on our network.
View full review »Increased visibility, threat detection.
View full review »Being able to identify security issues as they occur at near real time. Being able to then respond to them as soon as they occur is priceless.
View full review »RB
Rajnikant Bhandare
Security Analyst SOC at Sumasoft Pvt Ltd
- The system slows down considerably when a large number of events are fed in.
- Also, AlienVault support has to make some improvements.
It has helped me to give some InfoSec guidance to my customer after deployed the AlienVault in their premises.
Now they were able to get to know what kind of traffic passing through the firewalls and what kind of traffic hits the traffic.
View full review »SK
Shayanthan Karunaharan
Engineer - Information Security at a tech services company with 51-200 employees
Since we are re-seller, AlienVault helped us because of their cheaper price compared to other SIEM solutions and the addition of FIM in the solution. Implementation took few days and it's easy to complete the task within the given project time line.
Quickly got insight into my environment.
View full review »Holistic view of SIEM environment.
View full review »- Identifying the sending of clear text account information
- Identifying and fixing vulnerabilities that we were not aware of
On several occasions we have detected attacks (DDoS) just as they are starting and have been able to rapidly mitigate them. We have also noticed outdated Java and Flash versions due to the snort rules included in the appliance.
View full review »We now can find the source of where Windows account lockouts are occurring.
View full review »It has helped us keep an eye on Admin activity on the network and in our directory.
View full review »TR
Tharaka Ranasinghe
Network and Security Engineer at a tech services company with 51-200 employees
AlienVault has an advanced component within one package. With this, we can cover more area with one solution.
As a example, it has vulnerability assessment component built-in. From this, we can do the vulnerability assessment easily and we do not have to buy another solution for the vulnerability assessment. It is easy to use and we can take better advantage from an all-in-one solution like USM.
View full review »The low cost of entry SIEM functionality has increased due to network views and network traffic.
View full review »No, but that’s not really their fault, rather ours. I think this has a lot of valuable functions that really could be leveraged quite nicely.
View full review »Simplified log analysis and log management.
View full review »Reduced the number of the false alarms generated by other devices. With AlienVault we can gather all data from different devices, analyze theme and extract the correct information.
View full review »Its powerful correlation engine helps reduce time in manually correlating events.
View full review »AlienVault gave our organization a centralized tool to manage our security with its intrusion detection, asset management, vulnerability assessments, along with all of its other features, it has become an invaluable asset for our small organization.
View full review »As it includes a logger feature for gathering all logs from all devices (network devices, servers, hosts etc.) it has basically become the only software that we look at when we have a problem. We don’t need to search from one device to another as it’s all centralized on the same AlienVault Server which enables us to save time and become more efficient at work.
View full review »It provides greater visibility of host-based and network activity through its HIDS and NIDS functionality.
View full review »JR
Javier Ramirez
Network Security Specialist at SEFISA
It has helped not only in the security, but also on the network when we have problems with slowness, we can go to the NetFlow section and see who is generating a lot of traffic.
Using the communication within the security device, it is easier to create plugins. Therefore, if you want to create plugins, there is an option called plugin creator to assist with this.
View full review »Recently, we used the NetFlow capability to find a bottleneck in the network and the offending computer.
It helps to identify external and internal security threats to the organization, on time.
View full review »- Phishing sites were detected and it secured the environment from the upcoming threat.
- Vulnerability scanner OpenVas is very useful for knowing current vulnerabilities present in system and taking preventive action.
We now get a better view into what is happening on our network and to the servers than previously.
View full review »We have a better detection rate for malware and other cyber-attacks. Really helps when USM integrated in the incident response plan.
View full review »The USM has been instrumental in the discovery and tracking down of emerging threats which has helped us instantly evaluate and resolve security incidents for our clients.
View full review »I can monitor less things and just read reports or alarms.
View full review »Buyer's Guide
USM Anywhere
April 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
769,976 professionals have used our research since 2012.