USM Anywhere Reviews

AlienVault USM is an SaaS solution offered through the cloud. It's a security incident event management solution that scans logs to look for various security patterns that are shipped to it. Then it alerts us so we can identify trends.

AlienVault gives us greater visibility into our security and tells us what we need to address. We haven't had any breaches, but if we were to have some, we would get alerts.

AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small company that doesn't have those resources.

I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins.

We often have application logs that are unique to us, so it's silly to have to open a ticket, have them do the work, and then release the plugin. It would be nice if they had a self-service portal where we could define the parameters within the product for the plugin and have a custom plugin for our logs. 

I've been using AlienVault USM for about two or three years.

AlienVault USM has been quite stable so far. We might've had one or two hiccups over the past couple of years, but nothing major.

We have had no issues with scalability at all. It's been seamless. We have only three or four users on our DevOps team, but we're getting information from all over. Of course, many downstream people benefit from the work that we do, but only about four people actually log in and use it. 

Technical support has been okay. It hasn't been great. On a scale of one to 10 scale, I'd say maybe a six. It took them a long time to respond to some of our questions, and we didn't get the complete responses we were expecting. In some cases, the process took so long that the question's urgency diminished by the time we could get to an answer.

Setting up AlienVault USM was relatively straightforward. Of course, all software is complex, but this wasn't overly complex. We did do some professional service hours with the vendor during the deployment, but that was more about best practices. We asked how to configure it to get the most out of the solution. 

It's not an admin-heavy product in terms of maintenance and management. There's certainly a lot you can do to customize and configure it, but it doesn't require much administration. Someone is logging in most days to check in and review alerts.

We looked at Splunk Enterprise with the added security module, and that worked great, but it also had a lot of overhead to get value out of it. We just didn't have the capacity for it.

I would give AlienVault USM a solid eight out of 10. There are certainly products out there that can do more. For a smaller company, I'd say it's a solid nine or a 10, but if we compare all the offerings on the market, I would say it's a solid eight. It doesn't have some of the features of the other ones, but it offers a lot of benefits to us because we can get the value that we need out of it without having a dedicated team.

It's been good overall, so I would give it a thumbs up. It's suitable for small organizations that don't have the capacity for a dedicated SOC that could handle something like Splunk Enterprise. Splunk is great for businesses with a dedicated team to do full-time analysis. But I think this is a nice solution for smaller companies where the IT staff has to wear multiple hats.

We use AWS for our application platform and wanted a SIEM that was easy to deploy as a service and that had functionality and integrations focused on AWS. We found AlienVault was the best on price vs features and the team at AlienVault worked hard to make sure we were happy during our on-boarding. Features are rolled out fast and issues addressed quickly. The integration of OTX out-of-box and at no additional cost was a real selling point and the AWS features made it a clear winner.

AlienVault USM Anywhere provides us with SIEM, at a low price-point and with a great array of functionality. SIEM is critical to our security operations and feeds incident response efforts and USM Anywhere enables us to filter the noise and concentrate the efforts of our small team on the real issues and threats.

AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the Cloud) is quick and easy. With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon Cloudwatch Logs. Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response. USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice.

We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.  

No major issues and problems are rectified quickly.  

Scales well, no on-prem requirement other than 1 sensor per network and these are cost-effective. AlienVault handles the performance and scalability for you for the backend.

Technical support and very quick to respond and follow up well on issues.

Very simple; follow a walk-through to deploy sensors and the back-end is provisioned for you by AlienVault.

In-house deployment; simple to setup.

Cost is very competitive and if your log ingestion is not huge, then you can get a SIEM for a small budget; AlienVault listen well to customers and work with you on the needs of your business.

Alert Logic, Cloud Passage and Event Tracker.

Efficiency Of Security Team: Yes, a team of 2 managing a reasonable sized network has been achieved.

Events Per Day: 700,000

I use AlienVault to comply with PCI DSS requirements. For on-premises, I am using the AlienVault USM All-In-One 150A Virtual Appliance.

AlienVault has helped us in improving our visualization and incident response during cybersecurity situations.

I have also used it in a project to comply with PCI DSS requirements.

I have found the host-based intrusion detection system (HIDS) extremely useful, as it

• Allows me to identify possible threats and vulnerabilities.
• Allows anyone with little knowledge of a cybersecurity devise to work with a high level threat discovery solution.

• They should improve the reporting capabilities. 
• Different functions to customize reports should be added. 
• Export features should not be limited to spreadsheets (.XLS) only.
  

My company wanted to get software which would be able to monitor resources in AWS, mainly IDS in one cumulative GUI, then add extra requirements with AlienVault match. 

From my perspective, it saves me about two to seven hours weekly. Now, I can easily check (in one place) all the logs and data in relation to attacks. It also gives me an overview if a server is not configured properly.  

• Centralized logs: All the details are in one place. This is helpful if you have over 100 servers.
• Centralized IDS: We need this as we are able to see what is happening in (almost) real time.

• Plugins could be better utilized, as some of them do not recognize all logs.
• We could add little more customization to dashboards.

Everything has worked fine since we have had this tool.

We have been adding more servers, and it has been working. We have run out of storage space once or twice, so we had to check and choose which logs that we needed to minimize this problem.

It has very good customer service. I have opened about five cases. They were ones which I did not have time to search or could not find information on the support website.

I previously worked with Nagios, SolarWinds, and Big Brother. Though, this was at a different company. 

These products did not match the requirements in AWS at the time that we were getting AlienVault.

Setup required time. It will take time to set it up and utilize it at a percentage with which you will be satisfied. 

It was easy on PoC, but when we got to the product it was different story. We had to learn the product again and got feeling that the PoC was a different product.

We were also looking at LogRhythm, Splunk, and few others. We decided on AlienVault, as they had a nice presentation (which told us what we wanted to hear) and the PoC proved it could do what we needed.

Check other products, do POC as change from one to other get be very pricey and time consuming. Also training of people and changes cost lots of resources and not all employees like such changes every year.

We used to have to monitor and review logs for each device. Now, everything comes into AlienVault and it alerts us when we need to respond. We now have real-time monitoring 24x7x365 using an in-house team.

The ease of use and customization. The USM is a work horse, no matter what devices or the number of logs we throw at it, the system processes them in real time, correlates the events, and alerts on only events that need human review.

The one thing I continue to dislike about the USM is the limitation on reports. Hard to get what you need in a report and once you do, there is no control over the formatting.

There used to be some issues with database stability in versions pre 5.x but the database has since been tuned and rock solid since.

The only issue I have run into with scalability is the 1TB limit for raw log storage. When you collect as many logs as I do you need additional space to keep logs for compliance.

Customer Service:

I give customer service five stars, they are always available and very helpful.

Technical Support:

Technical support gets 4 1/2 stars. Like any support, it varies on the person that gets your ticket.

I have used many solutions with different companies but always move to AlienVault. You get so many more features for the money. AlienVault always comes in way less in price than any other solution.

Initial install is easy, the complexity only comes in as you start to add logs to the system to collect. If you do not take the time to plan out your installation and get a complete list of devices to collect from you could run into issues.

We implemented using our in-house team.

We are able to monnitor 24x7x365 with minimal staffing. Once it is tuned you only get the alerts you need to see. We used to have to monitor and review logs for each device. Now, everything comes into AlienVault and it alerts us when we need to respond.

Have a look at how AlienVault does Events Per Second (EPS) compared to others. Most other products charge based on EPS, the more events the more you have to pay. This causes most companies to limit the amount of logs sent and processed. AlienVault charges by the number of devices managed. You can send anything and everything to the USM. The more logs you can process the better correlation you will have. I have found that companies that limit their logs and then have a security incident would have been able to identify the attack if they would have been monitoring all events in their logs.

Splunk, QRadar, LogRythm, etc.

If you are thinking about a solution, give their free product OSSIM a try and once you see all it does you will want to upgrade to the commercial USM to get even more.

We use AT&T AlienVault USM as a managed SOC service for our customers to detect and respond to security events and potential incidents.

AT&T AlienVault USM has improved detection of the potential threats and helped us to proactively take action against these threats. AT&T USM has enabled us to identify the weaknesses and has helped in strengthening the weaknesses.

The ease of implementation is the most valuable feature.

The reporting and dashboards have room for improvement.

I have been using the solution for one year.

The solution is stable. I give the stability a nine out of ten. AT&T AlienVault USM has no uptime issues.

AT&T AlienVault USM is scalable and is based on the tiers offered. The tiers are from 250GB to 15 TB and more. This is the monthly log ingestion storage and is scalable to the next tier if more devices are added. This is a subscription model that supports 15 days, 30 days, and 90 days of online storage with little difference in pricing. The beauty of the solution is that they offer unlimited cold storage post the online storage duration. That can be retrieved within a day's time.

We have an account manager located in the UK who helps in getting the right technical person for emergencies. There is standard technical support through tickets. In general, they are pretty quick to respond and some of the enhancements are handled by their backend team for feature enrichment. 

Positive

The initial setup is straightforward. The configuration and deployment are easy.

The setup process initially requires a few hours. Once we have obtained the necessary licenses, we can start using the system within a day. However, it may take a few months to complete the heuristic data and begin the optimization process. One to two people are required for the deployment.

There is a trial license for 15 days and that acts as a POC. Post-trial period the same can be converted into a licensed tier.

We implement the solution for our customers.

When compared to other solutions such as Splunk, LogRhythm, and IBM Security QRadar, AT&T AlienVault USM is a reasonably priced option that is also relatively inexpensive. 

There are two criteria that I consider when evaluating products: "value for money" and "fit for purpose." The AT&T AlienVault USM satisfies both of these criteria. While we could potentially obtain better SIEM solutions by spending more, we must consider the cost. The SIEM is only one part of the overall model, and the efficiency of the response is also influenced by the people and processes behind it. Therefore, the tool alone cannot guarantee an efficient response. However, the AT&T AlienVault USM performs adequately in this regard, and I have not encountered any significant issues with it so far. Even with superior solutions such as Splunk, the effectiveness of the tool ultimately depends on the proficiency of the monitoring team. Therefore, I assign one-third of the overall value or a maximum of 40 percent to the tool's value if it accounts for 100 percent of the efficiency. In comparison to other products, the AT&T AlienVault USM is relatively good. On a scale of one to ten, I would rate the solution a nine out of ten.

I would not recommend this solution for on-premises deployment or for large organizations due to the need for a well-designed architecture for implementation. However, I would recommend this solution for cloud deployment and for small to medium-sized organizations.

We have customers from the retail, industrial, strategic resource, and OT infrastructure sectors who are using AT&T AlienVault USM. The solution has several use cases.

I like that AT&T AlienVault USM is deployed on cloud, because the previous solution, the all-in-one solution wasn't, so we had a lot of problems with the all-in-one solution. Either the database was corrupted, or there was a large delay in the appliance. With AT&T AlienVault USM being on cloud, all of those problems disappeared.

Another feature I like about the solution is the ability to add apps. It's a really good feature.

AT&T AlienVault USM is a very intuitive tool, especially for analysts. It's easy to use.

An improvement for AT&T AlienVault USM is the option for us to build the connectors ourselves, for us to do the parsing ourselves, because those options disappeared with the version of the solution that we're currently using. I know I can talk to the vendor to ask for a new parsing option for the application, for any new platform, but I understand that it can take several months. Adding a parsing interface for the customers would be good.

AT&T AlienVault USM is a stable solution.

AT&T AlienVault USM is a scalable solution, especially because we have the option to use more sensors, and we have an average scale of log space for log rotation.

We don't deal with the support team for AT&T AlienVault USM, in terms of big issues, but in terms of them answering a question, or giving information about design specs, their response is good. Their response is correct, so we have no problem with the support for this solution.

From one to five, where one is bad and five is good, I'm rating their support a four.

The initial setup for AT&T AlienVault USM was easy.

We evaluated another product: AlienVault OSSIM, but only for testing, we did not suggest it to our customers.

We are using AT&T AlienVault USM. It's our main SIEM solution. We've been a partner of AT&T for four to five years. We still have a customer using the all-in-one solution, but now we are mainly promoting AlienVault USM Anywhere.

I know that the solution is undergoing changes to become even more useful, so we have no problems with it. There's no problem, even in terms of integration.

We use three people for the deployment and maintenance of the solution. One person is in charge of designing and implementing. Another person supports the implementation and the requirements of the customer. The third person does the monitoring exclusively. We provide our customers with the services of a security operations center.

I'm recommending AT&T AlienVault USM to others and I'm rating AT&T AlienVault USM eight out of ten.

We have three main uses for the solution. They are compliance, incident response, and as a tool for information security.

The solution has excellent compliance and has good incident response.

There are multiple tools for information security. The solution includes all the latest advances on the network and host intrusion detection systems.

The out-of-the-box features are great. You don't have to jump to different consoles as everything is right there. Everything from a security standpoint can be handled via one screen.

The solution could be improved in three ways. The first one is user behavioral analytics. They need work.

The second one is cloud-related usage. The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on.

The third one improvement could be a bit more customization for security products. If someone has an antivirus where it is customizable they need to have the ability to easily connect everything together.

I've been dealing with the solution for four years.

The solution is very stable. We haven't had issues so far in terms of using it.

The solution is quite easy to scale. You just need to install the standard solution. You don't have to change the whole installation. In the case of the cloud deployment version, you only need to add sensors. In either case, you need to have the correct licenses, however, it's quite simple to accomplish.

Technical support has always been quite good. With the product itself, we haven't personally had any issues. However, a lot of times our customers or engineers contact AlienVault support with a request to help to start a new correlation rule, integration, or other issues. When that happens, support always answers and gives them all the details they need.

As a reseller, we've looked into other solutions, however, we find this product to be the best option for our customers time after time.

The initial setup is pretty easy. Anyone can install this solution within four or five hours. They don't need to be engineers in order to do that.

By that point, it will already be prepped and can show us what is happening from a security point of view.

It's quite easy to install and deploy. You don't need a security team for ten people. There's a lot of automation within the tool, so you only really need one or two security staff to operate it for a company of, for example, 500 people.

In comparison to the competition, it's a very inexpensive option, whether you use the cloud or the on-premises deployment models. You also get great value for money as you do get a lot of very good tools that come standard with the solution as well.

We're not using the solution ourselves. We're resellers.

USM Anywhere is cloud-based, although they have a different version that is on-premises or on a private cloud called the USM Appliance. We're using the on-premises version, which is quite different from the cloud version.

Overall, I'd rate the solution nine out of ten. There are a few areas where they can improve, however, overall, it's been a very good product for us and our customers.

We'd recommend the solution. We've looked into other options and we always come back to this product.