USM Anywhere Reviews

We are an MSSP. We have a distributed environment that spans multiple networks and customers in various locations. We have one federated that receives information from all of our children servers deployed at customer locations.

AlienVault has provided a nice, unified system for monitoring and reporting.  Since we use this for customer security services, the vulnerability scans have come in handy for overall system health checks, for making sure customers aren't vulnerable to known attacks.

The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure.

The UI and overall processes need a little bit more love. The development job postings have the requirement, for prospective candidates, of "values progress over perfection". This shows in the error banners that come up when you select certain things. There isn't a day that goes by that the UI doesn't error out and I can't view events for an alarm. It's nice that they have new features rolling, keeping up with demand, but fixing the events/alarm database errors would be nice too.

The reporting tools are a bit lacking for building reports to give directly to customers, but support has been helpful in giving our requests for new features to the development team and following up with us.

We have not, but being a 24/7 SOC we have someone checking at all hours.

Yes.

500,000.

No issues with stability.

No issues with scalability.

AV support has never been anything less than amazing.

We did not use anything else prior. We tried the free version of AV then decided to go with the paid option and become an MSSP, since it fit our company needs for the right price.

Straightforward, once going through a course.

In-house.

Our company normally handles everything from setup to configuration, refinement, and monitoring. We are an MSSP so we all handle this for the customer when they inquire about services.

No, AlienVault fit what we needed for the phase we were in with the SOC.

The vulnerability scans and network scans and alarms.

We were able to use the product to identify two security issues already. We had one situation where the appliance identified that a workstation on our network was infected with a DNS Blackhole virus. We were able to remove the computer from the network and replace it. We've also been able to use the scanning to identify security issues and take care of them before they become a problem.

I would like to see it be able to run on any hardware via just an installer.

We've had it in place for a year now.

Not really, but we had their engineers and a consultant helping.

We have not.

No.

Very high. Any issues I've had they've been quick to answer and help.

Their support is wonderful. I've had a couple of questions and had them answered very quickly.

No.

Very straightforward.

We implemented through a vendor. When we bought the product they included hours from a vendor for the implementation.

Unknown.

Nothing to advise.

No. We just had to decide if we wanted this or had time to work with it.

It has allowed us to centralize our logging. We had used previous products and found AlienVault centralized the logging for our security. Additionally, we are better able to meet our compliance needs.

We use several features extensively. Logging, vulnerability scanning, file integrity monitoring, and threat information.

I would like to see some better ways to report on the information. There are many reports included but would be nice to have better access to the data. Customizations are possible but don't always allow us to report on what we need.

We have a new remote sensor sending a large amount of data. We have seen some slowness but the sensor is new and we tracked down the slowness to network connectivity. The server has handled all we could throw at it.

Working well with everything we have sent to it.

Customer Service:

I have enjoyed working with the client support folks. I have had really good experiences with them even having them help with plugins when they weren't working.

Technical Support:

Very good.

ManageEngine Event Log Analyzer

The wizard setup was great and helped deployment go well.

Received training and did in-house. Also had some follow-up consulting that helped to do a health check on the system that was very valuable. Consultants did a great job of helping us become more comfortable.

Not measured.

Look at other products and AlienVault will have you coming back as it did us.

Yes, many other vendors - its been a while so I don't remember them all.

No, good solid product

AlienVault is used in a classroom setting at Pittsburgh Technical College, which brings industry tools from the college classroom back into the field. We have several employers in the area that use AV so student acclimation to the product is key. AV is set up as a dashboard in the security lab where students can view and analyze the monitoring techniques of the product. If an event happens, they can process an analytical step to provide remediation.

Students becoming acclimated to the product can go out into the field and have first-hand knowledge on how to use a USM or SIEM product. This is a win-win solution for the vendor and future employers.

The school has used the product for over a year.

We were attempting to push HIDS on the domain controllers, and ran into an initial problem. This problem was immediately solved by the AV service technician that was able to remote in and fix the problem.

One of the problems we had with stability was a problem of our own. We were running AV on a VLAN that students were able to run DHCP servers, which caused our own problems.

We have had several tickets open with AV and they are prompt in their service time.

Technical support is prompt in acknowledging your needs and reply with a message that a service technician will be with you shortly. They make every attempt possible to work with your schedule.

A direct competitor to AV is IBM QRadar, which is also used in the classroom environment.

The setup was straightforward. We installed AV to vSphere ESXi as a virtual appliance deployed as an OVA template.

The ROI is unmeasured since we are an academic partner; there is no way of knowing how much positive impact the product will attain from students getting first-hand knowledge of an industry product before they go out into the field upon graduation.

The NIDS/HIDS features have probably been the best features for us in our environment. We've had some open-source options and, while they work, it isn't the same as having commercial support. SIEM is the second-most useful feature.

We've been able to professionally generate alerts for IDS, SIEM and vulnerabilities where we didn't have those capabilities before.

Reporting still needs a lot of work, especially on the vulnerability side. Vulnerability management UI could be improved as well.

Vulnerability reports are clunky and difficult to manage. The layout is not really professional or intuitive and takes some time to understand how to navigate it. In general, while there are some customization options with reporting features as far a look and feel, reports still have an “open source” feeling. In general, the look is not as clean and professional as what one is used to seeing in other, similar products.

I have used it for 16 months.

We have not encountered any deployment issues.

We encountered one stability issue. With the amount of log data we were sending, our sensor drives were filling up within a day or two. We had to create some cron jobs to ensure logs were rotated more frequently.

We have not encountered any scalability issues. You just add another sensor; pretty easy.

Customer service is excellent! Always very responsive.

Technical support is excellent! Always very responsive.

We used Nexpose for vulnerability management and moving away from that was the primary reason we went with AlienVault.

Initial setup was very easy for the most part. We were paired with a third-party vendor for onboarding. We didn't work well with this group, but AlienVault happily transferred our service hours to another group and that relationship worked much better for us.

An in-house team implemented it.

Before choosing this product, we did not evaluate other options., we looked at Nessus SecurityCenter with Log Management.

We've been very happy with the purchase. While the list of supported vendors in the SIEM continues to grow, I do wish that creating plugins was a little easier.

It's part of our PCI compliance.

We didn't have any system before, so everything has been an improvement.

Log-monitoring and alerting, so we can find out when things happen that we need to know about.

I have not encountered any issues with stability.

There have not been any issues with scalability.

I would rate their technical support at nine out of 10.

The initial setup was straightforward. 

I don't think the product's pricing is a good value because they try to raise the price 50 percent every year. If they do that again I won't be a customer, going forward. Their sales team is way too aggressive. The price they advertise is not always the price you get.

In terms of licensing, AlienVault needs to understand that not all customers are huge enterprises. They don't seem to understand that.

It was three years ago so I don't remember offhand. But AlienVault was one of two or three that I looked at.

In terms of the product itself, it depends on what features you're looking for. We just use it for PCI compliance and it works for us. You need to do your own evaluation.

I would give the product an eight out of 10. The reason it's an eight is that it seems to have bugs from time to time that go unfixed for a while and that is frustrating. I'm not saying the product needs to be bug-free, but they need to be responsive to bugs.

AlienVault has brought more awareness to the activity on our network. Security risks are identified and addressed to reduce any possible security breach.

Alarms dashboard shows immediately any threats that may need further investigation. The vulnerability scanning is helpful to identify the areas that need patching or fixes installed.

The vulnerability reporting needs to have options to be able to sort or customize the output. It is helpful to look at the vulnerability and how many hosts have it, in addition to being able to look at an individual host to see what vulnerabilities it has.

We did not encounter any stability issues. AlienVault seems to be pretty solid and we have not had any issues with it being unavailable.

We have not encountered any scalability issues. We have a fairly simple deployment with only one sensor, so it was straightforward.

Customer Service:

Customer service is very good.

Technical Support:

Technical support is very good. They have always been prompt to address an issue and stuck with it until resolution.

We did not previously use a different solution.

Initial setup was very straightforward; few configuration settings and it was pulling in logs.

An in-house team implemented it.

ROI is a difficult one to measure for this. It helps us cover a compliance need as well as provides us a means to be aware of any possible threats and vulnerabilities.

Pricing is very competitive with other products and you get much more functionality from AlienVault. The vulnerability scanning and threat intelligence offers additional tools that others don't have.

We looked at a couple of other products before choosing AlienVault. We looked at LogRhythm and EventTracker.

If you take the training virtually, make sure you can dedicate the week with uninterrupted time. The training is quite in-depth and you want to have your undivided attention on it.

We use AlienVault to collect all mission-critical logs and to pull data directly from G Suite. It provides our small IT operation with an easy-to-use tool to assess our security operations.

Before AlienVault, we had no central log collection tool of any kind, let alone security monitoring. AlienVault provides us with a very easy to use, central spot to view log files, and take appropriate action. It allows our small team the ability to take cybersecurity seriously.

The fact that AlienVault is several tools in one is most valuable to our small team. We can collect logs, and also actively scan our network for vulnerabilities all from one tool.

Long-term I'm genuinely concerned about AT&T's ownership of AlienVault. I have never had a good relationship with AT&T in +15 years, and fear they will destroy this good product.

Concerned long-term, due to AT&T.

It is very scalable, just ask them to increase the amount of storage.

Tech support has been a bit slow lately, and the level-1 techs do not have all the power they should have.

Before AlienVault we had nothing. We learned about AlienVault through a company we contracted to do a full vulnerability assessment. They used AlienVault, so I felt like if it was good enough for them, then we should be using it.

Very simple, just follow their directions step-by-step and you will be fine.

I did the implementation myself. Their documentation made it easy.

I'd push them for pricing. I sense the best time to negotiate with them is in June as the fiscal year ends.

We found other tools to be out of reach for our small department, so we did not seriously look at others.

Be careful with AT&T, make sure you are confident the tool will be what you expect throughout the life of your contract. Make sure AT&T isn't going to change anything on you suddenly.