USM Anywhere Reviews

Vulnerability scanning and OTX are powerful. The alerting and security intelligence is the engine of the product. Looking at the cockpit and monitoring your IT environment is now almost a one man job. There is no complex alerting or code review, just click and go.

AlienVault does not stop a security breach, but it detects and notifies the responsible people and they can immediately interact and take the necessary actions. Identifying security risks and minimizing downtime is the added value.

The next release will include cloud security and it will support a hybrid IT environment, furthermore the OTX has a great added value but it will help when there is more OTX information in the database. Future releases will definitely need to improve on these items and it will position the product in a more enterprise ready strategic position.

As a professional user and reseller we've used this product for almost five years, starting with the free OSSIM level for home and development use, and the all-in-one unlimited version or a small 50 asset version for our customers. Scalability is also key, starting at 25 assets for small companies and supporting enterprise companies with a separate server, sensor and logger.

It has great scalability options. The installation is almost click and go, but be aware when implementing AlienVault in a big environment with a separate sensor, logger and server, it's useful to have the necessary skills and IT knowledge. Also, in-depth knowledge of your own IT is key, knowing where to position the sensors and where to pace the server is key since wrong architecture will impact performance. AlienVault can offer direct support or you can contact your local partner to assist during this process.

It has great scalability options. The installation is almost click and go, but be aware, when implementing AlienVault in a big environment with a separate sensor, logger and server, it would be useful to have the necessary skills and IT knowledge. Also in-depth knowledge of your own IT is key, knowing where to position the sensors and where to pace the server is key, wrong architecture will impact performance. AlienVault can offer direct support or you can contact your local partner to assist during this process.

When issues arise and the going gets tough, you can contact AlienVault directly via phone, email or web. Support is covered via the license and in our experience the technical guys (and girls) know their stuff. Real serious problems are solved via a remote VPN connection (build in the software), and the product has really improved regarding stability.

The installation is pretty straightforward. Just keep in mind to better plan a good architecture then to rebuild the system(s) until it works performance wise.

We performed the implementation, and the training was done by AlienVault trainers. Just know your stuff and do not hesitate to contact AlienVault or a reseller.

Other SIEM/USM products that we use are Splunk, LogRhythm and the free OSSIM version. The first two have a different cost model and compared to AlienVault they have (or lack) the real Swiss army knife approach. Furthermore there is a big difference in costs, this is why in the end AlienVault takes the lead.

The price is the unique selling point for AlienVault. The product is now stable and it is a Swiss army knife packed with lot of tools. All other professional products that compare to AlienVault are somewhat different but deliver the same result, but it is the price that tips the balance in favor of AlienVault.

Check the latest Gartner report on SIEM/USM 2016, and test the other products. Do not stick to one product for testing, but when you do not have the time to test all products (who does have the time), choose only two or three products to check out. Compare the prices and always ask for a demo.

The primary use case of this solution is for security.

The solution is very user-friendly, but the dashboard could be improved as well as the level of customization.

I have been using the solution for one year.

The solution is stable.

The deployment of this solution is easy, but you need some level of understanding.

The price of this solution is reasonable, which is one of the reasons why we selected it over other solutions.

I would recommend this solution to other users.

We were looking to add another layer of security to our network, which included intrusion detection, intrusion prevention, SIEM collection, and more. After looking at a few solutions, we ended up purchasing AlienVault. We are located in a physical location with a 100 users.

AlienVault has provided me with a management console which gives me alerts and other information about the traffic on my network. AlienVault is my "security person" looking at irregularities and letting me know when something has occurred. I also see vulnerabilities in my systems and can assign tickets to other staff members.

SIEM log collection is great, and all of the rules that support updates with maintenance. 

More complimentary training needs to be done for use with this tool. If you get into a bind, then it will cost you.

The tool is a great way to meet logging requirements for PCI and HIPAA standards. It is very flexible and customizable.

I came into the company with USM Appliance already in place. However, from my previous experience with logging and security appliances, there have been many tasks that used to be a manual process like asset discovery, that are now automated and easy to implement through the UI.

Stability on certain components could be better, but for a system that is on 24/7/365 without reboots, it's fairly trouble free.

We have used this for one year.

There were no issues with deployment.

Stability issues were only due to issues with updates, and in extremely unusual use cases.

There were no issues with scalability.

They have amazing customer service. AlienVault Support takes care of all of my issues that come up.

I would give technical support a rating of 10 out of 10.

The setup was fairly straightforward. A more advanced setup is available for different use cases.

We did the implementation in-house.

Having our logs in a single system is in itself is a huge ROI.

When compared with other options, AlienVault is significantly less expensive for the amount of features that are packed into it.

I was not part of the product decision.

AlienVault support is what really makes this product a great investment. They are constantly improving their product and happy to help with anything that comes up.

• Vulnerability scanning
• Cross co-relation
• Reports in a grouped manner
• OTX for threat intelligence

It helps to monitor the entire office in in a single point.

The report section needs to be improved. Most of the correlation rules are based on the NIDS event, which needs to be improved. In other words, we have to use the device logs also.

We have been using this solution for almost two years.

I did not encounter any issues with deployment.

I did not encounter any issues with scalability.

I did not encounter any issues with scalability.

Customer service is available 8 to 5 EDT. In emergency cases, it is difficult to reach them. Response-wise, it is good. I would give customer service a rating of 7/10.

I would give technical support a rating of 7/10.

We did not use a previous solution.

The setup was very straightforward.

We did it in-house.

N/A/

I feel that the license cost was a bit high, but compared to others, it is less. For mid-range companies, they feel that the cost is high, but that it is worth it.

We did not evaluation any other options.

I do not have any additional comments.

Enabling visibility of traffic on our network, merging of multiple systems reporting and analysis and clear method to highlight potential issues.

Previously we had no single way to analyze traffic and threats on our network, relying instead on multiple, independent systems. We can now correlate reported threats and anomalies to better determine what threats we face.

The configuration is somewhat complex and the interface a bit non-intuitive. Whilst very useful for reporting, interpretation of the results can be difficult: improved features to help with this would be welcome.

I've been using it for six months.

We’ve had 100% uptime since installation.

We have not had any requirements to change the scope of the installation since first deployment.

Good. Initial help with deployment was excellent, and the facility to create a tunnel for tech support personnel to troubleshoot system is very useful.

We didn't have anything like AlienVault previously.

It's fairly complex. There is quite a bit of additional config required in order to get the most from the system. A base config allows for monitoring, but to get the most, you need to add plugins for various systems on your network: this config is somewhat complex and requires a good knowledge of how AV works.

Unless you have a small network, you really need the unlimited endpoint license, which is the most expensive option. Best to negotiate to get this version, otherwise scalability will be an issue (unless your total number of endpoints in under approx. 100).

We also looked at Tripwire.

The initial onboarding during the trial period, including assisted setup, was most useful. Ensure you get the most from this, as if you require further setup assistance, it comes under (paid-for) professional services. AV is a very useful tool, but must be configured correctly in order to get the most out of it.

We are an MSP and we utilize an AlienVault USM Anywhere solution for threat detection in client networks. 

Alienvault USM Anywhere is a great evolution of a proven product. While the feedback and customization requirements remain largely the same, the user interface has been significantly improved. This significantly improves the interaction our clients have with their data, and we have received significant positive feedback.

The cloud console is by far the best improvement of the product. In the past, our less technical clients had trouble sorting through the dashboards within the USM console, and we had received complaints on viewing the real-time data versus our prepared reports.

The new cloud-based panel is excellent both for client review as well as for our SOC to review and respond to threats. It is much easier to configure and use than the previous solution from AlienVault.

It can still be difficult to feed products that are not supported out-of-the-box. It would be good if they had a better plugin exchange/store with AlienVault QA to ensure data is being processed properly.

We run this product on our network 24/7 and it has helped identify many important events. We take the security of our network very seriously, and this helps to quickly identify and lock down any potential vulnerabilities or events that could escalate.

As an information security consultant that works across many diverse networks, these features offer by far the most critical information when analysing a client’s environment for issues that need to be addressed:

My biggest challenge has always been the fine tuning that is sometimes required for some networks. It requires a solid understanding of Linux and databases and how networks work. So a non-technical user may become frustrated, or not configure the product to work at its best, and therefore miss important events. So I see room for improvement in the following -

• Easy of deployment and configuration
• Easier way of testing if features are working as designed, e.g. Packet analysis
• Troubleshooting features that are not working as designed

I have not yet run into any issues regarding scalability, however I have not yet deployed this on a very large network yet (1000+ devices).

Excellent! Every time I have had an issue, the customer and technical support has been outstanding. The support desk is always very helpful, and goes out of their way to make sure the issues are resolved whenever possible.

The initial setup is not difficult at all, and can be done by someone with almost no technical knowledge. However, getting optimal performance from the features in AlienVault may not always be as easy.

We deployed using our own in-house team, led by myself. Depending on what you want from the product, be prepared to do some research and tinkering in the background. What you see on the surface is actually a very small part of what you can really do with AlienVault. If you are serious about getting the best out of AlienVault, use a vendor that is well versed in deploying AlienVault (like an MSSP) as they should have the experience needed to optimise a deployment, as well as having quick and easy access to the AlienVault support. Use the 30-day trial to get a good feel for what it can do, but remember there is a lot more.

As this product is still relatively new in South Africa, people are still learning about it, but thus far we have been able to show affordability and feasibility is every network we have deployed it on. Speak to an MSSP about a package that is affordable for your company. The product is easy to scale as your affordability improves.

I have actually looked at a few other products, however we decided on this product as the cost versus what you get, far outweighed any other product we looked at. Many companies can’t afford to deploy a SIEM solution from some of the top companies on the market, however no company should be without a SIEM on their network with the risks companies face today. AlienVault provided the best bang for buck.

Remember, there are many good products on the market, however affordability is usually a key factor. Sit down and properly analyse your network, and list expectation from whatever product you are considering. Identify what are your most critical assets, your “Crown Jewels”, and know how it needs to be protected. Then look at solutions within your budget, remembering that the most expensive is no necessarily always the best. There are many world class products out there, you need to find one that will fulfil your needs, within your budget.

Also, remember running a system like this means dedicating resources to monitoring it, you can’t deploy SIEM tools and think it’s going to run itself. Don’t expect your system administrator to have time to do this as InfoSec is a full time job. Either get a skilled resource, or consider an MSSP offering.

The product is very powerful and very flexible. However certain aspects can be very challenging to setup and configure for users that don’t have in-depth technical background. The default configuration would work well for a normal office network, however for more complex networks there is a lot more configuration required for optimal performance. The product is still under very active development, and the vendor is always receptive to feedback regarding feature requests or bugs.