USM Anywhere Reviews

The integration of IDS and OSSEC is valuable as it enables correlation between Network IDS events and host system event logs.

AlienVault USM has improved how we manage events and incidents in our infrastructure. With AlienVault we are able to respond to incidents and take necessary action faster than we could before without the solution in place.

Some customizations with the integration between AlienVault components have room for improvement and enabling users with WebUI interfaces instead of having to edit configuration files on the system to achieve certain actions would be a good improvement.

Three years.

No issues with instability has been encountered in our environment.

No issues with scalability has been encountered in our environment.

The AlienVault Technical support is good and has helped out several time with some really specific configurations in our environment.

We used an outsourced MSSP solution but we needed to get the solution in-house in order to better integrate with our datacenters and systems and comply with financial regulatory and PCI-DSS requirements.

The initial setup was straightforward and quite easy to setup. Requires Linux knowledge to manage but given that we use Linux for our critical infrastructure services it was no problem for us.

We chose AlienVault partly do the the many features and functionalities that was bundled with the product to the pricing and licensing models that was offered. Many other solutions did not have the full spectrum of features but was significantly more expensive so we would have been forced to get additional solutions to cover all our requirements. With AlienVault we got a all-in-one solution that covered our needs.

We had a look at the current offerings at that time, including Tripwire, McAfee, SourceFire, etc., but concluded that we would get the best-bang-for-the-bucks with AlienVault solution

As with any Security solution, you still need to have knowledgeable people to manage the solution and the solution is not a silver-bullet that takes care of all your issues without being properly managed. Make sure you have the necessary knowledge and headcount to use the solution before implementing this or any other solution. With Security, the most of the cost is in OPEX, not CAPEX, so make sure you have the necessary expertise to operate the solution as efficiently as possible.

We provide information security services to clients. We are seeking some clients to provide monitoring services by using AlienVault. We are also providing AlienVault USM Anywhere, which is cloud-based and has integration with cloud platforms such as AWS, Azure, and Google Cloud. 

Asset discovery and vulnerability scanner are good features. The integration between this solution and OTX, which is an AlienVault platform for Open Threat Exchange, is also a valuable feature. It is also quick and easy to deploy, so you can quickly engage with a customer's environment.

Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira.

It is also a bit slow, and its replication engine can be improved.

I have been using this solution for six months.

We provide technical support for our clients.

I have used McAfee ESM. McAfee ESM has many good features, but it is not very integrated with cloud-based assets. AlienVault is already a cloud-based solution, and it is native to cloud assets, which gives AlienVault an advantage over McAfee ESM. On the other hand, McAfee ESM is much better than AlienVault in terms of search engine, data collection, and events. 

It is very easy to deploy. It just takes one or two days and allows you to engage with your customer's environment quickly.

Its price is much lower than McAfee ESM.

I would encourage others to go with this solution because it is easy to deploy, and it provides good tools to know more about your network and the traffic on it. Its reporting needs some improvements, but it fulfills the needs.

I would rate AlienVault USM an eight out of ten.

I work for a Managed Service Provider, who uses AlienVault USM Anywhere as the backbone of our vulnerability management and logging solution, which we deliver to our clients.

AlienVault has allowed us to help our customers satisfy compliance needs around logging and monitoring (HIPAA, PCI, etc.) and has also provided a comprehensive platform that goes beyond just being a SIEM. It allows us to serve our customers in many different ways.

The Vulnerability Scanning Engine using OpenVAS is a quality tool. The asset management functionality (active and passive scans) is also really important. You can't protect what you do not know about, so having an inventory of all your devices and software is critical to a security management program.

AlienVault needs to continue to integrate with other third-party technologies that clients want to have monitored. The plugin builder in the most recent version update is helpful, but it is still a little "clunky" at times.

Log aggregation, correlation, and threat intel.

AlienVault has streamlined our security functions by combining several different functions into one package.

I think expanding their vendor-specific plugins would beneficial.

We have been using this solution for one year.

I did not encounter any issues with deployment.

I did not encounter any issues with stability.

I did not encounter any issues with scalability.

Their support is good and their response time is prompt.

I would rate them as very knowledgeable.

We did not use a previous solution.

It was very straightforward. The setup was basically install the VM, setup network monitoring/syslog, and watch the data flow.

Our implementation was in-house.

It's hard to calculate ROI on a prevention mechanism, as the variables of a prevented incident are unknown.

They are very affordable and flexible in their licensing model.

We evaluated HPE ArcSight, IBM QRadar, LogRhythm, Splunk, and SolarWinds.

I would highly recommend the customer training courses. They are very helpful.

AlienVault out of the box features for easy asset discovery, vulnerability scans, IDS setup are all beneficial, but the best feature we find most valuable is the main dashboard for how the information is bubbled up and presented to us.

With AlienVault we have been able to reduce lag times by not having to invest into specialized research for which we rely on AlienVault Security Labs and OTX (Open Threat Exchange).

With all the great features AlienVault has to offer, it would be nice to see improved search query functionality, similar to ELK stack.

18 months+

Easy setup out of the box as it comes as a virtual appliance. 

Solid platform built on debian system.

Haven't been able to break it yet.

5 Stars

We are using AT&T AlienVault USM for collecting the events, generating alarms, and events management.

The most valuable features of AT&T AlienVault USM are the ease of management and knowledge of what is on the network of my customers. It's easy to understand the problems, and management our alarms and events.

The price of AT&T AlienVault USM could be reduced.

I have been using AT&T AlienVault USM for approximately two years.

I am satisfied with the stability of AT&T AlienVault USM.

I rate the stability of AT&T AlienVault USM a five out of five.

AT&T AlienVault USM is scalable enough for our needs.

The initial setup of AT&T AlienVault USM was easy. Which involved all the configurations of correlation rules, and other elements for customer problems management. The full implementation took approximately two days.

I did the implementation of AT&T AlienVault USM with a colleague.

AT&T AlienVault USM is an expensive solution and we pay for the license and the support separately. We paid for the license and support for three years.

I would recommend this solution to others.

We do not use all the features of the solution.

I rate AT&T AlienVault USM an eight out of ten.

We are using AT&T AlienVault USM for SIEM, collecting logs from clients, traffic, analyzing, forensics, and security.

AT&T AlienVault USM is good for ELK Stack, the user experience is great because of its architecture. The ELK has a great performance and it has very good speed in the search and Kibana. Additionally, the visuals and dashboards and very nice and customizable.

The AT&T AlienVault USM is okay, but the relational database is not very good for large amounts of data. For example, many logs cannot be processed. It has been very slow for the queries and some data which are large, it is not very good in this case.

I have been using AT&T AlienVault USM for approximately five years.

We are using AT&T AlienVault USM as a client, if we want to increase the data we can collect more data because the solution can expand well horizontally.

Between the cellphones and laptops usage, we have more than 250 users using his solution in my organization.

We have not used the technical support but we have clear documentation that we use.

The initial setup was straightforward. We have a server room which we deploy from.

The maintenance of the solution is not very difficult.

I would recommend this solution because it is simple to deploy, has high performance, and has a great user experience.

I rate AT&T AlienVault USM a nine out of ten.

This has an OTX feed. With it, we are able to get notifications about every incident that happens.

By forwarding device logs, we are able to get alerts perfectly with FIM and VA features.

We are the Partners in Sri Lanka. We are doing deployments in Sri Lanka, Maldives, and Bangladesh. 

This is a USM, so being able to get all the features under one roof makes it a good product with good new features.

Unified Security Manager (USM). In every SIEM, having only SIEM features (log management, alerting, notifications, etc.) is typical. Here we can get file integrity monitoring and a vulnerability assessment tool together with SIEM. 

I have never seen a tool like this.

The Log Management and configuration of email notifications should be user-friendly. Pay attention to false-positive event automatic correlations. 

Yes.

60.

No, we did not have issues with stability.

No, we did not have issues with scalability.

Good. They have technically fluent engineers there.

Yes. We switched because this is a USM (SIEM, FIM, and VA tool in one product) and the price.

The initial setup is straightforward, but some features are little bit difficult.

We are the partners in Sri Lanka. Therefore, we are directly involved with implementations.

It has good pricing.

We evaluated EventTracker.

Our customers have good references about AlienVault.