2017-10-11T08:40:00Z

What needs improvement with AT&T AlienVault USM?


Please share with the community what you think needs improvement with AT&T AlienVault USM.

What are its weaknesses? What would you like to see changed in a future version?

Guest
1818 Answers

author avatar
Real User

This solution could be easier to use. It is hard for some people to understand, and they need to get training and certification just to understand what it's showing them.

2019-08-12T05:55:00Z
author avatar
Top 5LeaderboardReseller

Having automatic agent deployment would be a great feature. It would be nice to see some machine learning and monitoring of the configuration in network devices.

2019-04-24T10:55:00Z
author avatar
Real User

Long-term I'm genuinely concerned about AT&T's ownership of AlienVault. I have never had a good relationship with AT&T in +15 years, and fear they will destroy this good product.

2018-12-23T18:41:00Z
author avatar
Top 20Real User

The only recommended changes I can think of is to have the ability to filter logs. Also, being able to navigate the dashboard. That seems to have been quite a challenge.

2018-12-17T17:56:00Z
author avatar
Real User

One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs. AlienVault has three components to it, a sensor, a server, and a logger. Sensors grab data, servers correlate data, and loggers store data. The logger can only hold so much data. If they improved that, that would help.

2018-12-12T10:23:00Z
author avatar
Top 10Real User

The support could absolutely be better. It seems to have gotten worse with the AT&T acquisition. We have been hearing some not so great things from our associates in the field as well.

2018-11-26T19:38:00Z
author avatar
Top 10Real User

While it is relatively easy to use, it takes a little time to get used to where everything is located in the web interface. I do wish that their support would help a bit more with the analysis of alarms.

2018-11-13T13:52:00Z
author avatar
Consultant

Taking into account that server access credentials are controlled by the tool, some more management-focused actions could be performed from AlienVault.

2018-11-06T17:35:00Z
author avatar
Top 5LeaderboardReal User

We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.

2018-10-29T09:48:00Z
author avatar
Top 20Real User

The only that I can think of is that is not ideal is sending Windows Server logs to their device, to the system. That has to be done on each server. I don't know if they have changed that.

2018-10-21T07:40:00Z
author avatar
User

Although they use machine learning, the algorithms that they use are graph-based. Their AI/ML capabilities could be improved a bit.

2018-10-19T17:15:00Z
author avatar
Top 5LeaderboardReseller

Search performance can be slow. The Raw Logs feature is painfully slow. And if we're talking about the newer, the Anywhere product, you can't even schedule reports on it. There are probably a dozen other features I'd really like to see there, but that would be one of the biggies. Also, there is no visibility into the NIDS or HIDS agent configurations and no easy way to augment them. The same is true for vulnerability scanning, it's all or nothing; there are no fine-grain controls as there was in their older product. There is a lack of "real" visibility into the correlation rules, and the inability to create our own sophisticated rules (only very simple ones) is a big miss.

2018-09-16T12:32:00Z
author avatar
User

* They should improve the reporting capabilities. * Different functions to customize reports should be added. * Export features should not be limited to spreadsheets (.XLS) only.

2018-08-29T14:16:00Z
author avatar
Top 20Real User

The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management.

2018-08-16T08:29:00Z
author avatar
Real User

Honestly, the product itself is great. The only room for improvement I can mention is the initial installation procedures. I found that the online installation instructions for the product were missing important details, they lacked necessary steps. The product itself is fine.

2018-08-12T06:33:00Z
author avatar
Real User

* Plugins could be better utilized, as some of them do not recognize all logs. * We could add little more customization to dashboards.

2018-06-06T07:15:00Z
author avatar
User

Many of the tasks on features are useless in our situation. NetFlow is worthless. Many of the built-in correlation engine solutions are just okay.

2018-02-13T17:45:00Z
author avatar
User

It should be able to communicate with other security solutions to stop threats.

2017-10-11T08:40:00Z
Learn what your peers think about AT&T AlienVault USM. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
442,986 professionals have used our research since 2012.