OTX is a great module that lets staff maintain and monitor updates regarding events in the infrastructure and takes decision to improve the security perimeter.
IT Security Analyst at a tech services company with 10,001+ employees
Report modules now allow us to get a visualization of the activity of the main assets.
Pros and Cons
- "OTX is a great module that lets staff maintain and monitor updates regarding events in the infrastructure and takes decision to improve the security perimeter."
What is most valuable?
How has it helped my organization?
Report modules now allows us to get a visualization of the activity of the main assets to continue the business and lets us take decisions to the stakeholders.
What needs improvement?
Report modules now lets us get a visualization of the activity of the main assets to continue to improve the business and reduce the risk of failures.
For how long have I used the solution?
Around 2 years ago and It allowed me to grow not only technologically but also it has helped me to improve process in attention to information security events in the company.
Buyer's Guide
USM Anywhere
October 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
What was my experience with deployment of the solution?
Yes, but it was with integration with other devices but the AlienVault TAC did a great job to resolve the problems.
What do I think about the stability of the solution?
Honestly this solution was very stable and there were no problems whatsoever
What do I think about the scalability of the solution?
I have not had the opportunity to do an implementation of scalability, but, with the experience with 2 years ago managed the solution, I don't believe we will have problems to deploy.
How are customer service and support?
Customer Service:
The service was excellent and always showing excellent treatment and availability.
Technical Support:The service is excellent the support requested really is quick and very efficient
How was the initial setup?
It was way very fast and straightforward, thanks to the great supported gave fot the AlienVault TAC
What about the implementation team?
This integration was made with both teams, and I think the deploy was very easy due the great knowledge of vendor team, them gave us a great explanation about of the all modules and the best practice to deploy the solutions.
What was our ROI?
It has not yet been measured.
What's my experience with pricing, setup cost, and licensing?
Considering the scalability with the other solutions in the market, I think this solution really have a great price to all size of medium and big enterprise.
Which other solutions did I evaluate?
Yes, I did, the solution considered was HPE and Splunk
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Security Engineer II at a retailer with 5,001-10,000 employees
Provides a single pane of glass that shows threats that are in the environment.
What is most valuable?
The dashboard.
How has it helped my organization?
The single pane of glass that shows threats that are in the environment.
What needs improvement?
Sub menus: Sometimes you really have to drill down to get to where you want to go.
For how long have I used the solution?
We have been using this solution for three years.
What was my experience with deployment of the solution?
I did not encounter any issues with deployment.
What do I think about the stability of the solution?
There were stability issues due to lack of memory.
What do I think about the scalability of the solution?
I did not encounter any issues with scalability.
How are customer service and technical support?
Customer Service:
I would rate customer service as excellent.
Technical Support:I would rate technical support as excellent.
Which solution did I use previously and why did I switch?
We did not use a previous solution.
How was the initial setup?
The setup was straightforward.
What about the implementation team?
We did the implementation in-house.
What was our ROI?
The ROI was priceless.
What's my experience with pricing, setup cost, and licensing?
N/A.
Which other solutions did I evaluate?
We used other solutions, but they couldn't compare: QRadar, Splunk, ArcSight and LogRhythm. All were way too expensive compared to AlienVault USM.
What other advice do I have?
All companies should buy an AlienVault SIEM. It is well worth the investment
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
USM Anywhere
October 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
Easy to deploy and flexible enough to create your own plugins
Pros and Cons
- "This solution can identify many threats inside the organization (compromised endpoints, configuration issues), as well as "outside" threats (botnets, network scanners, web-attacks, etc)."
- "It would be nice to see some machine learning and monitoring of the configuration in network devices."
What is our primary use case?
The primary use cases for this solution are log management, security events correlation, and any other enterprise use cases for SIEM (new plugins development, correlation rules development, risk assessment, and asset management).
How has it helped my organization?
This solution can identify many threats inside the organization, like compromised endpoints, configuration issues, as well as "outside" threats (botnets, network scanners, web-attacks, etc). During the first two weeks post-deployment, our client's cybersecurity certainly improves by using AT&T AlienVault USM.
What is most valuable?
The features that we have found most valuable are the out-of-box vulnerability scanner, Network IDS, Host IDS, Netflow Monitoring, and more than four thousand pre-installed correlation rules.
What needs improvement?
Having automatic agent deployment would be a great feature. It would be nice to see some machine learning and monitoring of the configuration in network devices.
For how long have I used the solution?
One to three years.
How was the initial setup?
This solution is very easy to deploy and integrates comfortably with data sources. AT&T AlienVault USM has a user-friendly engine for custom plugins development, so you can develop your own plugin for your own application without any problems.
Disclosure: My company has a business relationship with this vendor other than being a customer: Aurhorized distributor
DevOps Engineer at Two Hat Security
The vulnerability scanner keeps our environment always updated about security threats
What is our primary use case?
Our initial need which brought us to acquire this solution was to be in compliance with GDPR requirements. Our environment is cloud-based (specifically AWS).
How has it helped my organization?
Beyond provided us with an IDS as was our initial need, but AlienVault gave us more useful resources, as SIEM, and as a vulnerability scanner (the last, one of my favourite resources).
What is most valuable?
My favourite one is the vulnerability scanner because while using it, our environment is always updated about security threats.
What needs improvement?
Taking into account that server access credentials are controlled by the tool, some more management-focused actions could be performed from AlienVault.
For how long have I used the solution?
Less than one year.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
We develop additional rules and scripts to make it more usable. It provides a checklist answer when using SIEM. I believe we are on the verge of outgrowing this platform.
Pros and Cons
- "AlienVault provides a checklist answer when using SIEM."
- "We develop additional rules and scripts to make it more usable."
What is our primary use case?
This is a jack of all trades (master of none) SIEM/IDS/vulnerability management/OSSEC/NetFlow solution. We use it primarily as a SIEM and IDS solution.
How has it helped my organization?
AlienVault provides a checklist answer when using SIEM. We currently develop additional rules and scripts to make it more usable, but the overall solution is lackluster.
What is most valuable?
IDS is a nice capability to have. In the past, I have implemented standalone Suricata sensors and having this bundled in is very helpful. OTX is good when implemented correctly.
What needs improvement?
Many of the tasks on features are useless in our situation. NetFlow is worthless. Many of the built-in correlation engine solutions are just okay.
For how long have I used the solution?
One to three years.
What's my experience with pricing, setup cost, and licensing?
The vulnerability management solution is worse than buying a Nessus Professional license.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Hi I'm the Customer Programs Manager here at AlienVault and would like to first say "thank you" for taking time to provide your candid feedback in the product review. I'd like to get a conversation going between you and our team here to see if we can resolve some of the issues you've raised in your review. If you're open to it, please reach out to me at tandrews@alienvault.com and I"ll be happy to set up a call with the appropriate team(s) to discuss. Thank you in advance for your time and consideration.
CEO at a tech services company with 1-10 employees
Enabled us to create an SOC on a budget with smaller than usual staff requirements
Pros and Cons
- "The AlienVault solution has enabled us to create a SOC on a budget with smaller than usual staff requirements, offering a wider range of solutions for our customers."
- "We would like more plugins. This being the main point of improvement which would benefit the users."
What is our primary use case?
As a cyber security company, we have used AlienVault to set the foundations of our security solutions offerings.
Giving our customers all the services that they require via a single console environment, either self-managed or managed by ourselves, enabling companies with little to no IT department to have an all-in-one security compliance and reporting solution.
How has it helped my organization?
The AlienVault solution has enabled us to create an SOC on a budget with smaller than usual staff requirements, offering a wider range of solutions for our customers.
What is most valuable?
The below features are what make the solution so powerful, particularly saving time and money (most importantly):
- Real-time email alerts
- Event correlations
- Log management
- System monitoring
- Network monitoring
- Uptime monitoring
- OTX threat intelligence
- Vulnerability scanning/reporting
- Compliance reporting
What needs improvement?
All products have room for improvement. AlienVault is always looking at ways to improve their solution.
We would like more plugins. This being the main point of improvement which would benefit the users.
For how long have I used the solution?
Less than one year.
Disclosure: My company has a business relationship with this vendor other than being a customer: MSSP/Reseller
Head of MSS Platform and Product Management at a tech services company with 51-200 employees
Allows for a lot of out-of-the-box features but it does not have APIs
Pros and Cons
- "It allows for a lot of out-of-the-box features: vuln scanning, HIDS/HIPS, and IDS."
- "Asset discovery seems to be good."
- "It would be hard for any legitimate MSSP to use it."
What is our primary use case?
- Supporting an MSSP.
- Supporting clients with minimum on-premise install.
- We are rolling out a USM appliance.
How has it helped my organization?
It allows for a lot of out-of-the-box features: vuln scanning, HIDS/HIPS, and IDS. The Suricata rule set is pretty lame
What is most valuable?
Asset discovery seems to be good. Nice that everything is bundled.
What needs improvement?
Scaling, and it has no APIs!
It would be hard for any legitimate MSSP to use it.
For how long have I used the solution?
Still implementing.
What's my experience with pricing, setup cost, and licensing?
The price point is good.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Thank you Brian for your time to review AlienVault USM and for your candid feedback! If you'd like to set up some time to speak with the team about the issues you've raised, I'd be happy to facilitate that on your behalf. Please reach out to me at: tandrews@alienvault.com. Thank you in advance for your time and consideration!
Head of IT at a consultancy with 201-500 employees
We use the HIDS to monitor our servers, which track user account locks and logon failures
What is most valuable?
- Network monitoring
- SIEM
How has it helped my organization?
We have much greater visibility in what is happening on our network.
What needs improvement?
Backup, restore, and upgrade - some menu options are a bit convoluted.
For how long have I used the solution?
Six months.
What was my experience with deployment of the solution?
No.
What do I think about the stability of the solution?
No.
What do I think about the scalability of the solution?
No.
How are customer service and technical support?
Customer Service:
Excellent, every contact with customer services, support, and training has been superb.
Technical Support:Excellent - very good, comprehensive, and knowledgeable staff.
Which solution did I use previously and why did I switch?
No.
How was the initial setup?
Yes - simple deployment in VM, worked the first time.
What about the implementation team?
In-house.
What was our ROI?
Difficult to answer - specifically, this was a new product for us to increase and improve upon security.
What's my experience with pricing, setup cost, and licensing?
We did market research, web reviews, etc. We spoke to a number of vendors (LogRhythm, etc.), but we felt that AlienVault was the best value and most comprehensive for our organisation's size.
Which other solutions did I evaluate?
Yes, LogRhythm, and Splunk.
What other advice do I have?
We are very happy. The training was excellent, and the interaction with AlienVault is first rate - real leader in customer service, the OTX pulse feature is very useful.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free USM Anywhere Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Security Information and Event Management (SIEM) Log Management Endpoint Detection and Response (EDR) Compliance ManagementPopular Comparisons
CrowdStrike Falcon
Splunk Enterprise Security
Microsoft Sentinel
IBM Security QRadar
Elastic Security
LogRhythm SIEM
Sumo Logic Security
Rapid7 InsightIDR
Fortinet FortiSIEM
AlienVault OSSIM
Securonix Next-Gen SIEM
Exabeam
ManageEngine Log360
Buyer's Guide
Download our free USM Anywhere Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Has anyone got experience in deployment of a SIEM solution?
- AlienVault saying I can't use it in a DHCP environment. Help!
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?
- RSA-EMC vs. other SIEM products?
Thank you Ruben for your comments & insightful feedback!