USM Anywhere Reviews

This has an OTX feed. With it, we are able to get notifications about every incident that happens.

By forwarding device logs, we are able to get alerts perfectly with FIM and VA features.

We are the Partners in Sri Lanka. We are doing deployments in Sri Lanka, Maldives, and Bangladesh. 

This is a USM, so being able to get all the features under one roof makes it a good product with good new features.

Unified Security Manager (USM). In every SIEM, having only SIEM features (log management, alerting, notifications, etc.) is typical. Here we can get file integrity monitoring and a vulnerability assessment tool together with SIEM. 

I have never seen a tool like this.

The Log Management and configuration of email notifications should be user-friendly. Pay attention to false-positive event automatic correlations. 

Yes.

60.

No, we did not have issues with stability.

No, we did not have issues with scalability.

Good. They have technically fluent engineers there.

Yes. We switched because this is a USM (SIEM, FIM, and VA tool in one product) and the price.

The initial setup is straightforward, but some features are little bit difficult.

We are the partners in Sri Lanka. Therefore, we are directly involved with implementations.

It has good pricing.

We evaluated EventTracker.

Our customers have good references about AlienVault.

OTX is a great module that lets staff maintain and monitor updates regarding events in the infrastructure and takes decision to improve the security perimeter.

Report modules now allows us to get a visualization of the activity of the main assets to continue the business and lets us take decisions to the stakeholders.

Report modules now lets us get a visualization of the activity of the main assets to continue to improve the business and reduce the risk of failures.

Around 2 years ago and It allowed me to grow not only technologically but also it has helped me to improve process in attention to information security events in the company.

Yes, but it was with integration with other devices but the AlienVault TAC did a great job to resolve the problems.

Honestly this solution was very stable and there were no problems whatsoever

I have not had the opportunity to do an implementation of scalability, but, with the experience with 2 years ago managed the solution, I don't believe we will have problems to deploy.

The service was excellent and always showing excellent treatment and availability.

The service is excellent the support requested really is quick and very efficient

It was way very fast and straightforward, thanks to the great supported gave fot the AlienVault TAC

This integration was made with both teams, and I think the deploy was very easy due the great knowledge of vendor team, them gave us a great explanation about of the all modules and the best practice to deploy the solutions.

It has not yet been measured.

Considering the scalability with the other solutions in the market, I think this solution really have a great price to all size of medium and big enterprise.

Yes, I did, the solution considered was HPE and Splunk

The dashboard.

The single pane of glass that shows threats that are in the environment.

Sub menus: Sometimes you really have to drill down to get to where you want to go.

We have been using this solution for three years.

I did not encounter any issues with deployment.

There were stability issues due to lack of memory.

I did not encounter any issues with scalability.

I would rate customer service as excellent.

I would rate technical support as excellent.

We did not use a previous solution.

The setup was straightforward.

We did the implementation in-house.

The ROI was priceless.

N/A.

We used other solutions, but they couldn't compare: QRadar, Splunk, ArcSight and LogRhythm. All were way too expensive compared to AlienVault USM.

All companies should buy an AlienVault SIEM. It is well worth the investment

The primary use cases for this solution are log management, security events correlation, and any other enterprise use cases for SIEM (new plugins development, correlation rules development, risk assessment, and asset management).

This solution can identify many threats inside the organization, like compromised endpoints, configuration issues, as well as "outside" threats (botnets, network scanners, web-attacks, etc). During the first two weeks post-deployment, our client's cybersecurity certainly improves by using AT&T AlienVault USM.

The features that we have found most valuable are the out-of-box vulnerability scanner, Network IDS, Host IDS, Netflow Monitoring, and more than four thousand pre-installed correlation rules.

Having automatic agent deployment would be a great feature. It would be nice to see some machine learning and monitoring of the configuration in network devices.

This solution is very easy to deploy and integrates comfortably with data sources. AT&T AlienVault USM has a user-friendly engine for custom plugins development, so you can develop your own plugin for your own application without any problems.

Our initial need which brought us to acquire this solution was to be in compliance with GDPR requirements. Our environment is cloud-based (specifically AWS).

Beyond provided us with an IDS as was our initial need, but AlienVault gave us more useful resources, as SIEM, and as a vulnerability scanner (the last, one of my favourite resources).

My favourite one is the vulnerability scanner because while using it, our environment is always updated about security threats.

Taking into account that server access credentials are controlled by the tool, some more management-focused actions could be performed from AlienVault.

This is a jack of all trades (master of none) SIEM/IDS/vulnerability management/OSSEC/NetFlow solution. We use it primarily as a SIEM and IDS solution.

AlienVault provides a checklist answer when using SIEM. We currently develop additional rules and scripts to make it more usable, but the overall solution is lackluster.

IDS is a nice capability to have. In the past, I have implemented standalone Suricata sensors and having this bundled in is very helpful. OTX is good when implemented correctly.

Many of the tasks on features are useless in our situation. NetFlow is worthless.  Many of the built-in correlation engine solutions are just okay.

The vulnerability management solution is worse than buying a Nessus Professional license.

As a cyber security company, we have used AlienVault to set the foundations of our security solutions offerings.

Giving our customers all the services that they require via a single console environment, either self-managed or managed by ourselves, enabling companies with little to no IT department to have an all-in-one security compliance and reporting solution.

The AlienVault solution has enabled us to create an SOC on a budget with smaller than usual staff requirements, offering a wider range of solutions for our customers.

• Real-time email alerts
• Event correlations
• Log management
• System monitoring
• Network monitoring
• Uptime monitoring
• OTX threat intelligence
• Vulnerability scanning/reporting
• Compliance reporting

All products have room for improvement. AlienVault is always looking at ways to improve their solution. 

We would like more plugins. This being the main point of improvement which would benefit the users.

• Supporting an MSSP.
• Supporting clients with minimum on-premise install.
• We are rolling out a USM appliance.

It allows for a lot of out-of-the-box features: vuln scanning, HIDS/HIPS, and IDS. The Suricata rule set is pretty lame

Asset discovery seems to be good. Nice that everything is bundled.  

Scaling, and it has no APIs! 

It would be hard for any legitimate MSSP to use it.  

The price point is good.