USM Anywhere Reviews

The dashboard.

The single pane of glass that shows threats that are in the environment.

Sub menus: Sometimes you really have to drill down to get to where you want to go.

We have been using this solution for three years.

I did not encounter any issues with deployment.

There were stability issues due to lack of memory.

I did not encounter any issues with scalability.

I would rate customer service as excellent.

I would rate technical support as excellent.

We did not use a previous solution.

The setup was straightforward.

We did the implementation in-house.

The ROI was priceless.

N/A.

We used other solutions, but they couldn't compare: QRadar, Splunk, ArcSight and LogRhythm. All were way too expensive compared to AlienVault USM.

All companies should buy an AlienVault SIEM. It is well worth the investment

AlienVault out of the box features for easy asset discovery, vulnerability scans, IDS setup are all beneficial, but the best feature we find most valuable is the main dashboard for how the information is bubbled up and presented to us.

With AlienVault we have been able to reduce lag times by not having to invest into specialized research for which we rely on AlienVault Security Labs and OTX (Open Threat Exchange).

With all the great features AlienVault has to offer, it would be nice to see improved search query functionality, similar to ELK stack.

18 months+

Easy setup out of the box as it comes as a virtual appliance. 

Solid platform built on debian system.

Haven't been able to break it yet.

5 Stars

Enabling visibility of traffic on our network, merging of multiple systems reporting and analysis and clear method to highlight potential issues.

Previously we had no single way to analyze traffic and threats on our network, relying instead on multiple, independent systems. We can now correlate reported threats and anomalies to better determine what threats we face.

The configuration is somewhat complex and the interface a bit non-intuitive. Whilst very useful for reporting, interpretation of the results can be difficult: improved features to help with this would be welcome.

I've been using it for six months.

We’ve had 100% uptime since installation.

We have not had any requirements to change the scope of the installation since first deployment.

Good. Initial help with deployment was excellent, and the facility to create a tunnel for tech support personnel to troubleshoot system is very useful.

We didn't have anything like AlienVault previously.

It's fairly complex. There is quite a bit of additional config required in order to get the most from the system. A base config allows for monitoring, but to get the most, you need to add plugins for various systems on your network: this config is somewhat complex and requires a good knowledge of how AV works.

Unless you have a small network, you really need the unlimited endpoint license, which is the most expensive option. Best to negotiate to get this version, otherwise scalability will be an issue (unless your total number of endpoints in under approx. 100).

We also looked at Tripwire.

The initial onboarding during the trial period, including assisted setup, was most useful. Ensure you get the most from this, as if you require further setup assistance, it comes under (paid-for) professional services. AV is a very useful tool, but must be configured correctly in order to get the most out of it.

The primary use cases for this solution are log management, security events correlation, and any other enterprise use cases for SIEM (new plugins development, correlation rules development, risk assessment, and asset management).

This solution can identify many threats inside the organization, like compromised endpoints, configuration issues, as well as "outside" threats (botnets, network scanners, web-attacks, etc). During the first two weeks post-deployment, our client's cybersecurity certainly improves by using AT&T AlienVault USM.

The features that we have found most valuable are the out-of-box vulnerability scanner, Network IDS, Host IDS, Netflow Monitoring, and more than four thousand pre-installed correlation rules.

Having automatic agent deployment would be a great feature. It would be nice to see some machine learning and monitoring of the configuration in network devices.

This solution is very easy to deploy and integrates comfortably with data sources. AT&T AlienVault USM has a user-friendly engine for custom plugins development, so you can develop your own plugin for your own application without any problems.

As a cyber security company, we have used AlienVault to set the foundations of our security solutions offerings.

Giving our customers all the services that they require via a single console environment, either self-managed or managed by ourselves, enabling companies with little to no IT department to have an all-in-one security compliance and reporting solution.

The AlienVault solution has enabled us to create an SOC on a budget with smaller than usual staff requirements, offering a wider range of solutions for our customers.

• Real-time email alerts
• Event correlations
• Log management
• System monitoring
• Network monitoring
• Uptime monitoring
• OTX threat intelligence
• Vulnerability scanning/reporting
• Compliance reporting

All products have room for improvement. AlienVault is always looking at ways to improve their solution. 

We would like more plugins. This being the main point of improvement which would benefit the users.

SIEM capabilities, vulnerability scanning, asset discovery/management features.

Increased visibility, threat detection.

The web UI can be clunky at times, with poor error handling. Updates need more QC before release.

One year.

Deployment has always been smooth.

No, it has been quite stable.

Nothing except for networking challenges.

Seven out of 10.

Seven out of 10. First level of support is hit and miss, but higher level support technicians are great.

No, we started with OSSIM and then bought USM.

Very straightforward if you're prepared. Just deploy the OVA template and follow the instructions and you're up in less than an hour.

In-house.

I can't say.

The asset licenses are misleading. You can have as many as you want in AV and have NIDS work on all of them. The limit is more about logs and plugins for the assets.

No.

It's a good solution and has a promising future.

OTX is a great module that lets staff maintain and monitor updates regarding events in the infrastructure and takes decision to improve the security perimeter.

Report modules now allows us to get a visualization of the activity of the main assets to continue the business and lets us take decisions to the stakeholders.

Report modules now lets us get a visualization of the activity of the main assets to continue to improve the business and reduce the risk of failures.

Around 2 years ago and It allowed me to grow not only technologically but also it has helped me to improve process in attention to information security events in the company.

Yes, but it was with integration with other devices but the AlienVault TAC did a great job to resolve the problems.

Honestly this solution was very stable and there were no problems whatsoever

I have not had the opportunity to do an implementation of scalability, but, with the experience with 2 years ago managed the solution, I don't believe we will have problems to deploy.

The service was excellent and always showing excellent treatment and availability.

The service is excellent the support requested really is quick and very efficient

It was way very fast and straightforward, thanks to the great supported gave fot the AlienVault TAC

This integration was made with both teams, and I think the deploy was very easy due the great knowledge of vendor team, them gave us a great explanation about of the all modules and the best practice to deploy the solutions.

It has not yet been measured.

Considering the scalability with the other solutions in the market, I think this solution really have a great price to all size of medium and big enterprise.

Yes, I did, the solution considered was HPE and Splunk

Log aggregation, correlation, and threat intel.

AlienVault has streamlined our security functions by combining several different functions into one package.

I think expanding their vendor-specific plugins would beneficial.

We have been using this solution for one year.

I did not encounter any issues with deployment.

I did not encounter any issues with stability.

I did not encounter any issues with scalability.

Their support is good and their response time is prompt.

I would rate them as very knowledgeable.

We did not use a previous solution.

It was very straightforward. The setup was basically install the VM, setup network monitoring/syslog, and watch the data flow.

Our implementation was in-house.

It's hard to calculate ROI on a prevention mechanism, as the variables of a prevented incident are unknown.

They are very affordable and flexible in their licensing model.

We evaluated HPE ArcSight, IBM QRadar, LogRhythm, Splunk, and SolarWinds.

I would highly recommend the customer training courses. They are very helpful.