USM Anywhere Reviews

AlienVault provides excellent visibility into your network by combining centralized logging, host-based IDS and network IDS. This enables me to detect quite a lot of potential issues that have gone through AlienVault's correlation engine and our own policies.

On several occasions we have detected attacks (DDoS) just as they are starting and have been able to rapidly mitigate them. We have also noticed outdated Java and Flash versions due to the snort rules included in the appliance.

The biggest improvement they could do is to provide full support for IPv6 addressing. It currently has quite lightweight support for IPv6 addresses in the sense that it will record the source/destination addresses in all cases, but currently trying to search with IPv6 addresses is not possible and thus makes our lives harder.

Including my experience with the previous version (v4) I have two years of professional experience with AlienVault.

We have not faced any large issues with the deployment.

We have not faced any large issues with the stability.

The only issues is related to the volume of alarms in a system - the UI/UX for working with a large mass - starting with several hundred alarms is suboptimal. I am hesitant to mention this as it is easily solved in the future by small UI changes.

All of the bug reports have been sent to AlienVault and have been handled with skill. At least once we got to talk to their experts who worked with us to debug the cases in our environment.

There are many steps, but the steps are not complex. The biggest hurdle in the deployment/setup phase is usually gathering the actual information (assets details, services, policies) about the environment, not the installation itself.

Our team did the implementation. If you have experience implementing a SIEM solution then you can implement this yourselves, otherwise you should get an external team do it. The issue is not with the technical skills needed for the actual implementation, but the knowledge needed to know what to include, what policies to write, and what not to include.

For licensing you will need to contact an AlienVault reseller as it is comprised of (roughly) how many events per second you are processing, how many assets you are adding, and in how many physical locations.

I was not part of the process. I have heard that our team had tried other products, but mostly the cost was prohibitive in those alternatives.

As this is a product that will give you a lot of visibility into everything you can throw at it, it is good to note that you should have good working relations with the *people* in charge of the assets you have visibility over (e.g. with network mirroring).

You will get alarms about a plethora of things you couldn't have imagined, things that people have forgotten, that have been misconfigured and that are under attack. You will need to explain the remedies and mitigations to people. And that is possibly the biggest hurdle. This product will not help you if you cannot fix the problems it finds.

It may not have the same abilities as most tools off-the-shelf but it has the best bang for buck. Unless you already have a high-quality SOC operation running, you will be able to handle probably all of your SIEM needs with AlienVault for a few years with a fraction of the price of other more complete solutions.

The integration of IDS and OSSEC is valuable as it enables correlation between Network IDS events and host system event logs.

AlienVault USM has improved how we manage events and incidents in our infrastructure. With AlienVault we are able to respond to incidents and take necessary action faster than we could before without the solution in place.

Some customizations with the integration between AlienVault components have room for improvement and enabling users with WebUI interfaces instead of having to edit configuration files on the system to achieve certain actions would be a good improvement.

Three years.

No issues with instability has been encountered in our environment.

No issues with scalability has been encountered in our environment.

The AlienVault Technical support is good and has helped out several time with some really specific configurations in our environment.

We used an outsourced MSSP solution but we needed to get the solution in-house in order to better integrate with our datacenters and systems and comply with financial regulatory and PCI-DSS requirements.

The initial setup was straightforward and quite easy to setup. Requires Linux knowledge to manage but given that we use Linux for our critical infrastructure services it was no problem for us.

We chose AlienVault partly do the the many features and functionalities that was bundled with the product to the pricing and licensing models that was offered. Many other solutions did not have the full spectrum of features but was significantly more expensive so we would have been forced to get additional solutions to cover all our requirements. With AlienVault we got a all-in-one solution that covered our needs.

We had a look at the current offerings at that time, including Tripwire, McAfee, SourceFire, etc., but concluded that we would get the best-bang-for-the-bucks with AlienVault solution

As with any Security solution, you still need to have knowledgeable people to manage the solution and the solution is not a silver-bullet that takes care of all your issues without being properly managed. Make sure you have the necessary knowledge and headcount to use the solution before implementing this or any other solution. With Security, the most of the cost is in OPEX, not CAPEX, so make sure you have the necessary expertise to operate the solution as efficiently as possible.

Its powerful correlation engine helps reduce time in manually correlating events.

• Alarms
• Correlation

It should be able to communicate with other security solutions to stop threats.

No stability issues.

No scalability issues.

Customer Service:

I would rate customer service as a nine out of 10.

Technical Support:

I would rate technical support as a nine out of 10.

We did not previously use a different solution.

The only complex area of the setup was writing the custom scripts.

We use both a vendor team and an in-house team for implementation.

The ROI is quite good.

Use an MSSP instead. It is much cheaper.

We did not evaluate other options.

It is quite awesome.

We are using AT&T AlienVault USM for collecting the events, generating alarms, and events management.

The most valuable features of AT&T AlienVault USM are the ease of management and knowledge of what is on the network of my customers. It's easy to understand the problems, and management our alarms and events.

The price of AT&T AlienVault USM could be reduced.

I have been using AT&T AlienVault USM for approximately two years.

I am satisfied with the stability of AT&T AlienVault USM.

I rate the stability of AT&T AlienVault USM a five out of five.

AT&T AlienVault USM is scalable enough for our needs.

The initial setup of AT&T AlienVault USM was easy. Which involved all the configurations of correlation rules, and other elements for customer problems management. The full implementation took approximately two days.

I did the implementation of AT&T AlienVault USM with a colleague.

AT&T AlienVault USM is an expensive solution and we pay for the license and the support separately. We paid for the license and support for three years.

I would recommend this solution to others.

We do not use all the features of the solution.

I rate AT&T AlienVault USM an eight out of ten.

Our initial need which brought us to acquire this solution was to be in compliance with GDPR requirements. Our environment is cloud-based (specifically AWS).

Beyond provided us with an IDS as was our initial need, but AlienVault gave us more useful resources, as SIEM, and as a vulnerability scanner (the last, one of my favourite resources).

My favourite one is the vulnerability scanner because while using it, our environment is always updated about security threats.

Taking into account that server access credentials are controlled by the tool, some more management-focused actions could be performed from AlienVault.

AlienVault Unified Security Management (USM) has powerful threat detection, incident response, and compliance management. We can use this across cloud, on-premise and hybrid environments. 

The reason to use USM is that it has the following components in its package: 

• Asset Discovery
• Vulnerability Assessment
• Intrusion Detection
• Behavioral Monitoring
• SIEM & Log Management.

AlienVault has an advanced component within one package. With this, we can cover more area with one solution. 

As a example, it has vulnerability assessment component built-in. From this, we can do the vulnerability assessment easily and we do not have to buy another solution for the vulnerability assessment. It is easy to use and we can take better advantage from an all-in-one solution like USM. 

AlienVault USM has a vulnerability assessment feature and only one SIEM feature compared to other SIEM solutions. 

AlienVault must improve their correlation feature. Some of the events do not match with the correlation rules and some of the correlation events are false-positive.

It is the most valuable tool that I have seen of the SIEM solutions.

• Network monitoring
• SIEM

We have much greater visibility in what is happening on our network.

Backup, restore, and upgrade - some menu options are a bit convoluted.

Six months.

No.

No.

No.

Excellent, every contact with customer services, support, and training has been superb.

Excellent - very good, comprehensive, and knowledgeable staff.

No.

Yes - simple deployment in VM, worked the first time.

In-house.

Difficult to answer - specifically, this was a new product for us to increase and improve upon security.

We did market research, web reviews, etc. We spoke to a number of vendors (LogRhythm, etc.), but we felt that AlienVault was the best value and most comprehensive for our organisation's size.

Yes, LogRhythm, and Splunk.

We are very happy. The training was excellent, and the interaction with AlienVault is first rate - real leader in customer service, the OTX pulse feature is very useful.

Quickly got insight into my environment.

Deployment was very easy. I got my servers and devices reporting very quickly.

It would be great if there was a feature to add in watch lists, like McAfee or QRadar have -- to keep track of IPs, domain, etc. that I have identified as being malicious.

Also, being able to connect into other TAXII/STIX feeds other than OTX.

Customer Service:

Excellent. Customer service was very responsive.

Technical Support:

Excellent. Support was very responsive.

Yes, McAfee ESM. Even after upgrading to Version 10, the interface was still hard to navigate through and did not work on every browser. Writing effective rules was difficult.

Very straightforward.

In-house.

Very reasonable and for the value of the product, we couldn't ask for better pricing.

We did a SIEM solution comparison with McAfee ESM, IBM QRadar, and Fortinet.