Try our new research platform with insights from 80,000+ expert users
Vendor
We haven't suffered a true breach, but it has helped identify weaknesses.

What is most valuable?

SIEM capabilities, vulnerability scanning, asset discovery/management features.

How has it helped my organization?

Increased visibility, threat detection.

What needs improvement?

The web UI can be clunky at times, with poor error handling. Updates need more QC before release.

For how long have I used the solution?

One year.

Buyer's Guide
USM Anywhere
November 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,660 professionals have used our research since 2012.

What was my experience with deployment of the solution?

Deployment has always been smooth.

What do I think about the stability of the solution?

No, it has been quite stable.

What do I think about the scalability of the solution?

Nothing except for networking challenges.

How are customer service and support?

Customer Service:

Seven out of 10.

Technical Support:

Seven out of 10. First level of support is hit and miss, but higher level support technicians are great.

Which solution did I use previously and why did I switch?

No, we started with OSSIM and then bought USM.

How was the initial setup?

Very straightforward if you're prepared. Just deploy the OVA template and follow the instructions and you're up in less than an hour.

What about the implementation team?

In-house.

What was our ROI?

I can't say.

What's my experience with pricing, setup cost, and licensing?

The asset licenses are misleading. You can have as many as you want in AV and have NIDS work on all of them. The limit is more about logs and plugins for the assets.

Which other solutions did I evaluate?

No.

What other advice do I have?

It's a good solution and has a promising future.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you for your time to review AlienVault USM and for your candid feedback!

it_user479484 - PeerSpot reviewer
Network Security Administrator at a comms service provider with 501-1,000 employees
Vendor
The most important part of the product is the event correlation and alerting. The ability to authenticated users across multiple domains would be useful, but is not critical.

What is most valuable?

The most important part of the product is the event correlation and alerting that it provides. Sifting through tens of millions of logs a day looking for the proverbial needle in a haystack is impossible for a single person or even a team without automation

How has it helped my organization?

Being able to identify security issues as they occur at near real time. Being able to then respond to them as soon as they occur is priceless.

What needs improvement?

We have a relatively large deployment that spans multiple locations and domains. Having the ability to authenticated users across multiple domains would be useful, but is not critical. The log query capability is pretty restrictive and I find myself searching through raw logs via command line more often than the GUI. Full logging is not supported out of the box, you will need to modify configurations to store all logs if that is your concern or a requirement of your organization, AlienVault by default only stores alert logs, this can and will bite you at some point. The IDS Rules need better oversight when updated. The vulnerability scanner needs to have a power user mode that gives you a more complete interface to the vulnerability scanner (OpenVas).

For how long have I used the solution?

3 years

What was my experience with deployment of the solution?

Most problems were due to our environment and having to utilize the built-in VPN capabilities. Once a few sensors have been added via the VPN it is pretty simple to remember how to do it.

How are customer service and technical support?

All interactions with customer service and technical support have been great. The engineering group is based in Spain and occasionally you may have timing issues with their team and yourself.

Which solution did I use previously and why did I switch?

Another group in our company used QRadar before they were bought out. The buyout created a bad enough situation that the group refused to renew with QRadar, especially when they decided after 18 months that they did not want to support the hardware that their predecessors had sold. We also trialed LogRhythm which was a more mature product, but had its own quirks and annoyances. The largest issue I found the LogRhythm was the excessive amount of time to spend to deploy a single agent, much less repeating that process 390 times for our environment.   

How was the initial setup?

We had a pretty large deployment most of our locations were straightforward some were more complex due having to route them through a MPLS connection with only limited connections to the main locations.

What about the implementation team?

We integrated through a third party vendor recommended group, they caused many issues on their own some that were not discovered for over a year. Be wary of any third party that wants to do anything with the database.

What was our ROI?

ROI for AlienVault will probably not be about the money. The return is the time saved and the intelligence that you are able to gather about your environment that you did not have before.

What other advice do I have?

Do your research in SIEM solutions and realize that it is not going to be a set and forget product. For 10 sensors like what we run there are weeks that it requires logging in and closing tickets and there are weeks where you will spend 10+ hours working on the deployment.

There are some things that are great and some that are annoying, this is not a perfect product. Most security products are never perfect especially based on different organizations that will run them.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you for your comments & feedback!

Buyer's Guide
USM Anywhere
November 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,660 professionals have used our research since 2012.
System Administrator at a insurance company with 51-200 employees
Real User
Unstable features, poor technology integration, and support needs improvement
Pros and Cons
  • "The solution has all the features that we need, however they do not work correctly."
  • "In the future, I would like to see all these features of the solution working properly."

What is our primary use case?

I am using the solution for security information and event management.

What is most valuable?

The solution has all the features that we need, however they do not work correctly.

What needs improvement?

This solution has too many issues with integration with other technologies. For example, you can configure the solution to integrate with your technology today but tomorrow it will stop working. You have to continually update the login, save the issue, and create a ticket with support. It is a long process that takes too long for the support to resolve quickly.

In the future, I would like to see all these features of the solution working properly.

For how long have I used the solution?

I have been using the solution for two years.

What do I think about the stability of the solution?

The solution is not stable. Sometimes the virtual machines are not working and it is not a network issue. There are many compatibility issues. There have been times when upgrading the firmware the device is not operational, you then have to restore to the older version.

How are customer service and technical support?

The customer support has not been very helpful when issues arise.

What's my experience with pricing, setup cost, and licensing?

The price for this solution is very good, but since the features do not work the price is expensive.

What other advice do I have?

I would not recommend anyone to use it.

I rate ATT AlienVault USM a one out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Security Analyst SOC at Sumasoft Pvt Ltd
Real User
It is easy to deploy with their cloud-based model, and deploying the required agents is quick and easy

What is our primary use case?

AlienVault USM is a single pane of glass solution. It has not only SIEM capabilities but also other capabilities. AlienVault USM Anywhere is easy to deploy with their cloud-based model, and deploying the required agents on-prem (or in the cloud) is quick and easy. USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment's notice.

How has it helped my organization?

  • The system slows down considerably when a large number of events are fed in.
  • Also, AlienVault support has to make some improvements.

What is most valuable?

A vulnerability assessment feature is very helpful for me. Because of this feature, I can schedule a vulnerability assessment for my critical server.

What needs improvement?

While it is relatively easy to use, it takes a little time to get used to where everything is located in the web interface. I do wish that their support would help a bit more with the analysis of alarms.

For how long have I used the solution?

One to three years.

Which solution did I use previously and why did I switch?

No. This is the first security tool I am using.

What's my experience with pricing, setup cost, and licensing?

It is easy to deploy and install an entire solution. I don't have an idea about pricing.

Which other solutions did I evaluate?

N/A.

What other advice do I have?

They should have to improve support. So they can solve customers' problems in less time.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you Rajnikant for taking time to provide your thoughtful feedback!

it_user829383 - PeerSpot reviewer
Engineer - Network Security at a tech company with 11-50 employees
User
Review about AlienVault

What is our primary use case?

I'm a System Engineer working for a IT Security Solution Provider. My organization received a request for SIEM and FIM solution to be deployed for a Financial Organization. We have found AlienVault provide SIEM and FIM features in USM All In One

This was my first ever SIEM deployment and started from the scratch after doing a good POC with the customer.

How has it helped my organization?

It has helped me to give some InfoSec guidance to my customer after deployed the AlienVault in their premises.

Now they were able to get to know what kind of traffic passing through the firewalls and what kind of traffic hits the traffic.

What is most valuable?

SIEM and the FIM are the first preferences when I started the deployment. Because the customer wanted to monitor network security incidents of the Servers and any file modification done to their critical files residing in the production servers. 

Vulnerability scanning and OTX helped us to manage all in one single point.

The alerting and security intelligence is the heart of the product. Monitoring customer's critical network is now almost a one man job.

What needs improvement?

Still I was working on the implementation I have found difficulties in searches within security events. Configuring some areas looks complicated.

I had issues while installing OSSEC agent in Solaris and CentOS Servers. A workaround for this issue will give some value for users.

For how long have I used the solution?

Still implementing.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you for your time to review AlienVault USM and for your candid feedback!

PeerSpot user
Engineer - Information Security at a tech services company with 51-200 employees
Reseller
Categorization of Security Events Helps Our Soc Analyst for Further Analysis.

What is our primary use case?

I'm a re-seller of AlienVault SIEM in Sri Lanka. We have deployed AlienVault SIEM in one of the bank in Sri Lanka three months back. Currently we are working on the fine tuning. It took me two weeks to complete the basic deployment and integration of devices up-to 50 with the clients technical team.

How has it helped my organization?

Since we are re-seller, AlienVault helped us because of their cheaper price compared to other SIEM solutions and the addition of FIM in the solution. Implementation took few days and it's easy to complete the task within the given project time line.

What is most valuable?

Raw logs: Clients require to store their raw logs in a data-store rather than keep it in the actual device.

Alarm section: It's very easy to see the Alarms for any incidents rather than going through all the logs.

Security events: Categorization of Security events helps our SOC analyst for further analysis.

What needs improvement?

User friendly interface could be an advantage. Sometimes we may face trouble when we were going through the settings of AlienVault SIEM.

For how long have I used the solution?

Less than one year.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you Shayanthan for your time to review AlienVault USM and for your candid feedback!

PeerSpot user
Security Analyst at a tech services company
Consultant
Quickly got insight into my environment

How has it helped my organization?

Quickly got insight into my environment.

What is most valuable?

Deployment was very easy. I got my servers and devices reporting very quickly.

What needs improvement?

It would be great if there was a feature to add in watch lists, like McAfee or QRadar have -- to keep track of IPs, domain, etc. that I have identified as being malicious.

Also, being able to connect into other TAXII/STIX feeds other than OTX.

How are customer service and technical support?

Customer Service:

Excellent. Customer service was very responsive.

Technical Support:

Excellent. Support was very responsive.

Which solution did I use previously and why did I switch?

Yes, McAfee ESM. Even after upgrading to Version 10, the interface was still hard to navigate through and did not work on every browser. Writing effective rules was difficult.

How was the initial setup?

Very straightforward.

What about the implementation team?

In-house.

What's my experience with pricing, setup cost, and licensing?

Very reasonable and for the value of the product, we couldn't ask for better pricing.

Which other solutions did I evaluate?

We did a SIEM solution comparison with McAfee ESM, IBM QRadar, and Fortinet.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you Tim for your time to review AlienVault USM and for your candid feedback!

PeerSpot user
Infrastructure Engineer at a tech services company with 1,001-5,000 employees
Consultant
Holistic view of SIEM environment

What is most valuable?

The UI is clean and easy to use. Lots of documentation, training, and community involvement available as well.

How has it helped my organization?

Holistic view of SIEM environment.

What needs improvement?

API, ETL, or connector to support BI tools such as Tableau, Power BI, etc.

For how long have I used the solution?

Only for a few months. We just went live with the USM when we transitioned away from on-prem.

What was my experience with deployment of the solution?

Not on the AV side, pretty easy to use.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Customer Service:

Very good.

Technical Support:

Very good.

Which solution did I use previously and why did I switch?

N/A.

How was the initial setup?

Yes.

What about the implementation team?

Vendor. Not the best.

What was our ROI?

Too soon to tell.

What's my experience with pricing, setup cost, and licensing?

Check logging.

Which other solutions did I evaluate?

N/A.

What other advice do I have?

No.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you Adam for your time to review AlienVault USM and for your candid feedback!

Buyer's Guide
Download our free USM Anywhere Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free USM Anywhere Report and get advice and tips from experienced pros sharing their opinions.