Try our new research platform with insights from 80,000+ expert users
PeerSpot user
Infrastructure Engineer at a tech services company with 1,001-5,000 employees
Consultant
Holistic view of SIEM environment

What is most valuable?

The UI is clean and easy to use. Lots of documentation, training, and community involvement available as well.

How has it helped my organization?

Holistic view of SIEM environment.

What needs improvement?

API, ETL, or connector to support BI tools such as Tableau, Power BI, etc.

For how long have I used the solution?

Only for a few months. We just went live with the USM when we transitioned away from on-prem.

Buyer's Guide
USM Anywhere
November 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.

What was my experience with deployment of the solution?

Not on the AV side, pretty easy to use.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

No.

How are customer service and support?

Customer Service:

Very good.

Technical Support:

Very good.

Which solution did I use previously and why did I switch?

N/A.

How was the initial setup?

Yes.

What about the implementation team?

Vendor. Not the best.

What was our ROI?

Too soon to tell.

What's my experience with pricing, setup cost, and licensing?

Check logging.

Which other solutions did I evaluate?

N/A.

What other advice do I have?

No.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you Adam for your time to review AlienVault USM and for your candid feedback!

PeerSpot user
Information Technology Security Administrator at a healthcare company with 1,001-5,000 employees
Vendor
We use policies as alerts on many compliance requirements and concerns.

What is most valuable?

Policies have been very valuable. We use them as alerts on many compliance requirements and concerns.

How has it helped my organization?

  • Identifying the sending of clear text account information
  • Identifying and fixing vulnerabilities that we were not aware of

For how long have I used the solution?

We have been using AlienvVault for the past two years.

What was my experience with deployment of the solution?

There was an issue in setting up the log storage location.

What do I think about the stability of the solution?

I did not encounter any issues with stability.

What do I think about the scalability of the solution?

I did not encounter any issues with scalability.

How are customer service and technical support?

Customer Service:

There is excellent customer service and we have never had a complaint.

Technical Support:

Technical support has a very knowledgeable support staff. Everyone we have worked with has really displayed great knowledge of this product.

Which solution did I use previously and why did I switch?

We used different solutions. Pricing was an issue and support was limited.

How was the initial setup?

We had the installation done by support when we purchased the solution.

What about the implementation team?

The implementation was though the vendor and they were great to work with. They were able to answer any questions that we had.

What's my experience with pricing, setup cost, and licensing?

The pricing was great and we were not disappointed.

Which other solutions did I evaluate?

We did not evaluate other solutions.

What other advice do I have?

Thank you for the great solution that you provided for us.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thanks Dan for your feedback on USM!

Buyer's Guide
USM Anywhere
November 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.
it_user484692 - PeerSpot reviewer
Security Consultant at a tech consulting company with 51-200 employees
Consultant
We have noticed outdated Java and Flash versions due to the snort rules included in the appliance.

Valuable Features

AlienVault provides excellent visibility into your network by combining centralized logging, host-based IDS and network IDS. This enables me to detect quite a lot of potential issues that have gone through AlienVault's correlation engine and our own policies.

Improvements to My Organization

On several occasions we have detected attacks (DDoS) just as they are starting and have been able to rapidly mitigate them. We have also noticed outdated Java and Flash versions due to the snort rules included in the appliance.

Room for Improvement

The biggest improvement they could do is to provide full support for IPv6 addressing. It currently has quite lightweight support for IPv6 addresses in the sense that it will record the source/destination addresses in all cases, but currently trying to search with IPv6 addresses is not possible and thus makes our lives harder.

Use of Solution

Including my experience with the previous version (v4) I have two years of professional experience with AlienVault.

Deployment Issues

We have not faced any large issues with the deployment.

Stability Issues

We have not faced any large issues with the stability.

Scalability Issues

The only issues is related to the volume of alarms in a system - the UI/UX for working with a large mass - starting with several hundred alarms is suboptimal. I am hesitant to mention this as it is easily solved in the future by small UI changes.

Customer Service and Technical Support

All of the bug reports have been sent to AlienVault and have been handled with skill. At least once we got to talk to their experts who worked with us to debug the cases in our environment.

Initial Setup

There are many steps, but the steps are not complex. The biggest hurdle in the deployment/setup phase is usually gathering the actual information (assets details, services, policies) about the environment, not the installation itself.

Implementation Team

Our team did the implementation. If you have experience implementing a SIEM solution then you can implement this yourselves, otherwise you should get an external team do it. The issue is not with the technical skills needed for the actual implementation, but the knowledge needed to know what to include, what policies to write, and what not to include.

Pricing, Setup Cost and Licensing

For licensing you will need to contact an AlienVault reseller as it is comprised of (roughly) how many events per second you are processing, how many assets you are adding, and in how many physical locations.

Other Solutions Considered

I was not part of the process. I have heard that our team had tried other products, but mostly the cost was prohibitive in those alternatives.

Other Advice

As this is a product that will give you a lot of visibility into everything you can throw at it, it is good to note that you should have good working relations with the *people* in charge of the assets you have visibility over (e.g. with network mirroring).

You will get alarms about a plethora of things you couldn't have imagined, things that people have forgotten, that have been misconfigured and that are under attack. You will need to explain the remedies and mitigations to people. And that is possibly the biggest hurdle. This product will not help you if you cannot fix the problems it finds.

It may not have the same abilities as most tools off-the-shelf but it has the best bang for buck. Unless you already have a high-quality SOC operation running, you will be able to handle probably all of your SIEM needs with AlienVault for a few years with a fraction of the price of other more complete solutions.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

thank you for your review!

PeerSpot user
Network Engineer II at a healthcare company
Vendor
We now can find the source of where Windows account lockouts are occurring.

What is most valuable?

We now have the ability to see what is happening in the environment.

How has it helped my organization?

We now can find the source of where Windows account lockouts are occurring.

What needs improvement?

It needs to be easier to deploy switch monitoring.

For how long have I used the solution?

We've been using it for four months.

What do I think about the stability of the solution?

We've had no issues so far.

What do I think about the scalability of the solution?

We've been able to scale it for our needs without issues.

How are customer service and technical support?

I've not had to contact them yet.

Which solution did I use previously and why did I switch?

We switched because our previous solution wasn't scalable.

How was the initial setup?

It was pretty straightforward.

What's my experience with pricing, setup cost, and licensing?

It was a reasonably priced solution.

Which other solutions did I evaluate?

We didn't look at any other solutions.

What other advice do I have?

It’s pretty easy to setup but to really take advantage you should have a dedicated person who will devote their time, to customizing and utilizing the power this solution has.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Lenny - thank you so much for your feedback & comments.

it_user604401 - PeerSpot reviewer
AVP & Information Security Officer at a financial services firm with 501-1,000 employees
Real User
Automated alarms help identify what is happening on your network that should be investigated.

What is most valuable?

The automated alarms have been very helpful in identifying what is happening on your network that should be investigated.

How has it helped my organization?

It has helped us keep an eye on Admin activity on the network and in our directory.

What needs improvement?

The way it identifies systems can use some improvement. It has a hard time differentiating between versions of Windows.

For how long have I used the solution?

I have used it for two years.

What was my experience with deployment of the solution?

Deployment was extremely smooth.

What do I think about the stability of the solution?

The system has been very stable.

What do I think about the scalability of the solution?

We have a small network. So far, we have had no issues with scale.

How are customer service and technical support?

Customer Service:

Customer service is excellent, very responsive, and they know their product.

Technical Support:

Technical support is excellent so far.

Which solution did I use previously and why did I switch?

This was the solution selected after evaluating several competing products; no SIEM prior to this deployment.

How was the initial setup?

Initial setup was very straightforward.

What about the implementation team?

We did the initial implementation and then had a vendor fine tune it with us. The vendor was very well qualified.

What's my experience with pricing, setup cost, and licensing?

Licensing and pricing was one of the primary reasons for selecting this solution. Since no one has an unlimited budget, consider your needs and get the most bang for your buck.

Which other solutions did I evaluate?

Before choosing this product, we evaluated other options. We were leaning heavily towards AccelOps but had worries about their viability as a business.

What other advice do I have?

If you are considering this solution, I highly recommend that you have someone in-house who is familiar with Unix/Linux. The underpinnings of this solution is *nix. It will make deployment and ongoing maintenance much easier.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you so much for your comments & thoughtful feedback.

PeerSpot user
Network and Security Engineer at a tech services company with 51-200 employees
Real User
It has powerful threat detection, incident response, and compliance management
Pros and Cons
  • "It has powerful threat detection, incident response, and compliance management."
  • "AlienVault has an advanced component within one package. With this, we can cover more area with one solution."
  • "AlienVault must improve their correlation feature. Some of the events do not match with the correlation rules and some of the correlation events are false-positive."

What is our primary use case?

AlienVault Unified Security Management (USM) has powerful threat detection, incident response, and compliance management. We can use this across cloud, on-premise and hybrid environments. 

The reason to use USM is that it has the following components in its package: 

  • Asset Discovery
  • Vulnerability Assessment
  • Intrusion Detection
  • Behavioral Monitoring
  • SIEM & Log Management.

How has it helped my organization?

AlienVault has an advanced component within one package. With this, we can cover more area with one solution. 

As a example, it has vulnerability assessment component built-in. From this, we can do the vulnerability assessment easily and we do not have to buy another solution for the vulnerability assessment. It is easy to use and we can take better advantage from an all-in-one solution like USM. 

What is most valuable?

AlienVault USM has a vulnerability assessment feature and only one SIEM feature compared to other SIEM solutions. 

What needs improvement?

AlienVault must improve their correlation feature. Some of the events do not match with the correlation rules and some of the correlation events are false-positive.

For how long have I used the solution?

Less than one year.

What other advice do I have?

It is the most valuable tool that I have seen of the SIEM solutions.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner in Sri Lanka.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you Tharaka for your time to review AlienVault USM and for your candid feedback!

PeerSpot user
Security Engineer at a tech services company with 201-500 employees
MSP
The low cost of entry SIEM functionality has increased due to network views and network traffic
Pros and Cons
  • "Ease of deployment across various environments."
  • "Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement."

How has it helped my organization?

The low cost of entry SIEM functionality has increased due to network views and network traffic.

What is most valuable?

  • General SIEM tool functionality.
  • Ease of deployment across various environments.

What needs improvement?

Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement.

What do I think about the stability of the solution?

None, which are related to this solution.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Customer Service:

Seven out of ten.

Technical Support:

Seven out of ten.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

The initial setup was straightforward.

What about the implementation team?

It was a a blend. The implementation was primarily internal with support provided as needed. The vendor team had a good quality of expertise.

What was our ROI?

Medium-high.

What's my experience with pricing, setup cost, and licensing?

Research the solution heavily prior to investing.

Setting up a bench OSSIM install should help identify possible pain points with the setup.

Which other solutions did I evaluate?

No.

What other advice do I have?

The solution is improving steadily, particularly in relation to the quality and breadth of documentation. Though some areas are still weak.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you Paul for your time to review AlienVault USM and for your candid feedback!

PeerSpot user
Network Administrator at a tech services company
Consultant
The product has been very stable

What needs improvement?

The setup was somewhat complex.

For how long have I used the solution?

We have had this solution in place for about 10 months.

What was my experience with deployment of the solution?

There were deployment issues. At the time, it was right after USM Anywhere had been released, and not all of the documentation was posted. This made the deployment have some issues.

What do I think about the stability of the solution?

The product has been very stable.

What do I think about the scalability of the solution?

We have had no issues with scalabilty.

How are customer service and technical support?

Customer Service:

I would give customer service a rating of four out of five.

Technical Support:

I would give technical support a rating of four out of five.

Which solution did I use previously and why did I switch?

This is the first solution like this that I have deployed.

How was the initial setup?

The setup was somewhat complex. One thing that was difficult was configuring log forwarding from Window systems.

What about the implementation team?

We implemented using an in-house team.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you Stephen for your time and your comments.

Buyer's Guide
Download our free USM Anywhere Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free USM Anywhere Report and get advice and tips from experienced pros sharing their opinions.