USM Anywhere Reviews

I am using the solution for security information and event management.

The solution has all the features that we need, however they do not work correctly.

This solution has too many issues with integration with other technologies. For example, you can configure the solution to integrate with your technology today but tomorrow it will stop working. You have to continually update the login, save the issue, and create a ticket with support. It is a long process that takes too long for the support to resolve quickly.

In the future, I would like to see all these features of the solution working properly.

I have been using the solution for two years.

The solution is not stable. Sometimes the virtual machines are not working and it is not a network issue. There are many compatibility issues. There have been times when upgrading the firmware the device is not operational, you then have to restore to the older version.

The customer support has not been very helpful when issues arise.

The price for this solution is very good, but since the features do not work the price is expensive.

I would not recommend anyone to use it.

I rate ATT AlienVault USM a one out of ten.

AlienVault USM is a single pane of glass solution. It has not only SIEM capabilities but also other capabilities. AlienVault USM Anywhere is easy to deploy with their cloud-based model, and deploying the required agents on-prem (or in the cloud) is quick and easy. USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment's notice.

• The system slows down considerably when a large number of events are fed in.
• Also, AlienVault support has to make some improvements.

A vulnerability assessment feature is very helpful for me. Because of this feature, I can schedule a vulnerability assessment for my critical server.

While it is relatively easy to use, it takes a little time to get used to where everything is located in the web interface. I do wish that their support would help a bit more with the analysis of alarms.

No. This is the first security tool I am using.

It is easy to deploy and install an entire solution. I don't have an idea about pricing.

N/A.

They should have to improve support. So they can solve customers' problems in less time.

I'm a System Engineer working for a IT Security Solution Provider. My organization received a request for SIEM and FIM solution to be deployed for a Financial Organization. We have found AlienVault provide SIEM and FIM features in USM All In One

This was my first ever SIEM deployment and started from the scratch after doing a good POC with the customer.

It has helped me to give some InfoSec guidance to my customer after deployed the AlienVault in their premises.

Now they were able to get to know what kind of traffic passing through the firewalls and what kind of traffic hits the traffic.

SIEM and the FIM are the first preferences when I started the deployment. Because the customer wanted to monitor network security incidents of the Servers and any file modification done to their critical files residing in the production servers. 

Vulnerability scanning and OTX helped us to manage all in one single point.

The alerting and security intelligence is the heart of the product. Monitoring customer's critical network is now almost a one man job.

Still I was working on the implementation I have found difficulties in searches within security events. Configuring some areas looks complicated.

I had issues while installing OSSEC agent in Solaris and CentOS Servers. A workaround for this issue will give some value for users.

The low cost of entry SIEM functionality has increased due to network views and network traffic.

• General SIEM tool functionality.
• Ease of deployment across various environments.

Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement.

None, which are related to this solution.

No.

Customer Service:

Seven out of ten.

Technical Support:

Seven out of ten.

No.

The initial setup was straightforward.

It was a a blend. The implementation was primarily internal with support provided as needed. The vendor team had a good quality of expertise.

Medium-high.

Research the solution heavily prior to investing.

Setting up a bench OSSIM install should help identify possible pain points with the setup.

No.

The solution is improving steadily, particularly in relation to the quality and breadth of documentation. Though some areas are still weak.

The UI is clean and easy to use. Lots of documentation, training, and community involvement available as well.

Holistic view of SIEM environment.

API, ETL, or connector to support BI tools such as Tableau, Power BI, etc.

Only for a few months. We just went live with the USM when we transitioned away from on-prem.

Not on the AV side, pretty easy to use.

No.

No.

Very good.

Very good.

N/A.

Yes.

Vendor. Not the best.

Too soon to tell.

Check logging.

N/A.

No.

Policies have been very valuable. We use them as alerts on many compliance requirements and concerns.

• Identifying the sending of clear text account information
• Identifying and fixing vulnerabilities that we were not aware of

We have been using AlienvVault for the past two years.

There was an issue in setting up the log storage location.

I did not encounter any issues with stability.

I did not encounter any issues with scalability.

There is excellent customer service and we have never had a complaint.

Technical support has a very knowledgeable support staff. Everyone we have worked with has really displayed great knowledge of this product.

We used different solutions. Pricing was an issue and support was limited.

We had the installation done by support when we purchased the solution.

The implementation was though the vendor and they were great to work with. They were able to answer any questions that we had.

The pricing was great and we were not disappointed.

We did not evaluate other solutions.

Thank you for the great solution that you provided for us.

We now have the ability to see what is happening in the environment.

We now can find the source of where Windows account lockouts are occurring.

It needs to be easier to deploy switch monitoring.

We've been using it for four months.

We've had no issues so far.

We've been able to scale it for our needs without issues.

I've not had to contact them yet.

We switched because our previous solution wasn't scalable.

It was pretty straightforward.

It was a reasonably priced solution.

We didn't look at any other solutions.

It’s pretty easy to setup but to really take advantage you should have a dedicated person who will devote their time, to customizing and utilizing the power this solution has.

I'm a re-seller of AlienVault SIEM in Sri Lanka. We have deployed AlienVault SIEM in one of the bank in Sri Lanka three months back. Currently we are working on the fine tuning. It took me two weeks to complete the basic deployment and integration of devices up-to 50 with the clients technical team.

Since we are re-seller, AlienVault helped us because of their cheaper price compared to other SIEM solutions and the addition of FIM in the solution. Implementation took few days and it's easy to complete the task within the given project time line.

Raw logs: Clients require to store their raw logs in a data-store rather than keep it in the actual device.

Alarm section: It's very easy to see the Alarms for any incidents rather than going through all the logs.

Security events: Categorization of Security events helps our SOC analyst for further analysis.

User friendly interface could be an advantage. Sometimes we may face trouble when we were going through the settings of AlienVault SIEM.