Policies have been very valuable. We use them as alerts on many compliance requirements and concerns.
Information Technology Security Administrator at a healthcare company with 1,001-5,000 employees
We use policies as alerts on many compliance requirements and concerns.
What is most valuable?
How has it helped my organization?
- Identifying the sending of clear text account information
- Identifying and fixing vulnerabilities that we were not aware of
For how long have I used the solution?
We have been using AlienvVault for the past two years.
What was my experience with deployment of the solution?
There was an issue in setting up the log storage location.
Buyer's Guide
USM Anywhere
October 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
What do I think about the stability of the solution?
I did not encounter any issues with stability.
What do I think about the scalability of the solution?
I did not encounter any issues with scalability.
How are customer service and support?
Customer Service:
There is excellent customer service and we have never had a complaint.
Technical support has a very knowledgeable support staff. Everyone we have worked with has really displayed great knowledge of this product.
Which solution did I use previously and why did I switch?
We used different solutions. Pricing was an issue and support was limited.
How was the initial setup?
We had the installation done by support when we purchased the solution.
What about the implementation team?
The implementation was though the vendor and they were great to work with. They were able to answer any questions that we had.
What's my experience with pricing, setup cost, and licensing?
The pricing was great and we were not disappointed.
Which other solutions did I evaluate?
We did not evaluate other solutions.
What other advice do I have?
Thank you for the great solution that you provided for us.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Consultant at a tech consulting company with 51-200 employees
We have noticed outdated Java and Flash versions due to the snort rules included in the appliance.
Valuable Features
AlienVault provides excellent visibility into your network by combining centralized logging, host-based IDS and network IDS. This enables me to detect quite a lot of potential issues that have gone through AlienVault's correlation engine and our own policies.
Improvements to My Organization
On several occasions we have detected attacks (DDoS) just as they are starting and have been able to rapidly mitigate them. We have also noticed outdated Java and Flash versions due to the snort rules included in the appliance.
Room for Improvement
The biggest improvement they could do is to provide full support for IPv6 addressing. It currently has quite lightweight support for IPv6 addresses in the sense that it will record the source/destination addresses in all cases, but currently trying to search with IPv6 addresses is not possible and thus makes our lives harder.
Use of Solution
Including my experience with the previous version (v4) I have two years of professional experience with AlienVault.
Deployment Issues
We have not faced any large issues with the deployment.
Stability Issues
We have not faced any large issues with the stability.
Scalability Issues
The only issues is related to the volume of alarms in a system - the UI/UX for working with a large mass - starting with several hundred alarms is suboptimal. I am hesitant to mention this as it is easily solved in the future by small UI changes.
Customer Service and Technical Support
All of the bug reports have been sent to AlienVault and have been handled with skill. At least once we got to talk to their experts who worked with us to debug the cases in our environment.
Initial Setup
There are many steps, but the steps are not complex. The biggest hurdle in the deployment/setup phase is usually gathering the actual information (assets details, services, policies) about the environment, not the installation itself.
Implementation Team
Our team did the implementation. If you have experience implementing a SIEM solution then you can implement this yourselves, otherwise you should get an external team do it. The issue is not with the technical skills needed for the actual implementation, but the knowledge needed to know what to include, what policies to write, and what not to include.
Pricing, Setup Cost and Licensing
For licensing you will need to contact an AlienVault reseller as it is comprised of (roughly) how many events per second you are processing, how many assets you are adding, and in how many physical locations.
Other Solutions Considered
I was not part of the process. I have heard that our team had tried other products, but mostly the cost was prohibitive in those alternatives.
Other Advice
As this is a product that will give you a lot of visibility into everything you can throw at it, it is good to note that you should have good working relations with the *people* in charge of the assets you have visibility over (e.g. with network mirroring).
You will get alarms about a plethora of things you couldn't have imagined, things that people have forgotten, that have been misconfigured and that are under attack. You will need to explain the remedies and mitigations to people. And that is possibly the biggest hurdle. This product will not help you if you cannot fix the problems it finds.
It may not have the same abilities as most tools off-the-shelf but it has the best bang for buck. Unless you already have a high-quality SOC operation running, you will be able to handle probably all of your SIEM needs with AlienVault for a few years with a fraction of the price of other more complete solutions.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
USM Anywhere
October 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
Network Engineer II at a healthcare company
We now can find the source of where Windows account lockouts are occurring.
What is most valuable?
We now have the ability to see what is happening in the environment.
How has it helped my organization?
We now can find the source of where Windows account lockouts are occurring.
What needs improvement?
It needs to be easier to deploy switch monitoring.
For how long have I used the solution?
We've been using it for four months.
What do I think about the stability of the solution?
We've had no issues so far.
What do I think about the scalability of the solution?
We've been able to scale it for our needs without issues.
How are customer service and technical support?
I've not had to contact them yet.
Which solution did I use previously and why did I switch?
We switched because our previous solution wasn't scalable.
How was the initial setup?
It was pretty straightforward.
What's my experience with pricing, setup cost, and licensing?
It was a reasonably priced solution.
Which other solutions did I evaluate?
We didn't look at any other solutions.
What other advice do I have?
It’s pretty easy to setup but to really take advantage you should have a dedicated person who will devote their time, to customizing and utilizing the power this solution has.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
AVP & Information Security Officer at a financial services firm with 501-1,000 employees
Automated alarms help identify what is happening on your network that should be investigated.
What is most valuable?
The automated alarms have been very helpful in identifying what is happening on your network that should be investigated.
How has it helped my organization?
It has helped us keep an eye on Admin activity on the network and in our directory.
What needs improvement?
The way it identifies systems can use some improvement. It has a hard time differentiating between versions of Windows.
For how long have I used the solution?
I have used it for two years.
What was my experience with deployment of the solution?
Deployment was extremely smooth.
What do I think about the stability of the solution?
The system has been very stable.
What do I think about the scalability of the solution?
We have a small network. So far, we have had no issues with scale.
How are customer service and technical support?
Customer Service:
Customer service is excellent, very responsive, and they know their product.
Technical Support:Technical support is excellent so far.
Which solution did I use previously and why did I switch?
This was the solution selected after evaluating several competing products; no SIEM prior to this deployment.
How was the initial setup?
Initial setup was very straightforward.
What about the implementation team?
We did the initial implementation and then had a vendor fine tune it with us. The vendor was very well qualified.
What's my experience with pricing, setup cost, and licensing?
Licensing and pricing was one of the primary reasons for selecting this solution. Since no one has an unlimited budget, consider your needs and get the most bang for your buck.
Which other solutions did I evaluate?
Before choosing this product, we evaluated other options. We were leaning heavily towards AccelOps but had worries about their viability as a business.
What other advice do I have?
If you are considering this solution, I highly recommend that you have someone in-house who is familiar with Unix/Linux. The underpinnings of this solution is *nix. It will make deployment and ongoing maintenance much easier.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network and Security Engineer at a tech services company with 51-200 employees
It has powerful threat detection, incident response, and compliance management
Pros and Cons
- "It has powerful threat detection, incident response, and compliance management."
- "AlienVault has an advanced component within one package. With this, we can cover more area with one solution."
- "AlienVault must improve their correlation feature. Some of the events do not match with the correlation rules and some of the correlation events are false-positive."
What is our primary use case?
AlienVault Unified Security Management (USM) has powerful threat detection, incident response, and compliance management. We can use this across cloud, on-premise and hybrid environments.
The reason to use USM is that it has the following components in its package:
- Asset Discovery
- Vulnerability Assessment
- Intrusion Detection
- Behavioral Monitoring
- SIEM & Log Management.
How has it helped my organization?
AlienVault has an advanced component within one package. With this, we can cover more area with one solution.
As a example, it has vulnerability assessment component built-in. From this, we can do the vulnerability assessment easily and we do not have to buy another solution for the vulnerability assessment. It is easy to use and we can take better advantage from an all-in-one solution like USM.
What is most valuable?
AlienVault USM has a vulnerability assessment feature and only one SIEM feature compared to other SIEM solutions.
What needs improvement?
AlienVault must improve their correlation feature. Some of the events do not match with the correlation rules and some of the correlation events are false-positive.
For how long have I used the solution?
Less than one year.
What other advice do I have?
It is the most valuable tool that I have seen of the SIEM solutions.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner in Sri Lanka.
Security Engineer at a tech services company with 201-500 employees
The low cost of entry SIEM functionality has increased due to network views and network traffic
Pros and Cons
- "Ease of deployment across various environments."
- "Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement."
How has it helped my organization?
The low cost of entry SIEM functionality has increased due to network views and network traffic.
What is most valuable?
- General SIEM tool functionality.
- Ease of deployment across various environments.
What needs improvement?
Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement.
What do I think about the stability of the solution?
None, which are related to this solution.
What do I think about the scalability of the solution?
No.
How are customer service and technical support?
Customer Service:
Seven out of ten.
Technical Support:
Seven out of ten.
Which solution did I use previously and why did I switch?
No.
How was the initial setup?
The initial setup was straightforward.
What about the implementation team?
It was a a blend. The implementation was primarily internal with support provided as needed. The vendor team had a good quality of expertise.
What was our ROI?
Medium-high.
What's my experience with pricing, setup cost, and licensing?
Research the solution heavily prior to investing.
Setting up a bench OSSIM install should help identify possible pain points with the setup.
Which other solutions did I evaluate?
No.
What other advice do I have?
The solution is improving steadily, particularly in relation to the quality and breadth of documentation. Though some areas are still weak.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Administrator at a tech services company
The product has been very stable
What needs improvement?
The setup was somewhat complex.
For how long have I used the solution?
We have had this solution in place for about 10 months.
What was my experience with deployment of the solution?
There were deployment issues. At the time, it was right after USM Anywhere had been released, and not all of the documentation was posted. This made the deployment have some issues.
What do I think about the stability of the solution?
The product has been very stable.
What do I think about the scalability of the solution?
We have had no issues with scalabilty.
How are customer service and technical support?
Customer Service:
I would give customer service a rating of four out of five.
I would give technical support a rating of four out of five.
Which solution did I use previously and why did I switch?
This is the first solution like this that I have deployed.
How was the initial setup?
The setup was somewhat complex. One thing that was difficult was configuring log forwarding from Window systems.
What about the implementation team?
We implemented using an in-house team.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
InfoSec at a tech services company with 1,001-5,000 employees
Cost effective solution.
AlienVault is a full featured cost effective SIEM that provides quality threat intelligence for a lot less than the competition. I knocked off a point [from my rating] for the learning curve compared to some of the competition and another point for the lack of native user behavior analytics but for the money you really can't do any better.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free USM Anywhere Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Security Information and Event Management (SIEM) Log Management Endpoint Detection and Response (EDR) Compliance ManagementPopular Comparisons
CrowdStrike Falcon
Splunk Enterprise Security
Microsoft Sentinel
IBM Security QRadar
Elastic Security
LogRhythm SIEM
Sumo Logic Security
Rapid7 InsightIDR
Fortinet FortiSIEM
AlienVault OSSIM
Securonix Next-Gen SIEM
Exabeam
ManageEngine Log360
Buyer's Guide
Download our free USM Anywhere Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Has anyone got experience in deployment of a SIEM solution?
- AlienVault saying I can't use it in a DHCP environment. Help!
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?
- RSA-EMC vs. other SIEM products?
Thanks Dan for your feedback on USM!