USM Anywhere Reviews

• Correlation
• Customization

No, but that’s not really their fault, rather ours. I think this has a lot of valuable functions that really could be leveraged quite nicely.

They have the advantage of having a large community that uses the free version, and they really could use this as a sort of beta testing population for new releases. Yet, a lot of the releases break things that are used. I think they need to do more QA before releases. For example, I have custom rules written for the Suricata function. Some releases ago, there was a code change and now every single update requires that I reinstall the custom rules, and I am still waiting for the fix. They need to either stop allowing customization (which would be a mistake) or they need to embrace that a majority of their customer base does this and put in safe guards. I understand putting in limits to what’s supported, but simple things like this are part of the appeal of the product. Another example is that a few releases back, they broke the Nagios availability monitoring portion. All the functionality to watch your systems is there, and of course, I used it. When it broke, support told me it was really only meant to watch the AlienVault system itself, yet the entire interface is there, the options to enable the monitoring on hosts is there. I believe, first of all, that what I was told was wrong as availability monitoring is one of the core functions AlienVault touts, and secondly, that they need to be more careful with testing before releasing updates. It took like twp more updates before the functionality was restored.

I've used it for three years.

Some, but they are hard to pin down. This is a system that has a lot of things that can stop working, and unless you are paying close attention, to the background processes, you would never realize it.

Some people are excellent, and others not so much. They also seem to sometimes have conflicting information. I often rely more on the community for answers than I do on support, depending on the issue.

We didn't have anything in place previously.

We had a consultant that was provided by AlienVault, which was great. Otherwise, it would have been a little confusing and though they have made improvements in the documentation, it was horrible initially.

Fair for all of the capabilities it has.

We looked at some but I can't remember which ones.

It has a lot of capabilities, but make sure there’s someone that can devote daily time to it and that there is buy in from all segments, or a majority of the capabilities become pointless.

Event Correlation is the most valuable feature for every SIEM. AlienVault has ISO 27001 compliance which is very helpful for the companies looking to have the ISO 27001 certification.

As it includes a logger feature for gathering all logs from all devices (network devices, servers, hosts etc.) it has basically become the only software that we look at when we have a problem. We don’t need to search from one device to another as it’s all centralized on the same AlienVault Server which enables us to save time and become more efficient at work.

As it includes multiple security softwares, the installation and configuration takes a lot of time. It would be good if they could work on that but the time is understandable given all the features AlienVault offers.

It’s a very good SIEM with plenty of functionalities which helped improve our KPI.

The SIEM part where I can see all HIDS and IDS events in one place alongwith the correlation directives.

We have a better detection rate for malware and other cyber-attacks. Really helps when USM integrated in the incident response plan.

• Database query speed when dealing with millions of events per day
• Reports customization and types
• Dashboards TV modes (SOC surveillance monitors)

I've been using it for three years.

I've experienced frequent slowness, and we had to downgrade to filter out many logs.

The AIO is not fast enough for a network over 100 EPS, so you have to go with a dedicated server option for better speed.

7/10

We had nothing in place prior to this.

It's complex when playing with custom plugins.

The price is low, and it's good quality but require effort.

There were no other options looked at.

To take full advantage of the product you have to work under the hood.

Working as the CIO for a small community bank, resources for staffing and manpower can be limited. AlienVault helps to simplify the management of Information Security and helps me to detect threats and manage alerts with ease!

AlienVault gave our organization a centralized tool to manage our security with its intrusion detection, asset management, vulnerability assessments, along with all of its other features, it has become an invaluable asset for our small organization.

We have found the AIO USM the most valuable because of its centralized grouping of all of the tools necessary to manage our security in an "All In One" solution.  Of its parts, the scheduled vulnerability assessment tool has been helpful as a preventative measure to help keep ahead of security threats!

As with many of its users, I have submitted suggestions in the past and AlienVault has seemed to listen to suggestions from its users and have implemented them every time.  I am happy with the product as it is today.

The customizable reports

I can monitor less things and just read reports or alarms.

I don't have any, as I've been pretty satisfied with the product.

1 Year

No, it was pretty smooth. There's a little bit of a learning curve out the gate, but they have lots of help available.

No

Just learning the language, it's a new product, and it takes time to learn all of it's capabilities.

10, they have great customer Service

10

We had a MARs and it was EOF.

It was pretty straightforward, you take a class and then you get extra help. There wasn't any confusion.

In-house.

N/A

It's worth it!

Yes, but I wasn't apart of the research team.

I'm glad we purchased it, wished we would have gone with outside monitoring instead of inhouse an there is a lot to learn. Great product though.

This is a SIEM solution that our customers use in an on-premises deployment.

The most valuable feature of this solution is security management for PCI DSS.

This solution could be easier to use. It is hard for some people to understand, and they need to get training and certification just to understand what it's showing them.

In terms of stability, I would give it fifty percent.

The scalability of this solution is good.

We have a large number of customers who use this product on a daily basis.

Technical support is very good from their side.

The initial setup of this solution is a bit complex. Specifically, it is the way that it integrates with other products.

We deployed this solution in-house.

This is a good product but it can be made more user-friendly.

I would rate this solution a seven out of ten.

Recently, we used the NetFlow capability to find a bottleneck in the network and the offending computer.

The most valuable aspect of AlienVault is the visibility into the network. You have the capability to gather logs from multiple sources and easily see what is going on in the network.

It is a lot of work to get the software configured and set up properly.

There were some issues with the reporting functions. AlienVault corrected that problem in a new update.

Customer Service:

The customer service department is very responsive to questions.

Technical Support:

The technical support team is very knowledgeable. It is helpful that they are able to have remote support sessions to review the problem.

No.

We deployed this system in-house. We are not a fan of moving things to cloud-based solutions.

The engineering support that is provided by AlienVault upon first installation was excellent! They went way above and beyond what I was expecting.

We evaluated the popular SIEM tools Splunk, LogRhythm, and SolarWinds. AlienVault provided the most features for the price point.

Threat detection powered by signatures and advanced correlation rules.

It helps to identify external and internal security threats to the organization, on time.

• Accuracy of threat detection
• Advance reporting
• Reliable asset and vulnerability management feature

We have been using this solution for three years.

I did not encounter any issues with deployment.

I did not encounter any issues with stability.

I did not encounter any issues with scalability.

Excellent.

We received average support. As observed, the support engineers take a long time for issue resolution.

I have not used any other solutions before.

The setup was simple and straightforward.

We had an in-house implementation.

It has not yet been measured.

The pricing and licensing are at its best in the market when compared with other vendor's SIEM products.

We evaluated ArcSight, RSA Security Analytics, and Splunk.