Try our new research platform with insights from 80,000+ expert users
it_user466923 - PeerSpot reviewer
Information Security Administrator at a government with 1,001-5,000 employees
Vendor
It provides greater visibility of host based and network activity through its HIDS and NIDS functionality. They should simplify the HIDS agent reporting/custom rule creation.

What is most valuable?

  • Central log aggregation
  • Security correlation

How has it helped my organization?

It provides greater visibility of host-based and network activity through its HIDS and NIDS functionality.

What needs improvement?

They should simplify the HIDS agent reporting/custom rule creation.

For how long have I used the solution?

I've used it for one year.

Buyer's Guide
USM Anywhere
November 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.

What do I think about the stability of the solution?

We had issues but this was due to us receiving improper training from a third party and not necessarily due to the product.

What do I think about the scalability of the solution?

Servers/sensors cap at 2048 host based agent deployments, but servers and sensors are easily scalable for a medium sized business.

How are customer service and support?

10/10

Which solution did I use previously and why did I switch?

I haven't used anything similar.

What's my experience with pricing, setup cost, and licensing?

AlienVault is willing to offer flexible and competitive pricing.

Which other solutions did I evaluate?

We also looked at AccelOps, LogRhythm, and IBM QRadar.

What other advice do I have?

If you have any questions, AlienVault's support team is more than willing to help with your installation, implementation, and integration.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you for your feedback & comments.

PeerSpot user
Network Security Specialist at SEFISA
Real User
This solution can completely detect and prevent incidents on your network
Pros and Cons
  • "Using the communication within the security device, it is easier to create plugins."
  • "This solution can completely detect and prevent incidents on your network."
  • "Reports are customized, so you can present them to executives or engineers.​"
  • "The other thing is the agent is OSSEC. They needed to create its own agent to help to find threats on the devices that it happens to be installed."
  • "Maybe logs are the problem, as the database query is too slow. If you want to search something, you need time to find it."

What is our primary use case?

The solution has everything that you want: SIEM, vulnerability management, NetFlow, IDS, and more. This solution can completely detect and prevent incidents on your network. This solution can completely detect and prevent incidents on your network

How has it helped my organization?

It has helped not only in the security, but also on the network when we have problems with slowness, we can go to the NetFlow section and see who is generating a lot of traffic. 

Using the communication within the security device, it is easier to create plugins. Therefore, if you want to create plugins, there is an option called plugin creator to assist with this.

What is most valuable?

AlienVault has the necessary all-in-one product with the function of vulnerability scanner integrated with detections, so when you detect an incident in a vulnerable port you can act faster and prevent more incidents.

What needs improvement?

Maybe logs are the problem, as the database query is too slow. If you want to search something, you need time to find it.

The other thing is the agent is OSSEC. They needed to create its own agent to help to find threats on the devices that it happens to be installed.

For how long have I used the solution?

Three to five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you for your time to review AlienVault USM and for your candid feedback!

Buyer's Guide
USM Anywhere
November 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.
it_user103734 - PeerSpot reviewer
IT Officer with 51-200 employees
Real User
Visibility For Your Network and To Find Bottlenecks

How has it helped my organization?

Recently, we used the NetFlow capability to find a bottleneck in the network and the offending computer.

What is most valuable?

The most valuable aspect of AlienVault is the visibility into the network. You have the capability to gather logs from multiple sources and easily see what is going on in the network.

What needs improvement?

It is a lot of work to get the software configured and set up properly.

What do I think about the stability of the solution?

There were some issues with the reporting functions. AlienVault corrected that problem in a new update.

How are customer service and technical support?

Customer Service:

The customer service department is very responsive to questions.

Technical Support:

The technical support team is very knowledgeable. It is helpful that they are able to have remote support sessions to review the problem.

Which solution did I use previously and why did I switch?

No.

What about the implementation team?

We deployed this system in-house. We are not a fan of moving things to cloud-based solutions.

What's my experience with pricing, setup cost, and licensing?

The engineering support that is provided by AlienVault upon first installation was excellent! They went way above and beyond what I was expecting.

Which other solutions did I evaluate?

We evaluated the popular SIEM tools Splunk, LogRhythm, and SolarWinds. AlienVault provided the most features for the price point.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you for your time to review AlienVault USM and for your candid feedback!

PeerSpot user
Security Expert at a tech services company
Consultant
Provides threat detection powered by signatures and advanced correlation rules.

What is most valuable?

Threat detection powered by signatures and advanced correlation rules.

How has it helped my organization?

It helps to identify external and internal security threats to the organization, on time.

What needs improvement?

  • Accuracy of threat detection
  • Advance reporting
  • Reliable asset and vulnerability management feature

For how long have I used the solution?

We have been using this solution for three years.

What was my experience with deployment of the solution?

I did not encounter any issues with deployment.

What do I think about the stability of the solution?

I did not encounter any issues with stability.

What do I think about the scalability of the solution?

I did not encounter any issues with scalability.

How are customer service and technical support?

Customer Service:

Excellent.

Technical Support:

We received average support. As observed, the support engineers take a long time for issue resolution.

Which solution did I use previously and why did I switch?

I have not used any other solutions before.

How was the initial setup?

The setup was simple and straightforward.

What about the implementation team?

We had an in-house implementation.

What was our ROI?

It has not yet been measured.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing are at its best in the market when compared with other vendor's SIEM products.

Which other solutions did I evaluate?

We evaluated ArcSight, RSA Security Analytics, and Splunk.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Stephen - thanks so much for your time & feedback!

PeerSpot user
Tech Support Engineer at a tech services company with 501-1,000 employees
MSP
Offers an Open Threat Exchange for IP reputation and vulnerability scanning.

What is most valuable?

  • Open Threat Exchange (for IP reputation)
  • Vulnerability scanning
  • Quick APT phishing-related threat detection

How has it helped my organization?

  • Phishing sites were detected and it secured the environment from the upcoming threat.
  • Vulnerability scanner OpenVas is very useful for knowing current vulnerabilities present in system and taking preventive action.

What needs improvement?

  • IPv6 not supported
  • Correlate with external logs from other sources makes little bit difficult to work

For how long have I used the solution?

I have been using it for one year.

What was my experience with deployment of the solution?

It works well when you have minimum required setup as per AlienVault documentation.

What do I think about the stability of the solution?

Stability issues happen only when you do not have sufficient hardware as the primary requirement.

What do I think about the scalability of the solution?

It scales well.

How are customer service and technical support?

Customer Service:

Customer service is 7 out of 10.

Technical Support:

Technical support is 10 out of 10.

Which solution did I use previously and why did I switch?

We did not previously use a different solution.

How was the initial setup?

Initial setup was straightforward and simple.

What about the implementation team?

An in-house team implemented it.

What was our ROI?

It is providing good ROI.

What's my experience with pricing, setup cost, and licensing?

It is cheaper and more valuable compared to other reputable SIEMs.

Which other solutions did I evaluate?

Before choosing this product, we did not evaluate other options.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user723714 - PeerSpot reviewer
it_user723714Product Manager at a tech vendor with 201-500 employees
Real User

Thank you so much for the feedback! I did want to let you konw that we're currently working on IPv6 support and have just rolled out a Custom Plugin Builder to make onboarding custom log sources more efficient. Please keep in touch with how the product is working for you!

See all 3 comments
it_user467397 - PeerSpot reviewer
IT Security Administrator at a local government with 501-1,000 employees
Vendor
The basic setup was straightforward. I'd like to see built in support to detect more security incidents.

What is most valuable?

  • Security alarms
  • Log collection

How has it helped my organization?

We now get a better view into what is happening on our network and to the servers than previously.

What needs improvement?

I'd like to see built in support to detect more security incidents.

For how long have I used the solution?

I've been using it for 10 months.

What do I think about the stability of the solution?

We had no issues with the stability.

What do I think about the scalability of the solution?

It's been able to scale for our needs.

How are customer service and technical support?

They're very good.

Which solution did I use previously and why did I switch?

This is the first time we've used a solution of this type.

How was the initial setup?

The basic setup was straightforward, but it would have been nice if I could have had more information on a full setup and the advanced features.

What's my experience with pricing, setup cost, and licensing?

You should license it for all your devices including endpoints, as this will make it more valuable to you.

Which other solutions did I evaluate?

We did compare it to some others solutions, but I don't remember which.

What other advice do I have?

Try it first as you get a free evaluation.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you for taking time to provide your feedback on your use of AlienVault USM.

it_user466518 - PeerSpot reviewer
IT Security Architect at a healthcare company with 1,001-5,000 employees
Vendor
I can see all HIDS and IDS events in one place. Setup is complex when playing with custom plugins.

What is most valuable?

The SIEM part where I can see all HIDS and IDS events in one place alongwith the correlation directives.

How has it helped my organization?

We have a better detection rate for malware and other cyber-attacks. Really helps when USM integrated in the incident response plan.

What needs improvement?

  • Database query speed when dealing with millions of events per day
  • Reports customization and types
  • Dashboards TV modes (SOC surveillance monitors)

For how long have I used the solution?

I've been using it for three years.

What do I think about the stability of the solution?

I've experienced frequent slowness, and we had to downgrade to filter out many logs.

What do I think about the scalability of the solution?

The AIO is not fast enough for a network over 100 EPS, so you have to go with a dedicated server option for better speed.

How are customer service and technical support?

7/10

Which solution did I use previously and why did I switch?

We had nothing in place prior to this.

How was the initial setup?

It's complex when playing with custom plugins.

What's my experience with pricing, setup cost, and licensing?

The price is low, and it's good quality but require effort.

Which other solutions did I evaluate?

There were no other options looked at.

What other advice do I have?

To take full advantage of the product you have to work under the hood.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you for your time to provide your comments on using USM.

PeerSpot user
Technical Writer at a tech services company with 11-50 employees
Real User
AlienVault USM - bang for your buck.

What is most valuable?

I have worked with a Managed Security Team that uses AlienVault USM for the past two years. The user interface is as good as it gets. The setup is greatly simplified with intensive documentation and a great tech support.

How has it helped my organization?

The USM has been instrumental in the discovery and tracking down of emerging threats which has helped us instantly evaluate and resolve security incidents for our clients.

What needs improvement?

I would say the menus could use some tweaking and custom rule creation could be made simpler.

For how long have I used the solution?

2 years.

What was my experience with deployment of the solution?

No. I did not face any deployment issues.

What do I think about the stability of the solution?

No. I did not face any stability issues.

What do I think about the scalability of the solution?

No. I did not face any scalability issues.

How are customer service and technical support?

Customer Service:

Impressive.

Technical Support:

Great.

Which solution did I use previously and why did I switch?

AlienVault was the first and only choice.

How was the initial setup?

Setup was straightforward and priming and fine-tuning was reasonably simple too.

What about the implementation team?

In-house team.

What was our ROI?

The product greatly reduces the need for human review and by bringing so many feature-rich capabilities under one roof, it makes it hassle-free for collecting evidence for ISO 27001 compliance.

What's my experience with pricing, setup cost, and licensing?

AlienVault is one of the best to consider in terms of price advantage. AV is giving tools that charge you based on EPS a run for their money. Forget about procuring licensing and setting up stand-alone detection and prevention systems and then having them all integrate for log interpretation.

Which other solutions did I evaluate?

Splunk Enterprise Security.

Disclosure: My company has a business relationship with this vendor other than being a customer: Managed Security Service Provider Partner Program.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you Sukanya for your time to review AlienVault USM and for your candid feedback!

Buyer's Guide
Download our free USM Anywhere Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free USM Anywhere Report and get advice and tips from experienced pros sharing their opinions.