USM Anywhere Reviews

The solution has everything that you want: SIEM, vulnerability management, NetFlow, IDS, and more. This solution can completely detect and prevent incidents on your network. This solution can completely detect and prevent incidents on your network

It has helped not only in the security, but also on the network when we have problems with slowness, we can go to the NetFlow section and see who is generating a lot of traffic. 

Using the communication within the security device, it is easier to create plugins. Therefore, if you want to create plugins, there is an option called plugin creator to assist with this.

AlienVault has the necessary all-in-one product with the function of vulnerability scanner integrated with detections, so when you detect an incident in a vulnerable port you can act faster and prevent more incidents.

Maybe logs are the problem, as the database query is too slow. If you want to search something, you need time to find it.

The other thing is the agent is OSSEC. They needed to create its own agent to help to find threats on the devices that it happens to be installed.

Recently, we used the NetFlow capability to find a bottleneck in the network and the offending computer.

The most valuable aspect of AlienVault is the visibility into the network. You have the capability to gather logs from multiple sources and easily see what is going on in the network.

It is a lot of work to get the software configured and set up properly.

There were some issues with the reporting functions. AlienVault corrected that problem in a new update.

Customer Service:

The customer service department is very responsive to questions.

Technical Support:

The technical support team is very knowledgeable. It is helpful that they are able to have remote support sessions to review the problem.

No.

We deployed this system in-house. We are not a fan of moving things to cloud-based solutions.

The engineering support that is provided by AlienVault upon first installation was excellent! They went way above and beyond what I was expecting.

We evaluated the popular SIEM tools Splunk, LogRhythm, and SolarWinds. AlienVault provided the most features for the price point.

Threat detection powered by signatures and advanced correlation rules.

It helps to identify external and internal security threats to the organization, on time.

• Accuracy of threat detection
• Advance reporting
• Reliable asset and vulnerability management feature

We have been using this solution for three years.

I did not encounter any issues with deployment.

I did not encounter any issues with stability.

I did not encounter any issues with scalability.

Excellent.

We received average support. As observed, the support engineers take a long time for issue resolution.

I have not used any other solutions before.

The setup was simple and straightforward.

We had an in-house implementation.

It has not yet been measured.

The pricing and licensing are at its best in the market when compared with other vendor's SIEM products.

We evaluated ArcSight, RSA Security Analytics, and Splunk.

• Open Threat Exchange (for IP reputation)
• Vulnerability scanning
• Quick APT phishing-related threat detection

• Phishing sites were detected and it secured the environment from the upcoming threat.
• Vulnerability scanner OpenVas is very useful for knowing current vulnerabilities present in system and taking preventive action.

• IPv6 not supported
• Correlate with external logs from other sources makes little bit difficult to work

I have been using it for one year.

It works well when you have minimum required setup as per AlienVault documentation.

Stability issues happen only when you do not have sufficient hardware as the primary requirement.

It scales well.

Customer service is 7 out of 10.

Technical support is 10 out of 10.

We did not previously use a different solution.

Initial setup was straightforward and simple.

An in-house team implemented it.

It is providing good ROI.

It is cheaper and more valuable compared to other reputable SIEMs.

Before choosing this product, we did not evaluate other options.

• Security alarms
• Log collection

We now get a better view into what is happening on our network and to the servers than previously.

I'd like to see built in support to detect more security incidents.

I've been using it for 10 months.

We had no issues with the stability.

It's been able to scale for our needs.

They're very good.

This is the first time we've used a solution of this type.

The basic setup was straightforward, but it would have been nice if I could have had more information on a full setup and the advanced features.

You should license it for all your devices including endpoints, as this will make it more valuable to you.

We did compare it to some others solutions, but I don't remember which.

Try it first as you get a free evaluation.

The SIEM part where I can see all HIDS and IDS events in one place alongwith the correlation directives.

We have a better detection rate for malware and other cyber-attacks. Really helps when USM integrated in the incident response plan.

• Database query speed when dealing with millions of events per day
• Reports customization and types
• Dashboards TV modes (SOC surveillance monitors)

I've been using it for three years.

I've experienced frequent slowness, and we had to downgrade to filter out many logs.

The AIO is not fast enough for a network over 100 EPS, so you have to go with a dedicated server option for better speed.

7/10

We had nothing in place prior to this.

It's complex when playing with custom plugins.

The price is low, and it's good quality but require effort.

There were no other options looked at.

To take full advantage of the product you have to work under the hood.

I have worked with a Managed Security Team that uses AlienVault USM for the past two years. The user interface is as good as it gets. The setup is greatly simplified with intensive documentation and a great tech support.

The USM has been instrumental in the discovery and tracking down of emerging threats which has helped us instantly evaluate and resolve security incidents for our clients.

I would say the menus could use some tweaking and custom rule creation could be made simpler.

2 years.

No. I did not face any deployment issues.

No. I did not face any stability issues.

No. I did not face any scalability issues.

Impressive.

Great.

AlienVault was the first and only choice.

Setup was straightforward and priming and fine-tuning was reasonably simple too.

In-house team.

The product greatly reduces the need for human review and by bringing so many feature-rich capabilities under one roof, it makes it hassle-free for collecting evidence for ISO 27001 compliance.

AlienVault is one of the best to consider in terms of price advantage. AV is giving tools that charge you based on EPS a run for their money. Forget about procuring licensing and setting up stand-alone detection and prevention systems and then having them all integrate for log interpretation.

Splunk Enterprise Security.

The customizable reports

I can monitor less things and just read reports or alarms.

I don't have any, as I've been pretty satisfied with the product.

1 Year

No, it was pretty smooth. There's a little bit of a learning curve out the gate, but they have lots of help available.

No

Just learning the language, it's a new product, and it takes time to learn all of it's capabilities.

10, they have great customer Service

10

We had a MARs and it was EOF.

It was pretty straightforward, you take a class and then you get extra help. There wasn't any confusion.

In-house.

N/A

It's worth it!

Yes, but I wasn't apart of the research team.

I'm glad we purchased it, wished we would have gone with outside monitoring instead of inhouse an there is a lot to learn. Great product though.