USM Anywhere Reviews

AlienVault provides a central place for monitoring the logs from various security tools in our environment, such as CrowdStrike and Datrix. It gives us complete visibility into the logs from those tools and endpoints in our environment. We use AlienVault for managing logs and vulnerabilities with tools like CrowdStrike.

Having everything in a central place has been helpful. 

AlienVault cannot automatically respond to threats like other SIEM solutions, such as Sentinel and LogRhythm. Most of our clients are far away, so it's often challenging to handle alerts when they come up on our dashboard.

We have been using AlienVault for two years now.

I rate AlienVault seven out of 10 for stability. Deploying AlienVault on-prem has been a challenge. The network sometimes drops, and it disconnects the sensor. 

I rate AlienVault USM eight out of 10 for scalability.

We were using an open-source solution, then we upgraded to USM.

I rate AlienVault USM eight out of 10 for ease of setup. I've deployed it on-prem and in the cloud in EXI. You can deploy it in under 10 minutes. I deployed it by myself. It was easy for me because I attended the training, but some of my colleagues didn't. It was challenging for them to implement. However, one person is enough if you're trained.

You might have to pay an additional fee to increase the number of sensors. We have five sensors, but other clients have three. I think you need to pay more to extend to four or five. 

We tried Elastic Security, but it was difficult for us to implement.

I rate AlienVault USM seven out of 10. It can do the job if log management is what you want, but it lacks automated response. 

We used to have to monitor and review logs for each device. Now, everything comes into AlienVault and it alerts us when we need to respond. We now have real-time monitoring 24x7x365 using an in-house team.

The ease of use and customization. The USM is a work horse, no matter what devices or the number of logs we throw at it, the system processes them in real time, correlates the events, and alerts on only events that need human review.

The one thing I continue to dislike about the USM is the limitation on reports. Hard to get what you need in a report and once you do, there is no control over the formatting.

There used to be some issues with database stability in versions pre 5.x but the database has since been tuned and rock solid since.

The only issue I have run into with scalability is the 1TB limit for raw log storage. When you collect as many logs as I do you need additional space to keep logs for compliance.

Customer Service:

I give customer service five stars, they are always available and very helpful.

Technical Support:

Technical support gets 4 1/2 stars. Like any support, it varies on the person that gets your ticket.

I have used many solutions with different companies but always move to AlienVault. You get so many more features for the money. AlienVault always comes in way less in price than any other solution.

Initial install is easy, the complexity only comes in as you start to add logs to the system to collect. If you do not take the time to plan out your installation and get a complete list of devices to collect from you could run into issues.

We implemented using our in-house team.

We are able to monnitor 24x7x365 with minimal staffing. Once it is tuned you only get the alerts you need to see. We used to have to monitor and review logs for each device. Now, everything comes into AlienVault and it alerts us when we need to respond.

Have a look at how AlienVault does Events Per Second (EPS) compared to others. Most other products charge based on EPS, the more events the more you have to pay. This causes most companies to limit the amount of logs sent and processed. AlienVault charges by the number of devices managed. You can send anything and everything to the USM. The more logs you can process the better correlation you will have. I have found that companies that limit their logs and then have a security incident would have been able to identify the attack if they would have been monitoring all events in their logs.

Splunk, QRadar, LogRythm, etc.

If you are thinking about a solution, give their free product OSSIM a try and once you see all it does you will want to upgrade to the commercial USM to get even more.

I have used AT&T AlienVault USM for Log collection and management, priority, and incident analysis.

AT&T AlienVault USM has helped our organization by highlighting known vulnerabilities in our network and full visibility of our network to figure out if there is anything that we are not aware of. If there are any missing pieces, they would be found by the AT&T AlienVault USM.

The most valuable feature in AT&T AlienVault USM is the reporting.

AT&T AlienVault USM can improve searchable data. It should be available for more than 90 days. If you need more than 90 days of data, you have to put a request and they give you raw data, which is not easy to search. A good addition would be to allow users to search data older than 90 days.

In a future update, they should add more integrations with third-party devices.

I have been using AT&T AlienVault USM for approximately six months.

AT&T AlienVault USM is stable.

The scalability of AT&T AlienVault USM is good.

We have five IT administrators that use it. We plan to increase the usage in the future.

We don't reach out to technical support from AT&T AlienVault USM. We go through our third-party provider. They are the ones who we reach out for technical support. We only reach out to the MSP.

I did not use another solution prior to AT&T AlienVault USM.

The initial setup of AT&T AlienVault USM was straightforward. The deployment took approximately one hour.

We did the implementation in-house with the help of a consultant. We require one person for the maintenance and support.

I have seen a return on investment using AT&T AlienVault USM.

I rate the return on investment of AT&T AlienVault USM a four out of five.

I rate the price of AT&T AlienVault USM a four out of five.

We evaluated Microsoft Sentinel and IBM QRadar before choosing AT&T AlienVault USM.

AT&T AlienVault USM is very easy to deploy, user-friendly, easy to understand, and fits very well for small, and medium-sized businesses. I won't say it is a con for the other ones, but they are more suitable for larger-sized companies and sometimes it is cost a lot for Microsoft Sentinel and IBM QRadar.

My advice to others is you need a dedicated person to monitor the same solution. If not, you have to outsource it to a 24/7 SOC, or Security Operation Center, such as a managed security provider.

I rate AT&T AlienVault USM a nine out of ten.

We use it to gain security visibility and to meet compliance.

We're not just a customer but we're a partner as well. We've deployed this into thousands of organizations and we continue to see that happening. It's a great tool.

It's really easy to aggregate and correlate and view several different security logs and several different data pieces in a single place. That's what allows us to see the security logs that we need to see to determine if there is something malicious on our network or not.

Also, aggregating the logs and putting them in a central place helps us to comply with certain regulations, the details of which I can't go into.

We have been able to use AlienVault to find critical vulnerabilities in our network and it has helped reduce the time it takes to respond to a threat.

The IDS and the threat intelligence are very useful. They are very intuitive and data-rich.

One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs. AlienVault has three components to it, a sensor, a server, and a logger. Sensors grab data, servers correlate data, and loggers store data. The logger can only hold so much data. If they improved that, that would help.

It has great scale. We have brought it into several publicly traded global organizations, with thousands of users. The users are anything from a CCO down to a network administrator.

For a large deployment like that, the number of our staff required depends on a few things but, generally, it would take one to three people. It also requires about three people for maintenance. Their roles would likely be anyone who is leading or managing an InfoSec team.

The technical support team is responsive and helpful. They communicate and they are engaged. We work with them on a daily basis and they're on it.

We did not work with a previous solution. We decided to bring it into our organization based on its value. It allows you to do a lot with a small price tag.

As partners, we think the setup is pretty straightforward but I imagine it depends on whom you ask. There are a lot of people who don't think so, but we think it's pretty straightforward. It has an easy-to-go-along Start menu, and the overall GUI is easy to navigate. It's pretty step-by-step, as long as you can follow those directions.

It can be as simple or complex as you want it to be. But for the most part, it's just a very easy tool to be able to engage with, to click on. They make it intuitive.

Sometimes deployment takes a couple of hours, sometimes it takes a couple of days, depending on the size of deployment.

We definitely have an implementation strategy but there are a lot of details to that. Just stay organized, pay attention to the details, cross your T's and dot your I's.

There is an ROI although I don't have the exact figures on it. The ROI is in the area of technology products that we have to go purchase: Instead of having to go buy a million dollars worth of cybersecurity products, we have saved a lot of money on that. It has also saved us loads of time as a result of not having to integrate it with a ton of other things.

The pricing is the best on the market.

We evaluated every single SIEM on the market. The major difference that made AlienVault stand out is the unification, meaning the integration of technologies out-of-the-box, as opposed to having to do it on your own.

Have an idea of a plan and know where things in your network are and know who can give you access to certain things you might need.

In terms of how extensively we're using it, I'd be surprised if there was anyone outside of our team that is using it more extensively then we are.

I would rate AlienVault at ten out of ten.

The use case is for companies that want to have more visibility in their environment and want to apply governance. This solution is used for compliance management, vulnerability management, threat hunting, and threat protection.

I think all of the features are valuable. However, the most valuable feature is vulnerability management because it gives you insight into your environment to know what systems need to be updated or patched. You can avoid weaknesses in the computers and other systems by keeping them patched.

I think they need to broaden their compliance management to cover more areas of compliance. For example, they're very specific about HIPAA, CIS 8.0, and a few others, but they don't have a broad compliance management base. Some customers need compliance management with other standards or frameworks, which are unavailable on their platform. I want to see more compliance management capability because if they broadened it, it would be a much more attractive product. 

They have a lot of integrations, which is good, but the quality of integrations seems to be a little bit low. It's one thing to provide integration, and it's another to provide integration that works really well.

The solution is cloud-based and hybrid. A server is put into a customer's environment to collect information and send it to the cloud. Both the server installed in the customer's environment and the cloud solution are scalable. The solution has rapid elasticity and all the check marks a cloud-based solution needs to scale. It is definitely scalable.

There are currently 19 users in our company. I think over time we have plans to increase our usage of this solution, but as an MSP, we have clients with different requirements or needs, so we might pick a different solution because it's a better fit.  

The initial setup was pretty straightforward. It wasn't that difficult.

The initial steps of the implementation, getting the account and setting it up, only take a few hours. Then there's some fine-tuning that takes place afterward, and it takes a little bit longer. You need about a week to really get that fully configured with a good plan and deployed in the environment, and then from there, it's just fine-tuning as you go.

We handled the deployment in-house. The solution needs one person for deployment and one for management.

I don't recall exactly what their prices are, but they are a little more expensive than Microsoft. It really depends on what features in Microsoft you may already be using. If, for example, you're a company that has Microsoft's Defender for Endpoint and Defender for Identity, or basically any of their Defender Suite applications, you might already be paying a certain amount every month or every year for those features that the Microsoft Sentinel solution brings under one umbrella.

AlienVault also has additional fees for extra storage in the cloud. 

Recently, we were going to sell a customer AlienVault, but then they picked Microsoft Sentinel. We compared them because we wanted to make sure that  both solutions could do the same thing, and it turns out that Microsoft does it a little bit better.

It's like having a Swiss Army knife that has all of the tools you need to do a craft, or just having a regular pocketknife that you can only use to do one thing. In this case, AT&T is the pocketknife and Microsoft is the Swiss Army knife.

My advice would be to make sure the product is a good fit in terms of compliance and compatibility with your security solution, like your EDR and ATP solutions. Make sure that they play well together because you could have issues with the two fighting each other over protecting the computers.

I would rate this solution as a seven out of ten. 

It's a good product. They created AlienVault based off of an open source framework, so it's built on OSSIM. It's interesting that AT&T is going into the cybersecurity market since they're a huge mobile carrier. Right now, their marketing and advertisements are really good, but they need to invest more money into the product. If they focus more on building out the product, maybe invest a little bit more money into development, I think they'll have a stronger strategy and a very dominant winning solution in the market.

We were trying to get into the security market to be able to offer something to our clients who are asking for a monitoring event management system. We started looking at what we could offer as an MSP to our clients; that's what drove us into evaluating different SIEM products, to get a better understanding of how the billing is set up as a partner. Alien Vault had the best set up for MSPs — the way they are set up for billing and the way they set up their USM account. 

The reason why we went with AT&T AlienVault USM, was because we liked their reporting capability a little better than some of the other ones we evaluated; however, the biggest draw for us was how AT&T has their MSP program set up. In most cases, you have to buy a certain number of either agents or sensors which are, more or less, the program. With an MSP, our clients don't have to buy any — there are no minimum requirements. Alien Vault provided us with really good worksheets to detail the number of sensors needed when we are in negotiations with prospective clients. We can also use them to determine the number of devices that are going to be monitored, and how we can tailor the customer setup based on what the customer requirement is.

The other big selling feature for us was its integration capabilities with all the other security-based products, not just security-based, but application settings in general. It works with Google Drive, Gmail, and Microsoft 365. It also works with different antivirus software from Proof Point to Okta — all of the different pieces of applications that we normally provide as a best practice to our clients. This software can interact with them all and pull the event data and the security data from all of these different applications, and more.

I'd like to see a dashboard that's a little more descriptive. We can customize the dashboards, but the out-of-the-box dashboards are kind of bland. Since we give our customers access to their dashboards, it would be nice if they were a little bit more intuitive. We can go easily drill into it and show them everything, but the customer just sees the writing on the page. 

I'd like to see them dress up their out-of-the-box dashboard a little bit. We have the ability to do a lot of that. 

Since they have this image — they have a strong MSP program. I would love to see them allow branding, which they don't at this point.

We deployed the demo roughly eight months ago.

AT&T AlienVault USMIt's has been very stable.

Their support has been stellar, any issues that we had with trying to get it configured or trying to interpret instructions, we could just make a quick phone call and they were there to help us.

I'd say it was kind of in the middle, complexity-wise. It's actually fairly easy to deploy a new client. 

It's competitive with other similar solutions; however, I don't do the billing so I can't properly comment on it.

Most of our clients are small to medium-sized businesses; they can't afford to go out and purchase a SIEM on their own. They're looking for us to provide something for them. This was why we provide HCZ cybersecurity and Alien Vault, etc. 

If you're in an MSP and you're servicing small to medium-sized clients, this is definitely a product that you want to look at and evaluate. When we were doing our evaluations, we were looking at the applications that are supported out-of-the-box, without having to develop any special ATIs — we wanted a pre-built application that supported most of the applications that we use within our client base.

On a scale from one to ten, I would give this solution a rating of eight.

I'd like to see a little bit more work, out-of-the-box, regarding the dashboards. I'd like to see them provide us with branding capabilities, to be able to put our logos on the dashboard so that the client understands that it's coming from Ice Consulting instead of Alien Vault.

We use it for log management, which is connected to our active directory and other servers. It is agent-based and picklocks for our firewall. Every activity on the firewall is recorded, and notifications are sent with this solution.

It gives us everything we want. We don't use vulnerability management, and we use it specifically for the log.

We like the on-premises solution, but AT&T wants us to move to their cloud version. We are not interested in doing that because the storage in the cloud version is not cheap. We don't want to move to the cloud and be unable to afford the cost of maintaining the cloud. We are looking for a solution that we can afford long term. Since the support for on-premises is close to being eliminated, we are looking for a solution that fits our budget.

We have been using this solution for six years and are using the latest version of their on-premises USM.

We have had some issues, but we have been able to handle them.

We have tried to scale it with a partner, but one of the limitations is that we do not want to scale it if the on-premises is coming to the end of life. We have to manage our budget to ensure the business does not fail. In terms of assets, we have about 100 assets, and it is not difficult to maintain.

The partner that we liaised with during deployment manages any issues. We raise a ticket, push it to them, and work together on Zoom to fix it. Sometimes I handle the issues myself, but if I can't handle it, I push it to the partners. I rate the technical support an eight out of ten.

Positive

The setup was not difficult and was a bit straightforward. The tricky part was trying to correlate what to send alerts for. Sometimes the log is unclear, and the report is a bit ambiguous. So we need to do additional research to know what the log and raw data are saying. The deployment was done both in-house and with a third party.

The licensing cost is around 4 million naira. I rate the pricing a nine out of ten, with ten being the most reasonable.

I rate this solution an eight out of ten. Regarding advice, before you implement any solution, ensure it meets your technical needs and assess whether you can maintain the solution in terms of cost of support. Regarding additional features, the existing features are good, but if they could integrate file integrity monitoring, it would be great.

As a product-agnostic Managed Security Services Provider (MSSP), AlienVault USM is one of several SIEM solutions we utilize in our Security Operation Center (SOC). We deploy, manage, and monitor the solution for other clients, and we use it for ourselves. As do most SIEMs, AlienVault allows us a central location to monitor the cybersecurity of an IT environment. It's impossible to avoid 100% of attacks, so after setting up defenses, the next best thing is to have 24/7 eyes-on-glass to be able to quickly respond to incidents as they happen. 

As stated before, the solution allows us to continuously detect cybersecurity incidents that may occur throughout our environment.

AlienVault USM Anywhere has a modern, user-friendly, and intuitive GUI, making it easy to use. It is a cloud-based solution that is easy to deploy and easy to scale as well. On top of having built-in support with several technologies, AlienVault USM Anywhere has an API that allows you to develop additional plugins if necessary.

Although they use machine learning, the algorithms that they use are graph-based. Their AI/ML capabilities could be improved a bit.

The solution is very stable.

It's a cloud-based solution so it's easy to scale.

In our experience, AlienVault has good customer service. 

I did use other solutions with different clients, and we do so now. We find AlienVault to have the best price to performance value. There are better solutions, but the price is reflected. 

It's straightforward and relatively easy for someone who is tech-oriented.

In-house.

It's difficult to judge the ROI on cybersecurity, but just look at the news to see the cost of breaches and how detrimental they could be.

As stated before, I believe this is the best SIEM solution for its value, especially for SMB.

Yes, I myself have had experience with IBM QRadar, Splunk Enterprise, and Logrhythm, but my company has experience with several others.