Try our new research platform with insights from 80,000+ expert users
reviewer981528 - PeerSpot reviewer
Principal DevOps Engineer at a tech vendor with 11-50 employees
Real User
It gives you robust protection and value without the need for a dedicated SOC team
Pros and Cons
  • "AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small company that doesn't have those resources."
  • "I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins."

What is our primary use case?

AlienVault USM is an SaaS solution offered through the cloud. It's a security incident event management solution that scans logs to look for various security patterns that are shipped to it. Then it alerts us so we can identify trends.

How has it helped my organization?

AlienVault gives us greater visibility into our security and tells us what we need to address. We haven't had any breaches, but if we were to have some, we would get alerts.

What is most valuable?

AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small company that doesn't have those resources.

What needs improvement?

I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins.

We often have application logs that are unique to us, so it's silly to have to open a ticket, have them do the work, and then release the plugin. It would be nice if they had a self-service portal where we could define the parameters within the product for the plugin and have a custom plugin for our logs. 

Buyer's Guide
USM Anywhere
November 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.

For how long have I used the solution?

I've been using AlienVault USM for about two or three years.

What do I think about the stability of the solution?

AlienVault USM has been quite stable so far. We might've had one or two hiccups over the past couple of years, but nothing major.

What do I think about the scalability of the solution?

We have had no issues with scalability at all. It's been seamless. We have only three or four users on our DevOps team, but we're getting information from all over. Of course, many downstream people benefit from the work that we do, but only about four people actually log in and use it. 

How are customer service and support?

Technical support has been okay. It hasn't been great. On a scale of one to 10 scale, I'd say maybe a six. It took them a long time to respond to some of our questions, and we didn't get the complete responses we were expecting. In some cases, the process took so long that the question's urgency diminished by the time we could get to an answer.

How was the initial setup?

Setting up AlienVault USM was relatively straightforward. Of course, all software is complex, but this wasn't overly complex. We did do some professional service hours with the vendor during the deployment, but that was more about best practices. We asked how to configure it to get the most out of the solution. 

It's not an admin-heavy product in terms of maintenance and management. There's certainly a lot you can do to customize and configure it, but it doesn't require much administration. Someone is logging in most days to check in and review alerts.

Which other solutions did I evaluate?

We looked at Splunk Enterprise with the added security module, and that worked great, but it also had a lot of overhead to get value out of it. We just didn't have the capacity for it.

What other advice do I have?

I would give AlienVault USM a solid eight out of 10. There are certainly products out there that can do more. For a smaller company, I'd say it's a solid nine or a 10, but if we compare all the offerings on the market, I would say it's a solid eight. It doesn't have some of the features of the other ones, but it offers a lot of benefits to us because we can get the value that we need out of it without having a dedicated team.

It's been good overall, so I would give it a thumbs up. It's suitable for small organizations that don't have the capacity for a dedicated SOC that could handle something like Splunk Enterprise. Splunk is great for businesses with a dedicated team to do full-time analysis. But I think this is a nice solution for smaller companies where the IT staff has to wear multiple hats.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Real User
Provides us with flexible deployment architecture
Pros and Cons
  • "The best thing about AlienVault USM is it being a “Jack-of-All Trades” solution. It provides SIEM, HIDS/NIDS, FIM, NetFlow, Asset Management, Vulnerability Management, etc., under one USM platform. None of the commercial SIEM vendors like ArcSight, McAfee, etc., can boast of such a diverse feature set."
  • "The lack of mature functionality and expertise in any of those areas is a strong negative."

How has it helped my organization?

A jack-of-all trades:

The best thing about AlienVault USM is it being a “Jack-of-All Trades” solution. It provides SIEM, HIDS/NIDS, FIM, NetFlow, Asset Management, Vulnerability Management, etc., under one USM platform. None of the commercial SIEM vendors like ArcSight, McAfee, etc., can boast of such a diverse feature set.

  • QRadar is the closest to AV USM in terms of feature diversity. While all the features are formerly isolated Open Source community projects, the USM does a good job of integrating them into a feature set. While they are not great as individual parts, they more than make up as a sum of the parts.
  • OTX – Open Threat Exchange is a wonderful community sharing platform that helps clients to share IP and URL reputation information so that all AV customers can benefit. This is true community sharing modeled on the likes of the Splunk Community (for app development). This has the potential to grow into a large source of Real World Intelligence and what AlienVault intends to do with this data remains to be seen. For now, it is being used by USM Correlation engine to provide better context and content for Security monitoring. AlienVault Labs, is also utilizing this infrastructure to constantly update Detection rules for malware vectors, vulnerability exploits etc. QRadar and ArcSight provide Intelligence, but it is commercial intelligence and not community intelligence. With community intelligence, you get more hits than misses.
  • Multi-Tenancy – While this feature may not elucidate an interest from many readers, those who have worked in an MSSP environment can understand why this is a very important feature to have. AV USM does support Multi-Tenancy out of the box. This, when combined with the Architecture flexibility provide great MSSP models to sell and operate. The key is to understand how the multi-tenancy works. Basically, a single database is used to store data of several customers using a Data isolation Logic and Permission control. The data isolation logic is based on Entities created in USM (Assets, Users, Components Assigned (Sensors) etc., are grouped together as a Single Entity) and Permissions (applied in a granular fashion to data sets related to the Entities). QRadar, ArcSight and other major SIEM products provide this as well.
  • Integration – While AV USM is known for being customization friendly, the amount of out-of-the-box plugins for Log Monitoring and Correlation is limited to the well-known products. It does not have comprehensive integration capabilities with say legacy applications, Directory services, databases, etc., that other SIEM vendors boast of. Similarly, it relies mostly on its own “pre-packaged” tools for data enrichment and hence has poor “Third Party” Integration capabilities. However, if you really are a developer of open source products, the integration challenge can be overcome. But how many are willing in the real world enterprise?
  • Correlation and Workflow – What good is a SIEM product if it cannot perform advanced Correlation and Operational workflow? AV USM has a strong foundation in Correlation using XML driven Directives and Alarms thresholds. However, when it comes Head-to-Head with the Industry leaders like ArcSight, QRadar, Splunk, etc. it falls terribly short. We particularly like the Cyber Kill Chain flow which a lot of customers are using for complete visibility, but this is not the end game in real world enterprise operations where not all the data points required for the directive are available. Same thing goes for the workflow, where the integration with external ticketing or issue tracking system is very limited, and hence acts as a deterrent in large scale deployments.

What is most valuable?

Flexible Deployment Architecture – This is where the Open Source roots really start to flex their muscles when it comes to AV USM. The main components of the architecture are as follows:

  • AV Sensor: AV Sensors perform Asset Discovery, Vulnerability Assessment, Threat Detection, and Behavioral Monitoring in addition to receiving raw data from event logs and helping in monitoring network traffic (including Flow). The sensors also perform normalization of the received raw events and communicates them to the AV Server for correlation and reporting.
  • AV Server: AV Server is the Central Management Console that provides USM capabilities under a single GUI. The server receives normalized data from the sensors, correlates, and prioritizes the events and generates security alerts or alarms. The server also provide a variety of reporting and dashboarding capabilities as well.
  • AV Logger: AV Logger provides the capability to archive log files for purposes of forensic analysis and to meet compliance requirements for long term retention and management.

All the architecture components including the Sensor, the Logger, the Correlation Engine, etc., can be deployed tier-based, isolated, or in a consolidated all-in-one style. This wide variety of deployment options help customers to have flexible and open architectures. This also helps control cost depending on the budget at hand. Very rarely can products boast of such flexibility.

What needs improvement?

This product is jack-of-all trades, but master of none. As mentioned in the good, being a jack-of-all trades is well suited for certain organizations. However, the lack of mature functionality and expertise in any of those areas is a strong negative.

For example, the correlation engine is nowhere close to the likes of ArcSight , QRadar, or Splunk, etc. The threat Intelligence is not as good as QRadar, McAfee, RSA, etc. When it comes to critical functionality expertise, AV USM is found lacking.

  • Database: AV USM is using MySQL for its database. All the issues related to a structured DB for log collection, storage and management come to haunt AV USM as well. All SIEM logs are stored in the MySQL database and this causes an issue in terms of scalability, especially with high log volume environments because backup and restore is time and CPU/RAM consuming. USM can hugely benefit from moving to a non-DB Log storage architecture, thereby giving more flexibility in data management. It is doubtful if AV will take that route. Based on their product direction, they are looking at Percona Server to replace MySQL. While it is a good move, it is still customized MySQL replacement. It may not add much desired scale to the product.

What do I think about the stability of the solution?

Product Stability: The biggest issue we have seen with the product is its poor stability. With way too many components, myriad integration, a ton of scripts, and the product is really unstable. Every version upgrade is a nightmare. Re-installation or Re-start is the most common solution for the product to start working again. In a mission critical environment, this is a complete NO-NO. One of the most common and frequently failing components is the DB. Issues like DB corruptions, access issues, disk errors, unresponsive queries, etc., really test the patience of end users on a regular basis. These are the most damning negatives about AV USM.

How are customer service and technical support?

One of the common issues we hear about AV technical support is that it is of inconsistent and poor quality. Most of the time, the solutions rely on re-install, re-start, or a bug-fix. There are way too many components to troubleshoot. This leaves support to resort to re-install or re-start, without thorough root cause analysis.

Which solution did I use previously and why did I switch?

Customization: Again, this is one point where AlienVault outshines the competition in capability of customization. We have seen several customers who are using AV USM with heavy customization to perform threat detection, Asset Discovery, Threat scoring, APT detection, etc. This flexibility is really desired by Security analysts and AV USM is making good on this promise.

What's my experience with pricing, setup cost, and licensing?

One of the areas where AV USM benefits is price. It is affordable while offering a whole lot of SIEM features. This turns out to be the deciding factor for small and medium enterprise segments. QRadar, ArcSight and Splunk are some of the most expensive SIEM security tools out there in the market and not everyone has the budget to buy them. In such cases, AV USM is a very cost effective alternative.

What other advice do I have?

Product Vision Stagnation: This may not be much of an issue for potential users of AV USM. However, it is important to note that the product has not gone through major leaps in the last four years. It had more than three major releases and 20+ minor releases, but nothing path-breaking has been brought to the market. It has still remained in the “promising products to watch” for way too long. One of the main reasons we think this is the case is because of economies of scale. Since they are priced lower and cater to the SME segment, the amount of money invested in development is less, and hence the result.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you Vinod for your time to review AlienVault USM and for your candid feedback!

Buyer's Guide
USM Anywhere
November 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.
MattCarter - PeerSpot reviewer
Founding Member at Integotec
Real User
A very scalable solution with vulnerability management that helps avoid weaknesses, but needs broader compliance management capabilities
Pros and Cons
  • "The most valuable feature is vulnerability management because it gives you insight into your environment to know what systems need to be updated or patched."
  • "I want to see more compliance management capability. The quality of integrations seems to be a little bit low."

What is our primary use case?

The use case is for companies that want to have more visibility in their environment and want to apply governance. This solution is used for compliance management, vulnerability management, threat hunting, and threat protection.

What is most valuable?

I think all of the features are valuable. However, the most valuable feature is vulnerability management because it gives you insight into your environment to know what systems need to be updated or patched. You can avoid weaknesses in the computers and other systems by keeping them patched.

What needs improvement?

I think they need to broaden their compliance management to cover more areas of compliance. For example, they're very specific about HIPAA, CIS 8.0, and a few others, but they don't have a broad compliance management base. Some customers need compliance management with other standards or frameworks, which are unavailable on their platform. I want to see more compliance management capability because if they broadened it, it would be a much more attractive product. 

They have a lot of integrations, which is good, but the quality of integrations seems to be a little bit low. It's one thing to provide integration, and it's another to provide integration that works really well.

What do I think about the scalability of the solution?

The solution is cloud-based and hybrid. A server is put into a customer's environment to collect information and send it to the cloud. Both the server installed in the customer's environment and the cloud solution are scalable. The solution has rapid elasticity and all the check marks a cloud-based solution needs to scale. It is definitely scalable.

There are currently 19 users in our company. I think over time we have plans to increase our usage of this solution, but as an MSP, we have clients with different requirements or needs, so we might pick a different solution because it's a better fit.  

How was the initial setup?

The initial setup was pretty straightforward. It wasn't that difficult.

The initial steps of the implementation, getting the account and setting it up, only take a few hours. Then there's some fine-tuning that takes place afterward, and it takes a little bit longer. You need about a week to really get that fully configured with a good plan and deployed in the environment, and then from there, it's just fine-tuning as you go.

What about the implementation team?

We handled the deployment in-house. The solution needs one person for deployment and one for management.

What's my experience with pricing, setup cost, and licensing?

I don't recall exactly what their prices are, but they are a little more expensive than Microsoft. It really depends on what features in Microsoft you may already be using. If, for example, you're a company that has Microsoft's Defender for Endpoint and Defender for Identity, or basically any of their Defender Suite applications, you might already be paying a certain amount every month or every year for those features that the Microsoft Sentinel solution brings under one umbrella.

AlienVault also has additional fees for extra storage in the cloud. 

Which other solutions did I evaluate?

Recently, we were going to sell a customer AlienVault, but then they picked Microsoft Sentinel. We compared them because we wanted to make sure that  both solutions could do the same thing, and it turns out that Microsoft does it a little bit better.

It's like having a Swiss Army knife that has all of the tools you need to do a craft, or just having a regular pocketknife that you can only use to do one thing. In this case, AT&T is the pocketknife and Microsoft is the Swiss Army knife.

What other advice do I have?

My advice would be to make sure the product is a good fit in terms of compliance and compatibility with your security solution, like your EDR and ATP solutions. Make sure that they play well together because you could have issues with the two fighting each other over protecting the computers.

I would rate this solution as a seven out of ten. 

It's a good product. They created AlienVault based off of an open source framework, so it's built on OSSIM. It's interesting that AT&T is going into the cybersecurity market since they're a huge mobile carrier. Right now, their marketing and advertisements are really good, but they need to invest more money into the product. If they focus more on building out the product, maybe invest a little bit more money into development, I think they'll have a stronger strategy and a very dominant winning solution in the market.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
PeerSpot user
Production DBA at BLUE MOTOR FINANCE LIMITED
Real User
Easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the Cloud) is quick and easy.

What is our primary use case?

We use AWS for our application platform and wanted a SIEM that was easy to deploy as a service and that had functionality and integrations focused on AWS. We found AlienVault was the best on price vs features and the team at AlienVault worked hard to make sure we were happy during our on-boarding. Features are rolled out fast and issues addressed quickly. The integration of OTX out-of-box and at no additional cost was a real selling point and the AWS features made it a clear winner.

How has it helped my organization?

AlienVault USM Anywhere provides us with SIEM, at a low price-point and with a great array of functionality. SIEM is critical to our security operations and feeds incident response efforts and USM Anywhere enables us to filter the noise and concentrate the efforts of our small team on the real issues and threats.

What is most valuable?

AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the Cloud) is quick and easy. With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon Cloudwatch Logs. Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response. USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice.

What needs improvement?

We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.  

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No major issues and problems are rectified quickly.  

What do I think about the scalability of the solution?

Scales well, no on-prem requirement other than 1 sensor per network and these are cost-effective. AlienVault handles the performance and scalability for you for the backend.

How is customer service and technical support?

Technical support and very quick to respond and follow up well on issues.

How was the initial setup?

Very simple; follow a walk-through to deploy sensors and the back-end is provisioned for you by AlienVault.

What about the implementation team?

In-house deployment; simple to setup.

What's my experience with pricing, setup cost, and licensing?

Cost is very competitive and if your log ingestion is not huge, then you can get a SIEM for a small budget; AlienVault listen well to customers and work with you on the needs of your business.

Which other solutions did I evaluate?

Alert Logic, Cloud Passage and Event Tracker.

What other advice do I have?

Efficiency Of Security Team: Yes, a team of 2 managing a reasonable sized network has been achieved.

Events Per Day: 700,000

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thanks Matthew for taking time to provide feedback!

Consultant at Embratel
User
It has helped us in improving our visualization and incident response during cybersecurity situations
Pros and Cons
  • "AlientVault has helped us in improving our visualization and incident response during cybersecurity situations."
  • "Different functions to customize reports should be added."

What is our primary use case?

I use AlienVault to comply with PCI DSS requirements. For on-premises, I am using the AlienVault USM All-In-One 150A Virtual Appliance.

How has it helped my organization?

AlienVault has helped us in improving our visualization and incident response during cybersecurity situations.

I have also used it in a project to comply with PCI DSS requirements.

What is most valuable?

I have found the host-based intrusion detection system (HIDS) extremely useful, as it

  • Allows me to identify possible threats and vulnerabilities.
  • Allows anyone with little knowledge of a cybersecurity devise to work with a high level threat discovery solution.

What needs improvement?

  • They should improve the reporting capabilities. 
  • Different functions to customize reports should be added. 
  • Export features should not be limited to spreadsheets (.XLS) only.

For how long have I used the solution?

Three to five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thanks so much for providing feedback!

PeerSpot user
admin at KIL A&T
Real User
I can easily check all logs and data in relation to attacks in one place
Pros and Cons
  • "I can easily check (in one place) all the logs and data in relation to attacks. It also gives me an overview if a server is not configured properly."
  • "Plugins could be better utilized, as some of them do not recognize all logs."
  • "It was easy on PoC, but when we got to the product it was different story. We had to learn the product again and got feeling that the PoC was a different product."

What is our primary use case?

My company wanted to get software which would be able to monitor resources in AWS, mainly IDS in one cumulative GUI, then add extra requirements with AlienVault match. 

How has it helped my organization?

From my perspective, it saves me about two to seven hours weekly. Now, I can easily check (in one place) all the logs and data in relation to attacks. It also gives me an overview if a server is not configured properly.  

What is most valuable?

  • Centralized logs: All the details are in one place. This is helpful if you have over 100 servers.
  • Centralized IDS: We need this as we are able to see what is happening in (almost) real time.

What needs improvement?

  • Plugins could be better utilized, as some of them do not recognize all logs.
  • We could add little more customization to dashboards.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Everything has worked fine since we have had this tool.

What do I think about the scalability of the solution?

We have been adding more servers, and it has been working. We have run out of storage space once or twice, so we had to check and choose which logs that we needed to minimize this problem.

How are customer service and technical support?

It has very good customer service. I have opened about five cases. They were ones which I did not have time to search or could not find information on the support website.

Which solution did I use previously and why did I switch?

I previously worked with Nagios, SolarWinds, and Big Brother. Though, this was at a different company. 

These products did not match the requirements in AWS at the time that we were getting AlienVault.

How was the initial setup?

Setup required time. It will take time to set it up and utilize it at a percentage with which you will be satisfied. 

It was easy on PoC, but when we got to the product it was different story. We had to learn the product again and got feeling that the PoC was a different product.

Which other solutions did I evaluate?

We were also looking at LogRhythm, Splunk, and few others. We decided on AlienVault, as they had a nice presentation (which told us what we wanted to hear) and the PoC proved it could do what we needed.

What other advice do I have?

Check other products, do POC as change from one to other get be very pricey and time consuming. Also training of people and changes cost lots of resources and not all employees like such changes every year.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you Patrick for your time to review AlienVault USM and for your candid feedback!

PeerSpot user
Information Security Manager at a tech services company with 201-500 employees
Real User
We used to have to monitor and review logs for each device, now everything comes into AlienVault and it alerts us when we need to respond.
Pros and Cons
  • "The USM is a work horse, no matter what devices or the number of logs we throw at it, the system processes them in real time, correlates the events, and alerts on only events that need human review."
  • "The one thing I continue to dislike about the USM is the limitation on reports."

How has it helped my organization?

We used to have to monitor and review logs for each device. Now, everything comes into AlienVault and it alerts us when we need to respond. We now have real-time monitoring 24x7x365 using an in-house team.

What is most valuable?

The ease of use and customization. The USM is a work horse, no matter what devices or the number of logs we throw at it, the system processes them in real time, correlates the events, and alerts on only events that need human review.

What needs improvement?

The one thing I continue to dislike about the USM is the limitation on reports. Hard to get what you need in a report and once you do, there is no control over the formatting.

What do I think about the stability of the solution?

There used to be some issues with database stability in versions pre 5.x but the database has since been tuned and rock solid since.

What do I think about the scalability of the solution?

The only issue I have run into with scalability is the 1TB limit for raw log storage. When you collect as many logs as I do you need additional space to keep logs for compliance.

How are customer service and technical support?

Customer Service:

I give customer service five stars, they are always available and very helpful.

Technical Support:

Technical support gets 4 1/2 stars. Like any support, it varies on the person that gets your ticket.

Which solution did I use previously and why did I switch?

I have used many solutions with different companies but always move to AlienVault. You get so many more features for the money. AlienVault always comes in way less in price than any other solution.

How was the initial setup?

Initial install is easy, the complexity only comes in as you start to add logs to the system to collect. If you do not take the time to plan out your installation and get a complete list of devices to collect from you could run into issues.

What about the implementation team?

We implemented using our in-house team.

What was our ROI?

We are able to monnitor 24x7x365 with minimal staffing. Once it is tuned you only get the alerts you need to see. We used to have to monitor and review logs for each device. Now, everything comes into AlienVault and it alerts us when we need to respond.

What's my experience with pricing, setup cost, and licensing?

Have a look at how AlienVault does Events Per Second (EPS) compared to others. Most other products charge based on EPS, the more events the more you have to pay. This causes most companies to limit the amount of logs sent and processed. AlienVault charges by the number of devices managed. You can send anything and everything to the USM. The more logs you can process the better correlation you will have. I have found that companies that limit their logs and then have a security incident would have been able to identify the attack if they would have been monitoring all events in their logs.

Which other solutions did I evaluate?

Splunk, QRadar, LogRythm, etc.

What other advice do I have?

If you are thinking about a solution, give their free product OSSIM a try and once you see all it does you will want to upgrade to the commercial USM to get even more.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you Karl for your time to review AlienVault USM and for your candid feedback!

Director of Department at BAKOTECH LLC
Reseller
Good compliance, lots of useful features, and easy to scale
Pros and Cons
  • "There are multiple tools for information security. The solution includes all the latest advances on the network and host intrusion detection systems."
  • "The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on."

What is our primary use case?

We have three main uses for the solution. They are compliance, incident response, and as a tool for information security.

What is most valuable?

The solution has excellent compliance and has good incident response.

There are multiple tools for information security. The solution includes all the latest advances on the network and host intrusion detection systems.

The out-of-the-box features are great. You don't have to jump to different consoles as everything is right there. Everything from a security standpoint can be handled via one screen.

What needs improvement?

The solution could be improved in three ways. The first one is user behavioral analytics. They need work.

The second one is cloud-related usage. The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on.

The third one improvement could be a bit more customization for security products. If someone has an antivirus where it is customizable they need to have the ability to easily connect everything together.

For how long have I used the solution?

I've been dealing with the solution for four years.

What do I think about the stability of the solution?

The solution is very stable. We haven't had issues so far in terms of using it.

What do I think about the scalability of the solution?

The solution is quite easy to scale. You just need to install the standard solution. You don't have to change the whole installation. In the case of the cloud deployment version, you only need to add sensors. In either case, you need to have the correct licenses, however, it's quite simple to accomplish.

How are customer service and technical support?

Technical support has always been quite good. With the product itself, we haven't personally had any issues. However, a lot of times our customers or engineers contact AlienVault support with a request to help to start a new correlation rule, integration, or other issues. When that happens, support always answers and gives them all the details they need.

Which solution did I use previously and why did I switch?

As a reseller, we've looked into other solutions, however, we find this product to be the best option for our customers time after time.

How was the initial setup?

The initial setup is pretty easy. Anyone can install this solution within four or five hours. They don't need to be engineers in order to do that.

By that point, it will already be prepped and can show us what is happening from a security point of view.

It's quite easy to install and deploy. You don't need a security team for ten people. There's a lot of automation within the tool, so you only really need one or two security staff to operate it for a company of, for example, 500 people.

What's my experience with pricing, setup cost, and licensing?

In comparison to the competition, it's a very inexpensive option, whether you use the cloud or the on-premises deployment models. You also get great value for money as you do get a lot of very good tools that come standard with the solution as well.

What other advice do I have?

We're not using the solution ourselves. We're resellers.

USM Anywhere is cloud-based, although they have a different version that is on-premises or on a private cloud called the USM Appliance. We're using the on-premises version, which is quite different from the cloud version.

Overall, I'd rate the solution nine out of ten. There are a few areas where they can improve, however, overall, it's been a very good product for us and our customers.

We'd recommend the solution. We've looked into other options and we always come back to this product.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
PeerSpot user
Buyer's Guide
Download our free USM Anywhere Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free USM Anywhere Report and get advice and tips from experienced pros sharing their opinions.