USM Anywhere Reviews

We are using AT&T AlienVault USM for SIEM, collecting logs from clients, traffic, analyzing, forensics, and security.

AT&T AlienVault USM is good for ELK Stack, the user experience is great because of its architecture. The ELK has a great performance and it has very good speed in the search and Kibana. Additionally, the visuals and dashboards and very nice and customizable.

The AT&T AlienVault USM is okay, but the relational database is not very good for large amounts of data. For example, many logs cannot be processed. It has been very slow for the queries and some data which are large, it is not very good in this case.

I have been using AT&T AlienVault USM for approximately five years.

We are using AT&T AlienVault USM as a client, if we want to increase the data we can collect more data because the solution can expand well horizontally.

Between the cellphones and laptops usage, we have more than 250 users using his solution in my organization.

We have not used the technical support but we have clear documentation that we use.

The initial setup was straightforward. We have a server room which we deploy from.

The maintenance of the solution is not very difficult.

I would recommend this solution because it is simple to deploy, has high performance, and has a great user experience.

I rate AT&T AlienVault USM a nine out of ten.

General use cases would be for patch management and vulnerability management. The devices that are on the network may need patching if they're outdated. For any device or node that has entered the network and may be considered a threat, the HTTPS ports and different nodes need to be monitored for incoming and outgoing traffic. We could put in security rules for monitoring the actual devices down to the USP level, and we can also get the vulnerability information from OSX, and then provide that information to the IT teams.

In terms of the version, usually, when the updates come, the updates need to be aggregated to the customer, but at this moment in time, I am yet to secure a customer in that space due to the current COVID crisis in the country, across the Pacific, and globally.

In terms of deployment, the endpoints are on-premise, but it would be cloud-based in terms of the platform. So, it could be both depending on the customer. They would either have cloud or hybrid.

In terms of monitoring, my best feature would be the monitoring of components across the network. It monitors the respective nodes and any new node that comes onto the network and provides reports. The reporting dashboards are really helpful for management in terms of making decisions around patch management.

It is an all-in-one package. In terms of the selling points, to the best of my knowledge, it has eight different selling points or eight features, and they're all interlinked, which most of the infrastructure setups here do not have. They have separate systems for monitoring the networks. So, USM can cater based on those eight capabilities.

I've been using it just for my own personal upskilling in terms of how the product works. At the moment, it is pretty straightforward and simple, and it is working how it is supposed to. The feedback would come once it is deployed to customer sites. They'll be using it on a more frequent basis, and that's when the feedback would come in terms of the areas in which they're facing issues or are looking for simplicity.

I have been using this solution for the last eight to 10 months.

So far, I haven't seen any patches or updates from the partner or the OTX site to show any issues in terms of stability. Based on the frequency of the updates, at the moment, it seems stable.

It is easy to scale. It comes with all features, as opposed to separate individual modules. To my knowledge, you can scale it for your organization as and when there is a requirement or the organization grows. So, in terms of scalability, there is no problem. After you get it up and running, as the organization grows, the engines will be able to pick up that information.

It is really good for medium and large companies, but it can also be used for small organizations. Instead of deploying it to a small organization, you could provide a service where it is not on the customer site, and you basically link into your nodes for small customers. So, you install it for medium and large customers, and for small customers, you install it on your premise, and then you sell the individual features that they may request.

I have not been in touch with their technical support. I deal with the technical account manager. When I read up the information and there is something that I'm not sure about, I check my resources and see what's available online. If none of the available resources are helpful, I reach out to my account manager who then puts me in touch with the technical team. I presume that if we encounter any issues in deployment, it would be based on a customer's demography or the setup.

If you're not familiar with it from a tech perspective, it might be confusing for you, but from what I've seen and based on my experience, it is pretty simple and straightforward.

The user guides are also very helpful if you hit any roadblocks. It is very straightforward in terms of the instructions to set it up, but you should have minimum tech experience in understanding the documentation, which is fair enough and good because you don't want it to be too simple to set up that companies would say, "Well, we don't need IT if anybody can do this." So, you'd need some technical background to at least understand the documentation or the user guide.

I've only installed it for myself. It took a short amount of time to get it up and running. The deployment duration would depend on a customer's infrastructure size and the number of nodes that a customer has. It will also depend on the data collection that the agents or the engines need to do to protect the information and then put it in its database.

Its price is in the medium to upper range.

I would definitely recommend this solution, but I would also do a pre-assessment of the organizational setup and infrastructure. I'm a reseller, and it is obviously my top priority that we sell the product

If you look at the Gartner Magic Quadrants, you will see AlienVault is up there in the upper right quadrant, which makes it one of the top recommended solutions. That is the reason for my partnership with AT&T Cybersecurity for the product.

I would rate AT&T AlienVault USM a nine out of 10. No solution is 100% perfect.

I am using the solution for security information and event management.

The solution has all the features that we need, however they do not work correctly.

This solution has too many issues with integration with other technologies. For example, you can configure the solution to integrate with your technology today but tomorrow it will stop working. You have to continually update the login, save the issue, and create a ticket with support. It is a long process that takes too long for the support to resolve quickly.

In the future, I would like to see all these features of the solution working properly.

I have been using the solution for two years.

The solution is not stable. Sometimes the virtual machines are not working and it is not a network issue. There are many compatibility issues. There have been times when upgrading the firmware the device is not operational, you then have to restore to the older version.

The customer support has not been very helpful when issues arise.

The price for this solution is very good, but since the features do not work the price is expensive.

I would not recommend anyone to use it.

I rate ATT AlienVault USM a one out of ten.

We provide information security services to clients. We are seeking some clients to provide monitoring services by using AlienVault. We are also providing AlienVault USM Anywhere, which is cloud-based and has integration with cloud platforms such as AWS, Azure, and Google Cloud. 

Asset discovery and vulnerability scanner are good features. The integration between this solution and OTX, which is an AlienVault platform for Open Threat Exchange, is also a valuable feature. It is also quick and easy to deploy, so you can quickly engage with a customer's environment.

Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira.

It is also a bit slow, and its replication engine can be improved.

I have been using this solution for six months.

We provide technical support for our clients.

I have used McAfee ESM. McAfee ESM has many good features, but it is not very integrated with cloud-based assets. AlienVault is already a cloud-based solution, and it is native to cloud assets, which gives AlienVault an advantage over McAfee ESM. On the other hand, McAfee ESM is much better than AlienVault in terms of search engine, data collection, and events. 

It is very easy to deploy. It just takes one or two days and allows you to engage with your customer's environment quickly.

Its price is much lower than McAfee ESM.

I would encourage others to go with this solution because it is easy to deploy, and it provides good tools to know more about your network and the traffic on it. Its reporting needs some improvements, but it fulfills the needs.

I would rate AlienVault USM an eight out of ten.

The primary use case of this solution is for security.

The solution is very user-friendly, but the dashboard could be improved as well as the level of customization.

I have been using the solution for one year.

The solution is stable.

The deployment of this solution is easy, but you need some level of understanding.

The price of this solution is reasonable, which is one of the reasons why we selected it over other solutions.

I would recommend this solution to other users.

We primarily use the solution for cybersecurity events and management.

The SIEM, security information management is very, very good. Basically, it's great at analyzing the logs of our servers.

The setup is very easy and straightforward.

The solution is a bit complicated. It could be simplified quite a bit.

The correlation engine could be improved. Much improvement could be made there, as it is an important open-source solution. 

The solution could benefit from including security orchestration. It's still not available yet. It would be really nice to have in a future release.

It could use something like a pen test. Tools like that would make it more comprehensive from a cybersecurity aspect. 

I've been using the solution since about 2015. It's been approximately six years or so.

The solution is extremely stable. We don't have any issues with its reliability. It doesn't crash or freeze and it's not buggy at all.

The solution doesn't scale well if you are talking about enterprises using it. However, for our purposes, we've never had an issue with this. Larger companies might. We do intend to continue to use the solution and potentially increase usage.

Technical support is extremely reliable. We've very satisfied with the level of service we receive. They are always knowledgeable, helpful, and responsive.

The initials setup is not complex. It's a very straightforward implementation.

The overall deployment is quite quick. It might take about 30 minutes or so. That's all.

The solution has a subscription-based annual payment option. It's not a perpetual license.

We use both on-premises and cloud deployment models.

We both use the solution and sell the solution as well.

Overall, on a scale from one to ten, I would rate the solution at an eight.

We're more focused on servicing medium to small businesses. This solution may not be suitable for a large enterprise-level organization.

That said, we highly recommend it. I'd recommend that new users decide to first go for the trial. Take the trial and then make sure that you like it before investing in the subscription. The company offers a free trial - you might as well use it.

We are a managed security service provider and we offer AlienVault USM to our clients. We use it to monitoring their environments and to maintain their logs.

The most valuable feature is threat intelligence. Their community is a very helpful tool and I think it's one of the values of AlienVault.

They set aside a lot of the functionality from the on-premises version that we found very helpful in managing tickets. As it is now, the cloud-based deployment is lacking these useful features.

The reporting is mediocre and is something that needs to be improved.

I have been using the cloud-based deployment of this solution for about two years.

The stability is fine.

Scalability in a cloud solution is tied to costs. With any cloud solution, the more data you have and the larger your company, the higher the price point. I wouldn't say that scaling is easy, but it is standard.

Technical support is slow to respond when we put in a ticket. We're a number. 

We use both the on-premises version and USM Anywhere. The latter is a SaaS solution.

The initial setup is okay. At an additional cost, they offer services to assist with deployment.

Our take on it is that we are paying more for this product because of the AT&T name. We don't necessarily find that we are getting more functionality or quality, given the price point.

The licensing fees are dependent on usage.

We are currently evaluating different SIEM solutions. I have found that all of them have issues, whether it is related to functionality or price point. Even the ones that have a high price don't provide everything that you need.

My advice for anybody who is considering this product is to evaluate all of the options that are out there. There is no one, great answer, so you have to figure out what best fits your needs.

I would rate this solution a seven out of ten.

This is a SIEM solution that our customers use in an on-premises deployment.

The most valuable feature of this solution is security management for PCI DSS.

This solution could be easier to use. It is hard for some people to understand, and they need to get training and certification just to understand what it's showing them.

In terms of stability, I would give it fifty percent.

The scalability of this solution is good.

We have a large number of customers who use this product on a daily basis.

Technical support is very good from their side.

The initial setup of this solution is a bit complex. Specifically, it is the way that it integrates with other products.

We deployed this solution in-house.

This is a good product but it can be made more user-friendly.

I would rate this solution a seven out of ten.