USM Anywhere Reviews

General use cases would be for patch management and vulnerability management. The devices that are on the network may need patching if they're outdated. For any device or node that has entered the network and may be considered a threat, the HTTPS ports and different nodes need to be monitored for incoming and outgoing traffic. We could put in security rules for monitoring the actual devices down to the USP level, and we can also get the vulnerability information from OSX, and then provide that information to the IT teams.

In terms of the version, usually, when the updates come, the updates need to be aggregated to the customer, but at this moment in time, I am yet to secure a customer in that space due to the current COVID crisis in the country, across the Pacific, and globally.

In terms of deployment, the endpoints are on-premise, but it would be cloud-based in terms of the platform. So, it could be both depending on the customer. They would either have cloud or hybrid.

In terms of monitoring, my best feature would be the monitoring of components across the network. It monitors the respective nodes and any new node that comes onto the network and provides reports. The reporting dashboards are really helpful for management in terms of making decisions around patch management.

It is an all-in-one package. In terms of the selling points, to the best of my knowledge, it has eight different selling points or eight features, and they're all interlinked, which most of the infrastructure setups here do not have. They have separate systems for monitoring the networks. So, USM can cater based on those eight capabilities.

I've been using it just for my own personal upskilling in terms of how the product works. At the moment, it is pretty straightforward and simple, and it is working how it is supposed to. The feedback would come once it is deployed to customer sites. They'll be using it on a more frequent basis, and that's when the feedback would come in terms of the areas in which they're facing issues or are looking for simplicity.

I have been using this solution for the last eight to 10 months.

So far, I haven't seen any patches or updates from the partner or the OTX site to show any issues in terms of stability. Based on the frequency of the updates, at the moment, it seems stable.

It is easy to scale. It comes with all features, as opposed to separate individual modules. To my knowledge, you can scale it for your organization as and when there is a requirement or the organization grows. So, in terms of scalability, there is no problem. After you get it up and running, as the organization grows, the engines will be able to pick up that information.

It is really good for medium and large companies, but it can also be used for small organizations. Instead of deploying it to a small organization, you could provide a service where it is not on the customer site, and you basically link into your nodes for small customers. So, you install it for medium and large customers, and for small customers, you install it on your premise, and then you sell the individual features that they may request.

I have not been in touch with their technical support. I deal with the technical account manager. When I read up the information and there is something that I'm not sure about, I check my resources and see what's available online. If none of the available resources are helpful, I reach out to my account manager who then puts me in touch with the technical team. I presume that if we encounter any issues in deployment, it would be based on a customer's demography or the setup.

If you're not familiar with it from a tech perspective, it might be confusing for you, but from what I've seen and based on my experience, it is pretty simple and straightforward.

The user guides are also very helpful if you hit any roadblocks. It is very straightforward in terms of the instructions to set it up, but you should have minimum tech experience in understanding the documentation, which is fair enough and good because you don't want it to be too simple to set up that companies would say, "Well, we don't need IT if anybody can do this." So, you'd need some technical background to at least understand the documentation or the user guide.

I've only installed it for myself. It took a short amount of time to get it up and running. The deployment duration would depend on a customer's infrastructure size and the number of nodes that a customer has. It will also depend on the data collection that the agents or the engines need to do to protect the information and then put it in its database.

Its price is in the medium to upper range.

I would definitely recommend this solution, but I would also do a pre-assessment of the organizational setup and infrastructure. I'm a reseller, and it is obviously my top priority that we sell the product

If you look at the Gartner Magic Quadrants, you will see AlienVault is up there in the upper right quadrant, which makes it one of the top recommended solutions. That is the reason for my partnership with AT&T Cybersecurity for the product.

I would rate AT&T AlienVault USM a nine out of 10. No solution is 100% perfect.

We primarily use the solution for cybersecurity events and management.

The SIEM, security information management is very, very good. Basically, it's great at analyzing the logs of our servers.

The setup is very easy and straightforward.

The solution is a bit complicated. It could be simplified quite a bit.

The correlation engine could be improved. Much improvement could be made there, as it is an important open-source solution. 

The solution could benefit from including security orchestration. It's still not available yet. It would be really nice to have in a future release.

It could use something like a pen test. Tools like that would make it more comprehensive from a cybersecurity aspect. 

I've been using the solution since about 2015. It's been approximately six years or so.

The solution is extremely stable. We don't have any issues with its reliability. It doesn't crash or freeze and it's not buggy at all.

The solution doesn't scale well if you are talking about enterprises using it. However, for our purposes, we've never had an issue with this. Larger companies might. We do intend to continue to use the solution and potentially increase usage.

Technical support is extremely reliable. We've very satisfied with the level of service we receive. They are always knowledgeable, helpful, and responsive.

The initials setup is not complex. It's a very straightforward implementation.

The overall deployment is quite quick. It might take about 30 minutes or so. That's all.

The solution has a subscription-based annual payment option. It's not a perpetual license.

We use both on-premises and cloud deployment models.

We both use the solution and sell the solution as well.

Overall, on a scale from one to ten, I would rate the solution at an eight.

We're more focused on servicing medium to small businesses. This solution may not be suitable for a large enterprise-level organization.

That said, we highly recommend it. I'd recommend that new users decide to first go for the trial. Take the trial and then make sure that you like it before investing in the subscription. The company offers a free trial - you might as well use it.

We use it for the intrusion protection on our firewall. It's monitoring all our incoming traffic from the outside world through a firewall.

Previous to this, we really didn't have any protection, any intrusion system in place. It's made me more comfortable, since I'm in charge of IT for this company. I sleep better at night.

Using the solution, we have been able to look for critical vulnerabilities in our network. Thankfully, we haven't found any. It takes just a couple of hours.

The most valuable feature is what it can block, what it can prevent from coming in.

The only that I can think of is that is not ideal is sending Windows Server logs to their device, to the system. That has to be done on each server. I don't know if they have changed that.

It's a stable solution.

It's very scalable.

Tech support is very good. They usually respond very quickly.

This is the first solution of its kind for us.

The initial setup was pretty straightforward. The deployment took about a day. In terms of our implementation strategy, we have the cloud version. You create a VM in your system, it communicates with the cloud, and then you just log in through the cloud.

It's very reasonably priced. It was one of the lowest among the ones I looked at. Licensing is pretty flexible. They can do a two-year or a three-year, even a one-year, perhaps.

I looked at two others but I don't remember their names.

Compare it to the other vendors in the field, some of the top vendors. Make sure it fits your needs. It's more for a mid-sized company or a small company, not a large enterprise.

Regarding using it for discovering assets in our network which do not belong, our network isn't that big so we really don't use it for that. We also don't use the solution for compliance with regulations.

When it comes to staff using the solution, at the moment it is me and a monitoring service. We're the only ones who log into the solution. As for deployment, one person could probably do it because they help you deploy it. I did the deployment myself, with AlienVault. For maintenance, if you have a monitoring service that's fine, but if you're doing it yourself, you probably need somebody monitoring the log. When there's an incident, you probably need one or two other people.

I would rate it a nine out of ten. It does what we need and it's reliable.

Our use of the solution is all over the map. We use it for our own internal use. We use it in our security operations center. We're a reseller, we're an MSSP, and a Professional Services provider, so we do a lot of professional services on the platform. It's a standard SIEM solution and is used for log collection, log management, event correlation, alarming, and reporting.

There are probably a billion examples I could give. As a service provider, it helps us because we have all of our clients connected in through our management platform, and we're able to leverage the tools that AlienVault provides to monitor and collect data from all of those systems and identify security incidents for all of our clients. It provides network and host-level visibility and it's easy to tune and manage.

On any given day I could give you a different answer regarding the most valuable features of the product. The feature that is most important is the fact that it has a lot of features, that it's not just a log collection and correlation system, that it has a lot of other components built in. The bundle of features is really the killer feature.

In particular though: 

• ease of use and deployment
• excellent cloud integration
• dynamic asset management
• vulnerability scanning
• network intrusion detection
• host-based agent monitoring and collection. 

All of these features combined create a compelling "one-stop" package for a business that needs security monitoring and analytics.

Search performance can be slow. The Raw Logs feature is painfully slow. And if we're talking about the newer, the Anywhere product, you can't even schedule reports on it. There are probably a dozen other features I'd really like to see there, but that would be one of the biggies.

Also, there is no visibility into the NIDS or HIDS agent configurations and no easy way to augment them. The same is true for vulnerability scanning, it's all or nothing; there are no fine-grain controls as there was in their older product. There is a lack of "real" visibility into the correlation rules, and the inability to create our own sophisticated rules (only very simple ones) is a big miss.

We've had some stability problems, not a lot, but a few. Updates seem to be the worst. That seems to be when the stability problems come up.

Sensors occasionally go down during updates and don't recover. Some maintenance cycles on the cloud controller have left the system in a weird state. In addition, there are times when the product seems very slow to respond. This may be related to back-end maintenance that we are not aware of.

It scales reasonably well. There is a scalability plan for it. There is a way to add additional collection components, what they call Sensors, and then scale up the central platform. At this point, I don't believe it will scale to the very high-end. It is not a large, global enterprise-type product. It's more of a small-enterprise-and-below product.

Their support has been good. I've always had good interactions with them.

We've used a lot of solutions. I've used, run, and supported a lot of different solutions over the years. There were two primary reasons for switching to AlienVault. One was price, and the other was the feature bundle that I was talking about earlier.

We chose this particular product for many other reasons. As a Professional Services provider, a service provider, MSSP, and a reseller, we're not using it the way most end-users would go out and shop around and look for something. A big part of our decision in selecting this product was the fact that we were able to establish that relationship with AlienVault as a company, as a business to business relationship, to be a reseller, to be an MSSP, to be all of those things.

The setup is pretty simple. The documentation is good. I've been setting up platforms like this for years, so it's not hard for me. For someone who is new to the product and hasn't used this type of product before, they'll have a little bit of a challenge, but it's not too bad. The system is pretty easy to install and, if you follow the documentation, it's pretty easy to configure.

Some cloud integration steps, like G Suite, were more complicated and prone to error.

Calculating ROI on security products is a funny endeavor, in my experience. It's not a hard science and it's not something you can easily throw a lot of numbers at. It's mostly guesswork.

The pricing is a good value and makes sense.

The key thing is that for the new product, the licensing of it is subscription-based and it's based on data. Clients need to be really careful when thinking about that, because odds are they're going to need to put a lot more data into it than what they initially estimate, which is going to drive their subscription costs up.

I do have concerns that if a payment is delayed or if there is any dispute about billing, that all of our data is held in the cloud and could be lost.

Overall, the automation features of this solution are good. The issue here is that there are really two solutions. There's the AlienVault Appliance product and then there's the AlienVault Anywhere product. The Appliance product, which is the older product, has a lot more customization and automation capabilities because it's very extensible. The newer product, the Anywhere product, is still very limited. We're very dependent on AlienVault to build in any kind of connections or integration.

If you are a mostly-cloud environment this is a good fit. If you have very few other security controls outside of a firewall this is a good step forward. But if you have a solid security program you may find this product lacking in a few areas. And most importantly, be very careful about subscription size and licensing.

AlienVault is used in our infrastructure for compliance purposes. It was brought in as a replacement for use in multiple products at the time, such as Kiwi and Nexpose scanner. With the environment being new, it was the best place to start with being everything into one location for Syslog and Asset management. The vulnerability scanner also made the difference where the scans created tickets for remediation.

The all-in-one source for the needs of compliance has put everything into one location without the need of other applications and tools to accomplish the tasks. It brought our logs into one place for review and set up alarms based on changes we were missing due to lack of having one place for everything to go. Vulnerability scanning helped out shortcomings of what was not patched in the past and what needed to be patched. This assisted with fine tuning the environment for compliance. The reports also helped upper management with the ease the product was doing in its job and holes that were being filled.

The asset management of nodes has been a large help in terms of being able to track applications with more detail and have changes made being monitored into one source. The vulnerability scanning has also been an aide of reviewing the systems and having feedback of what is missing patches and holes in our environment that need review and remediation. The all-in-one aspect has been helpful to see items and correlate within one source rather then multiple.

Source material on the forums to be more up-to-date with the changes happening within the product. Forums being out-of-date with information due to the changes makes troubleshooting a little more difficult - specific to the HIDS agents. Troubleshooting connectivity is limited to very view articles with very little information. Perhaps adding templates into the HIDS agents for collection based on systems or a clickable addition of files to collect with check boxes rather than configuring the HIDS agents through text. 

Also, more information on how specific sections relate to PCI and how to use/setup the SIEM to follow the guidelines of the areas. Some information is vague on how to accomplish specific items within PCI on help forums through AlienVault.

Our primary use of AlienVault is as a SIEM tool.

This product has streamlined productivity by having all the information in one place. It has really helped eliminate a lot of manual work because its automation is pretty robust and important. It puts everything in one place for me.

It is also helping us get HITRUST certified, which is a certification we need for New York State. So this tool is a requirement, and it's going to help us stand out with New York State.

It's hard to pick just one valuable feature for this product. I like everything the product has to offer. The dashboards are very descriptive and contain just the right amount of information. The activity alarms and events contain a plethora of data that is very descriptive and useful. 

Vulnerability scans, IDS  scans, asset scans. It's pretty much the whole USM Anywhere tool. Everything in here is pretty important. It gives you all the vulnerabilities of your assets. It goes through and it actually shows you the software on there, if it's missing patches, the operating system.

Overall, I find that this product is amazing.

Honestly, the product itself is great. The only room for improvement I can mention is the initial installation procedures. I found that the online installation instructions for the product were missing important details, they lacked necessary steps. The product itself is fine.

I encountered some stability issues only because of a lack of knowledge regarding my network equipment and because AlienVault support was also not familiar with it. As long as you follow the recommendations for system requirements, there shouldn't be any issues.

No issues with scalability. We're only a company of 50 people, so I haven't had any issues whatsoever yet.

Technical support is very helpful. They know their product. The one person I used was very responsive. He actually called me, checked in with me, to make sure the issue we did once have was fixed, and that I was satisfied. I really appreciated his perseverance.

It would help if they knew more about different network hardware. I realize that there are so many different types that it is next to impossible to know all network equipment and its compatibility with their product.

The initial setup procedures were definitely missing some key steps. They need to keep in mind that not everyone is an expert on network equipment and perhaps be more descriptive and provide more details. That would have been helpful. 

I think they look at it as if you're a very knowledgeable person. I hate saying the word "dumb," but they need to dumb it down a little bit and think about all the types of people they need to hit, not just the people who have been doing networking for 20 years. They need to keep in mind that there are people who are just out of college or who are not as
knowledgeable. They need to keep in mind that all walks of life need to be considered.

I just hope that AlienVault realizes that they need their instructions to be a little bit more detailed and descriptive. Through the troubleshooting I did with them, they realized that there were issues, and they put in a request to update their instructions.

So far, I feel the product's pricing is a good value. The technology is decent. You get what you pay for. I think it's fair.

I did look at other options but I don't recall which ones. We were vetting for a while, but this one came highly recommended by a company we use locally for pen and vulnerability testing. They recommended AlienVault because they've seen it used in the area and they liked it a lot. We vetted it and said, "The heck with it. We're going with them."

It is a great product. Just get it.

We have devices in AWS and in the data center. The main reason is to do an IDS inspection in the cloud, as it was really hard to get proper software to do this and we did not want to install a virtual firewall in each timezone. We have over 200 servers being protected with this software.  

It has allowed us to see what is happening on our servers. You can do a similar setup with AWS, but monitoring it can give you a headache if you ave over 10 servers. 

The main menu: You can see everything there, what is happening on the servers, and in the logs, you can view more details of each event. Everything you need is in 'one place'.

As this software is in the cloud, you do not have control on updates and general changes which are happening. It can be a somewhat annoying that DC sensors are updated and you will not have control when this happens. 

So far, stability has been okay.

So far, no issues with scalability. We see that too many logs are being sent out, but you have to work out logging what you need.

They quickly respond on what you need, not on what they know.

We did not use a previous solution.

It was easy to set up. AlienVault was helpful here.

We used our team, but with the help of the AlienVault team.

We have been using it less then a year, but it does saves time when searching logs.

Negotiate the best package for your environment.

We ran a few PoCs. The price and feature set were the best with AlienVault.

We are an MSSP. We have a distributed environment that spans multiple networks and customers in various locations. We have one federated that receives information from all of our children servers deployed at customer locations.

AlienVault has provided a nice, unified system for monitoring and reporting.  Since we use this for customer security services, the vulnerability scans have come in handy for overall system health checks, for making sure customers aren't vulnerable to known attacks.

The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure.

The UI and overall processes need a little bit more love. The development job postings have the requirement, for prospective candidates, of "values progress over perfection". This shows in the error banners that come up when you select certain things. There isn't a day that goes by that the UI doesn't error out and I can't view events for an alarm. It's nice that they have new features rolling, keeping up with demand, but fixing the events/alarm database errors would be nice too.

The reporting tools are a bit lacking for building reports to give directly to customers, but support has been helpful in giving our requests for new features to the development team and following up with us.

We have not, but being a 24/7 SOC we have someone checking at all hours.

Yes.

500,000.

No issues with stability.

No issues with scalability.

AV support has never been anything less than amazing.

We did not use anything else prior. We tried the free version of AV then decided to go with the paid option and become an MSSP, since it fit our company needs for the right price.

Straightforward, once going through a course.

In-house.

Our company normally handles everything from setup to configuration, refinement, and monitoring. We are an MSSP so we all handle this for the customer when they inquire about services.

No, AlienVault fit what we needed for the phase we were in with the SOC.