USM Anywhere Reviews

We use it to gain security visibility and to meet compliance.

We're not just a customer but we're a partner as well. We've deployed this into thousands of organizations and we continue to see that happening. It's a great tool.

It's really easy to aggregate and correlate and view several different security logs and several different data pieces in a single place. That's what allows us to see the security logs that we need to see to determine if there is something malicious on our network or not.

Also, aggregating the logs and putting them in a central place helps us to comply with certain regulations, the details of which I can't go into.

We have been able to use AlienVault to find critical vulnerabilities in our network and it has helped reduce the time it takes to respond to a threat.

The IDS and the threat intelligence are very useful. They are very intuitive and data-rich.

One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs. AlienVault has three components to it, a sensor, a server, and a logger. Sensors grab data, servers correlate data, and loggers store data. The logger can only hold so much data. If they improved that, that would help.

It has great scale. We have brought it into several publicly traded global organizations, with thousands of users. The users are anything from a CCO down to a network administrator.

For a large deployment like that, the number of our staff required depends on a few things but, generally, it would take one to three people. It also requires about three people for maintenance. Their roles would likely be anyone who is leading or managing an InfoSec team.

The technical support team is responsive and helpful. They communicate and they are engaged. We work with them on a daily basis and they're on it.

We did not work with a previous solution. We decided to bring it into our organization based on its value. It allows you to do a lot with a small price tag.

As partners, we think the setup is pretty straightforward but I imagine it depends on whom you ask. There are a lot of people who don't think so, but we think it's pretty straightforward. It has an easy-to-go-along Start menu, and the overall GUI is easy to navigate. It's pretty step-by-step, as long as you can follow those directions.

It can be as simple or complex as you want it to be. But for the most part, it's just a very easy tool to be able to engage with, to click on. They make it intuitive.

Sometimes deployment takes a couple of hours, sometimes it takes a couple of days, depending on the size of deployment.

We definitely have an implementation strategy but there are a lot of details to that. Just stay organized, pay attention to the details, cross your T's and dot your I's.

There is an ROI although I don't have the exact figures on it. The ROI is in the area of technology products that we have to go purchase: Instead of having to go buy a million dollars worth of cybersecurity products, we have saved a lot of money on that. It has also saved us loads of time as a result of not having to integrate it with a ton of other things.

The pricing is the best on the market.

We evaluated every single SIEM on the market. The major difference that made AlienVault stand out is the unification, meaning the integration of technologies out-of-the-box, as opposed to having to do it on your own.

Have an idea of a plan and know where things in your network are and know who can give you access to certain things you might need.

In terms of how extensively we're using it, I'd be surprised if there was anyone outside of our team that is using it more extensively then we are.

I would rate AlienVault at ten out of ten.

• MDR provider
• Logs aggregation
• Vulnerability assessments
• Some automation.

We needed a way to see all of these items under one pane of glass without spending incredible amounts of money on log aggregation, vulnerability assessments, etc., then putting it all together with an IR platform. 

It answered a bunch of questions for us, such as what will we use for vulnerability assessments on a continual basis, how do we tie those reports into alerts/incidents, log aggregation, correlation, etc.

• Vulnerability assessments and log aggregation/correlation

These were the two answers we needed for our solution. It gave those solutions very easily. It is easy to implement, and effective.

The support could absolutely be better. It seems to have gotten worse with the AT&T acquisition. 

We have been hearing some not so great things from our associates in the field as well.

Very stable so far. We have seen very few bugs, or downtime so far. 

It is pretty scalable for small/medium businesses. It starts to fade at enterprise. It is possible, but you will definitely run into limitations.

Eh. Our experiences have been very mixed. If you get someone who is motivated to help, expect to be good to go. Otherwise, expect the problem not to get a good priority, and it may even get dragged out to a conclusion.

We used, tested, and tried several solutions prior to this solution. This solution answered too many questions under one reasonable cost, as opposed to piecemealing everything together for more money.

Super simple, almost anyone could do it. It is quick as well. 

We do everything in-house.

Good.

It is I think for the market very straightforward, super easy to deploy. Licensing is straightforward in comparison to others.

We evaluated:

• Splunk
• LogRhythm
• ArcSight
• EventTracker
• RSA NetWitness
• SolarWinds
• QRadar
• FortiSIEM.
• And I may be leaving out a few. This was around one year ago.

AlienVault USM is a single pane of glass solution. It has not only SIEM capabilities but also other capabilities. AlienVault USM Anywhere is easy to deploy with their cloud-based model, and deploying the required agents on-prem (or in the cloud) is quick and easy. USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment's notice.

• The system slows down considerably when a large number of events are fed in.
• Also, AlienVault support has to make some improvements.

A vulnerability assessment feature is very helpful for me. Because of this feature, I can schedule a vulnerability assessment for my critical server.

While it is relatively easy to use, it takes a little time to get used to where everything is located in the web interface. I do wish that their support would help a bit more with the analysis of alarms.

No. This is the first security tool I am using.

It is easy to deploy and install an entire solution. I don't have an idea about pricing.

N/A.

They should have to improve support. So they can solve customers' problems in less time.

We use it for the intrusion protection on our firewall. It's monitoring all our incoming traffic from the outside world through a firewall.

Previous to this, we really didn't have any protection, any intrusion system in place. It's made me more comfortable, since I'm in charge of IT for this company. I sleep better at night.

Using the solution, we have been able to look for critical vulnerabilities in our network. Thankfully, we haven't found any. It takes just a couple of hours.

The most valuable feature is what it can block, what it can prevent from coming in.

The only that I can think of is that is not ideal is sending Windows Server logs to their device, to the system. That has to be done on each server. I don't know if they have changed that.

It's a stable solution.

It's very scalable.

Tech support is very good. They usually respond very quickly.

This is the first solution of its kind for us.

The initial setup was pretty straightforward. The deployment took about a day. In terms of our implementation strategy, we have the cloud version. You create a VM in your system, it communicates with the cloud, and then you just log in through the cloud.

It's very reasonably priced. It was one of the lowest among the ones I looked at. Licensing is pretty flexible. They can do a two-year or a three-year, even a one-year, perhaps.

I looked at two others but I don't remember their names.

Compare it to the other vendors in the field, some of the top vendors. Make sure it fits your needs. It's more for a mid-sized company or a small company, not a large enterprise.

Regarding using it for discovering assets in our network which do not belong, our network isn't that big so we really don't use it for that. We also don't use the solution for compliance with regulations.

When it comes to staff using the solution, at the moment it is me and a monitoring service. We're the only ones who log into the solution. As for deployment, one person could probably do it because they help you deploy it. I did the deployment myself, with AlienVault. For maintenance, if you have a monitoring service that's fine, but if you're doing it yourself, you probably need somebody monitoring the log. When there's an incident, you probably need one or two other people.

I would rate it a nine out of ten. It does what we need and it's reliable.

Our use of the solution is all over the map. We use it for our own internal use. We use it in our security operations center. We're a reseller, we're an MSSP, and a Professional Services provider, so we do a lot of professional services on the platform. It's a standard SIEM solution and is used for log collection, log management, event correlation, alarming, and reporting.

There are probably a billion examples I could give. As a service provider, it helps us because we have all of our clients connected in through our management platform, and we're able to leverage the tools that AlienVault provides to monitor and collect data from all of those systems and identify security incidents for all of our clients. It provides network and host-level visibility and it's easy to tune and manage.

On any given day I could give you a different answer regarding the most valuable features of the product. The feature that is most important is the fact that it has a lot of features, that it's not just a log collection and correlation system, that it has a lot of other components built in. The bundle of features is really the killer feature.

In particular though: 

• ease of use and deployment
• excellent cloud integration
• dynamic asset management
• vulnerability scanning
• network intrusion detection
• host-based agent monitoring and collection. 

All of these features combined create a compelling "one-stop" package for a business that needs security monitoring and analytics.

Search performance can be slow. The Raw Logs feature is painfully slow. And if we're talking about the newer, the Anywhere product, you can't even schedule reports on it. There are probably a dozen other features I'd really like to see there, but that would be one of the biggies.

Also, there is no visibility into the NIDS or HIDS agent configurations and no easy way to augment them. The same is true for vulnerability scanning, it's all or nothing; there are no fine-grain controls as there was in their older product. There is a lack of "real" visibility into the correlation rules, and the inability to create our own sophisticated rules (only very simple ones) is a big miss.

We've had some stability problems, not a lot, but a few. Updates seem to be the worst. That seems to be when the stability problems come up.

Sensors occasionally go down during updates and don't recover. Some maintenance cycles on the cloud controller have left the system in a weird state. In addition, there are times when the product seems very slow to respond. This may be related to back-end maintenance that we are not aware of.

It scales reasonably well. There is a scalability plan for it. There is a way to add additional collection components, what they call Sensors, and then scale up the central platform. At this point, I don't believe it will scale to the very high-end. It is not a large, global enterprise-type product. It's more of a small-enterprise-and-below product.

Their support has been good. I've always had good interactions with them.

We've used a lot of solutions. I've used, run, and supported a lot of different solutions over the years. There were two primary reasons for switching to AlienVault. One was price, and the other was the feature bundle that I was talking about earlier.

We chose this particular product for many other reasons. As a Professional Services provider, a service provider, MSSP, and a reseller, we're not using it the way most end-users would go out and shop around and look for something. A big part of our decision in selecting this product was the fact that we were able to establish that relationship with AlienVault as a company, as a business to business relationship, to be a reseller, to be an MSSP, to be all of those things.

The setup is pretty simple. The documentation is good. I've been setting up platforms like this for years, so it's not hard for me. For someone who is new to the product and hasn't used this type of product before, they'll have a little bit of a challenge, but it's not too bad. The system is pretty easy to install and, if you follow the documentation, it's pretty easy to configure.

Some cloud integration steps, like G Suite, were more complicated and prone to error.

Calculating ROI on security products is a funny endeavor, in my experience. It's not a hard science and it's not something you can easily throw a lot of numbers at. It's mostly guesswork.

The pricing is a good value and makes sense.

The key thing is that for the new product, the licensing of it is subscription-based and it's based on data. Clients need to be really careful when thinking about that, because odds are they're going to need to put a lot more data into it than what they initially estimate, which is going to drive their subscription costs up.

I do have concerns that if a payment is delayed or if there is any dispute about billing, that all of our data is held in the cloud and could be lost.

Overall, the automation features of this solution are good. The issue here is that there are really two solutions. There's the AlienVault Appliance product and then there's the AlienVault Anywhere product. The Appliance product, which is the older product, has a lot more customization and automation capabilities because it's very extensible. The newer product, the Anywhere product, is still very limited. We're very dependent on AlienVault to build in any kind of connections or integration.

If you are a mostly-cloud environment this is a good fit. If you have very few other security controls outside of a firewall this is a good step forward. But if you have a solid security program you may find this product lacking in a few areas. And most importantly, be very careful about subscription size and licensing.

It's part of our PCI compliance.

We didn't have any system before, so everything has been an improvement.

Log-monitoring and alerting, so we can find out when things happen that we need to know about.

I have not encountered any issues with stability.

There have not been any issues with scalability.

I would rate their technical support at nine out of 10.

The initial setup was straightforward. 

I don't think the product's pricing is a good value because they try to raise the price 50 percent every year. If they do that again I won't be a customer, going forward. Their sales team is way too aggressive. The price they advertise is not always the price you get.

In terms of licensing, AlienVault needs to understand that not all customers are huge enterprises. They don't seem to understand that.

It was three years ago so I don't remember offhand. But AlienVault was one of two or three that I looked at.

In terms of the product itself, it depends on what features you're looking for. We just use it for PCI compliance and it works for us. You need to do your own evaluation.

I would give the product an eight out of 10. The reason it's an eight is that it seems to have bugs from time to time that go unfixed for a while and that is frustrating. I'm not saying the product needs to be bug-free, but they need to be responsive to bugs.

Our primary use of AlienVault is as a SIEM tool.

This product has streamlined productivity by having all the information in one place. It has really helped eliminate a lot of manual work because its automation is pretty robust and important. It puts everything in one place for me.

It is also helping us get HITRUST certified, which is a certification we need for New York State. So this tool is a requirement, and it's going to help us stand out with New York State.

It's hard to pick just one valuable feature for this product. I like everything the product has to offer. The dashboards are very descriptive and contain just the right amount of information. The activity alarms and events contain a plethora of data that is very descriptive and useful. 

Vulnerability scans, IDS  scans, asset scans. It's pretty much the whole USM Anywhere tool. Everything in here is pretty important. It gives you all the vulnerabilities of your assets. It goes through and it actually shows you the software on there, if it's missing patches, the operating system.

Overall, I find that this product is amazing.

Honestly, the product itself is great. The only room for improvement I can mention is the initial installation procedures. I found that the online installation instructions for the product were missing important details, they lacked necessary steps. The product itself is fine.

I encountered some stability issues only because of a lack of knowledge regarding my network equipment and because AlienVault support was also not familiar with it. As long as you follow the recommendations for system requirements, there shouldn't be any issues.

No issues with scalability. We're only a company of 50 people, so I haven't had any issues whatsoever yet.

Technical support is very helpful. They know their product. The one person I used was very responsive. He actually called me, checked in with me, to make sure the issue we did once have was fixed, and that I was satisfied. I really appreciated his perseverance.

It would help if they knew more about different network hardware. I realize that there are so many different types that it is next to impossible to know all network equipment and its compatibility with their product.

The initial setup procedures were definitely missing some key steps. They need to keep in mind that not everyone is an expert on network equipment and perhaps be more descriptive and provide more details. That would have been helpful. 

I think they look at it as if you're a very knowledgeable person. I hate saying the word "dumb," but they need to dumb it down a little bit and think about all the types of people they need to hit, not just the people who have been doing networking for 20 years. They need to keep in mind that there are people who are just out of college or who are not as
knowledgeable. They need to keep in mind that all walks of life need to be considered.

I just hope that AlienVault realizes that they need their instructions to be a little bit more detailed and descriptive. Through the troubleshooting I did with them, they realized that there were issues, and they put in a request to update their instructions.

So far, I feel the product's pricing is a good value. The technology is decent. You get what you pay for. I think it's fair.

I did look at other options but I don't recall which ones. We were vetting for a while, but this one came highly recommended by a company we use locally for pen and vulnerability testing. They recommended AlienVault because they've seen it used in the area and they liked it a lot. We vetted it and said, "The heck with it. We're going with them."

It is a great product. Just get it.

As a product-agnostic Managed Security Services Provider (MSSP), AlienVault USM is one of several SIEM solutions we utilize in our Security Operation Center (SOC). We deploy, manage, and monitor the solution for other clients, and we use it for ourselves. As do most SIEMs, AlienVault allows us a central location to monitor the cybersecurity of an IT environment. It's impossible to avoid 100% of attacks, so after setting up defenses, the next best thing is to have 24/7 eyes-on-glass to be able to quickly respond to incidents as they happen. 

As stated before, the solution allows us to continuously detect cybersecurity incidents that may occur throughout our environment.

AlienVault USM Anywhere has a modern, user-friendly, and intuitive GUI, making it easy to use. It is a cloud-based solution that is easy to deploy and easy to scale as well. On top of having built-in support with several technologies, AlienVault USM Anywhere has an API that allows you to develop additional plugins if necessary.

Although they use machine learning, the algorithms that they use are graph-based. Their AI/ML capabilities could be improved a bit.

The solution is very stable.

It's a cloud-based solution so it's easy to scale.

In our experience, AlienVault has good customer service. 

I did use other solutions with different clients, and we do so now. We find AlienVault to have the best price to performance value. There are better solutions, but the price is reflected. 

It's straightforward and relatively easy for someone who is tech-oriented.

In-house.

It's difficult to judge the ROI on cybersecurity, but just look at the news to see the cost of breaches and how detrimental they could be.

As stated before, I believe this is the best SIEM solution for its value, especially for SMB.

Yes, I myself have had experience with IBM QRadar, Splunk Enterprise, and Logrhythm, but my company has experience with several others. 

We use AWS for our application platform and wanted a SIEM that was easy to deploy as a service and that had functionality and integrations focused on AWS. We found AlienVault was the best on price vs features and the team at AlienVault worked hard to make sure we were happy during our on-boarding. Features are rolled out fast and issues addressed quickly. The integration of OTX out-of-box and at no additional cost was a real selling point and the AWS features made it a clear winner.

AlienVault USM Anywhere provides us with SIEM, at a low price-point and with a great array of functionality. SIEM is critical to our security operations and feeds incident response efforts and USM Anywhere enables us to filter the noise and concentrate the efforts of our small team on the real issues and threats.

AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the Cloud) is quick and easy. With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon Cloudwatch Logs. Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response. USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice.

We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.  

No major issues and problems are rectified quickly.  

Scales well, no on-prem requirement other than 1 sensor per network and these are cost-effective. AlienVault handles the performance and scalability for you for the backend.

Technical support and very quick to respond and follow up well on issues.

Very simple; follow a walk-through to deploy sensors and the back-end is provisioned for you by AlienVault.

In-house deployment; simple to setup.

Cost is very competitive and if your log ingestion is not huge, then you can get a SIEM for a small budget; AlienVault listen well to customers and work with you on the needs of your business.

Alert Logic, Cloud Passage and Event Tracker.

Efficiency Of Security Team: Yes, a team of 2 managing a reasonable sized network has been achieved.

Events Per Day: 700,000

I use AlienVault to comply with PCI DSS requirements. For on-premises, I am using the AlienVault USM All-In-One 150A Virtual Appliance.

AlienVault has helped us in improving our visualization and incident response during cybersecurity situations.

I have also used it in a project to comply with PCI DSS requirements.

I have found the host-based intrusion detection system (HIDS) extremely useful, as it

• Allows me to identify possible threats and vulnerabilities.
• Allows anyone with little knowledge of a cybersecurity devise to work with a high level threat discovery solution.

• They should improve the reporting capabilities. 
• Different functions to customize reports should be added. 
• Export features should not be limited to spreadsheets (.XLS) only.