USM Anywhere Reviews

We use it for the intrusion protection on our firewall. It's monitoring all our incoming traffic from the outside world through a firewall.

Previous to this, we really didn't have any protection, any intrusion system in place. It's made me more comfortable, since I'm in charge of IT for this company. I sleep better at night.

Using the solution, we have been able to look for critical vulnerabilities in our network. Thankfully, we haven't found any. It takes just a couple of hours.

The most valuable feature is what it can block, what it can prevent from coming in.

The only that I can think of is that is not ideal is sending Windows Server logs to their device, to the system. That has to be done on each server. I don't know if they have changed that.

It's a stable solution.

It's very scalable.

Tech support is very good. They usually respond very quickly.

This is the first solution of its kind for us.

The initial setup was pretty straightforward. The deployment took about a day. In terms of our implementation strategy, we have the cloud version. You create a VM in your system, it communicates with the cloud, and then you just log in through the cloud.

It's very reasonably priced. It was one of the lowest among the ones I looked at. Licensing is pretty flexible. They can do a two-year or a three-year, even a one-year, perhaps.

I looked at two others but I don't remember their names.

Compare it to the other vendors in the field, some of the top vendors. Make sure it fits your needs. It's more for a mid-sized company or a small company, not a large enterprise.

Regarding using it for discovering assets in our network which do not belong, our network isn't that big so we really don't use it for that. We also don't use the solution for compliance with regulations.

When it comes to staff using the solution, at the moment it is me and a monitoring service. We're the only ones who log into the solution. As for deployment, one person could probably do it because they help you deploy it. I did the deployment myself, with AlienVault. For maintenance, if you have a monitoring service that's fine, but if you're doing it yourself, you probably need somebody monitoring the log. When there's an incident, you probably need one or two other people.

I would rate it a nine out of ten. It does what we need and it's reliable.

This has helped improve our overall IT security by allowing us to implement a full suite of security tools that allows us to roll out log management on clients and servers, host-based IDS, and network-based IDS. It also provides vulnerability scanning; however, we use a separate product for that.

The best feature of this product is the ease of use. It is extremely easy to set up and get going. This is a very useful tool for a small organization.

I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job.

We have not encountered any stability issues.

We have not encountered any scalability issues; the product scales very easy.

Customer Service:

I would rate customer service an 8/10. I've received calls from customer service a few times a month and it gets a little overbearing, especially when you are busy, as IT professionals are.

Technical Support:

I would rate technical support a 9/10.

This was our first solution for HIDS, NIDS, and log management.

The initial setup was straightforward. I simply followed the steps in the setup wizard and the steps provided by technical support, and I had a trial version (later converted to paid version with additional steps) set up in about an hour or less.

This was set up in-house.

It is really hard to put a number on ROI but I will say that AlienVault has allowed us to close the gap on security alert timing and we can respond to incidents in a much more timely fashion which, to me, is much more valuable than a number.

AlienVault is flexible on their pricing for unlimited licenses.

We evaluated Splunk as well. AlienVault was a much cheaper solution and required less time to be rolled out. Splunk is a much more difficult product to work with and almost requires a dedicated employee to manage.

I highly recommend AlienVault USM for anybody that is seeking a SIEM solution that is easy to implement and easy to manage. It works very well for small- and medium-size businesses.

General use cases would be for patch management and vulnerability management. The devices that are on the network may need patching if they're outdated. For any device or node that has entered the network and may be considered a threat, the HTTPS ports and different nodes need to be monitored for incoming and outgoing traffic. We could put in security rules for monitoring the actual devices down to the USP level, and we can also get the vulnerability information from OSX, and then provide that information to the IT teams.

In terms of the version, usually, when the updates come, the updates need to be aggregated to the customer, but at this moment in time, I am yet to secure a customer in that space due to the current COVID crisis in the country, across the Pacific, and globally.

In terms of deployment, the endpoints are on-premise, but it would be cloud-based in terms of the platform. So, it could be both depending on the customer. They would either have cloud or hybrid.

In terms of monitoring, my best feature would be the monitoring of components across the network. It monitors the respective nodes and any new node that comes onto the network and provides reports. The reporting dashboards are really helpful for management in terms of making decisions around patch management.

It is an all-in-one package. In terms of the selling points, to the best of my knowledge, it has eight different selling points or eight features, and they're all interlinked, which most of the infrastructure setups here do not have. They have separate systems for monitoring the networks. So, USM can cater based on those eight capabilities.

I've been using it just for my own personal upskilling in terms of how the product works. At the moment, it is pretty straightforward and simple, and it is working how it is supposed to. The feedback would come once it is deployed to customer sites. They'll be using it on a more frequent basis, and that's when the feedback would come in terms of the areas in which they're facing issues or are looking for simplicity.

I have been using this solution for the last eight to 10 months.

So far, I haven't seen any patches or updates from the partner or the OTX site to show any issues in terms of stability. Based on the frequency of the updates, at the moment, it seems stable.

It is easy to scale. It comes with all features, as opposed to separate individual modules. To my knowledge, you can scale it for your organization as and when there is a requirement or the organization grows. So, in terms of scalability, there is no problem. After you get it up and running, as the organization grows, the engines will be able to pick up that information.

It is really good for medium and large companies, but it can also be used for small organizations. Instead of deploying it to a small organization, you could provide a service where it is not on the customer site, and you basically link into your nodes for small customers. So, you install it for medium and large customers, and for small customers, you install it on your premise, and then you sell the individual features that they may request.

I have not been in touch with their technical support. I deal with the technical account manager. When I read up the information and there is something that I'm not sure about, I check my resources and see what's available online. If none of the available resources are helpful, I reach out to my account manager who then puts me in touch with the technical team. I presume that if we encounter any issues in deployment, it would be based on a customer's demography or the setup.

If you're not familiar with it from a tech perspective, it might be confusing for you, but from what I've seen and based on my experience, it is pretty simple and straightforward.

The user guides are also very helpful if you hit any roadblocks. It is very straightforward in terms of the instructions to set it up, but you should have minimum tech experience in understanding the documentation, which is fair enough and good because you don't want it to be too simple to set up that companies would say, "Well, we don't need IT if anybody can do this." So, you'd need some technical background to at least understand the documentation or the user guide.

I've only installed it for myself. It took a short amount of time to get it up and running. The deployment duration would depend on a customer's infrastructure size and the number of nodes that a customer has. It will also depend on the data collection that the agents or the engines need to do to protect the information and then put it in its database.

Its price is in the medium to upper range.

I would definitely recommend this solution, but I would also do a pre-assessment of the organizational setup and infrastructure. I'm a reseller, and it is obviously my top priority that we sell the product

If you look at the Gartner Magic Quadrants, you will see AlienVault is up there in the upper right quadrant, which makes it one of the top recommended solutions. That is the reason for my partnership with AT&T Cybersecurity for the product.

I would rate AT&T AlienVault USM a nine out of 10. No solution is 100% perfect.

We have used AlienVault for our security monitoring for threat protection and compliance management. We've seen an improvement against malware and viruses. It has definitely eased our concerns so we can focus on other things.

AlienVault is very user-friendly. We've had a great experience with asset discovery, compliance reporting, endpoint detection and response. Our team uses the network infrastructure monitoring as well.

• In my experience, I've found the vulnerability assessment very valuable because it identifies vulnerabilities and AWS configuration issues, so we are less likely to have potential risks. 
• The compliance reporting is also valuable for reporting purposes.
  

The only recommended changes I can think of is to have the ability to filter logs. Also, being able to navigate the dashboard. That seems to have been quite a challenge.

There are multiple functions of this product, the stability and availability are awesome.

The scalability of this solution is exceptional. I believe it's very reliable and dependable.

I'm not familiar with what was used prior to AlienVault nor the reason the switch was made.  I'm just very pleased.

Yes, our team did not have any issues with the initial setup of AlienValut and its functions.

In-house.

The return on investment is great. I feel this product is well worth the price for all the functions and performance it can provide.

I advise others on the pricing and licensing. I research to find the best pricing for the value of the products as well as register all licensing.

No, our tech department did the evaluating of all the options and chose AlienVault.

AlienVault is an amazing product that I would highly recommend.

We use the appliance in a few of ways: monitoring network behaviour, asset discovery, and running vulnerability scans. We can monitor the availability of servers and any particular software. As we have to service several servers, we can manage them in a economical way, which is beneficial to our team and business.

We have been able to ensure the health of our servers. We can also use vulnerability scans to ensure our system is as good as it could be.

Any unusual behaviour, we can monitor. We have alerts set up to be sent when we receive signs of any unusual behaviour. The ranking can be modified to allow us to apply a standard rule and also be customized, which suits our business needs.

I have used the asset discovery and the vulnerability scans the most. As a system administrator, it is important that we are prepared for any eventualities. I also like how you can use the hardware “out-of-the-box”, or using logs you can actually customise the performance to fit your environment and needs.

For creating new rules, you have to be familiar with regular expressions. I feel there could be something built-in to make sure that process is easier.

No stability issues.

No scalability issues.

We did not have any sustainable solution, previously.

Use the AlienVault team. They are helpful and the documentation that they provide is second to none.

We checked out several competitors. For what it can do and the cost, it was the best SIEM tool!

It has allowed us to centralize our logging. We had used previous products and found AlienVault centralized the logging for our security. Additionally, we are better able to meet our compliance needs.

We use several features extensively. Logging, vulnerability scanning, file integrity monitoring, and threat information.

I would like to see some better ways to report on the information. There are many reports included but would be nice to have better access to the data. Customizations are possible but don't always allow us to report on what we need.

We have a new remote sensor sending a large amount of data. We have seen some slowness but the sensor is new and we tracked down the slowness to network connectivity. The server has handled all we could throw at it.

Working well with everything we have sent to it.

Customer Service:

I have enjoyed working with the client support folks. I have had really good experiences with them even having them help with plugins when they weren't working.

Technical Support:

Very good.

ManageEngine Event Log Analyzer

The wizard setup was great and helped deployment go well.

Received training and did in-house. Also had some follow-up consulting that helped to do a health check on the system that was very valuable. Consultants did a great job of helping us become more comfortable.

Not measured.

Look at other products and AlienVault will have you coming back as it did us.

Yes, many other vendors - its been a while so I don't remember them all.

No, good solid product

AlienVault's "Overview" dashboard makes it very easy to see everything going on in your network that needs your immediate attention. You can easily customize the dashboard to you or your company's needs.

I now have the ability to report all vulnerabilities and threats hitting our network to upper management in an easy-to-understand format.

Offer solutions based on a PoC (Proof of Concept) to fit each company's specific needs, rather than letting the company guess or piece together the solution they need.

I have used it for six months.

We have not encountered any deployment issues; the setup was very easy and support was by my side to assist me with any issues that arose.

We have encountered stability issues; we have a high volume of logs passing through our SIEM and the default configuration couldn't handle all the data. Working with support, we were able to remediate all the crashes we were having.

We have encountered scalability issues. We had to keep changing our configuration or updating our storage capabilities as we added more logs.

Customer service is 8/10.

Technical support is 9/10. Engineers are very knowledgeable about their product!

We did not previously use a different solution.

The setup was very straightforward. AlienVault provides simple, step-by-step instructions for each of their products!

As a single Analyst, I was able to implement this product very easily.

At this time, it is too early to tell ROI.

Know your capabilities and storage needs before negotiating a price! Make sure you ask about log storage options before purchase.

Before choosing, we evaluated other options. We were looking at Splunk and Rapid7.

AlienVault has brought more awareness to the activity on our network. Security risks are identified and addressed to reduce any possible security breach.

Alarms dashboard shows immediately any threats that may need further investigation. The vulnerability scanning is helpful to identify the areas that need patching or fixes installed.

The vulnerability reporting needs to have options to be able to sort or customize the output. It is helpful to look at the vulnerability and how many hosts have it, in addition to being able to look at an individual host to see what vulnerabilities it has.

We did not encounter any stability issues. AlienVault seems to be pretty solid and we have not had any issues with it being unavailable.

We have not encountered any scalability issues. We have a fairly simple deployment with only one sensor, so it was straightforward.

Customer Service:

Customer service is very good.

Technical Support:

Technical support is very good. They have always been prompt to address an issue and stuck with it until resolution.

We did not previously use a different solution.

Initial setup was very straightforward; few configuration settings and it was pulling in logs.

An in-house team implemented it.

ROI is a difficult one to measure for this. It helps us cover a compliance need as well as provides us a means to be aware of any possible threats and vulnerabilities.

Pricing is very competitive with other products and you get much more functionality from AlienVault. The vulnerability scanning and threat intelligence offers additional tools that others don't have.

We looked at a couple of other products before choosing AlienVault. We looked at LogRhythm and EventTracker.

If you take the training virtually, make sure you can dedicate the week with uninterrupted time. The training is quite in-depth and you want to have your undivided attention on it.