USM Anywhere Reviews, Competitors and Pricing

Francis Silva

Coordinator de Servicios Â at MAINT

May 3, 2022

Download

Easy to use and intuitive platform against security threats, with a feature for adding apps

Pros and Cons

"Easy to use, scalable, stable, and very intuitive platform that provides protection against security threats."

"Adding a parsing interface for the customers would make AT&T AlienVault USM better."

What is our primary use case?

We have customers from the retail, industrial, strategic resource, and OT infrastructure sectors who are using AT&T AlienVault USM. The solution has several use cases.

What is most valuable?

I like that AT&T AlienVault USM is deployed on cloud, because the previous solution, the all-in-one solution wasn't, so we had a lot of problems with the all-in-one solution. Either the database was corrupted, or there was a large delay in the appliance. With AT&T AlienVault USM being on cloud, all of those problems disappeared.

Another feature I like about the solution is the ability to add apps. It's a really good feature.

AT&T AlienVault USM is a very intuitive tool, especially for analysts. It's easy to use.

What needs improvement?

An improvement for AT&T AlienVault USM is the option for us to build the connectors ourselves, for us to do the parsing ourselves, because those options disappeared with the version of the solution that we're currently using. I know I can talk to the vendor to ask for a new parsing option for the application, for any new platform, but I understand that it can take several months. Adding a parsing interface for the customers would be good.

What do I think about the stability of the solution?

AT&T AlienVault USM is a stable solution.

Buyer's Guide

USM Anywhere

December 2024

Free Report: USM Anywhere Reviews and More

Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.

DOWNLOAD NOW

831,265 professionals have used our research since 2012.

What do I think about the scalability of the solution?

AT&T AlienVault USM is a scalable solution, especially because we have the option to use more sensors, and we have an average scale of log space for log rotation.

How are customer service and support?

We don't deal with the support team for AT&T AlienVault USM, in terms of big issues, but in terms of them answering a question, or giving information about design specs, their response is good. Their response is correct, so we have no problem with the support for this solution.

From one to five, where one is bad and five is good, I'm rating their support a four.

How was the initial setup?

The initial setup for AT&T AlienVault USM was easy.

Which other solutions did I evaluate?

We evaluated another product: AlienVault OSSIM, but only for testing, we did not suggest it to our customers.

What other advice do I have?

We are using AT&T AlienVault USM. It's our main SIEM solution. We've been a partner of AT&T for four to five years. We still have a customer using the all-in-one solution, but now we are mainly promoting AlienVault USM Anywhere.

I know that the solution is undergoing changes to become even more useful, so we have no problems with it. There's no problem, even in terms of integration.

We use three people for the deployment and maintenance of the solution. One person is in charge of designing and implementing. Another person supports the implementation and the requirements of the customer. The third person does the monitoring exclusively. We provide our customers with the services of a security operations center.

I'm recommending AT&T AlienVault USM to others and I'm rating AT&T AlienVault USM eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

BAMALICK CISS

Manager at WASHI

Jan 10, 2021

Download

A stable, user-friendly security solution with a reasonable price tag and easy deployment

Pros and Cons

"The solution is stable."

"The dashboard could be improved as well as the level of customization."

What is our primary use case?

The primary use case of this solution is for security.

What needs improvement?

The solution is very user-friendly, but the dashboard could be improved as well as the level of customization.

For how long have I used the solution?

I have been using the solution for one year.

What do I think about the stability of the solution?

The solution is stable.

How was the initial setup?

The deployment of this solution is easy, but you need some level of understanding.

What's my experience with pricing, setup cost, and licensing?

The price of this solution is reasonable, which is one of the reasons why we selected it over other solutions.

What other advice do I have?

I would recommend this solution to other users.

Which deployment model are you using for this solution?

On-premises

Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide

USM Anywhere

December 2024

Free Report: USM Anywhere Reviews and More

Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.

DOWNLOAD NOW

831,265 professionals have used our research since 2012.

it_user673095

Delivery Manager at a tech services company with 11-50 employees

Jun 2, 2017

Download

Provides vulnerability scanning and OTX for threat intelligence.

What is most valuable?

Vulnerability scanning
Cross co-relation
Reports in a grouped manner
OTX for threat intelligence

How has it helped my organization?

It helps to monitor the entire office in in a single point.

What needs improvement?

The report section needs to be improved. Most of the correlation rules are based on the NIDS event, which needs to be improved. In other words, we have to use the device logs also.

For how long have I used the solution?

We have been using this solution for almost two years.

What was my experience with deployment of the solution?

I did not encounter any issues with deployment.

What do I think about the stability of the solution?

I did not encounter any issues with scalability.

What do I think about the scalability of the solution?

I did not encounter any issues with scalability.

How are customer service and technical support?

Customer Service:

Customer service is available 8 to 5 EDT. In emergency cases, it is difficult to reach them. Response-wise, it is good. I would give customer service a rating of 7/10.

Technical Support:

I would give technical support a rating of 7/10.

Which solution did I use previously and why did I switch?

We did not use a previous solution.

How was the initial setup?

The setup was very straightforward.

What about the implementation team?

We did it in-house.

What was our ROI?

N/A/

What's my experience with pricing, setup cost, and licensing?

I feel that the license cost was a bit high, but compared to others, it is less. For mid-range companies, they feel that the cost is high, but that it is worth it.

Which other solutions did I evaluate?

We did not evaluation any other options.

What other advice do I have?

I do not have any additional comments.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

Tami AndrewsSr. Customer Programs Manager at AlienVault

Report as inappropriate

Jun 2, 2017

Paruvathakumar - thanks so much for your time & comments.

Vinod Shankar

Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees

Feb 24, 2015

Cost effective, quick and easy SIEM solution which still needs to be improved to better compete with other solutions.

At Infosecnirvana, we did a post on SIEM Comparison – 101 and a lot of readers were interested in evaluating AlienVault SIEM and how it stacks up against the usual suspects like ArcSight, QRadar, McAfee Nitro, Splunk etc. Well, we listened and this post is about our take on AlienVault SIEM, its strengths, weakness and many more.

Introduction:

AlienVault is the enterprise avatar of Open Source SIM (OSSIM). AlienVault has a number of software components, which when put together provides what is now called a Unified Security Management tool or USM in short. The components are:

Arpwatch, used for MAC address anomaly detection.
P0f, used for passive OS detection and OS change analysis.
PADS – Passive Asset Detection System, used for service anomaly detection.
OpenVAS, used for vulnerability assessment and for cross correlation of (Intrusion detection system (IDS) alerts vs. Vulnerability Scanner) information.
Snort, or Suricata used as an Intrusion detection system (IDS), and also used for cross correlation with Nessus.
Tcptrack, used for session data information which can grant useful information for attack correlation.
Ntop, for recording traffic patterns between hosts and host groups, and statistics on protocol usage. .
Nagios, used to monitor host and service availability information based on a host asset database.
OSSEC, a Host-based intrusion detection system (HIDS).
Munin, for traffic analysis and service watchdogging.
NFSen/NFDump, used to collect and analyze NetFlow information.
FProbe, used to generate NetFlow data from captured traffic.
AlienVault also includes lot of proprietary tools, the most important being a powerful correlation engine.

The combinations of all these tools have been seamlessly put together in AlienVault USM and is really a winner in the SME segment of the market. They have a nice feature set, and with the entire re-organization, additional funding, infusing new leadership etc. had made AlienVault a serious contender in the SIEM space. They are the sole contender in the Visionaries Quadrant in the 2014 Gartner Report. In short, it is like the UTM of SIEM technology. Now, is that good? Or is that bad?

Lets see!!!

What is good?

Flexible Deployment Architecture – This is where the Open Source roots really start to flex their muscles when it comes to AV USM. The 3 main components of the Architecture are as follows:
1. AV Sensor – AV Sensors perform Asset Discovery,
  Vulnerability Assessment, Threat Detection, and Behavioral Monitoring in addition to receiving raw data from event
  logs and helping in monitoring network traffic (including Flow). The sensors also perform Normalization of the received raw events and communicates them to the AV Server for correlation and reporting.
2. AV Server – AV Server is the Central management console that provides USM capabilities under a single GUI. The Server receives normalized data from the sensors, correlates and prioritizes the events and generates Security Alerts or Alarms. The server also provide a variety of reporting and dash-boarding capabilities as well.
3. AV Logger – AV Logger provides the capability to archive log files for purposes of forensic analysis and to meet compliance requirements for long term retention and management.

All the architecture components including the Sensor, the Logger, the Correlation Engine etc, can be deployed tier based, isolated or in a consolidated All-in-One style. This wide variety of deployment options help customers to have flexible and open architectures. This also in a way helps control cost depending on the budget at hand. Very rarely can products boast of such flexibility.

A Jack of All… - The best thing about AlienVault USM is being a “Jack of All” solution. They provide SIEM, HIDS/NIDS, FIM, NetFlow, Asset management, Vulnerability Management etc. under one USM platform. None of the commercial SIEM vendors like ArcSight, McAfee, etc. can boast of such diverse feature set. QRadar in my opinion is the closest to AV USM in terms of feature diversity. While all the features are formerly isolated Open Source community projects, the USM does a good job of integrating them in to a feature set. While they are not great as individual parts, they more than make up as a sum of the parts.

OTX - Open Threat Exchange is a wonderful community sharing platform that helps clients to share IP and URL reputation information so that all AV customers can benefit. This is true community sharing modeled on the likes of the Splunk Community (for app development). This has the potential to grow into a large source of Real World Intelligence and what AlienVault intends to do with this data remains to be seen. For now, it is being used by USM Correlation engine to provide better context and content for Security monitoring. AlienVault Labs, is also utilizing this infrastructure to constantly update Detection rules for malware vectors, vulnerability exploits etc. QRadar and ArcSight provide Intelligence, but it is commercial intelligence and not community intelligence. With community intelligence, you get more hits than misses.

Multi-Tenancy – While this feature may not elucidate an interest from many readers, those who have worked in an MSSP environment can understand why this is a very important feature to have. AV USM does support Multi-Tenancy out of the box. This, when combined with the Architecture flexibility provide great MSSP models to sell and operate. The key is to understand how the multi-tenancy works. Basically, a single database is used to store data of several customers using a Data isolation Logic and Permission control. The data isolation logic is based on Entities created in USM (Assets, Users, Components Assigned (Sensors) etc. are grouped together as a Single Entity) and Permissions (applied in a granular fashion to data sets related to the Entities). QRadar, ArcSight and other major SIEM products provide this as well.

Price: One of the areas where AV USM benefits is Price. They are affordable while offering a whole lot of SIEM features. Mostly, this turns out to be the deciding factor for Small and Medium Enterprise segments. QRadar, ArcSight and Splunk are some of the most expensive SIEM products out there in the market and not everyone has the budge to buy them. In such cases, AV USM is a very cost effective alternative.

Customization: Again, this is one point where AlienVault outshines the competition in capability of customization. We have seen several customers who are using AV USM with heavy customization to perform threat detection, Asset Discovery, Threat scoring, APT detection etc. This flexibility is really desired by Security analysts and AV USM is making good on this promise.

What is bad?

But King of None… – As mentioned in the good, being a jack of all is well suited for certain organizations, but without a mature functionality and expertise in any of those areas is a strong negative. For example, the correlation engine is no where close to the likes of ArcSight , QRadar or Splunk etc. The threat Intelligence is not as good as QRadar, McAfee, RSA etc. And so on and so forth. So when it comes to critical functionality expertise, AV USM is found lacking.
Database: – AV USM is using MySQL for its database. All the issues related to a structured DB for log collection, storage and management come to haunt AV USM as well. All SIEM logs are stored in the MySQL database and this causes an issue in terms of scalability, especially with High log volume environments because backup and restore is time and CPU/RAM consuming. USM can hugely benefit from moving to a Non-DB Log storage architecture, thereby giving more flexibility in data management, but will AV take that route is doubtful. Based on their product direction, they are looking at Percona Server to replace MySQL. While it is a good move, it is still customized MySQL replacement, and may not add much desired scale to the product.
Product Stability: - The biggest issue, we have seen with the product is its poor stability. With way too many components, myriad integration, a ton of scripts, the product is really unstable. Every version upgrade is a nightmare. Re-installation or Re-start is the most common solution for the product to start working again. In a mission critical environment, this is a complete NO-NO. One of the most common and frequently failing component is the DB. Issues like DB corruptions, Access issues, disk errors, unresponsive queries etc. really test the patience of end users on a regular basis. This in our opinion is the most damning negatives about AV USM.
Integration: - While AV USM is known for being customization friendly, the amount of Out-of-the-box plugins for Log Monitoring and Correlation is limited to the well known products. It does not have comprehensive integration capabilities with say legacy applications, Directory services, databases etc that other SIEM vendors boast of. Similarly, it relies mostly on its own “pre-packaged” tools for data enrichment and hence has poor “Third Party” Integration capabilities. However, if you really are a developer of open source products, the integration challenge can be overcome. But how many are willing in the real world enterprise?
Correlation & Workflow: – What good is a SIEM product if it cannot perform advanced Correlation and Operational workflow? AV USM has a strong foundation in Correlation using XML driven Directives and Alarms thresholds. However, when it comes Head-to-Head with the Industry leaders like ArcSight, QRadar, Splunk etc. it falls terribly short. We particularly like the Cyber Kill Chain flow which a lot of customers are using for complete visibility, but this is not the end game in real world enterprise operations where not always all the data points required for the directive is available. Same thing goes for the workflow, where the integration with external ticketing or issue tracking system is very limited and hence acts as a deterrent in large scale deployments.
Technical Support: – One of the common issues we hear about AV support is that it is of inconsistent and poor quality. Most of the times, the solutions rely on re-install or re-start or a bug-fix, because there are way too many components to troubleshoot and this leaves support to resort to re-install or re-start, without thorough root cause analysis.
Product Vision Stagnation: – This may not be much of an issue for potential users of AV USM, however it is important to note that the product has not gone through major leaps in the last 4 years. It had more than 3 major releases and 20+ minor releases, but nothing path breaking has been brought to the market. It has still remained in the “promising products to watch” for way too long. One of the main reasons we think is because of economies of scale. Since they are priced lower and cater to SME segment, the amount of money invested in development is less and hence the result.

Conclusion:

In short, we we would like to conclude saying that AV USM is definitely a great addition to organizations who want cost effective, quick and easy SIEM solutions. However, it still has to go a long way in competing with the big guns out there for it lacks both in firepower as well as range. So what do you think about AlienVault? Feel free to post your comments below.

My review is based on my own experience and opinion after I tested a trial version of the product for a 30-day period.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

Maria Foss

Chief Operating Officer / SR. Project Manager at SCS

Jul 12, 2020

Download

Helpful threat intelligence capability, but the reporting is mediocre

Pros and Cons

"The most valuable feature is threat intelligence."

"The reporting is mediocre and is something that needs to be improved."

What is our primary use case?

We are a managed security service provider and we offer AlienVault USM to our clients. We use it to monitoring their environments and to maintain their logs.

What is most valuable?

The most valuable feature is threat intelligence. Their community is a very helpful tool and I think it's one of the values of AlienVault.

What needs improvement?

They set aside a lot of the functionality from the on-premises version that we found very helpful in managing tickets. As it is now, the cloud-based deployment is lacking these useful features.

The reporting is mediocre and is something that needs to be improved.

For how long have I used the solution?

I have been using the cloud-based deployment of this solution for about two years.

What do I think about the stability of the solution?

The stability is fine.

What do I think about the scalability of the solution?

Scalability in a cloud solution is tied to costs. With any cloud solution, the more data you have and the larger your company, the higher the price point. I wouldn't say that scaling is easy, but it is standard.

How are customer service and technical support?

Technical support is slow to respond when we put in a ticket. We're a number.

Which solution did I use previously and why did I switch?

We use both the on-premises version and USM Anywhere. The latter is a SaaS solution.

How was the initial setup?

The initial setup is okay. At an additional cost, they offer services to assist with deployment.

What's my experience with pricing, setup cost, and licensing?

Our take on it is that we are paying more for this product because of the AT&T name. We don't necessarily find that we are getting more functionality or quality, given the price point.

The licensing fees are dependent on usage.

Which other solutions did I evaluate?

We are currently evaluating different SIEM solutions. I have found that all of them have issues, whether it is related to functionality or price point. Even the ones that have a high price don't provide everything that you need.

What other advice do I have?

My advice for anybody who is considering this product is to evaluate all of the options that are out there. There is no one, great answer, so you have to figure out what best fits your needs.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

Public Cloud

Disclosure: I am a real user, and this review is based on my own experience and opinions.

reviewer980886

I.T. Manager at a non-profit with 51-200 employees

Dec 30, 2018

Download

We can collect logs, and also actively scan our network for vulnerabilities all from one tool

What is our primary use case?

We use AlienVault to collect all mission-critical logs and to pull data directly from G Suite. It provides our small IT operation with an easy-to-use tool to assess our security operations.

How has it helped my organization?

Before AlienVault, we had no central log collection tool of any kind, let alone security monitoring. AlienVault provides us with a very easy to use, central spot to view log files, and take appropriate action. It allows our small team the ability to take cybersecurity seriously.

What is most valuable?

The fact that AlienVault is several tools in one is most valuable to our small team. We can collect logs, and also actively scan our network for vulnerabilities all from one tool.

What needs improvement?

Long-term I'm genuinely concerned about AT&T's ownership of AlienVault. I have never had a good relationship with AT&T in +15 years, and fear they will destroy this good product.

What do I think about the stability of the solution?

Concerned long-term, due to AT&T.

What do I think about the scalability of the solution?

It is very scalable, just ask them to increase the amount of storage.

How are customer service and technical support?

Tech support has been a bit slow lately, and the level-1 techs do not have all the power they should have.

Which solution did I use previously and why did I switch?

Before AlienVault we had nothing. We learned about AlienVault through a company we contracted to do a full vulnerability assessment. They used AlienVault, so I felt like if it was good enough for them, then we should be using it.

How was the initial setup?

Very simple, just follow their directions step-by-step and you will be fine.

What about the implementation team?

I did the implementation myself. Their documentation made it easy.

What's my experience with pricing, setup cost, and licensing?

I'd push them for pricing. I sense the best time to negotiate with them is in June as the fiscal year ends.

Which other solutions did I evaluate?

We found other tools to be out of reach for our small department, so we did not seriously look at others.

What other advice do I have?

Be careful with AT&T, make sure you are confident the tool will be what you expect throughout the life of your contract. Make sure AT&T isn't going to change anything on you suddenly.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

Tami AndrewsSr. Customer Programs Manager at AlienVault

Report as inappropriate

Jan 3, 2019

thank you for your feedback!

Christian Caldarone

ISO (Information Security Officer) with 10,001+ employees

Dec 12, 2018

Download

Enables managing everything from one place, including vulnerability assessments and asset management

Pros and Cons

"It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts, NIDS, HIDS, etc. - provides a very efficient way of dealing with things."

"The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management."

What is our primary use case?

Our primary use case is Security Information and Event Management, as well as forensic analysis.

How has it helped my organization?

Undoubtedly having all security core technology under one roof, as provided by the all-in-one USM solution from AlienVault, is a big advantage for day-to-day business security operations. From real experience, it has enabled total transparency in terms of security information and events, from day one.

What is most valuable?

It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts - NIDS, HIDS, etc., provides a very efficient way of dealing with things.

Their OTX intel is also great, as one needs to know who is running around threatening the IT infrastructure with a "crowbar."

What needs improvement?

The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The solution is rock solid; never any issues.

What do I think about the scalability of the solution?

We have not experienced any scalability issues, but we also know that you can easily add more sensors, which helps to spread the load.

How are customer service and technical support?

Technical support is always helpful and responsive. They do care about their customers.

Which solution did I use previously and why did I switch?

Our previous solution consisted of building a SIEM based on individual components/modules from the open-source space.

How was the initial setup?

The initial setup is absolutely straightforward. It is up and running in no time. This is definitely one of the unique selling propositions of the solution.

What's my experience with pricing, setup cost, and licensing?

So far, it has been a good solution for a tight budget.

What other advice do I have?

AlienVault is a great fit, especially for smaller organizations, as it will enable you to produce quick results with no need to worry about too many details.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.

Tami AndrewsSr. Customer Programs Manager at AlienVault

Report as inappropriate

Apr 1, 2019

Thanks so much for your time and feedback Christian!

it_user787419

IT Systems Administrator at a financial services firm with 201-500 employees

Dec 14, 2017

Download

It has streamlined log aggregation and analysis to meet organizational and regulatory needs

Pros and Cons

"It has streamlined log aggregation and analysis to meet organizational and regulatory needs."

"Reporting is convoluted and difficult at times, although they claim to have hundreds of pre-built reports, very few of them are actually useful for anything but what the USM is doing."
"Windows log collection works with HIDS, but documentation is sparse and confusing."

What is our primary use case?

The primary use case for AlienVault is Log Management and SIEM functionality with the added benefit of IDS.

How has it helped my organization?

It has streamlined log aggregation and analysis to meet organizational and regulatory needs.

What is most valuable?

The most useful feature is the customization for alarms, alerts, and reports. AlienVault is situated to be adapted and changed to meet many different needs and use cases, but still being effective at most of them.

What needs improvement?

Reporting and Windows log collection is the biggest drawback. Reporting is convoluted and difficult at times, although they claim to have hundreds of pre-built reports, very few of them are actually useful for anything but what the USM is doing. Windows log collection works with HIDS, but documentation is sparse and confusing. You have to trace back to how Windows Event ID ultimately correlates with AlienVault events through HID's IDs.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

Some minor issues here and there with updating/services not working, but AlienVault support is quick and easy to work with and will handle it.

What do I think about the scalability of the solution?

No issues. Make sure you do size appropriately though for the level of logs you want to collect and retain.

How was the initial setup?

Complex in some ways, but AlienVault is pretty easy and will help along the way. Also, taking the training class is very valuable.

What's my experience with pricing, setup cost, and licensing?

Do the one month trial and try to work out the kinks during it, as it has free support and service hours. The staff is great at knowing what to do and what they can do to help.

Which other solutions did I evaluate?

Yes. Our SIEM tool list, from which we were evaluating, included Splunk and LogRhythm.

Disclosure: I am a real user, and this review is based on my own experience and opinions.