We have customers from the retail, industrial, strategic resource, and OT infrastructure sectors who are using AT&T AlienVault USM. The solution has several use cases.
Coordinator de Servicios  at MAINT
Easy to use and intuitive platform against security threats, with a feature for adding apps
Pros and Cons
- "Easy to use, scalable, stable, and very intuitive platform that provides protection against security threats."
- "Adding a parsing interface for the customers would make AT&T AlienVault USM better."
What is our primary use case?
What is most valuable?
I like that AT&T AlienVault USM is deployed on cloud, because the previous solution, the all-in-one solution wasn't, so we had a lot of problems with the all-in-one solution. Either the database was corrupted, or there was a large delay in the appliance. With AT&T AlienVault USM being on cloud, all of those problems disappeared.
Another feature I like about the solution is the ability to add apps. It's a really good feature.
AT&T AlienVault USM is a very intuitive tool, especially for analysts. It's easy to use.
What needs improvement?
An improvement for AT&T AlienVault USM is the option for us to build the connectors ourselves, for us to do the parsing ourselves, because those options disappeared with the version of the solution that we're currently using. I know I can talk to the vendor to ask for a new parsing option for the application, for any new platform, but I understand that it can take several months. Adding a parsing interface for the customers would be good.
What do I think about the stability of the solution?
AT&T AlienVault USM is a stable solution.
Buyer's Guide
USM Anywhere
November 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.
What do I think about the scalability of the solution?
AT&T AlienVault USM is a scalable solution, especially because we have the option to use more sensors, and we have an average scale of log space for log rotation.
How are customer service and support?
We don't deal with the support team for AT&T AlienVault USM, in terms of big issues, but in terms of them answering a question, or giving information about design specs, their response is good. Their response is correct, so we have no problem with the support for this solution.
From one to five, where one is bad and five is good, I'm rating their support a four.
How was the initial setup?
The initial setup for AT&T AlienVault USM was easy.
Which other solutions did I evaluate?
We evaluated another product: AlienVault OSSIM, but only for testing, we did not suggest it to our customers.
What other advice do I have?
We are using AT&T AlienVault USM. It's our main SIEM solution. We've been a partner of AT&T for four to five years. We still have a customer using the all-in-one solution, but now we are mainly promoting AlienVault USM Anywhere.
I know that the solution is undergoing changes to become even more useful, so we have no problems with it. There's no problem, even in terms of integration.
We use three people for the deployment and maintenance of the solution. One person is in charge of designing and implementing. Another person supports the implementation and the requirements of the customer. The third person does the monitoring exclusively. We provide our customers with the services of a security operations center.
I'm recommending AT&T AlienVault USM to others and I'm rating AT&T AlienVault USM eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
I.T. Manager at a non-profit with 51-200 employees
We can collect logs, and also actively scan our network for vulnerabilities all from one tool
What is our primary use case?
We use AlienVault to collect all mission-critical logs and to pull data directly from G Suite. It provides our small IT operation with an easy-to-use tool to assess our security operations.
How has it helped my organization?
Before AlienVault, we had no central log collection tool of any kind, let alone security monitoring. AlienVault provides us with a very easy to use, central spot to view log files, and take appropriate action. It allows our small team the ability to take cybersecurity seriously.
What is most valuable?
The fact that AlienVault is several tools in one is most valuable to our small team. We can collect logs, and also actively scan our network for vulnerabilities all from one tool.
What needs improvement?
Long-term I'm genuinely concerned about AT&T's ownership of AlienVault. I have never had a good relationship with AT&T in +15 years, and fear they will destroy this good product.
What do I think about the stability of the solution?
Concerned long-term, due to AT&T.
What do I think about the scalability of the solution?
It is very scalable, just ask them to increase the amount of storage.
How are customer service and technical support?
Tech support has been a bit slow lately, and the level-1 techs do not have all the power they should have.
Which solution did I use previously and why did I switch?
Before AlienVault we had nothing. We learned about AlienVault through a company we contracted to do a full vulnerability assessment. They used AlienVault, so I felt like if it was good enough for them, then we should be using it.
How was the initial setup?
Very simple, just follow their directions step-by-step and you will be fine.
What about the implementation team?
I did the implementation myself. Their documentation made it easy.
What's my experience with pricing, setup cost, and licensing?
I'd push them for pricing. I sense the best time to negotiate with them is in June as the fiscal year ends.
Which other solutions did I evaluate?
We found other tools to be out of reach for our small department, so we did not seriously look at others.
What other advice do I have?
Be careful with AT&T, make sure you are confident the tool will be what you expect throughout the life of your contract. Make sure AT&T isn't going to change anything on you suddenly.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
USM Anywhere
November 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.
Systems Engineer at a university with 201-500 employees
Some of the valuable features are real-time email alerts, event correlations, and log management.
What is most valuable?
- Real-time email alerts
- Event correlations
- Log management
- System monitoring
- Network monitoring
- Up-time monitoring
- OTX threat intelligence
- Vulnerability scanning reporting
There are too many to list.
How has it helped my organization?
It has given us insight into our network:
- What is on it
- What traffic is on it
- What is happening on our servers
It is one location to view many things.
What needs improvement?
The menu system can be a little confusing, until you use it for a while. Such as at the top right there is a “settings” menu. Which is more of a user profile menu. I would like that to say what it is “My Profile.” Under the “Settings” menu I had rather see true system settings. Such as User Accounts, Configuration Backups/Restore, SMTP server Setting, AD (LDAP) settings, Password Policies, and other true System Settings. There is also a large button at the right called “Configuration.” I would change that to something like “Deployment Settings”. Under this menu I would have settings specifically related to “this deployment of AlienVault”. Such as Plugins, Sensors, Remote Locations, and Services Running on this deployment (with the ability to Enable/Disable these and Start/Stop these). Also here I would have a sub-menu called “System Performance” with metrics (CPU usage, Swap, Ram, database health (with cleanup and compress options), Network Traffic In/Out performance for each NIC, and etc. Currently Threat Intelligence items are also under Configuration. I would make a separate “Threat Intelligence” menu and expand upon it to cover more items. Just my thoughts.
I guess it comes down to my being old school and would like traditional menus. Such as text-style drop-down menus from the top and not the huge big button menus. Like File, Analysis, Environment, Reports, Settings, Deployment Settings, Preferences, help, and etc. The text-type tend to be much more explanatory as to what is in them below. I know a lot of software has gone to the big button/ribbon style menus (MS Office). I assume that is to make things mobile friendly. To me it makes navigation less easy and more confusing and the big buttons take up too much screen real estate that I have rather see for other things such as alarms and real-time system activities.
For how long have I used the solution?
We have been using this solution for just over one year.
What was my experience with deployment of the solution?
There have been no major deployment issues.
What do I think about the stability of the solution?
There have been no major stability issues.
What do I think about the scalability of the solution?
There have been no scalability issues. We recently moved from 150 asset licenses to unlimited and the process was very easy.
How are customer service and technical support?
Customer Service:
Customer support is excellent. Support has been good for simple config issues and for alert questions. They have a great forum base as well as live support.
I would rate technical support as very good.
Which solution did I use previously and why did I switch?
We used hardware based as well as open source solutions before. We still use some of them, but AlienVault allowed us to consolidate a lot of services into one.
How was the initial setup?
The installation was straightforward. We use the VMware base All-In-One USM. It was quite straightforward. It required a little customization, but it was not too difficult to sort through.
What about the implementation team?
It was a joint collaboration.
What was our ROI?
We saw a positive ROI within six months, especially in terms of manpower.
What's my experience with pricing, setup cost, and licensing?
Just give them a call. They can work with you in many ways to help you get what you need.
Which other solutions did I evaluate?
We looked at several options. And we were already using several of them, both paid and open source. AlienVault allowed us to combine several solutions into one.
What other advice do I have?
If you are interested, sign up for some of their webinars, download the free trial or open source versions, and play with it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sr. Networking & EMS Analyst
Provides a good platform to start looking at the traffic on your network.
What is most valuable?
Event monitoring and vulnerability scanning have been a huge benefit to us.
How has it helped my organization?
It provides a good platform to start looking at the traffic on your network.
What needs improvement?
Most of the troubleshooting requires going through the Linux command line and bypassing the GUI. We have a wide variety of users with different technical expertise. For some, any amount of command line troubleshooting scares them away from products.
For how long have I used the solution?
We have been using this solution for a year.
What was my experience with deployment of the solution?
Our deployment was rather unique and is pushing the limitations of the architecture that we chose. Given from what I have learned, if you have large deployments of the separate networks, then do not attempt to use remote sensors on those network segments.
What do I think about the stability of the solution?
Many of the patches typically have some bugs that we end up finding. We ended up implementing a deployment in our lab so as to fully test it internally, before patching.
What do I think about the scalability of the solution?
The system is quite scalable however, it is best to understand the limitations of the different architectures offered.
How are customer service and technical support?
Customer Service:
The customer service is excellent, we have quick and knowledgeable help on all our calls.
Technical Support:The support team is also excellent with very knowledgeable engineers.
Which solution did I use previously and why did I switch?
This was our first solution for this type of security appliance.
How was the initial setup?
The initial setup was straightforward, but adding in more sensors made it a bit more complex.
What about the implementation team?
We had vendor help for the initial setup, however, the additional sensor expansion was in-house.
What was our ROI?
We quickly found some issues after deploying and have used the vulnerability scanner to verify patches are properly applied in the environment.
What's my experience with pricing, setup cost, and licensing?
If you expect to have a significant amount of devices on a sensor, then look at the cost/performance of going to a full server.
Which other solutions did I evaluate?
We evaluated LogRhythm and QRadar.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Group Information Security Officer at a consumer goods company with 1,001-5,000 employees
Before AlientVault we had no visibility of our vulnerabilities without looking up WSUS and matching this against the Windows bulletins.
What is most valuable?
The correlation from the Host Based Intrusion to Network Intrusion against the vulnerabilities in my network.
How has it helped my organization?
We had no visibility of our vulnerabilities without looking up WSUS and matching this against the Windows bulletins. This completely missed the mark when it came to third party patches and poor configuration and waster hours upon hours for half a story. Not to mention we have a much better understanding of how and when we are being attacked.
What needs improvement?
The reporting could do with some improvements for example the vulnerability report only tells you what vulnerabilities are open and lists them but there is no indication of how old they are at a glance and what vulnerabilities have been closed since the previous scans. I would also like to see the ability to scan my devices for compliance against the CIS Benchmarks.
For how long have I used the solution?
I have had this solution in place for just over a year now.
What do I think about the stability of the solution?
I've not experienced any issues with this yet.
What do I think about the scalability of the solution?
I've not experienced any issues with this yet.
How are customer service and technical support?
The tech support guys have been very friendly and helped as soon as there has been any issue. I cannot fault their technical support.
Which solution did I use previously and why did I switch?
I used multiple products to try and get someway towards the level of visibility afforded by AlienVault. ManageEngine SIEM, Qualys, vulnerability management, and Norton for HIDS. Having this all in one interface made more sense which swayed the decision to go with Alienvault.
How was the initial setup?
Very easy for initial set-up. My system was up and running within two hours. When you start to get into it more, then you need a better technical understanding.
What's my experience with pricing, setup cost, and licensing?
This is much cheaper than some of the big names it is very affordable and scalable.
Which other solutions did I evaluate?
We looked at managed services from Dell SecureWorks as well as Qualys & Nessus.
What other advice do I have?
Being the only Security professional in an organisation of well over 1000 people AlienVault lets me keep a watchful eye whilst getting on with my day job. This is a very good product with excellent support. Personally I would have preferred to go on the AlienVault System Engineers course as I believe this would help in fine tuning the system.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
ISO (Information Security Officer) with 10,001+ employees
Enables managing everything from one place, including vulnerability assessments and asset management
Pros and Cons
- "It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts, NIDS, HIDS, etc. - provides a very efficient way of dealing with things."
- "The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management."
What is our primary use case?
Our primary use case is Security Information and Event Management, as well as forensic analysis.
How has it helped my organization?
Undoubtedly having all security core technology under one roof, as provided by the all-in-one USM solution from AlienVault, is a big advantage for day-to-day business security operations. From real experience, it has enabled total transparency in terms of security information and events, from day one.
What is most valuable?
It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts - NIDS, HIDS, etc., provides a very efficient way of dealing with things.
Their OTX intel is also great, as one needs to know who is running around threatening the IT infrastructure with a "crowbar."
What needs improvement?
The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
The solution is rock solid; never any issues.
What do I think about the scalability of the solution?
We have not experienced any scalability issues, but we also know that you can easily add more sensors, which helps to spread the load.
How are customer service and technical support?
Technical support is always helpful and responsive. They do care about their customers.
Which solution did I use previously and why did I switch?
Our previous solution consisted of building a SIEM based on individual components/modules from the open-source space.
How was the initial setup?
The initial setup is absolutely straightforward. It is up and running in no time. This is definitely one of the unique selling propositions of the solution.
What's my experience with pricing, setup cost, and licensing?
So far, it has been a good solution for a tight budget.
What other advice do I have?
AlienVault is a great fit, especially for smaller organizations, as it will enable you to produce quick results with no need to worry about too many details.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
System Administrator at a tech services company with 10,001+ employees
We have been able to ensure the health of our servers
Pros and Cons
- "As we have to service several servers, we can manage them in a economical way, which is beneficial to our team and business."
- "Any unusual behaviour, we can monitor. We have alerts set up to be sent when we receive signs of any unusual behaviour."
- "For creating new rules, you have to be familiar with regular expressions. I feel there could be something built-in to make sure that process is easier."
What is our primary use case?
We use the appliance in a few of ways: monitoring network behaviour, asset discovery, and running vulnerability scans. We can monitor the availability of servers and any particular software. As we have to service several servers, we can manage them in a economical way, which is beneficial to our team and business.
How has it helped my organization?
We have been able to ensure the health of our servers. We can also use vulnerability scans to ensure our system is as good as it could be.
Any unusual behaviour, we can monitor. We have alerts set up to be sent when we receive signs of any unusual behaviour. The ranking can be modified to allow us to apply a standard rule and also be customized, which suits our business needs.
What is most valuable?
I have used the asset discovery and the vulnerability scans the most. As a system administrator, it is important that we are prepared for any eventualities. I also like how you can use the hardware “out-of-the-box”, or using logs you can actually customise the performance to fit your environment and needs.
What needs improvement?
For creating new rules, you have to be familiar with regular expressions. I feel there could be something built-in to make sure that process is easier.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
No stability issues.
What do I think about the scalability of the solution?
No scalability issues.
Which solution did I use previously and why did I switch?
We did not have any sustainable solution, previously.
What's my experience with pricing, setup cost, and licensing?
Use the AlienVault team. They are helpful and the documentation that they provide is second to none.
Which other solutions did I evaluate?
We checked out several competitors. For what it can do and the cost, it was the best SIEM tool!
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Administrator at a financial services firm with 501-1,000 employees
It has allowed us to gain a better understanding of how data flows within our network
Pros and Cons
- "It allows you to define what alerts you want to see, or not to see, as well as if you want them grouped, or ungrouped."
- "The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing."
How has it helped my organization?
It has allowed us to gain a better understanding of how data flows within our network, and has helped us think about what type of things we want to be alerted on, or not alerted on.
What is most valuable?
AlienVault provides you with a unified view for all aspects of what is going on in your environment. It allows you to define what alerts you want to see, or not to see, as well as if you want them grouped, or ungrouped.
What needs improvement?
The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing. The views are also very static and do not give you a lot of options on how the data is presented.
What do I think about the stability of the solution?
No, the product is stable.
What do I think about the scalability of the solution?
No, our network has stayed for the most part the same. In the future, it should be scalable with additional sensors.
How are customer service and technical support?
Customer Service:
This is an area that could be improved.
Technical Support:
This is an area that could be improved. However, once you get a knowledgeable tech support person, they are good to work with.
Which solution did I use previously and why did I switch?
No, this is our first SIEM device.
How was the initial setup?
Both. It was simple to just get up and running. However, when you start tweaking it for your organization it gets more complex.
What about the implementation team?
A little bit of both. The vendor team's expertise was amazing. I highly recommend using them.
What was our ROI?
The time that it would take to manually investigate events versus looking at one dashboard.
What's my experience with pricing, setup cost, and licensing?
Definitely get professional services.
Which other solutions did I evaluate?
Darktrace and QRadar.
What other advice do I have?
Once set up, for the most part, it is a "set it and forget it" solution. There is some upkeep with making sure all the things are monitored, but other than that AlienVault provides what you need out-of-the-box.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free USM Anywhere Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Security Information and Event Management (SIEM) Log Management Endpoint Detection and Response (EDR) Compliance ManagementPopular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
Splunk Enterprise Security
IBM Security QRadar
Elastic Security
LogRhythm SIEM
Sumo Logic Security
Rapid7 InsightIDR
Fortinet FortiSIEM
AlienVault OSSIM
Securonix Next-Gen SIEM
Exabeam
ManageEngine Log360
Buyer's Guide
Download our free USM Anywhere Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Has anyone got experience in deployment of a SIEM solution?
- AlienVault saying I can't use it in a DHCP environment. Help!
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?
- RSA-EMC vs. other SIEM products?
thank you for your feedback!