Try our new research platform with insights from 80,000+ expert users
reviewer980886 - PeerSpot reviewer
I.T. Manager at a non-profit with 51-200 employees
Real User
We can collect logs, and also actively scan our network for vulnerabilities all from one tool

What is our primary use case?

We use AlienVault to collect all mission-critical logs and to pull data directly from G Suite. It provides our small IT operation with an easy-to-use tool to assess our security operations.

How has it helped my organization?

Before AlienVault, we had no central log collection tool of any kind, let alone security monitoring. AlienVault provides us with a very easy to use, central spot to view log files, and take appropriate action. It allows our small team the ability to take cybersecurity seriously.

What is most valuable?

The fact that AlienVault is several tools in one is most valuable to our small team. We can collect logs, and also actively scan our network for vulnerabilities all from one tool.

What needs improvement?

Long-term I'm genuinely concerned about AT&T's ownership of AlienVault. I have never had a good relationship with AT&T in +15 years, and fear they will destroy this good product.

Buyer's Guide
USM Anywhere
October 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.

What do I think about the stability of the solution?

Concerned long-term, due to AT&T.

What do I think about the scalability of the solution?

It is very scalable, just ask them to increase the amount of storage.

How are customer service and support?

Tech support has been a bit slow lately, and the level-1 techs do not have all the power they should have.

Which solution did I use previously and why did I switch?

Before AlienVault we had nothing. We learned about AlienVault through a company we contracted to do a full vulnerability assessment. They used AlienVault, so I felt like if it was good enough for them, then we should be using it.

How was the initial setup?

Very simple, just follow their directions step-by-step and you will be fine.

What about the implementation team?

I did the implementation myself. Their documentation made it easy.

What's my experience with pricing, setup cost, and licensing?

I'd push them for pricing. I sense the best time to negotiate with them is in June as the fiscal year ends.

Which other solutions did I evaluate?

We found other tools to be out of reach for our small department, so we did not seriously look at others.

What other advice do I have?

Be careful with AT&T, make sure you are confident the tool will be what you expect throughout the life of your contract. Make sure AT&T isn't going to change anything on you suddenly.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

thank you for your feedback!

reviewer673236 - PeerSpot reviewer
Systems Engineer at a university with 201-500 employees
Real User
Some of the valuable features are real-time email alerts, event correlations, and log management.

What is most valuable?

  • Real-time email alerts
  • Event correlations
  • Log management
  • System monitoring
  • Network monitoring
  • Up-time monitoring
  • OTX threat intelligence
  • Vulnerability scanning reporting

There are too many to list.

How has it helped my organization?

It has given us insight into our network:

  • What is on it
  • What traffic is on it
  • What is happening on our servers

It is one location to view many things.

What needs improvement?

The menu system can be a little confusing, until you use it for a while. Such as at the top right there is a “settings” menu. Which is more of a user profile menu. I would like that to say what it is “My Profile.” Under the “Settings” menu I had rather see true system settings. Such as User Accounts, Configuration Backups/Restore, SMTP server Setting, AD (LDAP) settings, Password Policies, and other true System Settings. There is also a large button at the right called “Configuration.” I would change that to something like “Deployment Settings”. Under this menu I would have settings specifically related to “this deployment of AlienVault”. Such as Plugins, Sensors, Remote Locations, and Services Running on this deployment (with the ability to Enable/Disable these and Start/Stop these). Also here I would have a sub-menu called “System Performance” with metrics (CPU usage, Swap, Ram, database health (with cleanup and compress options), Network Traffic In/Out performance for each NIC, and etc. Currently Threat Intelligence items are also under Configuration. I would make a separate “Threat Intelligence” menu and expand upon it to cover more items. Just my thoughts.

I guess it comes down to my being old school and would like traditional menus. Such as text-style drop-down menus from the top and not the huge big button menus. Like File, Analysis, Environment, Reports, Settings, Deployment Settings, Preferences, help, and etc. The text-type tend to be much more explanatory as to what is in them below. I know a lot of software has gone to the big button/ribbon style menus (MS Office). I assume that is to make things mobile friendly. To me it makes navigation less easy and more confusing and the big buttons take up too much screen real estate that I have rather see for other things such as alarms and real-time system activities.

For how long have I used the solution?

We have been using this solution for just over one year.

What was my experience with deployment of the solution?

There have been no major deployment issues.

What do I think about the stability of the solution?

There have been no major stability issues.

What do I think about the scalability of the solution?

There have been no scalability issues. We recently moved from 150 asset licenses to unlimited and the process was very easy.

How are customer service and technical support?

Customer Service:

Customer support is excellent. Support has been good for simple config issues and for alert questions. They have a great forum base as well as live support.

Technical Support:

I would rate technical support as very good.

Which solution did I use previously and why did I switch?

We used hardware based as well as open source solutions before. We still use some of them, but AlienVault allowed us to consolidate a lot of services into one.

How was the initial setup?

The installation was straightforward. We use the VMware base All-In-One USM. It was quite straightforward. It required a little customization, but it was not too difficult to sort through.

What about the implementation team?

It was a joint collaboration.

What was our ROI?

We saw a positive ROI within six months, especially in terms of manpower.

What's my experience with pricing, setup cost, and licensing?

Just give them a call. They can work with you in many ways to help you get what you need.

Which other solutions did I evaluate?

We looked at several options. And we were already using several of them, both paid and open source. AlienVault allowed us to combine several solutions into one.

What other advice do I have?

If you are interested, sign up for some of their webinars, download the free trial or open source versions, and play with it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thanks for your time to review USM and for the feedback!

Buyer's Guide
USM Anywhere
October 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
it_user671703 - PeerSpot reviewer
Sr. Networking & EMS Analyst
Vendor
Provides a good platform to start looking at the traffic on your network.

What is most valuable?

Event monitoring and vulnerability scanning have been a huge benefit to us.

How has it helped my organization?

It provides a good platform to start looking at the traffic on your network.

What needs improvement?

Most of the troubleshooting requires going through the Linux command line and bypassing the GUI. We have a wide variety of users with different technical expertise. For some, any amount of command line troubleshooting scares them away from products.

For how long have I used the solution?

We have been using this solution for a year.

What was my experience with deployment of the solution?

Our deployment was rather unique and is pushing the limitations of the architecture that we chose. Given from what I have learned, if you have large deployments of the separate networks, then do not attempt to use remote sensors on those network segments.

What do I think about the stability of the solution?

Many of the patches typically have some bugs that we end up finding. We ended up implementing a deployment in our lab so as to fully test it internally, before patching.

What do I think about the scalability of the solution?

The system is quite scalable however, it is best to understand the limitations of the different architectures offered.

How are customer service and technical support?

Customer Service:

The customer service is excellent, we have quick and knowledgeable help on all our calls.

Technical Support:

The support team is also excellent with very knowledgeable engineers.

Which solution did I use previously and why did I switch?

This was our first solution for this type of security appliance.

How was the initial setup?

The initial setup was straightforward, but adding in more sensors made it a bit more complex.

What about the implementation team?

We had vendor help for the initial setup, however, the additional sensor expansion was in-house.

What was our ROI?

We quickly found some issues after deploying and have used the vulnerability scanner to verify patches are properly applied in the environment.

What's my experience with pricing, setup cost, and licensing?

If you expect to have a significant amount of devices on a sensor, then look at the cost/performance of going to a full server.

Which other solutions did I evaluate?

We evaluated LogRhythm and QRadar.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thanks Chris for your feedback & comments!

See all 2 comments
it_user466506 - PeerSpot reviewer
Group Information Security Officer at a consumer goods company with 1,001-5,000 employees
Vendor
Before AlientVault we had no visibility of our vulnerabilities without looking up WSUS and matching this against the Windows bulletins.

What is most valuable?

The correlation from the Host Based Intrusion to Network Intrusion against the vulnerabilities in my network.

How has it helped my organization?

We had no visibility of our vulnerabilities without looking up WSUS and matching this against the Windows bulletins. This completely missed the mark when it came to third party patches and poor configuration and waster hours upon hours for half a story. Not to mention we have a much better understanding of how and when we are being attacked.

What needs improvement?

The reporting could do with some improvements for example the vulnerability report only tells you what vulnerabilities are open and lists them but there is no indication of how old they are at a glance and what vulnerabilities have been closed since the previous scans. I would also like to see the ability to scan my devices for compliance against the CIS Benchmarks.

For how long have I used the solution?

I have had this solution in place for just over a year now.

What do I think about the stability of the solution?

I've not experienced any issues with this yet.

What do I think about the scalability of the solution?

I've not experienced any issues with this yet.

How are customer service and technical support?

The tech support guys have been very friendly and helped as soon as there has been any issue. I cannot fault their technical support.

Which solution did I use previously and why did I switch?

I used multiple products to try and get someway towards the level of visibility afforded by AlienVault. ManageEngine SIEM, Qualys, vulnerability management, and Norton for HIDS. Having this all in one interface made more sense which swayed the decision to go with Alienvault.

How was the initial setup?

Very easy for initial set-up. My system was up and running within two hours. When you start to get into it more, then you need a better technical understanding.

What's my experience with pricing, setup cost, and licensing?

This is much cheaper than some of the big names it is very affordable and scalable.

Which other solutions did I evaluate?

We looked at managed services from Dell SecureWorks as well as Qualys & Nessus.

What other advice do I have?

Being the only Security professional in an organisation of well over 1000 people AlienVault lets me keep a watchful eye whilst getting on with my day job. This is a very good product with excellent support. Personally I would have preferred to go on the AlienVault System Engineers course as I believe this would help in fine tuning the system.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thanks so much for the feedback on your experience with AlienVault & USM.

ISO (Information Security Officer) with 10,001+ employees
Real User
Enables managing everything from one place, including vulnerability assessments and asset management
Pros and Cons
  • "It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts, NIDS, HIDS, etc. - provides a very efficient way of dealing with things."
  • "The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management."

What is our primary use case?

Our primary use case is Security Information and Event Management, as well as forensic analysis.

How has it helped my organization?

Undoubtedly having all security core technology under one roof, as provided by the all-in-one USM solution from AlienVault, is a big advantage for day-to-day business security operations. From real experience, it has enabled total transparency in terms of security information and events, from day one.

What is most valuable?

It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts - NIDS, HIDS, etc., provides a very efficient way of dealing with things.

Their OTX intel is also great, as one needs to know who is running around threatening the IT infrastructure with a "crowbar."

What needs improvement?

The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The solution is rock solid; never any issues.

What do I think about the scalability of the solution?

We have not experienced any scalability issues, but we also know that you can easily add more sensors, which helps to spread the load.

How are customer service and technical support?

Technical support is always helpful and responsive. They do care about their customers.

Which solution did I use previously and why did I switch?

Our previous solution consisted of building a SIEM based on individual components/modules from the open-source space.

How was the initial setup?

The initial setup is absolutely straightforward. It is up and running in no time. This is definitely one of the unique selling propositions of the solution.

What's my experience with pricing, setup cost, and licensing?

So far, it has been a good solution for a tight budget.

What other advice do I have?

AlienVault is a great fit, especially for smaller organizations, as it will enable you to produce quick results with no need to worry about too many details.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thanks so much for your time and feedback Christian!

PeerSpot user
System Administrator at a tech services company with 10,001+ employees
MSP
We have been able to ensure the health of our servers
Pros and Cons
  • "As we have to service several servers, we can manage them in a economical way, which is beneficial to our team and business."
  • "Any unusual behaviour, we can monitor. We have alerts set up to be sent when we receive signs of any unusual behaviour."
  • "For creating new rules, you have to be familiar with regular expressions. I feel there could be something built-in to make sure that process is easier."

What is our primary use case?

We use the appliance in a few of ways: monitoring network behaviour, asset discovery, and running vulnerability scans. We can monitor the availability of servers and any particular software. As we have to service several servers, we can manage them in a economical way, which is beneficial to our team and business.

How has it helped my organization?

We have been able to ensure the health of our servers. We can also use vulnerability scans to ensure our system is as good as it could be.

Any unusual behaviour, we can monitor. We have alerts set up to be sent when we receive signs of any unusual behaviour. The ranking can be modified to allow us to apply a standard rule and also be customized, which suits our business needs.

What is most valuable?

I have used the asset discovery and the vulnerability scans the most. As a system administrator, it is important that we are prepared for any eventualities. I also like how you can use the hardware “out-of-the-box”, or using logs you can actually customise the performance to fit your environment and needs.

What needs improvement?

For creating new rules, you have to be familiar with regular expressions. I feel there could be something built-in to make sure that process is easier.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No stability issues.

What do I think about the scalability of the solution?

No scalability issues.

Which solution did I use previously and why did I switch?

We did not have any sustainable solution, previously.

What's my experience with pricing, setup cost, and licensing?

Use the AlienVault team. They are helpful and the documentation that they provide is second to none.

Which other solutions did I evaluate?

We checked out several competitors. For what it can do and the cost, it was the best SIEM tool!

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you Adrian for your time to review AlienVault USM and for your candid feedback!

PeerSpot user
Security Administrator at a financial services firm with 501-1,000 employees
Vendor
It has allowed us to gain a better understanding of how data flows within our network
Pros and Cons
  • "It allows you to define what alerts you want to see, or not to see, as well as if you want them grouped, or ungrouped."
  • "The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing."

How has it helped my organization?

It has allowed us to gain a better understanding of how data flows within our network, and has helped us think about what type of things we want to be alerted on, or not alerted on.

What is most valuable?

AlienVault provides you with a unified view for all aspects of what is going on in your environment. It allows you to define what alerts you want to see, or not to see, as well as if you want them grouped, or ungrouped.

What needs improvement?

The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing. The views are also very static and do not give you a lot of options on how the data is presented.

What do I think about the stability of the solution?

No, the product is stable.

What do I think about the scalability of the solution?

No, our network has stayed for the most part the same. In the future, it should be scalable with additional sensors.

How are customer service and technical support?

Customer Service:

This is an area that could be improved.

Technical Support:

This is an area that could be improved. However, once you get a knowledgeable tech support person, they are good to work with.

Which solution did I use previously and why did I switch?

No, this is our first SIEM device.

How was the initial setup?

Both. It was simple to just get up and running. However, when you start tweaking it for your organization it gets more complex.

What about the implementation team?

A little bit of both. The vendor team's expertise was amazing. I highly recommend using them.

What was our ROI?

The time that it would take to manually investigate events versus looking at one dashboard.

What's my experience with pricing, setup cost, and licensing?

Definitely get professional services.

Which other solutions did I evaluate?

Darktrace and QRadar.

What other advice do I have?

Once set up, for the most part, it is a "set it and forget it" solution. There is some upkeep with making sure all the things are monitored, but other than that AlienVault provides what you need out-of-the-box.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you David for your time to review AlienVault USM and for your candid feedback!

PeerSpot user
Director Of Information Technology at a tech services company with 51-200 employees
Real User
Allows us to roll out log management on clients and servers, host-based IDS, and network-based IDS.
Pros and Cons
  • "The best feature of this product is the ease of use. It is extremely easy to set up and get going. This is a very useful tool for a small organization."
  • "I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job."

How has it helped my organization?

This has helped improve our overall IT security by allowing us to implement a full suite of security tools that allows us to roll out log management on clients and servers, host-based IDS, and network-based IDS. It also provides vulnerability scanning; however, we use a separate product for that.

What is most valuable?

The best feature of this product is the ease of use. It is extremely easy to set up and get going. This is a very useful tool for a small organization.

What needs improvement?

I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job.

What do I think about the stability of the solution?

We have not encountered any stability issues.

What do I think about the scalability of the solution?

We have not encountered any scalability issues; the product scales very easy.

How are customer service and technical support?

Customer Service:

I would rate customer service an 8/10. I've received calls from customer service a few times a month and it gets a little overbearing, especially when you are busy, as IT professionals are.

Technical Support:

I would rate technical support a 9/10.

Which solution did I use previously and why did I switch?

This was our first solution for HIDS, NIDS, and log management.

How was the initial setup?

The initial setup was straightforward. I simply followed the steps in the setup wizard and the steps provided by technical support, and I had a trial version (later converted to paid version with additional steps) set up in about an hour or less.

What about the implementation team?

This was set up in-house.

What was our ROI?

It is really hard to put a number on ROI but I will say that AlienVault has allowed us to close the gap on security alert timing and we can respond to incidents in a much more timely fashion which, to me, is much more valuable than a number.

What's my experience with pricing, setup cost, and licensing?

AlienVault is flexible on their pricing for unlimited licenses.

Which other solutions did I evaluate?

We evaluated Splunk as well. AlienVault was a much cheaper solution and required less time to be rolled out. Splunk is a much more difficult product to work with and almost requires a dedicated employee to manage.

What other advice do I have?

I highly recommend AlienVault USM for anybody that is seeking a SIEM solution that is easy to implement and easy to manage. It works very well for small- and medium-size businesses.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Brett - thank you so much for taking time to provide your comments & feedback.

See all 2 comments
Buyer's Guide
Download our free USM Anywhere Report and get advice and tips from experienced pros sharing their opinions.
Updated: October 2024
Buyer's Guide
Download our free USM Anywhere Report and get advice and tips from experienced pros sharing their opinions.