USM Anywhere Reviews

The tool is a great way to meet logging requirements for PCI and HIPAA standards. It is very flexible and customizable.

I came into the company with USM Appliance already in place. However, from my previous experience with logging and security appliances, there have been many tasks that used to be a manual process like asset discovery, that are now automated and easy to implement through the UI.

Stability on certain components could be better, but for a system that is on 24/7/365 without reboots, it's fairly trouble free.

We have used this for one year.

There were no issues with deployment.

Stability issues were only due to issues with updates, and in extremely unusual use cases.

There were no issues with scalability.

They have amazing customer service. AlienVault Support takes care of all of my issues that come up.

I would give technical support a rating of 10 out of 10.

The setup was fairly straightforward. A more advanced setup is available for different use cases.

We did the implementation in-house.

Having our logs in a single system is in itself is a huge ROI.

When compared with other options, AlienVault is significantly less expensive for the amount of features that are packed into it.

I was not part of the product decision.

AlienVault support is what really makes this product a great investment. They are constantly improving their product and happy to help with anything that comes up.

The vulnerability scans and network scans and alarms.

We were able to use the product to identify two security issues already. We had one situation where the appliance identified that a workstation on our network was infected with a DNS Blackhole virus. We were able to remove the computer from the network and replace it. We've also been able to use the scanning to identify security issues and take care of them before they become a problem.

I would like to see it be able to run on any hardware via just an installer.

We've had it in place for a year now.

Not really, but we had their engineers and a consultant helping.

We have not.

No.

Very high. Any issues I've had they've been quick to answer and help.

Their support is wonderful. I've had a couple of questions and had them answered very quickly.

No.

Very straightforward.

We implemented through a vendor. When we bought the product they included hours from a vendor for the implementation.

Unknown.

Nothing to advise.

No. We just had to decide if we wanted this or had time to work with it.

• Real-time email alerts
• Event correlations
• Log management
• System monitoring
• Network monitoring
• Up-time monitoring
• OTX threat intelligence
• Vulnerability scanning reporting

There are too many to list.

It has given us insight into our network:

• What is on it
• What traffic is on it
• What is happening on our servers

It is one location to view many things.

The menu system can be a little confusing, until you use it for a while. Such as at the top right there is a “settings” menu. Which is more of a user profile menu. I would like that to say what it is “My Profile.” Under the “Settings” menu I had rather see true system settings. Such as User Accounts, Configuration Backups/Restore, SMTP server Setting, AD (LDAP) settings, Password Policies, and other true System Settings. There is also a large button at the right called “Configuration.” I would change that to something like “Deployment Settings”. Under this menu I would have settings specifically related to “this deployment of AlienVault”. Such as Plugins, Sensors, Remote Locations, and Services Running on this deployment (with the ability to Enable/Disable these and Start/Stop these). Also here I would have a sub-menu called “System Performance” with metrics (CPU usage, Swap, Ram, database health (with cleanup and compress options), Network Traffic In/Out performance for each NIC, and etc. Currently Threat Intelligence items are also under Configuration. I would make a separate “Threat Intelligence” menu and expand upon it to cover more items. Just my thoughts.

I guess it comes down to my being old school and would like traditional menus. Such as text-style drop-down menus from the top and not the huge big button menus. Like File, Analysis, Environment, Reports, Settings, Deployment Settings, Preferences, help, and etc. The text-type tend to be much more explanatory as to what is in them below. I know a lot of software has gone to the big button/ribbon style menus (MS Office). I assume that is to make things mobile friendly. To me it makes navigation less easy and more confusing and the big buttons take up too much screen real estate that I have rather see for other things such as alarms and real-time system activities.

We have been using this solution for just over one year.

There have been no major deployment issues.

There have been no major stability issues.

There have been no scalability issues. We recently moved from 150 asset licenses to unlimited and the process was very easy.

Customer support is excellent. Support has been good for simple config issues and for alert questions. They have a great forum base as well as live support.

I would rate technical support as very good.

We used hardware based as well as open source solutions before. We still use some of them, but AlienVault allowed us to consolidate a lot of services into one.

The installation was straightforward. We use the VMware base All-In-One USM. It was quite straightforward. It required a little customization, but it was not too difficult to sort through.

It was a joint collaboration.

We saw a positive ROI within six months, especially in terms of manpower.

Just give them a call. They can work with you in many ways to help you get what you need.

We looked at several options. And we were already using several of them, both paid and open source. AlienVault allowed us to combine several solutions into one.

If you are interested, sign up for some of their webinars, download the free trial or open source versions, and play with it.

AlienVault is used in a classroom setting at Pittsburgh Technical College, which brings industry tools from the college classroom back into the field. We have several employers in the area that use AV so student acclimation to the product is key. AV is set up as a dashboard in the security lab where students can view and analyze the monitoring techniques of the product. If an event happens, they can process an analytical step to provide remediation.

Students becoming acclimated to the product can go out into the field and have first-hand knowledge on how to use a USM or SIEM product. This is a win-win solution for the vendor and future employers.

The school has used the product for over a year.

We were attempting to push HIDS on the domain controllers, and ran into an initial problem. This problem was immediately solved by the AV service technician that was able to remote in and fix the problem.

One of the problems we had with stability was a problem of our own. We were running AV on a VLAN that students were able to run DHCP servers, which caused our own problems.

We have had several tickets open with AV and they are prompt in their service time.

Technical support is prompt in acknowledging your needs and reply with a message that a service technician will be with you shortly. They make every attempt possible to work with your schedule.

A direct competitor to AV is IBM QRadar, which is also used in the classroom environment.

The setup was straightforward. We installed AV to vSphere ESXi as a virtual appliance deployed as an OVA template.

The ROI is unmeasured since we are an academic partner; there is no way of knowing how much positive impact the product will attain from students getting first-hand knowledge of an industry product before they go out into the field upon graduation.

The NIDS/HIDS features have probably been the best features for us in our environment. We've had some open-source options and, while they work, it isn't the same as having commercial support. SIEM is the second-most useful feature.

We've been able to professionally generate alerts for IDS, SIEM and vulnerabilities where we didn't have those capabilities before.

Reporting still needs a lot of work, especially on the vulnerability side. Vulnerability management UI could be improved as well.

Vulnerability reports are clunky and difficult to manage. The layout is not really professional or intuitive and takes some time to understand how to navigate it. In general, while there are some customization options with reporting features as far a look and feel, reports still have an “open source” feeling. In general, the look is not as clean and professional as what one is used to seeing in other, similar products.

I have used it for 16 months.

We have not encountered any deployment issues.

We encountered one stability issue. With the amount of log data we were sending, our sensor drives were filling up within a day or two. We had to create some cron jobs to ensure logs were rotated more frequently.

We have not encountered any scalability issues. You just add another sensor; pretty easy.

Customer service is excellent! Always very responsive.

Technical support is excellent! Always very responsive.

We used Nexpose for vulnerability management and moving away from that was the primary reason we went with AlienVault.

Initial setup was very easy for the most part. We were paired with a third-party vendor for onboarding. We didn't work well with this group, but AlienVault happily transferred our service hours to another group and that relationship worked much better for us.

An in-house team implemented it.

Before choosing this product, we did not evaluate other options., we looked at Nessus SecurityCenter with Log Management.

We've been very happy with the purchase. While the list of supported vendors in the SIEM continues to grow, I do wish that creating plugins was a little easier.

Integrated vulnerability assessment, intrusion/anomaly detection and monitoring, with a simple management interface.

AlienVault provided improved visibility into the environment as well as the ability to report on the organization’s security posture.

Asset scanning and inventory (stale assets, scheduling scans) and correlation (false positives).

2 years

No.

Yes. Upgrading the network cards (from 1GB to 10GB) was not “supported” on the appliance, so we had to purchase a second one as a sensor. The secondary appliance with the 10GBs NICs is the same as the primary appliance, so this was disappointing.

High (seldom used).

No.

Simple and straightforward. The bulk of the work is understanding your own environment and tuning events (syslog, scans, alarm).

Pricing was a very important consideration and lower than the other SIEM solutions evaluated. The price point makes it accessible for SMB organizations that may be constrained of resources (budget and people/skills) so deployment can be gradual while still deriving value out of the solution.

SolarWinds, Splunk, LogRhythm.

As with any SIEM, it is not a “turn-key” or “set it and forget it” solution. It requires resources and skills to deploy, although this can be done in stages. Appropriate resources for maintenance is also key so the information is accurate, relevant and timely. Otherwise it becomes a repository of stale ignored events and alarms.

The SIEM and intrusion detection.

We already used a lot of the open source products in this suite but they were too cumbersome for our IT team to handle. This brought them all under one roof and allowed one person to do what 10 could not in a few hours a day.

They need to be faster in developing custom plugins.

We've been using it for six months.

We've had no issues so far and the product works great.

We have not scaled it yet but it handles our entire environment without a problem.

4/10 - they need to provide faster responses to emails.

We previously used Splunk for SIEM.

It is a complex product, but a lot less complex than the products it's built on like Snort and Splunk.

Get the Virtual Appliance and build the unit yourself. The software is the valuable piece as AlienVault is not a hardware builder and the machine they sell is fine but you could build better yourself for much less.

We also looked at Solarwinds SIEM and network monitoring.

Go slow and get everything into your SIEM so you can do some really neat correlations and alerts.

It has allowed us to gain a better understanding of how data flows within our network, and has helped us think about what type of things we want to be alerted on, or not alerted on.

AlienVault provides you with a unified view for all aspects of what is going on in your environment. It allows you to define what alerts you want to see, or not to see, as well as if you want them grouped, or ungrouped.

The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing. The views are also very static and do not give you a lot of options on how the data is presented.

No, the product is stable.

No, our network has stayed for the most part the same. In the future, it should be scalable with additional sensors.

Customer Service:

This is an area that could be improved.

Technical Support:

This is an area that could be improved. However, once you get a knowledgeable tech support person, they are good to work with.

No, this is our first SIEM device.

Both. It was simple to just get up and running. However, when you start tweaking it for your organization it gets more complex.

A little bit of both. The vendor team's expertise was amazing. I highly recommend using them.

The time that it would take to manually investigate events versus looking at one dashboard.

Definitely get professional services.

Darktrace and QRadar.

Once set up, for the most part, it is a "set it and forget it" solution. There is some upkeep with making sure all the things are monitored, but other than that AlienVault provides what you need out-of-the-box.