AlienVault's "Overview" dashboard makes it very easy to see everything going on in your network that needs your immediate attention. You can easily customize the dashboard to you or your company's needs.
IT Security Analyst at a financial services firm with 201-500 employees
You can customize the "Overview" dashboard to you or your company's needs.
What is most valuable?
How has it helped my organization?
I now have the ability to report all vulnerabilities and threats hitting our network to upper management in an easy-to-understand format.
What needs improvement?
Offer solutions based on a PoC (Proof of Concept) to fit each company's specific needs, rather than letting the company guess or piece together the solution they need.
For how long have I used the solution?
I have used it for six months.
Buyer's Guide
USM Anywhere
October 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
What was my experience with deployment of the solution?
We have not encountered any deployment issues; the setup was very easy and support was by my side to assist me with any issues that arose.
What do I think about the stability of the solution?
We have encountered stability issues; we have a high volume of logs passing through our SIEM and the default configuration couldn't handle all the data. Working with support, we were able to remediate all the crashes we were having.
What do I think about the scalability of the solution?
We have encountered scalability issues. We had to keep changing our configuration or updating our storage capabilities as we added more logs.
How are customer service and support?
Customer Service:
Customer service is 8/10.
Technical Support:Technical support is 9/10. Engineers are very knowledgeable about their product!
Which solution did I use previously and why did I switch?
We did not previously use a different solution.
How was the initial setup?
The setup was very straightforward. AlienVault provides simple, step-by-step instructions for each of their products!
What about the implementation team?
As a single Analyst, I was able to implement this product very easily.
What was our ROI?
At this time, it is too early to tell ROI.
What's my experience with pricing, setup cost, and licensing?
Know your capabilities and storage needs before negotiating a price! Make sure you ask about log storage options before purchase.
Which other solutions did I evaluate?
Before choosing, we evaluated other options. We were looking at Splunk and Rapid7.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Systems Network Technician at a local government with 501-1,000 employees
Allows for log management, vulnerability scanning, and file integrity monitoring.
What is most valuable?
It's a single solution that is meeting the needs of multiple of my PCI compliance objectives.
How has it helped my organization?
I was able to replace our log management solution with this product. A single server that allows for log management, vulnerability scanning, and file integrity monitoring.
What needs improvement?
The alarms section of the USM is very robust, yet I still find myself having to look back through the events to find more details. It would be nice if I could navigate straight to the event from the alarm.
For how long have I used the solution?
I've been using it for six months.
What do I think about the stability of the solution?
I had a renegade plugin that was installed by the company who helped me with the initial setup. The plugin was missing a command to rotate logs and would fill my hard drives capacity to full quickly. Fortunately AlienVault support identified the problem and reported the issue to the designers. I opted to not run that plugin anymore, and probably still will not trust it even after the rotate function is fixed.
What do I think about the scalability of the solution?
I have the ability to scale out further from where I am if necessary, so I have not had any scalability problems.
How are customer service and technical support?
10/10
Which solution did I use previously and why did I switch?
We did not previously have many of the systems that AlienVault offers. We switched to get a robust single solution.
How was the initial setup?
The initial setup is both straightforward and complex. You can get the system up and running without any outside help but you will be missing out on many of the finer detailed features if you go that route. I appreciated getting professional setup help as I do not have enough time to dedicate to just learning USM. I also attended the five day training which was very valuable.
What's my experience with pricing, setup cost, and licensing?
Speak with a rep to get the correct design. AlienVault will scale depending on the size of your environment but the licensing gets tricky when you get away from the single unified console.
Which other solutions did I evaluate?
I was not able to find any other tool that was able to meet as many needs as I the AlienVault USM. I spent the entire trial testing AlienVault to make sure it would suit my needs.
What other advice do I have?
Use AlienVault's free trial of the USM. They will help you get the system installed which is very helpful to make sure you get test best test possible.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
USM Anywhere
October 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
Chief Information Security Officer at a tech services company with 51-200 employees
It's based on an open source product and therefore fully customizable.
What is most valuable?
Flexibility. As the source of AlienVault is based on an Open Source product, it is possible to implement nearly everything including fully customized plugins, scripts, etc. We haven't yet found any limitations.
How has it helped my organization?
We are now able to track any kind of threat including external (malware) or internal (people trying to bypass restrictions, USB keys etc.).
We are able to track changes in the authentication integrity (new user created, domain admin elevation, etc.) and get mail or tickets in cases of suspicious behavior.
It helps us with our ISO27001 compliance.
What needs improvement?
The search capabilities are not optimal and are going to be optimized in the next versions. For example, it is possible to search both username and IPs but not usernames and specific fields (aka user data) at the same time.
Documentation needs to be improved, especially due to the fact that AlienVault gets improved often with new features.
Vulnerability scanning does not support Nessus (after version 5) which is a leader in the market. The default vulnerability scanner is OpenVAS, it does the job but the report are not the same quality as Nessus.
For how long have I used the solution?
3+ years
What do I think about the stability of the solution?
No stability issues were encountered.
What do I think about the scalability of the solution?
No scalability issues as the product is highly scalable. You have to take care of what you want to integrate and think of use-cases instead of global log collection. In our opinion this is the key of success as you will scale your infrastructure with what you really need.
How are customer service and technical support?
Customer Service:
Customer service can be a great help depending on the kind of project. They are very reactive for commercial offers.
Technical Support:Technical support is good and reactive but you should also pass the training to have better knowledge of the solution.
Which solution did I use previously and why did I switch?
We chose this product because of:
- Pricing model
- Flexibility of the solution
- Multi-tier architecture/scalability
How was the initial setup?
Yes, when you don’t have experience with the product you have to learn and understand all the “concepts”. In this case AlienVault generally provide “free” technical service with third party companies to be able to operate something quickly.
What about the implementation team?
We started with the free technical support provided for the test time. Then we quickly take the product in our hands, got certified on it and became independent.
What was our ROI?
The ROI is very good if you evaluate all the services which AlienVault can help you with: detection of Malware, bad activities, suspicious behavior, etc. All these threats can create high financial lose and a big part of them could be prevented using the SIEM.
What other advice do I have?
If you don’t want to overpay, and want to have something working, you have to make an assessment based on:
- what are your assets?
- what is the criticality of each one?
- what use cases do you want to implement?
From there create a plan on how to implement them to limit the number of collection to the minimum to avoid flooding of data/high costs due to over-sized infrastructure.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Officer at a healthcare company with 1,001-5,000 employees
Valuable features include integrated vulnerability assessment, intrusion/anomaly detection and monitoring, with a simple management interface.
What is most valuable?
Integrated vulnerability assessment, intrusion/anomaly detection and monitoring, with a simple management interface.
How has it helped my organization?
AlienVault provided improved visibility into the environment as well as the ability to report on the organization’s security posture.
What needs improvement?
Asset scanning and inventory (stale assets, scheduling scans) and correlation (false positives).
For how long have I used the solution?
2 years
What do I think about the stability of the solution?
No.
What do I think about the scalability of the solution?
Yes. Upgrading the network cards (from 1GB to 10GB) was not “supported” on the appliance, so we had to purchase a second one as a sensor. The secondary appliance with the 10GBs NICs is the same as the primary appliance, so this was disappointing.
How are customer service and technical support?
High (seldom used).
Which solution did I use previously and why did I switch?
No.
How was the initial setup?
Simple and straightforward. The bulk of the work is understanding your own environment and tuning events (syslog, scans, alarm).
What's my experience with pricing, setup cost, and licensing?
Pricing was a very important consideration and lower than the other SIEM solutions evaluated. The price point makes it accessible for SMB organizations that may be constrained of resources (budget and people/skills) so deployment can be gradual while still deriving value out of the solution.
Which other solutions did I evaluate?
SolarWinds, Splunk, LogRhythm.
What other advice do I have?
As with any SIEM, it is not a “turn-key” or “set it and forget it” solution. It requires resources and skills to deploy, although this can be done in stages. Appropriate resources for maintenance is also key so the information is accurate, relevant and timely. Otherwise it becomes a repository of stale ignored events and alarms.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
IT Field Support Manager at a consumer goods company with 1,001-5,000 employees
We already used a lot of the open source products in this suite. This brought them all under one roof and allowed one person do all the work.
What is most valuable?
The SIEM and intrusion detection.
How has it helped my organization?
We already used a lot of the open source products in this suite but they were too cumbersome for our IT team to handle. This brought them all under one roof and allowed one person to do what 10 could not in a few hours a day.
What needs improvement?
They need to be faster in developing custom plugins.
For how long have I used the solution?
We've been using it for six months.
What do I think about the stability of the solution?
We've had no issues so far and the product works great.
What do I think about the scalability of the solution?
We have not scaled it yet but it handles our entire environment without a problem.
How are customer service and technical support?
4/10 - they need to provide faster responses to emails.
Which solution did I use previously and why did I switch?
We previously used Splunk for SIEM.
How was the initial setup?
It is a complex product, but a lot less complex than the products it's built on like Snort and Splunk.
What's my experience with pricing, setup cost, and licensing?
Get the Virtual Appliance and build the unit yourself. The software is the valuable piece as AlienVault is not a hardware builder and the machine they sell is fine but you could build better yourself for much less.
Which other solutions did I evaluate?
We also looked at Solarwinds SIEM and network monitoring.
What other advice do I have?
Go slow and get everything into your SIEM so you can do some really neat correlations and alerts.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Chief Operating Officer / SR. Project Manager at SCS
Helpful threat intelligence capability, but the reporting is mediocre
Pros and Cons
- "The most valuable feature is threat intelligence."
- "The reporting is mediocre and is something that needs to be improved."
What is our primary use case?
We are a managed security service provider and we offer AlienVault USM to our clients. We use it to monitoring their environments and to maintain their logs.
What is most valuable?
The most valuable feature is threat intelligence. Their community is a very helpful tool and I think it's one of the values of AlienVault.
What needs improvement?
They set aside a lot of the functionality from the on-premises version that we found very helpful in managing tickets. As it is now, the cloud-based deployment is lacking these useful features.
The reporting is mediocre and is something that needs to be improved.
For how long have I used the solution?
I have been using the cloud-based deployment of this solution for about two years.
What do I think about the stability of the solution?
The stability is fine.
What do I think about the scalability of the solution?
Scalability in a cloud solution is tied to costs. With any cloud solution, the more data you have and the larger your company, the higher the price point. I wouldn't say that scaling is easy, but it is standard.
How are customer service and technical support?
Technical support is slow to respond when we put in a ticket. We're a number.
Which solution did I use previously and why did I switch?
We use both the on-premises version and USM Anywhere. The latter is a SaaS solution.
How was the initial setup?
The initial setup is okay. At an additional cost, they offer services to assist with deployment.
What's my experience with pricing, setup cost, and licensing?
Our take on it is that we are paying more for this product because of the AT&T name. We don't necessarily find that we are getting more functionality or quality, given the price point.
The licensing fees are dependent on usage.
Which other solutions did I evaluate?
We are currently evaluating different SIEM solutions. I have found that all of them have issues, whether it is related to functionality or price point. Even the ones that have a high price don't provide everything that you need.
What other advice do I have?
My advice for anybody who is considering this product is to evaluate all of the options that are out there. There is no one, great answer, so you have to figure out what best fits your needs.
I would rate this solution a seven out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cybersecurity Analyst at a tech company with 51-200 employees
Review about AlienVault
What is our primary use case?
SIEM, Log ingestion and evaluation. We use this not only for internal but also for clients that we manage. It has proven its worth and more. We are currently very pleased with this product and has performed as advertised. We obviously use this for being able to ascertain visibility on each network in which it is deployed not only from the NIDS/HIDS side but also evaluation of each interaction every device has.
How has it helped my organization?
We have benefited greatly due to gaining the visibility we need for different instances. It has improved our security posture and has helps us respond to alarms/events as they have come down through the pipeline to our ticketing system we use. All in all, it has improved our SOC.
What is most valuable?
AlienApps that we use to integrate with our current setup is awesome! Not only that, they have roadmapped being able to open up their API so we can integrate and flex the USM Anywhere as much as we want and when we want to. The staff has been incredibly helpful on getting us further down the line with our constructive feedback and have worked on implementing changes to their system to help improve their product.
What needs improvement?
A tailored OTX map for each customer's central would be awesome to have for displays. A lot of companies like to have visuals for their central instance in order to be able to see when an IOC comes through and it would help have something in front of analysts/engineers to respond to promptly if they were away from central working downstream.
For how long have I used the solution?
Less than one year.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Thank you for taking time to provide your feedback & comments. If you'd like to speak with someone here at AlienVault from the product team, please do not hesitate to reach out to me directly. My email: tandrews@alienvault.com
IT Systems Administrator at a financial services firm with 201-500 employees
It has streamlined log aggregation and analysis to meet organizational and regulatory needs
Pros and Cons
- "It has streamlined log aggregation and analysis to meet organizational and regulatory needs."
- "Reporting is convoluted and difficult at times, although they claim to have hundreds of pre-built reports, very few of them are actually useful for anything but what the USM is doing."
- "Windows log collection works with HIDS, but documentation is sparse and confusing."
What is our primary use case?
The primary use case for AlienVault is Log Management and SIEM functionality with the added benefit of IDS.
How has it helped my organization?
It has streamlined log aggregation and analysis to meet organizational and regulatory needs.
What is most valuable?
The most useful feature is the customization for alarms, alerts, and reports. AlienVault is situated to be adapted and changed to meet many different needs and use cases, but still being effective at most of them.
What needs improvement?
Reporting and Windows log collection is the biggest drawback. Reporting is convoluted and difficult at times, although they claim to have hundreds of pre-built reports, very few of them are actually useful for anything but what the USM is doing. Windows log collection works with HIDS, but documentation is sparse and confusing. You have to trace back to how Windows Event ID ultimately correlates with AlienVault events through HID's IDs.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
Some minor issues here and there with updating/services not working, but AlienVault support is quick and easy to work with and will handle it.
What do I think about the scalability of the solution?
No issues. Make sure you do size appropriately though for the level of logs you want to collect and retain.
How was the initial setup?
Complex in some ways, but AlienVault is pretty easy and will help along the way. Also, taking the training class is very valuable.
What's my experience with pricing, setup cost, and licensing?
Do the one month trial and try to work out the kinks during it, as it has free support and service hours. The staff is great at knowing what to do and what they can do to help.
Which other solutions did I evaluate?
Yes. Our SIEM tool list, from which we were evaluating, included Splunk and LogRhythm.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free USM Anywhere Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Security Information and Event Management (SIEM) Log Management Endpoint Detection and Response (EDR) Compliance ManagementPopular Comparisons
CrowdStrike Falcon
Splunk Enterprise Security
Microsoft Sentinel
IBM Security QRadar
Elastic Security
LogRhythm SIEM
Sumo Logic Security
Rapid7 InsightIDR
Fortinet FortiSIEM
AlienVault OSSIM
Securonix Next-Gen SIEM
Exabeam
ManageEngine Log360
Buyer's Guide
Download our free USM Anywhere Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Has anyone got experience in deployment of a SIEM solution?
- AlienVault saying I can't use it in a DHCP environment. Help!
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?
- RSA-EMC vs. other SIEM products?
Lucas - I appreciate you taking time to provide your experience of using AlienVault USM.