Try our new research platform with insights from 80,000+ expert users
PeerSpot user
IT Systems Administrator at a financial services firm with 201-500 employees
Real User
It has streamlined log aggregation and analysis to meet organizational and regulatory needs
Pros and Cons
  • "It has streamlined log aggregation and analysis to meet organizational and regulatory needs."
  • "Reporting is convoluted and difficult at times, although they claim to have hundreds of pre-built reports, very few of them are actually useful for anything but what the USM is doing."
  • "Windows log collection works with HIDS, but documentation is sparse and confusing."

What is our primary use case?

The primary use case for AlienVault is Log Management and SIEM functionality with the added benefit of IDS.

How has it helped my organization?

It has streamlined log aggregation and analysis to meet organizational and regulatory needs.

What is most valuable?

The most useful feature is the customization for alarms, alerts, and reports. AlienVault is situated to be adapted and changed to meet many different needs and use cases, but still being effective at most of them. 

What needs improvement?

Reporting and Windows log collection is the biggest drawback. Reporting is convoluted and difficult at times, although they claim to have hundreds of pre-built reports, very few of them are actually useful for anything but what the USM is doing. Windows log collection works with HIDS, but documentation is sparse and confusing. You have to trace back to how Windows Event ID ultimately correlates with AlienVault events through HID's IDs. 

Buyer's Guide
USM Anywhere
November 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

Some minor issues here and there with updating/services not working, but AlienVault support is quick and easy to work with and will handle it. 

What do I think about the scalability of the solution?

No issues. Make sure you do size appropriately though for the level of logs you want to collect and retain. 

How was the initial setup?

Complex in some ways, but AlienVault is pretty easy and will help along the way. Also, taking the training class is very valuable. 

What's my experience with pricing, setup cost, and licensing?

Do the one month trial and try to work out the kinks during it, as it has free support and service hours. The staff is great at knowing what to do and what they can do to help. 

Which other solutions did I evaluate?

Yes. Our SIEM tool list, from which we were evaluating, included Splunk and LogRhythm.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you Jon for your time to review AlienVault USM and for your candid feedback!

it_user484701 - PeerSpot reviewer
SOC Intrusion Analyst at a tech services company with 51-200 employees
Consultant
Once we placed AlienVault into the product we have now, the time it takes to find and respond to real anomalies dropped. Creating directives is a pain.

Valuable Features

  • Raw logs
  • Alarm section
  • Security events

Improvements to My Organization

Once we placed AlienVault in the product we have now, the time it takes to find and respond to real anomalies has dropped from hours to minutes, it has so much potential to be an amazing product despite it's many issues. After working with so many other SIEMs, AlienVault is among my top three favorites, and I believe it has earned that spot well.

Room for Improvement

Directives and searches within security events. So many issues with directives. Creating directives is a pain on it's own, but editing them can be a nightmare filled with tedious unnecessary steps. You do not have an option to whitelist or blacklist specific traffic flows to trigger alarms (eg. Specific IP to specific IP) if your directive contains multiple alarms. A simple fix would be to allow the engineer to give "and" and "or" statements so you could get something along the lines of (SRC IP: 192.168.0.20, DST IP: 10.10.1.12 OR 10.10.1.13) AND (SRC IP: 192.168.10.5, DST IP: 10.10.2.5). Instead you have a list of source IPs and a list of destination IPs and no matter if the traffic you need to blacklist is specific, anything communicating from the source list to the destination list triggers an alarm, which is not always what you want.

A workaround for that is to split the alarm directive into separate directives for any specific flows you are looking for. Searching in security events comes with it's own minor inconvenience that isn't a deal breaker, however, a simple improvement could make things orders of magnitude better: Allow the analyst to decide everything he wants to search for and trigger the search themselves. Right now, if you want to search something by signature, time range, and port - for example - you have to do each individually and each search forces the query to reload before you get the information set you want. E.g.: I want to search for Admin Activity Events, surrounding a specific Admin, over the last week. I need to first search for Admin activity events, which reloads the whole set of data, then search for the username, reloading the whole set of data again, then choose the last week time range, reloading again. It would make more sense to be able to package the queries I intend to use, then click something along the lines of submit. AlienVault does offer predefined searches, which is a great tool, but I think fixing the search function of the SIEM would be great.

Use of Solution

I've used it for two years.

Stability Issues

Stability issues have been around, but I feel like AlienVault does a stand up job at responding to and fixing them.

Scalability Issues

I personally haven't seen any scalability issues, though that falls out of my purview.

Customer Service and Technical Support

10/10 - the AlienVault team is great, and the community is very active.

Initial Setup

Straightforward. The guidance given in documentation sets you up for success, and the ease of adding agents to machines is phenomenal.

Implementation Team

It was done in house. Be patient, focus on getting your firewalls connected to the SIEM.

Other Solutions Considered

I have used several SIEMs, but stick with ArcSight, Splunk, and AlienVault. It is more client dependent. I big pro for AlienVault is it's price point and resource requirements. Though I feel like AlienVault is best suited for small to mid sized business.

Other Advice

Take advantage of the support team at AlienVault, and read through the documentation. If you get lost, their is a good chance the information is in there. Also, you will quickly discover the limitations of AlienVault, so you should take your time to figure out workarounds for your issues.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you for your feedback. If you would be willing to reach out to Product Marketing, please send an email to: LBarraco@alienvault.com. Lauren is always happy to hear from our customers especially on product enhancements or issues.

Buyer's Guide
USM Anywhere
November 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.
it_user484695 - PeerSpot reviewer
Information Security Consultant at Securepoint Nederland B.V.
Consultant
There is no complex alerting or code reviewing, just click and go.

Valuable Features

Vulnerability scanning and OTX are powerful. The alerting and security intelligence is the engine of the product. Looking at the cockpit and monitoring your IT environment is now almost a one man job. There is no complex alerting or code review, just click and go.

Improvements to My Organization

AlienVault does not stop a security breach, but it detects and notifies the responsible people and they can immediately interact and take the necessary actions. Identifying security risks and minimizing downtime is the added value.

Room for Improvement

The next release will include cloud security and it will support a hybrid IT environment, furthermore the OTX has a great added value but it will help when there is more OTX information in the database. Future releases will definitely need to improve on these items and it will position the product in a more enterprise ready strategic position.

Use of Solution

As a professional user and reseller we've used this product for almost five years, starting with the free OSSIM level for home and development use, and the all-in-one unlimited version or a small 50 asset version for our customers. Scalability is also key, starting at 25 assets for small companies and supporting enterprise companies with a separate server, sensor and logger.

Deployment Issues

It has great scalability options. The installation is almost click and go, but be aware when implementing AlienVault in a big environment with a separate sensor, logger and server, it's useful to have the necessary skills and IT knowledge. Also, in-depth knowledge of your own IT is key, knowing where to position the sensors and where to pace the server is key since wrong architecture will impact performance. AlienVault can offer direct support or you can contact your local partner to assist during this process.

Stability Issues

It has great scalability options. The installation is almost click and go, but be aware, when implementing AlienVault in a big environment with a separate sensor, logger and server, it would be useful to have the necessary skills and IT knowledge. Also in-depth knowledge of your own IT is key, knowing where to position the sensors and where to pace the server is key, wrong architecture will impact performance. AlienVault can offer direct support or you can contact your local partner to assist during this process.

Customer Service and Technical Support

When issues arise and the going gets tough, you can contact AlienVault directly via phone, email or web. Support is covered via the license and in our experience the technical guys (and girls) know their stuff. Real serious problems are solved via a remote VPN connection (build in the software), and the product has really improved regarding stability.

Initial Setup

The installation is pretty straightforward. Just keep in mind to better plan a good architecture then to rebuild the system(s) until it works performance wise.

Implementation Team

We performed the implementation, and the training was done by AlienVault trainers. Just know your stuff and do not hesitate to contact AlienVault or a reseller.

Other Solutions Considered

Other SIEM/USM products that we use are Splunk, LogRhythm and the free OSSIM version. The first two have a different cost model and compared to AlienVault they have (or lack) the real Swiss army knife approach. Furthermore there is a big difference in costs, this is why in the end AlienVault takes the lead.

Other Advice

The price is the unique selling point for AlienVault. The product is now stable and it is a Swiss army knife packed with lot of tools. All other professional products that compare to AlienVault are somewhat different but deliver the same result, but it is the price that tips the balance in favor of AlienVault.

Check the latest Gartner report on SIEM/USM 2016, and test the other products. Do not stick to one product for testing, but when you do not have the time to test all products (who does have the time), choose only two or three products to check out. Compare the prices and always ask for a demo.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Hi Frans - I wanted to make sure that you saw the news on 2/7/17 that we've now delivered a cloud-based USM product! www.alienvault.com

Manager at WASHI
Real User
A stable, user-friendly security solution with a reasonable price tag and easy deployment
Pros and Cons
  • "The solution is stable."
  • "The dashboard could be improved as well as the level of customization."

What is our primary use case?

The primary use case of this solution is for security.

What needs improvement?

The solution is very user-friendly, but the dashboard could be improved as well as the level of customization.

For how long have I used the solution?

I have been using the solution for one year.

What do I think about the stability of the solution?

The solution is stable.

How was the initial setup?

The deployment of this solution is easy, but you need some level of understanding.

What's my experience with pricing, setup cost, and licensing?

The price of this solution is reasonable, which is one of the reasons why we selected it over other solutions.

What other advice do I have?

I would recommend this solution to other users.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user829533 - PeerSpot reviewer
IT Manager at a manufacturing company with 51-200 employees
User
It is my "security person" looking at irregularities and letting me know when something has occurred
Pros and Cons
  • "SIEM log collection is great, and all of the rules that support updates with maintenance."
  • "It is my "security person" looking at irregularities and letting me know when something has occurred."
  • "More complimentary training needs to be done for use with this tool. If you get into a bind, then it will cost you."

What is our primary use case?

We were looking to add another layer of security to our network, which included intrusion detection, intrusion prevention, SIEM collection, and more. After looking at a few solutions, we ended up purchasing AlienVault. We are located in a physical location with a 100 users.

How has it helped my organization?

AlienVault has provided me with a management console which gives me alerts and other information about the traffic on my network. AlienVault is my "security person" looking at irregularities and letting me know when something has occurred. I also see vulnerabilities in my systems and can assign tickets to other staff members.

What is most valuable?

SIEM log collection is great, and all of the rules that support updates with maintenance. 

What needs improvement?

More complimentary training needs to be done for use with this tool. If you get into a bind, then it will cost you.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you for your time to review AlienVault USM and for your candid feedback!

PeerSpot user
Professional Services Engineer at a tech services company with 11-50 employees
Consultant
Meets logging requirements for PCI and HIPAA standards

What is most valuable?

The tool is a great way to meet logging requirements for PCI and HIPAA standards. It is very flexible and customizable.

How has it helped my organization?

I came into the company with USM Appliance already in place. However, from my previous experience with logging and security appliances, there have been many tasks that used to be a manual process like asset discovery, that are now automated and easy to implement through the UI.

What needs improvement?

Stability on certain components could be better, but for a system that is on 24/7/365 without reboots, it's fairly trouble free.

For how long have I used the solution?

We have used this for one year.

What was my experience with deployment of the solution?

There were no issues with deployment.

What do I think about the stability of the solution?

Stability issues were only due to issues with updates, and in extremely unusual use cases.

What do I think about the scalability of the solution?

There were no issues with scalability.

How is customer service and technical support?

Customer Service:

They have amazing customer service. AlienVault Support takes care of all of my issues that come up.

Technical Support:

I would give technical support a rating of 10 out of 10.

How was the initial setup?

The setup was fairly straightforward. A more advanced setup is available for different use cases.

What about the implementation team?

We did the implementation in-house.

What was our ROI?

Having our logs in a single system is in itself is a huge ROI.

What's my experience with pricing, setup cost, and licensing?

When compared with other options, AlienVault is significantly less expensive for the amount of features that are packed into it.

Which other solutions did I evaluate?

I was not part of the product decision.

What other advice do I have?

AlienVault support is what really makes this product a great investment. They are constantly improving their product and happy to help with anything that comes up.

Disclosure: My company has a business relationship with this vendor other than being a customer: My company utilizes USM Appliance for our own logs, but we are also an AlienVault MSSP Partner and Reseller.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Thank you Tyler for your time to review AlienVault USM and for your candid feedback!

PeerSpot user
Delivery Manager at a tech services company with 11-50 employees
Consultant
Provides vulnerability scanning and OTX for threat intelligence.

What is most valuable?

  • Vulnerability scanning
  • Cross co-relation
  • Reports in a grouped manner
  • OTX for threat intelligence

How has it helped my organization?

It helps to monitor the entire office in in a single point.

What needs improvement?

The report section needs to be improved. Most of the correlation rules are based on the NIDS event, which needs to be improved. In other words, we have to use the device logs also.

For how long have I used the solution?

We have been using this solution for almost two years.

What was my experience with deployment of the solution?

I did not encounter any issues with deployment.

What do I think about the stability of the solution?

I did not encounter any issues with scalability.

What do I think about the scalability of the solution?

I did not encounter any issues with scalability.

How are customer service and technical support?

Customer Service:

Customer service is available 8 to 5 EDT. In emergency cases, it is difficult to reach them. Response-wise, it is good. I would give customer service a rating of 7/10.

Technical Support:

I would give technical support a rating of 7/10.

Which solution did I use previously and why did I switch?

We did not use a previous solution.

How was the initial setup?

The setup was very straightforward.

What about the implementation team?

We did it in-house.

What was our ROI?

N/A/

What's my experience with pricing, setup cost, and licensing?

I feel that the license cost was a bit high, but compared to others, it is less. For mid-range companies, they feel that the cost is high, but that it is worth it.

Which other solutions did I evaluate?

We did not evaluation any other options.

What other advice do I have?

I do not have any additional comments.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Paruvathakumar - thanks so much for your time & comments.

it_user466524 - PeerSpot reviewer
Senior Infrastructure Analyst at a pharma/biotech company with 1,001-5,000 employees
Vendor
Provides a single way to analyze traffic and threats on our network.

What is most valuable?

Enabling visibility of traffic on our network, merging of multiple systems reporting and analysis and clear method to highlight potential issues.

How has it helped my organization?

Previously we had no single way to analyze traffic and threats on our network, relying instead on multiple, independent systems. We can now correlate reported threats and anomalies to better determine what threats we face.

What needs improvement?

The configuration is somewhat complex and the interface a bit non-intuitive. Whilst very useful for reporting, interpretation of the results can be difficult: improved features to help with this would be welcome.

For how long have I used the solution?

I've been using it for six months.

What do I think about the stability of the solution?

We’ve had 100% uptime since installation.

What do I think about the scalability of the solution?

We have not had any requirements to change the scope of the installation since first deployment.

How are customer service and technical support?

Good. Initial help with deployment was excellent, and the facility to create a tunnel for tech support personnel to troubleshoot system is very useful.

Which solution did I use previously and why did I switch?

We didn't have anything like AlienVault previously.

How was the initial setup?

It's fairly complex. There is quite a bit of additional config required in order to get the most from the system. A base config allows for monitoring, but to get the most, you need to add plugins for various systems on your network: this config is somewhat complex and requires a good knowledge of how AV works.

What's my experience with pricing, setup cost, and licensing?

Unless you have a small network, you really need the unlimited endpoint license, which is the most expensive option. Best to negotiate to get this version, otherwise scalability will be an issue (unless your total number of endpoints in under approx. 100).

Which other solutions did I evaluate?

We also looked at Tripwire.

What other advice do I have?

The initial onboarding during the trial period, including assisted setup, was most useful. Ensure you get the most from this, as if you require further setup assistance, it comes under (paid-for) professional services. AV is a very useful tool, but must be configured correctly in order to get the most out of it.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Tami Andrews - PeerSpot reviewer
Tami AndrewsSr. Customer Programs Manager at AlienVault
Real User

Alan - thank you for your thoughtful feedback & comments.

Buyer's Guide
Download our free USM Anywhere Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free USM Anywhere Report and get advice and tips from experienced pros sharing their opinions.