We are an MSP and we utilize an AlienVault USM Anywhere solution for threat detection in client networks.
Network Architect at Envision IT LLC
Cloud-based panel is excellent, enabling our SOC to review and respond to threats
Pros and Cons
- "The new cloud-based panel is excellent both for client review as well as for our SOC to review and respond to threats. It is much easier to configure and use than the previous solution from AlienVault."
What is our primary use case?
How has it helped my organization?
Alienvault USM Anywhere is a great evolution of a proven product. While the feedback and customization requirements remain largely the same, the user interface has been significantly improved. This significantly improves the interaction our clients have with their data, and we have received significant positive feedback.
What is most valuable?
The cloud console is by far the best improvement of the product. In the past, our less technical clients had trouble sorting through the dashboards within the USM console, and we had received complaints on viewing the real-time data versus our prepared reports.
The new cloud-based panel is excellent both for client review as well as for our SOC to review and respond to threats. It is much easier to configure and use than the previous solution from AlienVault.
What needs improvement?
It can still be difficult to feed products that are not supported out-of-the-box. It would be good if they had a better plugin exchange/store with AlienVault QA to ensure data is being processed properly.
Buyer's Guide
USM Anywhere
November 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.
For how long have I used the solution?
One to three years.
Disclosure: My company has a business relationship with this vendor other than being a customer: MSSP/Reseller
Security Consultant at a tech consulting company with 51-200 employees
We run this product on our network 24/7 and it has helped identify important events.
How has it helped my organization?
We run this product on our network 24/7 and it has helped identify many important events. We take the security of our network very seriously, and this helps to quickly identify and lock down any potential vulnerabilities or events that could escalate.
What is most valuable?
As an information security consultant that works across many diverse networks, these features offer by far the most critical information when analysing a client’s environment for issues that need to be addressed:
What needs improvement?
My biggest challenge has always been the fine tuning that is sometimes required for some networks. It requires a solid understanding of Linux and databases and how networks work. So a non-technical user may become frustrated, or not configure the product to work at its best, and therefore miss important events. So I see room for improvement in the following -
- Easy of deployment and configuration
- Easier way of testing if features are working as designed, e.g. Packet analysis
- Troubleshooting features that are not working as designed
What do I think about the scalability of the solution?
I have not yet run into any issues regarding scalability, however I have not yet deployed this on a very large network yet (1000+ devices).
How is customer service and technical support?
Excellent! Every time I have had an issue, the customer and technical support has been outstanding. The support desk is always very helpful, and goes out of their way to make sure the issues are resolved whenever possible.
How was the initial setup?
The initial setup is not difficult at all, and can be done by someone with almost no technical knowledge. However, getting optimal performance from the features in AlienVault may not always be as easy.
What about the implementation team?
We deployed using our own in-house team, led by myself. Depending on what you want from the product, be prepared to do some research and tinkering in the background. What you see on the surface is actually a very small part of what you can really do with AlienVault. If you are serious about getting the best out of AlienVault, use a vendor that is well versed in deploying AlienVault (like an MSSP) as they should have the experience needed to optimise a deployment, as well as having quick and easy access to the AlienVault support. Use the 30-day trial to get a good feel for what it can do, but remember there is a lot more.
What's my experience with pricing, setup cost, and licensing?
As this product is still relatively new in South Africa, people are still learning about it, but thus far we have been able to show affordability and feasibility is every network we have deployed it on. Speak to an MSSP about a package that is affordable for your company. The product is easy to scale as your affordability improves.
Which other solutions did I evaluate?
I have actually looked at a few other products, however we decided on this product as the cost versus what you get, far outweighed any other product we looked at. Many companies can’t afford to deploy a SIEM solution from some of the top companies on the market, however no company should be without a SIEM on their network with the risks companies face today. AlienVault provided the best bang for buck.
What other advice do I have?
Remember, there are many good products on the market, however affordability is usually a key factor. Sit down and properly analyse your network, and list expectation from whatever product you are considering. Identify what are your most critical assets, your “Crown Jewels”, and know how it needs to be protected. Then look at solutions within your budget, remembering that the most expensive is no necessarily always the best. There are many world class products out there, you need to find one that will fulfil your needs, within your budget.
Also, remember running a system like this means dedicating resources to monitoring it, you can’t deploy SIEM tools and think it’s going to run itself. Don’t expect your system administrator to have time to do this as InfoSec is a full time job. Either get a skilled resource, or consider an MSSP offering.
The product is very powerful and very flexible. However certain aspects can be very challenging to setup and configure for users that don’t have in-depth technical background. The default configuration would work well for a normal office network, however for more complex networks there is a lot more configuration required for optimal performance. The product is still under very active development, and the vendor is always receptive to feedback regarding feature requests or bugs.
Disclosure: My company has a business relationship with this vendor other than being a customer: We are an MSSP provider using this product, so we work closely with AlienVault themselves on a regular basis.
Buyer's Guide
USM Anywhere
November 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.
Chief Security Officer at a financial services firm with 501-1,000 employees
The integration of IDS and OSSEC is valuable as it enables correlation between Network IDS events and host system event logs
What is most valuable?
The integration of IDS and OSSEC is valuable as it enables correlation between Network IDS events and host system event logs.
How has it helped my organization?
AlienVault USM has improved how we manage events and incidents in our infrastructure. With AlienVault we are able to respond to incidents and take necessary action faster than we could before without the solution in place.
What needs improvement?
Some customizations with the integration between AlienVault components have room for improvement and enabling users with WebUI interfaces instead of having to edit configuration files on the system to achieve certain actions would be a good improvement.
For how long have I used the solution?
Three years.
What do I think about the stability of the solution?
No issues with instability has been encountered in our environment.
What do I think about the scalability of the solution?
No issues with scalability has been encountered in our environment.
How are customer service and technical support?
The AlienVault Technical support is good and has helped out several time with some really specific configurations in our environment.
Which solution did I use previously and why did I switch?
We used an outsourced MSSP solution but we needed to get the solution in-house in order to better integrate with our datacenters and systems and comply with financial regulatory and PCI-DSS requirements.
How was the initial setup?
The initial setup was straightforward and quite easy to setup. Requires Linux knowledge to manage but given that we use Linux for our critical infrastructure services it was no problem for us.
What's my experience with pricing, setup cost, and licensing?
We chose AlienVault partly do the the many features and functionalities that was bundled with the product to the pricing and licensing models that was offered. Many other solutions did not have the full spectrum of features but was significantly more expensive so we would have been forced to get additional solutions to cover all our requirements. With AlienVault we got a all-in-one solution that covered our needs.
Which other solutions did I evaluate?
We had a look at the current offerings at that time, including Tripwire, McAfee, SourceFire, etc., but concluded that we would get the best-bang-for-the-bucks with AlienVault solution
What other advice do I have?
As with any Security solution, you still need to have knowledgeable people to manage the solution and the solution is not a silver-bullet that takes care of all your issues without being properly managed. Make sure you have the necessary knowledge and headcount to use the solution before implementing this or any other solution. With Security, the most of the cost is in OPEX, not CAPEX, so make sure you have the necessary expertise to operate the solution as efficiently as possible.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Operation Manager at Checksum Consultancy
Easy to deploy, good integration with OTX, and good at asset discovery and vulnerability scanning
Pros and Cons
- "Asset discovery and vulnerability scanner are good features. The integration between this solution and OTX, which is an AlienVault platform for Open Threat Exchange, is also a valuable feature. It is also quick and easy to deploy, so you can quickly engage with a customer's environment."
- "Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira. It is also a bit slow, and its replication engine can be improved."
What is our primary use case?
We provide information security services to clients. We are seeking some clients to provide monitoring services by using AlienVault. We are also providing AlienVault USM Anywhere, which is cloud-based and has integration with cloud platforms such as AWS, Azure, and Google Cloud.
What is most valuable?
Asset discovery and vulnerability scanner are good features. The integration between this solution and OTX, which is an AlienVault platform for Open Threat Exchange, is also a valuable feature. It is also quick and easy to deploy, so you can quickly engage with a customer's environment.
What needs improvement?
Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira.
It is also a bit slow, and its replication engine can be improved.
For how long have I used the solution?
I have been using this solution for six months.
How are customer service and technical support?
We provide technical support for our clients.
Which solution did I use previously and why did I switch?
I have used McAfee ESM. McAfee ESM has many good features, but it is not very integrated with cloud-based assets. AlienVault is already a cloud-based solution, and it is native to cloud assets, which gives AlienVault an advantage over McAfee ESM. On the other hand, McAfee ESM is much better than AlienVault in terms of search engine, data collection, and events.
How was the initial setup?
It is very easy to deploy. It just takes one or two days and allows you to engage with your customer's environment quickly.
What's my experience with pricing, setup cost, and licensing?
Its price is much lower than McAfee ESM.
What other advice do I have?
I would encourage others to go with this solution because it is easy to deploy, and it provides good tools to know more about your network and the traffic on it. Its reporting needs some improvements, but it fulfills the needs.
I would rate AlienVault USM an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Client Development Manager at a tech services company with 51-200 employees
Allowed us to help our customers satisfy compliance needs around logging and monitoring
Pros and Cons
- "The asset management functionality (active and passive scans) is also really important. You can't protect what you do not know about, so having an inventory of all your devices and software is critical to a security management program."
- "Allowed us to help our customers satisfy compliance needs around logging and monitoring."
- "AlienVault needs to continue to integrate with other third-party technologies that clients want to have monitored."
Primary Use Case
I work for a Managed Service Provider, who uses AlienVault USM Anywhere as the backbone of our vulnerability management and logging solution, which we deliver to our clients.
Improvements to My Organization
AlienVault has allowed us to help our customers satisfy compliance needs around logging and monitoring (HIPAA, PCI, etc.) and has also provided a comprehensive platform that goes beyond just being a SIEM. It allows us to serve our customers in many different ways.
Valuable Features
The Vulnerability Scanning Engine using OpenVAS is a quality tool. The asset management functionality (active and passive scans) is also really important. You can't protect what you do not know about, so having an inventory of all your devices and software is critical to a security management program.
Room for Improvement
AlienVault needs to continue to integrate with other third-party technologies that clients want to have monitored. The plugin builder in the most recent version update is helpful, but it is still a little "clunky" at times.
Use of Solution
One to three years.
Disclosure: My company has a business relationship with this vendor other than being a customer: Sword & Shield is one of AlienVault's premier training partners and offers 24/7/365 SOC services around the AlienVault platform.
Information Security Analyst at a insurance company
Some of the valuable features are log aggregation, correlation, and threat intel.
What is most valuable?
Log aggregation, correlation, and threat intel.
How has it helped my organization?
AlienVault has streamlined our security functions by combining several different functions into one package.
What needs improvement?
I think expanding their vendor-specific plugins would beneficial.
For how long have I used the solution?
We have been using this solution for one year.
What was my experience with deployment of the solution?
I did not encounter any issues with deployment.
What do I think about the stability of the solution?
I did not encounter any issues with stability.
What do I think about the scalability of the solution?
I did not encounter any issues with scalability.
How are customer service and technical support?
Customer Service:
Their support is good and their response time is prompt.
Technical Support:I would rate them as very knowledgeable.
Which solution did I use previously and why did I switch?
We did not use a previous solution.
How was the initial setup?
It was very straightforward. The setup was basically install the VM, setup network monitoring/syslog, and watch the data flow.
What about the implementation team?
Our implementation was in-house.
What was our ROI?
It's hard to calculate ROI on a prevention mechanism, as the variables of a prevented incident are unknown.
What's my experience with pricing, setup cost, and licensing?
They are very affordable and flexible in their licensing model.
Which other solutions did I evaluate?
We evaluated HPE ArcSight, IBM QRadar, LogRhythm, Splunk, and SolarWinds.
What other advice do I have?
I would highly recommend the customer training courses. They are very helpful.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
SOC Lead / Sr. SOC Analyst at a tech services company with 501-1,000 employees
Out of the box features for easy asset discovery, vulnerability scans, IDS setup are all beneficial.
What is most valuable?
AlienVault out of the box features for easy asset discovery, vulnerability scans, IDS setup are all beneficial, but the best feature we find most valuable is the main dashboard for how the information is bubbled up and presented to us.
How has it helped my organization?
With AlienVault we have been able to reduce lag times by not having to invest into specialized research for which we rely on AlienVault Security Labs and OTX (Open Threat Exchange).
What needs improvement?
With all the great features AlienVault has to offer, it would be nice to see improved search query functionality, similar to ELK stack.
For how long have I used the solution?
18 months+
What was my experience with deployment of the solution?
Easy setup out of the box as it comes as a virtual appliance.
What do I think about the stability of the solution?
Solid platform built on debian system.
What do I think about the scalability of the solution?
Haven't been able to break it yet.
How is customer service and technical support?
5 Stars
Disclosure: My company has a business relationship with this vendor other than being a customer: We are a part of the MSSP program.
I would like to see root cause analysis and big data relationships as part of the overall solution.
Also, the query should feed into a larger data matrix of solutions where they feed into machine learning solutions to address the problem - intelligent situational awareness.
DevOps Engineer at a tech services company with 201-500 employees
Impressive visuals, high performance, and good user experience
Pros and Cons
- "AT&T AlienVault USM is good for ELK Stack, the user experience is great because of its architecture. The ELK has a great performance and it has very good speed in the search and Kibana. Additionally, the visuals and dashboards and very nice and customizable."
- "The AT&T AlienVault USM is okay, but the relational database is not very good for large amounts of data. For example, many logs cannot be processed. It has been very slow for the queries and some data which are large, it is not very good in this case."
What is our primary use case?
We are using AT&T AlienVault USM for SIEM, collecting logs from clients, traffic, analyzing, forensics, and security.
What is most valuable?
AT&T AlienVault USM is good for ELK Stack, the user experience is great because of its architecture. The ELK has a great performance and it has very good speed in the search and Kibana. Additionally, the visuals and dashboards and very nice and customizable.
What needs improvement?
The AT&T AlienVault USM is okay, but the relational database is not very good for large amounts of data. For example, many logs cannot be processed. It has been very slow for the queries and some data which are large, it is not very good in this case.
For how long have I used the solution?
I have been using AT&T AlienVault USM for approximately five years.
What do I think about the scalability of the solution?
We are using AT&T AlienVault USM as a client, if we want to increase the data we can collect more data because the solution can expand well horizontally.
Between the cellphones and laptops usage, we have more than 250 users using his solution in my organization.
How are customer service and support?
We have not used the technical support but we have clear documentation that we use.
How was the initial setup?
The initial setup was straightforward. We have a server room which we deploy from.
What about the implementation team?
The maintenance of the solution is not very difficult.
What other advice do I have?
I would recommend this solution because it is simple to deploy, has high performance, and has a great user experience.
I rate AT&T AlienVault USM a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free USM Anywhere Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Security Information and Event Management (SIEM) Log Management Endpoint Detection and Response (EDR) Compliance ManagementPopular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
Splunk Enterprise Security
IBM Security QRadar
Elastic Security
LogRhythm SIEM
Sumo Logic Security
Rapid7 InsightIDR
Fortinet FortiSIEM
AlienVault OSSIM
Securonix Next-Gen SIEM
Exabeam
ManageEngine Log360
Buyer's Guide
Download our free USM Anywhere Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Has anyone got experience in deployment of a SIEM solution?
- AlienVault saying I can't use it in a DHCP environment. Help!
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?
- RSA-EMC vs. other SIEM products?
Thank you Dan for your time to review AlienVault USM and for your candid feedback!