To those who plan to use the solution, I would suggest that they go through the documentation and online training models available for free, as it can help you deploy the product quickly while also being helpful in areas where there is a need to understand correlation and monitoring. I rate the overall product a seven out of ten.
It's an incredibly good starting point for people who've never used something similar. A great benefit of it is that you can use it as a compliance tool as well, not just an alerting tool. Overall, I give it a seven out of ten.
There are two criteria that I consider when evaluating products: "value for money" and "fit for purpose." The AT&T AlienVault USM satisfies both of these criteria. While we could potentially obtain better SIEM solutions by spending more, we must consider the cost. The SIEM is only one part of the overall model, and the efficiency of the response is also influenced by the people and processes behind it. Therefore, the tool alone cannot guarantee an efficient response. However, the AT&T AlienVault USM performs adequately in this regard, and I have not encountered any significant issues with it so far. Even with superior solutions such as Splunk, the effectiveness of the tool ultimately depends on the proficiency of the monitoring team. Therefore, I assign one-third of the overall value or a maximum of 40 percent to the tool's value if it accounts for 100 percent of the efficiency. In comparison to other products, the AT&T AlienVault USM is relatively good. On a scale of one to ten, I would rate the solution a nine out of ten. I would not recommend this solution for on-premises deployment or for large organizations due to the need for a well-designed architecture for implementation. However, I would recommend this solution for cloud deployment and for small to medium-sized organizations.
I rate this solution an eight out of ten. Regarding advice, before you implement any solution, ensure it meets your technical needs and assess whether you can maintain the solution in terms of cost of support. Regarding additional features, the existing features are good, but if they could integrate file integrity monitoring, it would be great.
We are using AT&T AlienVault USM. It's our main SIEM solution. We've been a partner of AT&T for four to five years. We still have a customer using the all-in-one solution, but now we are mainly promoting AlienVault USM Anywhere. I know that the solution is undergoing changes to become even more useful, so we have no problems with it. There's no problem, even in terms of integration. We use three people for the deployment and maintenance of the solution. One person is in charge of designing and implementing. Another person supports the implementation and the requirements of the customer. The third person does the monitoring exclusively. We provide our customers with the services of a security operations center. I'm recommending AT&T AlienVault USM to others and I'm rating AT&T AlienVault USM eight out of ten.
Team Lead & Principal Software Engineer at a tech services company with 51-200 employees
Real User
2022-01-12T15:09:37Z
Jan 12, 2022
My advice is ATT AlienVault USM is a great tool for small to medium size organizations. If the budget is not very good then you will need a good level team. I rate ATT AlienVault USM a six out of ten.
Principal DevOps Engineer at a tech vendor with 11-50 employees
Real User
2021-12-21T12:54:00Z
Dec 21, 2021
I would give AlienVault USM a solid eight out of 10. There are certainly products out there that can do more. For a smaller company, I'd say it's a solid nine or a 10, but if we compare all the offerings on the market, I would say it's a solid eight. It doesn't have some of the features of the other ones, but it offers a lot of benefits to us because we can get the value that we need out of it without having a dedicated team. It's been good overall, so I would give it a thumbs up. It's suitable for small organizations that don't have the capacity for a dedicated SOC that could handle something like Splunk Enterprise. Splunk is great for businesses with a dedicated team to do full-time analysis. But I think this is a nice solution for smaller companies where the IT staff has to wear multiple hats.
I would advise knowing your requirements and your data. What are you trying to protect or monitor? Before implementing something like this, you really should have basic security in place. You should have systems that are generating logs, for example, antivirus software and firewall. You have to have that all in place first to make this kind of product useful because this type of product is really meant to aggregate things after the fact. After you've put all the systems in place, then this system aggregates and collects everything together. You really need all the endpoint security, firewall security, and server security first, so you have meaningful data to look at. The SIEM is not going to be useful if you don't have any meaningful data for it to collect. I still need to dig into it deeper to see exactly what it does. Our practice is kind of evolving, so this is probably something that we need to offer more to customers. We need to get more product knowledge on it and develop a practice around it. A lot of customers are asking for security operations center (SOC) services for remediation of problems. We don't do that right now, but that's something that I know is probably on the roadmap. With everything going on, that would be a helpful service to our customers, and I think they're asking for that. We've encountered customers asking for that type of service. We don't do it yet. I know there are other partners out there that do that, so really it's on our side to develop the product more. Whether it involves staying with this AT&T product or going for maybe another one, customers are looking for a little bit more. They are not just to have it set up, but also to have someone to act on any kind of alerts or any kind of potential breaches. They're looking for a service for somebody to actually remediate. From what I know of the product, I would rate it an eight out of 10.
I would encourage others to go with this solution because it is easy to deploy, and it provides good tools to know more about your network and the traffic on it. Its reporting needs some improvements, but it fulfills the needs. I would rate AlienVault USM an eight out of ten.
Senior Network Architect / Network Team Leader at ICE Consulting. Inc.
Real User
2020-11-18T06:20:55Z
Nov 18, 2020
Most of our clients are small to medium-sized businesses; they can't afford to go out and purchase a SIEM on their own. They're looking for us to provide something for them. This was why we provide HCZ cybersecurity and Alien Vault, etc. If you're in an MSP and you're servicing small to medium-sized clients, this is definitely a product that you want to look at and evaluate. When we were doing our evaluations, we were looking at the applications that are supported out-of-the-box, without having to develop any special ATIs — we wanted a pre-built application that supported most of the applications that we use within our client base. On a scale from one to ten, I would give this solution a rating of eight. I'd like to see a little bit more work, out-of-the-box, regarding the dashboards. I'd like to see them provide us with branding capabilities, to be able to put our logos on the dashboard so that the client understands that it's coming from Ice Consulting instead of Alien Vault.
We're not using the solution ourselves. We're resellers. USM Anywhere is cloud-based, although they have a different version that is on-premises or on a private cloud called the USM Appliance. We're using the on-premises version, which is quite different from the cloud version. Overall, I'd rate the solution nine out of ten. There are a few areas where they can improve, however, overall, it's been a very good product for us and our customers. We'd recommend the solution. We've looked into other options and we always come back to this product.
We use both on-premises and cloud deployment models. We both use the solution and sell the solution as well. Overall, on a scale from one to ten, I would rate the solution at an eight. We're more focused on servicing medium to small businesses. This solution may not be suitable for a large enterprise-level organization. That said, we highly recommend it. I'd recommend that new users decide to first go for the trial. Take the trial and then make sure that you like it before investing in the subscription. The company offers a free trial - you might as well use it.
Chief Operating Officer / SR. Project Manager at SCS
Real User
2020-07-08T09:01:00Z
Jul 8, 2020
My advice for anybody who is considering this product is to evaluate all of the options that are out there. There is no one, great answer, so you have to figure out what best fits your needs. I would rate this solution a seven out of ten.
I.T. Manager at a non-profit with 51-200 employees
Real User
2018-12-23T18:41:00Z
Dec 23, 2018
Be careful with AT&T, make sure you are confident the tool will be what you expect throughout the life of your contract. Make sure AT&T isn't going to change anything on you suddenly.
Have an idea of a plan and know where things in your network are and know who can give you access to certain things you might need. In terms of how extensively we're using it, I'd be surprised if there was anyone outside of our team that is using it more extensively then we are. I would rate AlienVault at ten out of ten.
VP IT Operations at a financial services firm with 51-200 employees
Real User
2018-10-21T07:40:00Z
Oct 21, 2018
Compare it to the other vendors in the field, some of the top vendors. Make sure it fits your needs. It's more for a mid-sized company or a small company, not a large enterprise. Regarding using it for discovering assets in our network which do not belong, our network isn't that big so we really don't use it for that. We also don't use the solution for compliance with regulations. When it comes to staff using the solution, at the moment it is me and a monitoring service. We're the only ones who log into the solution. As for deployment, one person could probably do it because they help you deploy it. I did the deployment myself, with AlienVault. For maintenance, if you have a monitoring service that's fine, but if you're doing it yourself, you probably need somebody monitoring the log. When there's an incident, you probably need one or two other people. I would rate it a nine out of ten. It does what we need and it's reliable.
Consultant at a tech services company with 11-50 employees
Reseller
2018-09-16T12:32:00Z
Sep 16, 2018
Overall, the automation features of this solution are good. The issue here is that there are really two solutions. There's the AlienVault Appliance product and then there's the AlienVault Anywhere product. The Appliance product, which is the older product, has a lot more customization and automation capabilities because it's very extensible. The newer product, the Anywhere product, is still very limited. We're very dependent on AlienVault to build in any kind of connections or integration. If you are a mostly-cloud environment this is a good fit. If you have very few other security controls outside of a firewall this is a good step forward. But if you have a solid security program you may find this product lacking in a few areas. And most importantly, be very careful about subscription size and licensing.
ISO (Information Security Officer) with 10,001+ employees
Real User
2018-08-16T08:29:00Z
Aug 16, 2018
AlienVault is a great fit, especially for smaller organizations, as it will enable you to produce quick results with no need to worry about too many details.
Co-Founder at a photography company with 11-50 employees
Real User
2018-08-14T07:42:00Z
Aug 14, 2018
In terms of the product itself, it depends on what features you're looking for. We just use it for PCI compliance and it works for us. You need to do your own evaluation. I would give the product an eight out of 10. The reason it's an eight is that it seems to have bugs from time to time that go unfixed for a while and that is frustrating. I'm not saying the product needs to be bug-free, but they need to be responsive to bugs.
Check other products, do POC as change from one to other get be very pricey and time consuming. Also training of people and changes cost lots of resources and not all employees like such changes every year.
USM Anywhere centralizes security monitoring of networks and devices in the cloud, on premises, and in remote locations, helping you to detect threats virtually anywhere.
Discover
Network asset discovery
Software & services discovery
AWS asset discovery
Azure asset discovery
Google Cloud Platform asset discovery
Analyze
SIEM event correlation, auto-prioritized alarms
User activity monitoring
Up to 90-days of online, searchable events
Detect
Cloud intrusion detection (AWS, Azure,...
Overall, I would rate it an eight out of ten. I would recommend it because it is a good solution. It's easy to navigate. It's flexible.
To those who plan to use the solution, I would suggest that they go through the documentation and online training models available for free, as it can help you deploy the product quickly while also being helpful in areas where there is a need to understand correlation and monitoring. I rate the overall product a seven out of ten.
It's an incredibly good starting point for people who've never used something similar. A great benefit of it is that you can use it as a compliance tool as well, not just an alerting tool. Overall, I give it a seven out of ten.
There are two criteria that I consider when evaluating products: "value for money" and "fit for purpose." The AT&T AlienVault USM satisfies both of these criteria. While we could potentially obtain better SIEM solutions by spending more, we must consider the cost. The SIEM is only one part of the overall model, and the efficiency of the response is also influenced by the people and processes behind it. Therefore, the tool alone cannot guarantee an efficient response. However, the AT&T AlienVault USM performs adequately in this regard, and I have not encountered any significant issues with it so far. Even with superior solutions such as Splunk, the effectiveness of the tool ultimately depends on the proficiency of the monitoring team. Therefore, I assign one-third of the overall value or a maximum of 40 percent to the tool's value if it accounts for 100 percent of the efficiency. In comparison to other products, the AT&T AlienVault USM is relatively good. On a scale of one to ten, I would rate the solution a nine out of ten. I would not recommend this solution for on-premises deployment or for large organizations due to the need for a well-designed architecture for implementation. However, I would recommend this solution for cloud deployment and for small to medium-sized organizations.
I rate AlienVault USM seven out of 10. It can do the job if log management is what you want, but it lacks automated response.
I rate this solution an eight out of ten. Regarding advice, before you implement any solution, ensure it meets your technical needs and assess whether you can maintain the solution in terms of cost of support. Regarding additional features, the existing features are good, but if they could integrate file integrity monitoring, it would be great.
I would recommend this solution to others. We do not use all the features of the solution. I rate AT&T AlienVault USM an eight out of ten.
I would give it a good eight out of ten.
We are using AT&T AlienVault USM. It's our main SIEM solution. We've been a partner of AT&T for four to five years. We still have a customer using the all-in-one solution, but now we are mainly promoting AlienVault USM Anywhere. I know that the solution is undergoing changes to become even more useful, so we have no problems with it. There's no problem, even in terms of integration. We use three people for the deployment and maintenance of the solution. One person is in charge of designing and implementing. Another person supports the implementation and the requirements of the customer. The third person does the monitoring exclusively. We provide our customers with the services of a security operations center. I'm recommending AT&T AlienVault USM to others and I'm rating AT&T AlienVault USM eight out of ten.
My advice is ATT AlienVault USM is a great tool for small to medium size organizations. If the budget is not very good then you will need a good level team. I rate ATT AlienVault USM a six out of ten.
I would give AlienVault USM a solid eight out of 10. There are certainly products out there that can do more. For a smaller company, I'd say it's a solid nine or a 10, but if we compare all the offerings on the market, I would say it's a solid eight. It doesn't have some of the features of the other ones, but it offers a lot of benefits to us because we can get the value that we need out of it without having a dedicated team. It's been good overall, so I would give it a thumbs up. It's suitable for small organizations that don't have the capacity for a dedicated SOC that could handle something like Splunk Enterprise. Splunk is great for businesses with a dedicated team to do full-time analysis. But I think this is a nice solution for smaller companies where the IT staff has to wear multiple hats.
I would advise knowing your requirements and your data. What are you trying to protect or monitor? Before implementing something like this, you really should have basic security in place. You should have systems that are generating logs, for example, antivirus software and firewall. You have to have that all in place first to make this kind of product useful because this type of product is really meant to aggregate things after the fact. After you've put all the systems in place, then this system aggregates and collects everything together. You really need all the endpoint security, firewall security, and server security first, so you have meaningful data to look at. The SIEM is not going to be useful if you don't have any meaningful data for it to collect. I still need to dig into it deeper to see exactly what it does. Our practice is kind of evolving, so this is probably something that we need to offer more to customers. We need to get more product knowledge on it and develop a practice around it. A lot of customers are asking for security operations center (SOC) services for remediation of problems. We don't do that right now, but that's something that I know is probably on the roadmap. With everything going on, that would be a helpful service to our customers, and I think they're asking for that. We've encountered customers asking for that type of service. We don't do it yet. I know there are other partners out there that do that, so really it's on our side to develop the product more. Whether it involves staying with this AT&T product or going for maybe another one, customers are looking for a little bit more. They are not just to have it set up, but also to have someone to act on any kind of alerts or any kind of potential breaches. They're looking for a service for somebody to actually remediate. From what I know of the product, I would rate it an eight out of 10.
I would not recommend anyone to use it. I rate ATT AlienVault USM a one out of ten.
I would encourage others to go with this solution because it is easy to deploy, and it provides good tools to know more about your network and the traffic on it. Its reporting needs some improvements, but it fulfills the needs. I would rate AlienVault USM an eight out of ten.
I would recommend this solution to other users.
Most of our clients are small to medium-sized businesses; they can't afford to go out and purchase a SIEM on their own. They're looking for us to provide something for them. This was why we provide HCZ cybersecurity and Alien Vault, etc. If you're in an MSP and you're servicing small to medium-sized clients, this is definitely a product that you want to look at and evaluate. When we were doing our evaluations, we were looking at the applications that are supported out-of-the-box, without having to develop any special ATIs — we wanted a pre-built application that supported most of the applications that we use within our client base. On a scale from one to ten, I would give this solution a rating of eight. I'd like to see a little bit more work, out-of-the-box, regarding the dashboards. I'd like to see them provide us with branding capabilities, to be able to put our logos on the dashboard so that the client understands that it's coming from Ice Consulting instead of Alien Vault.
We're not using the solution ourselves. We're resellers. USM Anywhere is cloud-based, although they have a different version that is on-premises or on a private cloud called the USM Appliance. We're using the on-premises version, which is quite different from the cloud version. Overall, I'd rate the solution nine out of ten. There are a few areas where they can improve, however, overall, it's been a very good product for us and our customers. We'd recommend the solution. We've looked into other options and we always come back to this product.
We use both on-premises and cloud deployment models. We both use the solution and sell the solution as well. Overall, on a scale from one to ten, I would rate the solution at an eight. We're more focused on servicing medium to small businesses. This solution may not be suitable for a large enterprise-level organization. That said, we highly recommend it. I'd recommend that new users decide to first go for the trial. Take the trial and then make sure that you like it before investing in the subscription. The company offers a free trial - you might as well use it.
My advice for anybody who is considering this product is to evaluate all of the options that are out there. There is no one, great answer, so you have to figure out what best fits your needs. I would rate this solution a seven out of ten.
This is a good product but it can be made more user-friendly. I would rate this solution a seven out of ten.
Be careful with AT&T, make sure you are confident the tool will be what you expect throughout the life of your contract. Make sure AT&T isn't going to change anything on you suddenly.
AlienVault is an amazing product that I would highly recommend.
Have an idea of a plan and know where things in your network are and know who can give you access to certain things you might need. In terms of how extensively we're using it, I'd be surprised if there was anyone outside of our team that is using it more extensively then we are. I would rate AlienVault at ten out of ten.
They should have to improve support. So they can solve customers' problems in less time.
Efficiency Of Security Team: Yes, a team of 2 managing a reasonable sized network has been achieved. Events Per Day: 700,000
Compare it to the other vendors in the field, some of the top vendors. Make sure it fits your needs. It's more for a mid-sized company or a small company, not a large enterprise. Regarding using it for discovering assets in our network which do not belong, our network isn't that big so we really don't use it for that. We also don't use the solution for compliance with regulations. When it comes to staff using the solution, at the moment it is me and a monitoring service. We're the only ones who log into the solution. As for deployment, one person could probably do it because they help you deploy it. I did the deployment myself, with AlienVault. For maintenance, if you have a monitoring service that's fine, but if you're doing it yourself, you probably need somebody monitoring the log. When there's an incident, you probably need one or two other people. I would rate it a nine out of ten. It does what we need and it's reliable.
Overall, the automation features of this solution are good. The issue here is that there are really two solutions. There's the AlienVault Appliance product and then there's the AlienVault Anywhere product. The Appliance product, which is the older product, has a lot more customization and automation capabilities because it's very extensible. The newer product, the Anywhere product, is still very limited. We're very dependent on AlienVault to build in any kind of connections or integration. If you are a mostly-cloud environment this is a good fit. If you have very few other security controls outside of a firewall this is a good step forward. But if you have a solid security program you may find this product lacking in a few areas. And most importantly, be very careful about subscription size and licensing.
AlienVault is a great fit, especially for smaller organizations, as it will enable you to produce quick results with no need to worry about too many details.
In terms of the product itself, it depends on what features you're looking for. We just use it for PCI compliance and it works for us. You need to do your own evaluation. I would give the product an eight out of 10. The reason it's an eight is that it seems to have bugs from time to time that go unfixed for a while and that is frustrating. I'm not saying the product needs to be bug-free, but they need to be responsive to bugs.
It is a great product. Just get it.
Check other products, do POC as change from one to other get be very pricey and time consuming. Also training of people and changes cost lots of resources and not all employees like such changes every year.
It is quite awesome.