Co-Founder/Director at Bangkok MSP Company Limited
Real User
Top 5
2024-11-11T14:59:00Z
Nov 11, 2024
There are scalability issues due to a 60 TB limit, which restricts its use for large customers like banks. It is also limited when used with bigger products and has complex password requirements.
The only issue that you need to bypass is the issue with integration with some other log sources, some other application security applications. The issue is still present. The process of collecting logs from applications that do not have an alien app or alien routes can be made a little bit better. Once there is no alien app, it's always very difficult to collect logs from third-party applications. So, the process of collecting logs from third-party applications is something that needs to be improved. Also, when it comes to parsing of some logs, I've worked with another solution that has a custom parsing feature that can assist you in creating the custom parsing rule by yourself. But for any of those, USM needs to reach out to the engineering team, which takes months to come up with. There is room for improvement in Log parsing. So when there are logs that are being parsed, we need to create a custom parsing rule to correctly parse some event logs. I've worked with a solution that has a feature that helps you to create custom parsing rules. But for enablement, we need to escalate to their engineering team, which takes months before they can respond and give you that parsing rule.
The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient. A mobile app for user management is something I would like to see in the product's future release.
USM Anywhere relies a lot on the community putting the data in. Often, you'll right-click on the attack, but nothing will be found. That's a weakness of it.
AlienVault cannot automatically respond to threats like other SIEM solutions, such as Sentinel and LogRhythm. Most of our clients are far away, so it's often challenging to handle alerts when they come up on our dashboard.
We like the on-premises solution, but AT&T wants us to move to their cloud version. We are not interested in doing that because the storage in the cloud version is not cheap. We don't want to move to the cloud and be unable to afford the cost of maintaining the cloud. We are looking for a solution that we can afford long term. Since the support for on-premises is close to being eliminated, we are looking for a solution that fits our budget.
GISO - Global Information Security Officer at Beyon Connect
Real User
2022-07-10T15:39:18Z
Jul 10, 2022
Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products.
An improvement for AT&T AlienVault USM is the option for us to build the connectors ourselves, for us to do the parsing ourselves, because those options disappeared with the version of the solution that we're currently using. I know I can talk to the vendor to ask for a new parsing option for the application, for any new platform, but I understand that it can take several months. Adding a parsing interface for the customers would be good.
Principal DevOps Engineer at a tech vendor with 11-50 employees
Real User
2021-12-21T12:54:00Z
Dec 21, 2021
I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins. We often have application logs that are unique to us, so it's silly to have to open a ticket, have them do the work, and then release the plugin. It would be nice if they had a self-service portal where we could define the parameters within the product for the plugin and have a custom plugin for our logs.
I don't have any suggestions for improvement. On our side, as a provider, we should develop a real security operation center type of practice, which we don't have right now. There could be some type of integration with our existing portal. We have our own customer portals, and it would be good if there was an integration so that our portal can provide reports. There could be some type of API into the AlienVault system with the USM system so that it is easy to show the customers high-level reports of the system through our portal.
System Administrator at a insurance company with 51-200 employees
Real User
2021-04-01T09:42:53Z
Apr 1, 2021
This solution has too many issues with integration with other technologies. For example, you can configure the solution to integrate with your technology today but tomorrow it will stop working. You have to continually update the login, save the issue, and create a ticket with support. It is a long process that takes too long for the support to resolve quickly. In the future, I would like to see all these features of the solution working properly.
Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira. It is also a bit slow, and its replication engine can be improved.
Senior Network Architect / Network Team Leader at ICE Consulting. Inc.
Real User
2020-11-18T06:20:55Z
Nov 18, 2020
I'd like to see a dashboard that's a little more descriptive. We can customize the dashboards, but the out-of-the-box dashboards are kind of bland. Since we give our customers access to their dashboards, it would be nice if they were a little bit more intuitive. We can go easily drill into it and show them everything, but the customer just sees the writing on the page. I'd like to see them dress up their out-of-the-box dashboard a little bit. We have the ability to do a lot of that. Since they have this image — they have a strong MSP program. I would love to see them allow branding, which they don't at this point.
The solution could be improved in three ways. The first one is user behavioral analytics. They need work. The second one is cloud-related usage. The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on. The third one improvement could be a bit more customization for security products. If someone has an antivirus where it is customizable they need to have the ability to easily connect everything together.
The solution is a bit complicated. It could be simplified quite a bit. The correlation engine could be improved. Much improvement could be made there, as it is an important open-source solution. The solution could benefit from including security orchestration. It's still not available yet. It would be really nice to have in a future release. It could use something like a pen test. Tools like that would make it more comprehensive from a cybersecurity aspect.
Chief Operating Officer / SR. Project Manager at SCS
Real User
2020-07-08T09:01:00Z
Jul 8, 2020
They set aside a lot of the functionality from the on-premises version that we found very helpful in managing tickets. As it is now, the cloud-based deployment is lacking these useful features. The reporting is mediocre and is something that needs to be improved.
‎SOC Manager at a tech services company with 11-50 employees
Real User
2019-08-12T05:55:00Z
Aug 12, 2019
This solution could be easier to use. It is hard for some people to understand, and they need to get training and certification just to understand what it's showing them.
Sales Solutions Engineer at a tech services company with 201-500 employees
Reseller
2019-04-24T10:55:00Z
Apr 24, 2019
Having automatic agent deployment would be a great feature. It would be nice to see some machine learning and monitoring of the configuration in network devices.
I.T. Manager at a non-profit with 51-200 employees
Real User
2018-12-23T18:41:00Z
Dec 23, 2018
Long-term I'm genuinely concerned about AT&T's ownership of AlienVault. I have never had a good relationship with AT&T in +15 years, and fear they will destroy this good product.
Senior Buyer & Operations Specialist at Nth Generation Computing
Real User
2018-12-17T17:56:00Z
Dec 17, 2018
The only recommended changes I can think of is to have the ability to filter logs. Also, being able to navigate the dashboard. That seems to have been quite a challenge.
One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs. AlienVault has three components to it, a sensor, a server, and a logger. Sensors grab data, servers correlate data, and loggers store data. The logger can only hold so much data. If they improved that, that would help.
Manager, Security Operation Center at Ideal Integrations
Real User
2018-11-26T19:38:00Z
Nov 26, 2018
The support could absolutely be better. It seems to have gotten worse with the AT&T acquisition. We have been hearing some not so great things from our associates in the field as well.
While it is relatively easy to use, it takes a little time to get used to where everything is located in the web interface. I do wish that their support would help a bit more with the analysis of alarms.
Taking into account that server access credentials are controlled by the tool, some more management-focused actions could be performed from AlienVault.
We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.
VP IT Operations at a financial services firm with 51-200 employees
Real User
2018-10-21T07:40:00Z
Oct 21, 2018
The only that I can think of is that is not ideal is sending Windows Server logs to their device, to the system. That has to be done on each server. I don't know if they have changed that.
Consultant at a tech services company with 11-50 employees
Reseller
2018-09-16T12:32:00Z
Sep 16, 2018
Search performance can be slow. The Raw Logs feature is painfully slow. And if we're talking about the newer, the Anywhere product, you can't even schedule reports on it. There are probably a dozen other features I'd really like to see there, but that would be one of the biggies. Also, there is no visibility into the NIDS or HIDS agent configurations and no easy way to augment them. The same is true for vulnerability scanning, it's all or nothing; there are no fine-grain controls as there was in their older product. There is a lack of "real" visibility into the correlation rules, and the inability to create our own sophisticated rules (only very simple ones) is a big miss.
* They should improve the reporting capabilities. * Different functions to customize reports should be added. * Export features should not be limited to spreadsheets (.XLS) only.
ISO (Information Security Officer) with 10,001+ employees
Real User
2018-08-16T08:29:00Z
Aug 16, 2018
The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management.
Honestly, the product itself is great. The only room for improvement I can mention is the initial installation procedures. I found that the online installation instructions for the product were missing important details, they lacked necessary steps. The product itself is fine.
USM Anywhere centralizes security monitoring of networks and devices in the cloud, on premises, and in remote locations, helping you to detect threats virtually anywhere.
Discover
Network asset discovery
Software & services discovery
AWS asset discovery
Azure asset discovery
Google Cloud Platform asset discovery
Analyze
SIEM event correlation, auto-prioritized alarms
User activity monitoring
Up to 90-days of online, searchable events
Detect
Cloud intrusion detection (AWS, Azure,...
There are scalability issues due to a 60 TB limit, which restricts its use for large customers like banks. It is also limited when used with bigger products and has complex password requirements.
The only issue that you need to bypass is the issue with integration with some other log sources, some other application security applications. The issue is still present. The process of collecting logs from applications that do not have an alien app or alien routes can be made a little bit better. Once there is no alien app, it's always very difficult to collect logs from third-party applications. So, the process of collecting logs from third-party applications is something that needs to be improved. Also, when it comes to parsing of some logs, I've worked with another solution that has a custom parsing feature that can assist you in creating the custom parsing rule by yourself. But for any of those, USM needs to reach out to the engineering team, which takes months to come up with. There is room for improvement in Log parsing. So when there are logs that are being parsed, we need to create a custom parsing rule to correctly parse some event logs. I've worked with a solution that has a feature that helps you to create custom parsing rules. But for enablement, we need to escalate to their engineering team, which takes months before they can respond and give you that parsing rule.
The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient. A mobile app for user management is something I would like to see in the product's future release.
USM Anywhere relies a lot on the community putting the data in. Often, you'll right-click on the attack, but nothing will be found. That's a weakness of it.
The reporting and dashboards have room for improvement.
AlienVault cannot automatically respond to threats like other SIEM solutions, such as Sentinel and LogRhythm. Most of our clients are far away, so it's often challenging to handle alerts when they come up on our dashboard.
We like the on-premises solution, but AT&T wants us to move to their cloud version. We are not interested in doing that because the storage in the cloud version is not cheap. We don't want to move to the cloud and be unable to afford the cost of maintaining the cloud. We are looking for a solution that we can afford long term. Since the support for on-premises is close to being eliminated, we are looking for a solution that fits our budget.
The price of AT&T AlienVault USM could be reduced.
Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products.
An improvement for AT&T AlienVault USM is the option for us to build the connectors ourselves, for us to do the parsing ourselves, because those options disappeared with the version of the solution that we're currently using. I know I can talk to the vendor to ask for a new parsing option for the application, for any new platform, but I understand that it can take several months. Adding a parsing interface for the customers would be good.
The GUI needs to improve because it's not user-friendly.
I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins. We often have application logs that are unique to us, so it's silly to have to open a ticket, have them do the work, and then release the plugin. It would be nice if they had a self-service portal where we could define the parameters within the product for the plugin and have a custom plugin for our logs.
I don't have any suggestions for improvement. On our side, as a provider, we should develop a real security operation center type of practice, which we don't have right now. There could be some type of integration with our existing portal. We have our own customer portals, and it would be good if there was an integration so that our portal can provide reports. There could be some type of API into the AlienVault system with the USM system so that it is easy to show the customers high-level reports of the system through our portal.
This solution has too many issues with integration with other technologies. For example, you can configure the solution to integrate with your technology today but tomorrow it will stop working. You have to continually update the login, save the issue, and create a ticket with support. It is a long process that takes too long for the support to resolve quickly. In the future, I would like to see all these features of the solution working properly.
Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira. It is also a bit slow, and its replication engine can be improved.
The solution is very user-friendly, but the dashboard could be improved as well as the level of customization.
I'd like to see a dashboard that's a little more descriptive. We can customize the dashboards, but the out-of-the-box dashboards are kind of bland. Since we give our customers access to their dashboards, it would be nice if they were a little bit more intuitive. We can go easily drill into it and show them everything, but the customer just sees the writing on the page. I'd like to see them dress up their out-of-the-box dashboard a little bit. We have the ability to do a lot of that. Since they have this image — they have a strong MSP program. I would love to see them allow branding, which they don't at this point.
The solution could be improved in three ways. The first one is user behavioral analytics. They need work. The second one is cloud-related usage. The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on. The third one improvement could be a bit more customization for security products. If someone has an antivirus where it is customizable they need to have the ability to easily connect everything together.
The solution is a bit complicated. It could be simplified quite a bit. The correlation engine could be improved. Much improvement could be made there, as it is an important open-source solution. The solution could benefit from including security orchestration. It's still not available yet. It would be really nice to have in a future release. It could use something like a pen test. Tools like that would make it more comprehensive from a cybersecurity aspect.
They set aside a lot of the functionality from the on-premises version that we found very helpful in managing tickets. As it is now, the cloud-based deployment is lacking these useful features. The reporting is mediocre and is something that needs to be improved.
This solution could be easier to use. It is hard for some people to understand, and they need to get training and certification just to understand what it's showing them.
Having automatic agent deployment would be a great feature. It would be nice to see some machine learning and monitoring of the configuration in network devices.
Long-term I'm genuinely concerned about AT&T's ownership of AlienVault. I have never had a good relationship with AT&T in +15 years, and fear they will destroy this good product.
The only recommended changes I can think of is to have the ability to filter logs. Also, being able to navigate the dashboard. That seems to have been quite a challenge.
One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs. AlienVault has three components to it, a sensor, a server, and a logger. Sensors grab data, servers correlate data, and loggers store data. The logger can only hold so much data. If they improved that, that would help.
The support could absolutely be better. It seems to have gotten worse with the AT&T acquisition. We have been hearing some not so great things from our associates in the field as well.
While it is relatively easy to use, it takes a little time to get used to where everything is located in the web interface. I do wish that their support would help a bit more with the analysis of alarms.
Taking into account that server access credentials are controlled by the tool, some more management-focused actions could be performed from AlienVault.
We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.
The only that I can think of is that is not ideal is sending Windows Server logs to their device, to the system. That has to be done on each server. I don't know if they have changed that.
Although they use machine learning, the algorithms that they use are graph-based. Their AI/ML capabilities could be improved a bit.
Search performance can be slow. The Raw Logs feature is painfully slow. And if we're talking about the newer, the Anywhere product, you can't even schedule reports on it. There are probably a dozen other features I'd really like to see there, but that would be one of the biggies. Also, there is no visibility into the NIDS or HIDS agent configurations and no easy way to augment them. The same is true for vulnerability scanning, it's all or nothing; there are no fine-grain controls as there was in their older product. There is a lack of "real" visibility into the correlation rules, and the inability to create our own sophisticated rules (only very simple ones) is a big miss.
* They should improve the reporting capabilities. * Different functions to customize reports should be added. * Export features should not be limited to spreadsheets (.XLS) only.
The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management.
Honestly, the product itself is great. The only room for improvement I can mention is the initial installation procedures. I found that the online installation instructions for the product were missing important details, they lacked necessary steps. The product itself is fine.
* Plugins could be better utilized, as some of them do not recognize all logs. * We could add little more customization to dashboards.
Many of the tasks on features are useless in our situation. NetFlow is worthless. Many of the built-in correlation engine solutions are just okay.
It should be able to communicate with other security solutions to stop threats.