USM Anywhere Reviews

Alerts derived from logs.

Simplified log analysis and log management.

More information about what the alerts mean and how they are derived would be useful when determining their significance. Support is good to provide this information though.

>12 months

No.

Excellent.

Fairly straightforward. It does take some time to tune the system to your environment – to prevent getting alerts on activity your find acceptable in your environment.

They do give discounts towards the end of quarters if your renewal is due.

You will wonder how you lived without it.

The integration of IDS and OSSEC is valuable as it enables correlation between Network IDS events and host system event logs.

AlienVault USM has improved how we manage events and incidents in our infrastructure. With AlienVault we are able to respond to incidents and take necessary action faster than we could before without the solution in place.

Some customizations with the integration between AlienVault components have room for improvement and enabling users with WebUI interfaces instead of having to edit configuration files on the system to achieve certain actions would be a good improvement.

Three years.

No issues with instability has been encountered in our environment.

No issues with scalability has been encountered in our environment.

The AlienVault Technical support is good and has helped out several time with some really specific configurations in our environment.

We used an outsourced MSSP solution but we needed to get the solution in-house in order to better integrate with our datacenters and systems and comply with financial regulatory and PCI-DSS requirements.

The initial setup was straightforward and quite easy to setup. Requires Linux knowledge to manage but given that we use Linux for our critical infrastructure services it was no problem for us.

We chose AlienVault partly do the the many features and functionalities that was bundled with the product to the pricing and licensing models that was offered. Many other solutions did not have the full spectrum of features but was significantly more expensive so we would have been forced to get additional solutions to cover all our requirements. With AlienVault we got a all-in-one solution that covered our needs.

We had a look at the current offerings at that time, including Tripwire, McAfee, SourceFire, etc., but concluded that we would get the best-bang-for-the-bucks with AlienVault solution

As with any Security solution, you still need to have knowledgeable people to manage the solution and the solution is not a silver-bullet that takes care of all your issues without being properly managed. Make sure you have the necessary knowledge and headcount to use the solution before implementing this or any other solution. With Security, the most of the cost is in OPEX, not CAPEX, so make sure you have the necessary expertise to operate the solution as efficiently as possible.

Integrated vulnerability assessment, intrusion/anomaly detection and monitoring, with a simple management interface.

AlienVault provided improved visibility into the environment as well as the ability to report on the organization’s security posture.

Asset scanning and inventory (stale assets, scheduling scans) and correlation (false positives).

2 years

No.

Yes. Upgrading the network cards (from 1GB to 10GB) was not “supported” on the appliance, so we had to purchase a second one as a sensor. The secondary appliance with the 10GBs NICs is the same as the primary appliance, so this was disappointing.

High (seldom used).

No.

Simple and straightforward. The bulk of the work is understanding your own environment and tuning events (syslog, scans, alarm).

Pricing was a very important consideration and lower than the other SIEM solutions evaluated. The price point makes it accessible for SMB organizations that may be constrained of resources (budget and people/skills) so deployment can be gradual while still deriving value out of the solution.

SolarWinds, Splunk, LogRhythm.

As with any SIEM, it is not a “turn-key” or “set it and forget it” solution. It requires resources and skills to deploy, although this can be done in stages. Appropriate resources for maintenance is also key so the information is accurate, relevant and timely. Otherwise it becomes a repository of stale ignored events and alarms.

The fact that I am a very small security team and AlienVault allows me to have a SIEM, FIM and Vulnerability scanner all in one.

I am able to scan for vulnerabilities quickly on existing devices and also for new devices being deployed. Since I don’t have a lot of time to learn new and complicated tools, being an e-commerce company, this allows me to increase the security posture of the overall organization and also to help pass PCI compliance.

With all these products there is always room for improvement. Whether it’s making the filtering of anomalies better, making setup and deployment faster, streamlining more of the functional aspects of the product, etc. There is really not one thing that stands out in particular.

About one year

I had some initial issues with some of the upgrades in version, but with the help of their support team, we were able to resolve all of them.

No, not yet. We are growing at a rapid pace and eventually will need more sensors, but I believe that will be a painless upgrade.

Tech support is great. Very knowledgeable, reliable, and have resolved all problems, escalated when necessary, and handled all my cases very professionally.

I have used different solutions at previous jobs. AlienVault was a new purchase and install. When asked for my opinion, I did recommend AlienVault as the solution since my comparison of all products came down to AlienVault being the best for our particular environment.

It was very straightforward. I had made a couple of little mistakes that most likely would have been avoided if I had not rushed a few aspects of the install, but tech support was able to get me back on the right track.

The pricing for this solution with the 3 major components: SIEM, FIM, and vulnerability scanning, can’t be beat. There are other systems that are way more robust, but way more complicates and way more expensive. This solution was perfect for us.

I had eliminated others prior to evaluating AlienVault based on prior experience. Tripwire for FIM, QRadar for SIM, eEye Digital for vulnerability scans. All of which are great tools, but much more pricey. We briefly looked at LogRhythm, Tenable, and Splunk as well.

I would say to implement it. It has all the components needed to help secure your environment as long as you have someone who can dedicate some time to it. But even if you don’t, like in my case, it is a much better solution that the others.

• Security alarms
• Log collection

We now get a better view into what is happening on our network and to the servers than previously.

I'd like to see built in support to detect more security incidents.

I've been using it for 10 months.

We had no issues with the stability.

It's been able to scale for our needs.

They're very good.

This is the first time we've used a solution of this type.

The basic setup was straightforward, but it would have been nice if I could have had more information on a full setup and the advanced features.

You should license it for all your devices including endpoints, as this will make it more valuable to you.

We did compare it to some others solutions, but I don't remember which.

Try it first as you get a free evaluation.

The SIEM part where I can see all HIDS and IDS events in one place alongwith the correlation directives.

We have a better detection rate for malware and other cyber-attacks. Really helps when USM integrated in the incident response plan.

• Database query speed when dealing with millions of events per day
• Reports customization and types
• Dashboards TV modes (SOC surveillance monitors)

I've been using it for three years.

I've experienced frequent slowness, and we had to downgrade to filter out many logs.

The AIO is not fast enough for a network over 100 EPS, so you have to go with a dedicated server option for better speed.

7/10

We had nothing in place prior to this.

It's complex when playing with custom plugins.

The price is low, and it's good quality but require effort.

There were no other options looked at.

To take full advantage of the product you have to work under the hood.

Event Correlation is the most valuable feature for every SIEM. AlienVault has ISO 27001 compliance which is very helpful for the companies looking to have the ISO 27001 certification.

As it includes a logger feature for gathering all logs from all devices (network devices, servers, hosts etc.) it has basically become the only software that we look at when we have a problem. We don’t need to search from one device to another as it’s all centralized on the same AlienVault Server which enables us to save time and become more efficient at work.

As it includes multiple security softwares, the installation and configuration takes a lot of time. It would be good if they could work on that but the time is understandable given all the features AlienVault offers.

It’s a very good SIEM with plenty of functionalities which helped improve our KPI.

The correlation from the Host Based Intrusion to Network Intrusion against the vulnerabilities in my network.

We had no visibility of our vulnerabilities without looking up WSUS and matching this against the Windows bulletins. This completely missed the mark when it came to third party patches and poor configuration and waster hours upon hours for half a story. Not to mention we have a much better understanding of how and when we are being attacked.

The reporting could do with some improvements for example the vulnerability report only tells you what vulnerabilities are open and lists them but there is no indication of how old they are at a glance and what vulnerabilities have been closed since the previous scans. I would also like to see the ability to scan my devices for compliance against the CIS Benchmarks.

I have had this solution in place for just over a year now.

I've not experienced any issues with this yet.

I've not experienced any issues with this yet.

The tech support guys have been very friendly and helped as soon as there has been any issue. I cannot fault their technical support.

I used multiple products to try and get someway towards the level of visibility afforded by AlienVault. ManageEngine SIEM, Qualys, vulnerability management, and Norton for HIDS. Having this all in one interface made more sense which swayed the decision to go with Alienvault.

Very easy for initial set-up. My system was up and running within two hours. When you start to get into it more, then you need a better technical understanding.

This is much cheaper than some of the big names it is very affordable and scalable.

We looked at managed services from Dell SecureWorks as well as Qualys & Nessus.

Being the only Security professional in an organisation of well over 1000 people AlienVault lets me keep a watchful eye whilst getting on with my day job. This is a very good product with excellent support. Personally I would have preferred to go on the AlienVault System Engineers course as I believe this would help in fine tuning the system.

• Central log aggregation
• Security correlation

It provides greater visibility of host-based and network activity through its HIDS and NIDS functionality.

They should simplify the HIDS agent reporting/custom rule creation.

I've used it for one year.

We had issues but this was due to us receiving improper training from a third party and not necessarily due to the product.

Servers/sensors cap at 2048 host based agent deployments, but servers and sensors are easily scalable for a medium sized business.

10/10

I haven't used anything similar.

AlienVault is willing to offer flexible and competitive pricing.

We also looked at AccelOps, LogRhythm, and IBM QRadar.

If you have any questions, AlienVault's support team is more than willing to help with your installation, implementation, and integration.

We now have the ability to see what is happening in the environment.

We now can find the source of where Windows account lockouts are occurring.

It needs to be easier to deploy switch monitoring.

We've been using it for four months.

We've had no issues so far.

We've been able to scale it for our needs without issues.

I've not had to contact them yet.

We switched because our previous solution wasn't scalable.

It was pretty straightforward.

It was a reasonably priced solution.

We didn't look at any other solutions.

It’s pretty easy to setup but to really take advantage you should have a dedicated person who will devote their time, to customizing and utilizing the power this solution has.