USM Anywhere Reviews

We primarily use AlienVault for managing logs, IDS, and correlation, but we haven't used the other tools, which was a huge disappointment to me. 

Our main focus was intrusion detection, alerts, and correlation. It's easy to use AlienVault and integrate it with other alert tools because it includes lots of connectors. Either the tool is already there, or AlienVault will write an API for us if they don't have a connector for the solution that is providing the logs.

We've seen a lot of improvement in the product over the years. Their threat monitoring was an important feature for us, but we didn't use the tool to its full advantage. I wanted to use the built-in NES and asset management tools, but unfortunately we didn't use those because we had other solutions to address those areas.

I've been told that AlienVault doesn't have a full version of NES running in there, but I'm not sure if that's accurate or if my engineer made it that way. I'm not sure he was completely honest either because we had NES in the environment before. Those tools could be improved because AlienVault is a SIEM, and it added all these other features.

Are they proficient in every one of those areas? Are they proficient in asset management? Is their tool good enough to be your company's vulnerability scanner? Is it good enough to be your asset manager? Is it good enough to be those additional tools? That's where I don't know if we have enough information.

We've been using AlienVault for three years.

AlienVault is a highly stable tool. The sensors go down once or twice every few months, but it's generally a stable product. It ran for us for three years with very minimal issues or concerns.

We were a small organization of 250 people when we started with maybe 150 machines out there server-wise. We grew to about 1,500 employees through the acquisition of four or five different businesses, so it was effortless to scale.

You need to add more licenses and data for law collection. Other than that, it was easy to work with from that perspective, and the AlienVault salespeople are accommodating.

My engineer dealt with the techs before, but that wasn't often. When he did deal with them, they were knowledgeable and helpful.

Setting up AlienVault is straightforward. They provide teams and reps to help us get everything set up and connected. We also had a security engineer who was highly experienced in deploying the agents, putting the connectors in place, and pulling the logs into the SIEM.

AlienVault is certainly not nearly as expensive as Splunk or QRadar. It's decently priced, but I don't have the exact figure. 

This organization has AlienVault, and they're not happy with it, so I'm looking at other solutions. However, I don't know what their pain points were. I thought it was a great solution for my previous organization. It has tremendous benefits, and it brings everything into one single pane that includes your vulnerability management, asset management, IDS, logs, and correlation. It does all of those things in one single pane, and I think that's one of the benefits of AlienVault.

I rate AlienVault USM eight out of 10. That said, I haven't used many other SIEMs. I haven't worked with Splunk or QRadar. One of our organizations had QRadar, but they switched to AlienVault.

I used it in my previous company. My main use case was to identify the security events. Basically, it was a platform through which we used to monitor threat events for SOC operations.

We had its latest version. We used to keep updating it whenever there was a new release.

AlienVault was on-prem, and for cloud, we had Wazuh.

The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution. So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable.

The setup of AlienVault is extremely easy. It is very simple to understand for someone who is trying a SIEM solution for the first time.

The integration of servers and other devices is extremely easy. It is a piece of cake. You just double-click and start, and you are up and running. That's all.

Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products. 

I have been working with this solution for around nine years. I was using it in my previous company, and I stopped using it about four months ago when I moved to my current company.

It is very stable.

It is scalable. It was a large deployment. We had more than 1,000 employees, but it was only used by the information security team to monitor the security events and logs. We had 18 users, but we had integrated more than 250 servers and network devices with it.

They were absolutely helpful. I found everyone very knowledgeable, and the ideology and everything else was fantastic. I would rate them a five out of five.

Positive

From a security perspective, this was the first one, but before that, they had SolarWinds, which is not a security incident monitoring tool. It is just a network performance monitoring tool. After I joined the company, we had to get a SIEM solution, and we onboarded AlienVault at first. We used it for a few years, and after that, we also integrated Wazuh.

In my current company, we have Datadog. We are using ELK Stack, and we have built our own SIEM solution.

It was very simple. The deployment and integration of other devices took about three to five days, and just the installation took less than 30 minutes.

I did the setup for the company. I was heading information security for that company. 

It is affordable, and it also has many features that the premium products such as ArcSight and QRadar have. It is a very good platform for a SIEM solution. Everything is included in the price.

We have done a PoC in my current company, and I find both AlienVault and Datadog to be good, but we are exploring more options and doing a PoC with other solutions. We have not yet finalized any solution.

I would give it a good eight out of ten. 

I have used AT&T AlienVault USM for Log collection and management, priority, and incident analysis.

AT&T AlienVault USM has helped our organization by highlighting known vulnerabilities in our network and full visibility of our network to figure out if there is anything that we are not aware of. If there are any missing pieces, they would be found by the AT&T AlienVault USM.

The most valuable feature in AT&T AlienVault USM is the reporting.

AT&T AlienVault USM can improve searchable data. It should be available for more than 90 days. If you need more than 90 days of data, you have to put a request and they give you raw data, which is not easy to search. A good addition would be to allow users to search data older than 90 days.

In a future update, they should add more integrations with third-party devices.

I have been using AT&T AlienVault USM for approximately six months.

AT&T AlienVault USM is stable.

The scalability of AT&T AlienVault USM is good.

We have five IT administrators that use it. We plan to increase the usage in the future.

We don't reach out to technical support from AT&T AlienVault USM. We go through our third-party provider. They are the ones who we reach out for technical support. We only reach out to the MSP.

I did not use another solution prior to AT&T AlienVault USM.

The initial setup of AT&T AlienVault USM was straightforward. The deployment took approximately one hour.

We did the implementation in-house with the help of a consultant. We require one person for the maintenance and support.

I have seen a return on investment using AT&T AlienVault USM.

I rate the return on investment of AT&T AlienVault USM a four out of five.

I rate the price of AT&T AlienVault USM a four out of five.

We evaluated Microsoft Sentinel and IBM QRadar before choosing AT&T AlienVault USM.

AT&T AlienVault USM is very easy to deploy, user-friendly, easy to understand, and fits very well for small, and medium-sized businesses. I won't say it is a con for the other ones, but they are more suitable for larger-sized companies and sometimes it is cost a lot for Microsoft Sentinel and IBM QRadar.

My advice to others is you need a dedicated person to monitor the same solution. If not, you have to outsource it to a 24/7 SOC, or Security Operation Center, such as a managed security provider.

I rate AT&T AlienVault USM a nine out of ten.

AlienVault USM is an SaaS solution offered through the cloud. It's a security incident event management solution that scans logs to look for various security patterns that are shipped to it. Then it alerts us so we can identify trends.

AlienVault gives us greater visibility into our security and tells us what we need to address. We haven't had any breaches, but if we were to have some, we would get alerts.

AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small company that doesn't have those resources.

I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins.

We often have application logs that are unique to us, so it's silly to have to open a ticket, have them do the work, and then release the plugin. It would be nice if they had a self-service portal where we could define the parameters within the product for the plugin and have a custom plugin for our logs. 

I've been using AlienVault USM for about two or three years.

AlienVault USM has been quite stable so far. We might've had one or two hiccups over the past couple of years, but nothing major.

We have had no issues with scalability at all. It's been seamless. We have only three or four users on our DevOps team, but we're getting information from all over. Of course, many downstream people benefit from the work that we do, but only about four people actually log in and use it. 

Technical support has been okay. It hasn't been great. On a scale of one to 10 scale, I'd say maybe a six. It took them a long time to respond to some of our questions, and we didn't get the complete responses we were expecting. In some cases, the process took so long that the question's urgency diminished by the time we could get to an answer.

Setting up AlienVault USM was relatively straightforward. Of course, all software is complex, but this wasn't overly complex. We did do some professional service hours with the vendor during the deployment, but that was more about best practices. We asked how to configure it to get the most out of the solution. 

It's not an admin-heavy product in terms of maintenance and management. There's certainly a lot you can do to customize and configure it, but it doesn't require much administration. Someone is logging in most days to check in and review alerts.

We looked at Splunk Enterprise with the added security module, and that worked great, but it also had a lot of overhead to get value out of it. We just didn't have the capacity for it.

I would give AlienVault USM a solid eight out of 10. There are certainly products out there that can do more. For a smaller company, I'd say it's a solid nine or a 10, but if we compare all the offerings on the market, I would say it's a solid eight. It doesn't have some of the features of the other ones, but it offers a lot of benefits to us because we can get the value that we need out of it without having a dedicated team.

It's been good overall, so I would give it a thumbs up. It's suitable for small organizations that don't have the capacity for a dedicated SOC that could handle something like Splunk Enterprise. Splunk is great for businesses with a dedicated team to do full-time analysis. But I think this is a nice solution for smaller companies where the IT staff has to wear multiple hats.

General use cases would be for patch management and vulnerability management. The devices that are on the network may need patching if they're outdated. For any device or node that has entered the network and may be considered a threat, the HTTPS ports and different nodes need to be monitored for incoming and outgoing traffic. We could put in security rules for monitoring the actual devices down to the USP level, and we can also get the vulnerability information from OSX, and then provide that information to the IT teams.

In terms of the version, usually, when the updates come, the updates need to be aggregated to the customer, but at this moment in time, I am yet to secure a customer in that space due to the current COVID crisis in the country, across the Pacific, and globally.

In terms of deployment, the endpoints are on-premise, but it would be cloud-based in terms of the platform. So, it could be both depending on the customer. They would either have cloud or hybrid.

In terms of monitoring, my best feature would be the monitoring of components across the network. It monitors the respective nodes and any new node that comes onto the network and provides reports. The reporting dashboards are really helpful for management in terms of making decisions around patch management.

It is an all-in-one package. In terms of the selling points, to the best of my knowledge, it has eight different selling points or eight features, and they're all interlinked, which most of the infrastructure setups here do not have. They have separate systems for monitoring the networks. So, USM can cater based on those eight capabilities.

I've been using it just for my own personal upskilling in terms of how the product works. At the moment, it is pretty straightforward and simple, and it is working how it is supposed to. The feedback would come once it is deployed to customer sites. They'll be using it on a more frequent basis, and that's when the feedback would come in terms of the areas in which they're facing issues or are looking for simplicity.

I have been using this solution for the last eight to 10 months.

So far, I haven't seen any patches or updates from the partner or the OTX site to show any issues in terms of stability. Based on the frequency of the updates, at the moment, it seems stable.

It is easy to scale. It comes with all features, as opposed to separate individual modules. To my knowledge, you can scale it for your organization as and when there is a requirement or the organization grows. So, in terms of scalability, there is no problem. After you get it up and running, as the organization grows, the engines will be able to pick up that information.

It is really good for medium and large companies, but it can also be used for small organizations. Instead of deploying it to a small organization, you could provide a service where it is not on the customer site, and you basically link into your nodes for small customers. So, you install it for medium and large customers, and for small customers, you install it on your premise, and then you sell the individual features that they may request.

I have not been in touch with their technical support. I deal with the technical account manager. When I read up the information and there is something that I'm not sure about, I check my resources and see what's available online. If none of the available resources are helpful, I reach out to my account manager who then puts me in touch with the technical team. I presume that if we encounter any issues in deployment, it would be based on a customer's demography or the setup.

If you're not familiar with it from a tech perspective, it might be confusing for you, but from what I've seen and based on my experience, it is pretty simple and straightforward.

The user guides are also very helpful if you hit any roadblocks. It is very straightforward in terms of the instructions to set it up, but you should have minimum tech experience in understanding the documentation, which is fair enough and good because you don't want it to be too simple to set up that companies would say, "Well, we don't need IT if anybody can do this." So, you'd need some technical background to at least understand the documentation or the user guide.

I've only installed it for myself. It took a short amount of time to get it up and running. The deployment duration would depend on a customer's infrastructure size and the number of nodes that a customer has. It will also depend on the data collection that the agents or the engines need to do to protect the information and then put it in its database.

Its price is in the medium to upper range.

I would definitely recommend this solution, but I would also do a pre-assessment of the organizational setup and infrastructure. I'm a reseller, and it is obviously my top priority that we sell the product

If you look at the Gartner Magic Quadrants, you will see AlienVault is up there in the upper right quadrant, which makes it one of the top recommended solutions. That is the reason for my partnership with AT&T Cybersecurity for the product.

I would rate AT&T AlienVault USM a nine out of 10. No solution is 100% perfect.

We were trying to get into the security market to be able to offer something to our clients who are asking for a monitoring event management system. We started looking at what we could offer as an MSP to our clients; that's what drove us into evaluating different SIEM products, to get a better understanding of how the billing is set up as a partner. Alien Vault had the best set up for MSPs — the way they are set up for billing and the way they set up their USM account. 

The reason why we went with AT&T AlienVault USM, was because we liked their reporting capability a little better than some of the other ones we evaluated; however, the biggest draw for us was how AT&T has their MSP program set up. In most cases, you have to buy a certain number of either agents or sensors which are, more or less, the program. With an MSP, our clients don't have to buy any — there are no minimum requirements. Alien Vault provided us with really good worksheets to detail the number of sensors needed when we are in negotiations with prospective clients. We can also use them to determine the number of devices that are going to be monitored, and how we can tailor the customer setup based on what the customer requirement is.

The other big selling feature for us was its integration capabilities with all the other security-based products, not just security-based, but application settings in general. It works with Google Drive, Gmail, and Microsoft 365. It also works with different antivirus software from Proof Point to Okta — all of the different pieces of applications that we normally provide as a best practice to our clients. This software can interact with them all and pull the event data and the security data from all of these different applications, and more.

I'd like to see a dashboard that's a little more descriptive. We can customize the dashboards, but the out-of-the-box dashboards are kind of bland. Since we give our customers access to their dashboards, it would be nice if they were a little bit more intuitive. We can go easily drill into it and show them everything, but the customer just sees the writing on the page. 

I'd like to see them dress up their out-of-the-box dashboard a little bit. We have the ability to do a lot of that. 

Since they have this image — they have a strong MSP program. I would love to see them allow branding, which they don't at this point.

We deployed the demo roughly eight months ago.

AT&T AlienVault USMIt's has been very stable.

Their support has been stellar, any issues that we had with trying to get it configured or trying to interpret instructions, we could just make a quick phone call and they were there to help us.

I'd say it was kind of in the middle, complexity-wise. It's actually fairly easy to deploy a new client. 

It's competitive with other similar solutions; however, I don't do the billing so I can't properly comment on it.

Most of our clients are small to medium-sized businesses; they can't afford to go out and purchase a SIEM on their own. They're looking for us to provide something for them. This was why we provide HCZ cybersecurity and Alien Vault, etc. 

If you're in an MSP and you're servicing small to medium-sized clients, this is definitely a product that you want to look at and evaluate. When we were doing our evaluations, we were looking at the applications that are supported out-of-the-box, without having to develop any special ATIs — we wanted a pre-built application that supported most of the applications that we use within our client base.

On a scale from one to ten, I would give this solution a rating of eight.

I'd like to see a little bit more work, out-of-the-box, regarding the dashboards. I'd like to see them provide us with branding capabilities, to be able to put our logos on the dashboard so that the client understands that it's coming from Ice Consulting instead of Alien Vault.

We primarily use the solution for cybersecurity events and management.

The SIEM, security information management is very, very good. Basically, it's great at analyzing the logs of our servers.

The setup is very easy and straightforward.

The solution is a bit complicated. It could be simplified quite a bit.

The correlation engine could be improved. Much improvement could be made there, as it is an important open-source solution. 

The solution could benefit from including security orchestration. It's still not available yet. It would be really nice to have in a future release.

It could use something like a pen test. Tools like that would make it more comprehensive from a cybersecurity aspect. 

I've been using the solution since about 2015. It's been approximately six years or so.

The solution is extremely stable. We don't have any issues with its reliability. It doesn't crash or freeze and it's not buggy at all.

The solution doesn't scale well if you are talking about enterprises using it. However, for our purposes, we've never had an issue with this. Larger companies might. We do intend to continue to use the solution and potentially increase usage.

Technical support is extremely reliable. We've very satisfied with the level of service we receive. They are always knowledgeable, helpful, and responsive.

The initials setup is not complex. It's a very straightforward implementation.

The overall deployment is quite quick. It might take about 30 minutes or so. That's all.

The solution has a subscription-based annual payment option. It's not a perpetual license.

We use both on-premises and cloud deployment models.

We both use the solution and sell the solution as well.

Overall, on a scale from one to ten, I would rate the solution at an eight.

We're more focused on servicing medium to small businesses. This solution may not be suitable for a large enterprise-level organization.

That said, we highly recommend it. I'd recommend that new users decide to first go for the trial. Take the trial and then make sure that you like it before investing in the subscription. The company offers a free trial - you might as well use it.

We have three main uses for the solution. They are compliance, incident response, and as a tool for information security.

The solution has excellent compliance and has good incident response.

There are multiple tools for information security. The solution includes all the latest advances on the network and host intrusion detection systems.

The out-of-the-box features are great. You don't have to jump to different consoles as everything is right there. Everything from a security standpoint can be handled via one screen.

The solution could be improved in three ways. The first one is user behavioral analytics. They need work.

The second one is cloud-related usage. The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on.

The third one improvement could be a bit more customization for security products. If someone has an antivirus where it is customizable they need to have the ability to easily connect everything together.

I've been dealing with the solution for four years.

The solution is very stable. We haven't had issues so far in terms of using it.

The solution is quite easy to scale. You just need to install the standard solution. You don't have to change the whole installation. In the case of the cloud deployment version, you only need to add sensors. In either case, you need to have the correct licenses, however, it's quite simple to accomplish.

Technical support has always been quite good. With the product itself, we haven't personally had any issues. However, a lot of times our customers or engineers contact AlienVault support with a request to help to start a new correlation rule, integration, or other issues. When that happens, support always answers and gives them all the details they need.

As a reseller, we've looked into other solutions, however, we find this product to be the best option for our customers time after time.

The initial setup is pretty easy. Anyone can install this solution within four or five hours. They don't need to be engineers in order to do that.

By that point, it will already be prepped and can show us what is happening from a security point of view.

It's quite easy to install and deploy. You don't need a security team for ten people. There's a lot of automation within the tool, so you only really need one or two security staff to operate it for a company of, for example, 500 people.

In comparison to the competition, it's a very inexpensive option, whether you use the cloud or the on-premises deployment models. You also get great value for money as you do get a lot of very good tools that come standard with the solution as well.

We're not using the solution ourselves. We're resellers.

USM Anywhere is cloud-based, although they have a different version that is on-premises or on a private cloud called the USM Appliance. We're using the on-premises version, which is quite different from the cloud version.

Overall, I'd rate the solution nine out of ten. There are a few areas where they can improve, however, overall, it's been a very good product for us and our customers.

We'd recommend the solution. We've looked into other options and we always come back to this product.