USM Anywhere Reviews

The primary use cases for this solution are log management, security events correlation, and any other enterprise use cases for SIEM (new plugins development, correlation rules development, risk assessment, and asset management).

This solution can identify many threats inside the organization, like compromised endpoints, configuration issues, as well as "outside" threats (botnets, network scanners, web-attacks, etc). During the first two weeks post-deployment, our client's cybersecurity certainly improves by using AT&T AlienVault USM.

The features that we have found most valuable are the out-of-box vulnerability scanner, Network IDS, Host IDS, Netflow Monitoring, and more than four thousand pre-installed correlation rules.

Having automatic agent deployment would be a great feature. It would be nice to see some machine learning and monitoring of the configuration in network devices.

This solution is very easy to deploy and integrates comfortably with data sources. AT&T AlienVault USM has a user-friendly engine for custom plugins development, so you can develop your own plugin for your own application without any problems.

Our initial need which brought us to acquire this solution was to be in compliance with GDPR requirements. Our environment is cloud-based (specifically AWS).

Beyond provided us with an IDS as was our initial need, but AlienVault gave us more useful resources, as SIEM, and as a vulnerability scanner (the last, one of my favourite resources).

My favourite one is the vulnerability scanner because while using it, our environment is always updated about security threats.

Taking into account that server access credentials are controlled by the tool, some more management-focused actions could be performed from AlienVault.

We use AlienVault to collect all mission-critical logs and to pull data directly from G Suite. It provides our small IT operation with an easy-to-use tool to assess our security operations.

Before AlienVault, we had no central log collection tool of any kind, let alone security monitoring. AlienVault provides us with a very easy to use, central spot to view log files, and take appropriate action. It allows our small team the ability to take cybersecurity seriously.

The fact that AlienVault is several tools in one is most valuable to our small team. We can collect logs, and also actively scan our network for vulnerabilities all from one tool.

Long-term I'm genuinely concerned about AT&T's ownership of AlienVault. I have never had a good relationship with AT&T in +15 years, and fear they will destroy this good product.

Concerned long-term, due to AT&T.

It is very scalable, just ask them to increase the amount of storage.

Tech support has been a bit slow lately, and the level-1 techs do not have all the power they should have.

Before AlienVault we had nothing. We learned about AlienVault through a company we contracted to do a full vulnerability assessment. They used AlienVault, so I felt like if it was good enough for them, then we should be using it.

Very simple, just follow their directions step-by-step and you will be fine.

I did the implementation myself. Their documentation made it easy.

I'd push them for pricing. I sense the best time to negotiate with them is in June as the fiscal year ends.

We found other tools to be out of reach for our small department, so we did not seriously look at others.

Be careful with AT&T, make sure you are confident the tool will be what you expect throughout the life of your contract. Make sure AT&T isn't going to change anything on you suddenly.

We have used AlienVault for our security monitoring for threat protection and compliance management. We've seen an improvement against malware and viruses. It has definitely eased our concerns so we can focus on other things.

AlienVault is very user-friendly. We've had a great experience with asset discovery, compliance reporting, endpoint detection and response. Our team uses the network infrastructure monitoring as well.

• In my experience, I've found the vulnerability assessment very valuable because it identifies vulnerabilities and AWS configuration issues, so we are less likely to have potential risks. 
• The compliance reporting is also valuable for reporting purposes.
  

The only recommended changes I can think of is to have the ability to filter logs. Also, being able to navigate the dashboard. That seems to have been quite a challenge.

There are multiple functions of this product, the stability and availability are awesome.

The scalability of this solution is exceptional. I believe it's very reliable and dependable.

I'm not familiar with what was used prior to AlienVault nor the reason the switch was made.  I'm just very pleased.

Yes, our team did not have any issues with the initial setup of AlienValut and its functions.

In-house.

The return on investment is great. I feel this product is well worth the price for all the functions and performance it can provide.

I advise others on the pricing and licensing. I research to find the best pricing for the value of the products as well as register all licensing.

No, our tech department did the evaluating of all the options and chose AlienVault.

AlienVault is an amazing product that I would highly recommend.

This is a jack of all trades (master of none) SIEM/IDS/vulnerability management/OSSEC/NetFlow solution. We use it primarily as a SIEM and IDS solution.

AlienVault provides a checklist answer when using SIEM. We currently develop additional rules and scripts to make it more usable, but the overall solution is lackluster.

IDS is a nice capability to have. In the past, I have implemented standalone Suricata sensors and having this bundled in is very helpful. OTX is good when implemented correctly.

Many of the tasks on features are useless in our situation. NetFlow is worthless.  Many of the built-in correlation engine solutions are just okay.

The vulnerability management solution is worse than buying a Nessus Professional license.

Our primary use case is Security Information and Event Management, as well as forensic analysis.

Undoubtedly having all security core technology under one roof, as provided by the all-in-one USM solution from AlienVault, is a big advantage for day-to-day business security operations. From real experience, it has enabled total transparency in terms of security information and events, from day one.

It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts - NIDS, HIDS, etc., provides a very efficient way of dealing with things.

Their OTX intel is also great, as one needs to know who is running around threatening the IT infrastructure with a "crowbar."

The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management.

The solution is rock solid; never any issues.

We have not experienced any scalability issues, but we also know that you can easily add more sensors, which helps to spread the load.

Technical support is always helpful and responsive. They do care about their customers.

Our previous solution consisted of building a SIEM based on individual components/modules from the open-source space.

The initial setup is absolutely straightforward. It is up and running in no time. This is definitely one of the unique selling propositions of the solution.

So far, it has been a good solution for a tight budget.

AlienVault is a great fit, especially for smaller organizations, as it will enable you to produce quick results with no need to worry about too many details.

We use it to gain security visibility and to meet compliance.

We're not just a customer but we're a partner as well. We've deployed this into thousands of organizations and we continue to see that happening. It's a great tool.

It's really easy to aggregate and correlate and view several different security logs and several different data pieces in a single place. That's what allows us to see the security logs that we need to see to determine if there is something malicious on our network or not.

Also, aggregating the logs and putting them in a central place helps us to comply with certain regulations, the details of which I can't go into.

We have been able to use AlienVault to find critical vulnerabilities in our network and it has helped reduce the time it takes to respond to a threat.

The IDS and the threat intelligence are very useful. They are very intuitive and data-rich.

One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs. AlienVault has three components to it, a sensor, a server, and a logger. Sensors grab data, servers correlate data, and loggers store data. The logger can only hold so much data. If they improved that, that would help.

It has great scale. We have brought it into several publicly traded global organizations, with thousands of users. The users are anything from a CCO down to a network administrator.

For a large deployment like that, the number of our staff required depends on a few things but, generally, it would take one to three people. It also requires about three people for maintenance. Their roles would likely be anyone who is leading or managing an InfoSec team.

The technical support team is responsive and helpful. They communicate and they are engaged. We work with them on a daily basis and they're on it.

We did not work with a previous solution. We decided to bring it into our organization based on its value. It allows you to do a lot with a small price tag.

As partners, we think the setup is pretty straightforward but I imagine it depends on whom you ask. There are a lot of people who don't think so, but we think it's pretty straightforward. It has an easy-to-go-along Start menu, and the overall GUI is easy to navigate. It's pretty step-by-step, as long as you can follow those directions.

It can be as simple or complex as you want it to be. But for the most part, it's just a very easy tool to be able to engage with, to click on. They make it intuitive.

Sometimes deployment takes a couple of hours, sometimes it takes a couple of days, depending on the size of deployment.

We definitely have an implementation strategy but there are a lot of details to that. Just stay organized, pay attention to the details, cross your T's and dot your I's.

There is an ROI although I don't have the exact figures on it. The ROI is in the area of technology products that we have to go purchase: Instead of having to go buy a million dollars worth of cybersecurity products, we have saved a lot of money on that. It has also saved us loads of time as a result of not having to integrate it with a ton of other things.

The pricing is the best on the market.

We evaluated every single SIEM on the market. The major difference that made AlienVault stand out is the unification, meaning the integration of technologies out-of-the-box, as opposed to having to do it on your own.

Have an idea of a plan and know where things in your network are and know who can give you access to certain things you might need.

In terms of how extensively we're using it, I'd be surprised if there was anyone outside of our team that is using it more extensively then we are.

I would rate AlienVault at ten out of ten.

• MDR provider
• Logs aggregation
• Vulnerability assessments
• Some automation.

We needed a way to see all of these items under one pane of glass without spending incredible amounts of money on log aggregation, vulnerability assessments, etc., then putting it all together with an IR platform. 

It answered a bunch of questions for us, such as what will we use for vulnerability assessments on a continual basis, how do we tie those reports into alerts/incidents, log aggregation, correlation, etc.

• Vulnerability assessments and log aggregation/correlation

These were the two answers we needed for our solution. It gave those solutions very easily. It is easy to implement, and effective.

The support could absolutely be better. It seems to have gotten worse with the AT&T acquisition. 

We have been hearing some not so great things from our associates in the field as well.

Very stable so far. We have seen very few bugs, or downtime so far. 

It is pretty scalable for small/medium businesses. It starts to fade at enterprise. It is possible, but you will definitely run into limitations.

Eh. Our experiences have been very mixed. If you get someone who is motivated to help, expect to be good to go. Otherwise, expect the problem not to get a good priority, and it may even get dragged out to a conclusion.

We used, tested, and tried several solutions prior to this solution. This solution answered too many questions under one reasonable cost, as opposed to piecemealing everything together for more money.

Super simple, almost anyone could do it. It is quick as well. 

We do everything in-house.

Good.

It is I think for the market very straightforward, super easy to deploy. Licensing is straightforward in comparison to others.

We evaluated:

• Splunk
• LogRhythm
• ArcSight
• EventTracker
• RSA NetWitness
• SolarWinds
• QRadar
• FortiSIEM.
• And I may be leaving out a few. This was around one year ago.