USM Anywhere Reviews

My company wanted to get software which would be able to monitor resources in AWS, mainly IDS in one cumulative GUI, then add extra requirements with AlienVault match. 

From my perspective, it saves me about two to seven hours weekly. Now, I can easily check (in one place) all the logs and data in relation to attacks. It also gives me an overview if a server is not configured properly.  

• Centralized logs: All the details are in one place. This is helpful if you have over 100 servers.
• Centralized IDS: We need this as we are able to see what is happening in (almost) real time.

• Plugins could be better utilized, as some of them do not recognize all logs.
• We could add little more customization to dashboards.

Everything has worked fine since we have had this tool.

We have been adding more servers, and it has been working. We have run out of storage space once or twice, so we had to check and choose which logs that we needed to minimize this problem.

It has very good customer service. I have opened about five cases. They were ones which I did not have time to search or could not find information on the support website.

I previously worked with Nagios, SolarWinds, and Big Brother. Though, this was at a different company. 

These products did not match the requirements in AWS at the time that we were getting AlienVault.

Setup required time. It will take time to set it up and utilize it at a percentage with which you will be satisfied. 

It was easy on PoC, but when we got to the product it was different story. We had to learn the product again and got feeling that the PoC was a different product.

We were also looking at LogRhythm, Splunk, and few others. We decided on AlienVault, as they had a nice presentation (which told us what we wanted to hear) and the PoC proved it could do what we needed.

Check other products, do POC as change from one to other get be very pricey and time consuming. Also training of people and changes cost lots of resources and not all employees like such changes every year.

Its powerful correlation engine helps reduce time in manually correlating events.

• Alarms
• Correlation

It should be able to communicate with other security solutions to stop threats.

No stability issues.

No scalability issues.

Customer Service:

I would rate customer service as a nine out of 10.

Technical Support:

I would rate technical support as a nine out of 10.

We did not previously use a different solution.

The only complex area of the setup was writing the custom scripts.

We use both a vendor team and an in-house team for implementation.

The ROI is quite good.

Use an MSSP instead. It is much cheaper.

We did not evaluate other options.

It is quite awesome.

I work for a Managed Service Provider, who uses AlienVault USM Anywhere as the backbone of our vulnerability management and logging solution, which we deliver to our clients.

AlienVault has allowed us to help our customers satisfy compliance needs around logging and monitoring (HIPAA, PCI, etc.) and has also provided a comprehensive platform that goes beyond just being a SIEM. It allows us to serve our customers in many different ways.

The Vulnerability Scanning Engine using OpenVAS is a quality tool. The asset management functionality (active and passive scans) is also really important. You can't protect what you do not know about, so having an inventory of all your devices and software is critical to a security management program.

AlienVault needs to continue to integrate with other third-party technologies that clients want to have monitored. The plugin builder in the most recent version update is helpful, but it is still a little "clunky" at times.

We have devices in AWS and in the data center. The main reason is to do an IDS inspection in the cloud, as it was really hard to get proper software to do this and we did not want to install a virtual firewall in each timezone. We have over 200 servers being protected with this software.  

It has allowed us to see what is happening on our servers. You can do a similar setup with AWS, but monitoring it can give you a headache if you ave over 10 servers. 

The main menu: You can see everything there, what is happening on the servers, and in the logs, you can view more details of each event. Everything you need is in 'one place'.

As this software is in the cloud, you do not have control on updates and general changes which are happening. It can be a somewhat annoying that DC sensors are updated and you will not have control when this happens. 

So far, stability has been okay.

So far, no issues with scalability. We see that too many logs are being sent out, but you have to work out logging what you need.

They quickly respond on what you need, not on what they know.

We did not use a previous solution.

It was easy to set up. AlienVault was helpful here.

We used our team, but with the help of the AlienVault team.

We have been using it less then a year, but it does saves time when searching logs.

Negotiate the best package for your environment.

We ran a few PoCs. The price and feature set were the best with AlienVault.

We are an MSSP. We have a distributed environment that spans multiple networks and customers in various locations. We have one federated that receives information from all of our children servers deployed at customer locations.

AlienVault has provided a nice, unified system for monitoring and reporting.  Since we use this for customer security services, the vulnerability scans have come in handy for overall system health checks, for making sure customers aren't vulnerable to known attacks.

The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure.

The UI and overall processes need a little bit more love. The development job postings have the requirement, for prospective candidates, of "values progress over perfection". This shows in the error banners that come up when you select certain things. There isn't a day that goes by that the UI doesn't error out and I can't view events for an alarm. It's nice that they have new features rolling, keeping up with demand, but fixing the events/alarm database errors would be nice too.

The reporting tools are a bit lacking for building reports to give directly to customers, but support has been helpful in giving our requests for new features to the development team and following up with us.

We have not, but being a 24/7 SOC we have someone checking at all hours.

Yes.

500,000.

No issues with stability.

No issues with scalability.

AV support has never been anything less than amazing.

We did not use anything else prior. We tried the free version of AV then decided to go with the paid option and become an MSSP, since it fit our company needs for the right price.

Straightforward, once going through a course.

In-house.

Our company normally handles everything from setup to configuration, refinement, and monitoring. We are an MSSP so we all handle this for the customer when they inquire about services.

No, AlienVault fit what we needed for the phase we were in with the SOC.

We are an MSP and we utilize an AlienVault USM Anywhere solution for threat detection in client networks. 

Alienvault USM Anywhere is a great evolution of a proven product. While the feedback and customization requirements remain largely the same, the user interface has been significantly improved. This significantly improves the interaction our clients have with their data, and we have received significant positive feedback.

The cloud console is by far the best improvement of the product. In the past, our less technical clients had trouble sorting through the dashboards within the USM console, and we had received complaints on viewing the real-time data versus our prepared reports.

The new cloud-based panel is excellent both for client review as well as for our SOC to review and respond to threats. It is much easier to configure and use than the previous solution from AlienVault.

It can still be difficult to feed products that are not supported out-of-the-box. It would be good if they had a better plugin exchange/store with AlienVault QA to ensure data is being processed properly.

I'm a System Engineer working for a IT Security Solution Provider. My organization received a request for SIEM and FIM solution to be deployed for a Financial Organization. We have found AlienVault provide SIEM and FIM features in USM All In One

This was my first ever SIEM deployment and started from the scratch after doing a good POC with the customer.

It has helped me to give some InfoSec guidance to my customer after deployed the AlienVault in their premises.

Now they were able to get to know what kind of traffic passing through the firewalls and what kind of traffic hits the traffic.

SIEM and the FIM are the first preferences when I started the deployment. Because the customer wanted to monitor network security incidents of the Servers and any file modification done to their critical files residing in the production servers. 

Vulnerability scanning and OTX helped us to manage all in one single point.

The alerting and security intelligence is the heart of the product. Monitoring customer's critical network is now almost a one man job.

Still I was working on the implementation I have found difficulties in searches within security events. Configuring some areas looks complicated.

I had issues while installing OSSEC agent in Solaris and CentOS Servers. A workaround for this issue will give some value for users.

SIEM, Log ingestion and evaluation. We use this not only for internal but also for clients that we manage. It has proven its worth and more. We are currently very pleased with this product and has performed as advertised. We obviously use this for being able to ascertain visibility on each network in which it is deployed not only from the NIDS/HIDS side but also evaluation of each interaction every device has. 

We have benefited greatly due to gaining the visibility we need for different instances. It has improved our security posture and has helps us respond to alarms/events as they have come down through the pipeline to our ticketing system we use. All in all, it has improved our SOC. 

AlienApps that we use to integrate with our current setup is awesome! Not only that, they have roadmapped being able to open up their API so we can integrate and flex the USM Anywhere as much as we want and when we want to. The staff has been incredibly helpful on getting us further down the line with our constructive feedback and have worked on implementing changes to their system to help improve their product.

A tailored OTX map for each customer's central would be awesome to have for displays.  A lot of companies like to have visuals for their central instance in order to be able to see when an IOC comes through and it would help have something in front of analysts/engineers to respond to promptly if they were away from central working downstream.