USM Anywhere Reviews

The solution has everything that you want: SIEM, vulnerability management, NetFlow, IDS, and more. This solution can completely detect and prevent incidents on your network. This solution can completely detect and prevent incidents on your network

It has helped not only in the security, but also on the network when we have problems with slowness, we can go to the NetFlow section and see who is generating a lot of traffic. 

Using the communication within the security device, it is easier to create plugins. Therefore, if you want to create plugins, there is an option called plugin creator to assist with this.

AlienVault has the necessary all-in-one product with the function of vulnerability scanner integrated with detections, so when you detect an incident in a vulnerable port you can act faster and prevent more incidents.

Maybe logs are the problem, as the database query is too slow. If you want to search something, you need time to find it.

The other thing is the agent is OSSEC. They needed to create its own agent to help to find threats on the devices that it happens to be installed.

As a cyber security company, we have used AlienVault to set the foundations of our security solutions offerings.

Giving our customers all the services that they require via a single console environment, either self-managed or managed by ourselves, enabling companies with little to no IT department to have an all-in-one security compliance and reporting solution.

The AlienVault solution has enabled us to create an SOC on a budget with smaller than usual staff requirements, offering a wider range of solutions for our customers.

• Real-time email alerts
• Event correlations
• Log management
• System monitoring
• Network monitoring
• Uptime monitoring
• OTX threat intelligence
• Vulnerability scanning/reporting
• Compliance reporting

All products have room for improvement. AlienVault is always looking at ways to improve their solution. 

We would like more plugins. This being the main point of improvement which would benefit the users.

We were looking to add another layer of security to our network, which included intrusion detection, intrusion prevention, SIEM collection, and more. After looking at a few solutions, we ended up purchasing AlienVault. We are located in a physical location with a 100 users.

AlienVault has provided me with a management console which gives me alerts and other information about the traffic on my network. AlienVault is my "security person" looking at irregularities and letting me know when something has occurred. I also see vulnerabilities in my systems and can assign tickets to other staff members.

SIEM log collection is great, and all of the rules that support updates with maintenance. 

More complimentary training needs to be done for use with this tool. If you get into a bind, then it will cost you.

AlienVault Unified Security Management (USM) has powerful threat detection, incident response, and compliance management. We can use this across cloud, on-premise and hybrid environments. 

The reason to use USM is that it has the following components in its package: 

• Asset Discovery
• Vulnerability Assessment
• Intrusion Detection
• Behavioral Monitoring
• SIEM & Log Management.

AlienVault has an advanced component within one package. With this, we can cover more area with one solution. 

As a example, it has vulnerability assessment component built-in. From this, we can do the vulnerability assessment easily and we do not have to buy another solution for the vulnerability assessment. It is easy to use and we can take better advantage from an all-in-one solution like USM. 

AlienVault USM has a vulnerability assessment feature and only one SIEM feature compared to other SIEM solutions. 

AlienVault must improve their correlation feature. Some of the events do not match with the correlation rules and some of the correlation events are false-positive.

It is the most valuable tool that I have seen of the SIEM solutions.

This has an OTX feed. With it, we are able to get notifications about every incident that happens.

By forwarding device logs, we are able to get alerts perfectly with FIM and VA features.

We are the Partners in Sri Lanka. We are doing deployments in Sri Lanka, Maldives, and Bangladesh. 

This is a USM, so being able to get all the features under one roof makes it a good product with good new features.

Unified Security Manager (USM). In every SIEM, having only SIEM features (log management, alerting, notifications, etc.) is typical. Here we can get file integrity monitoring and a vulnerability assessment tool together with SIEM. 

I have never seen a tool like this.

The Log Management and configuration of email notifications should be user-friendly. Pay attention to false-positive event automatic correlations. 

Yes.

60.

No, we did not have issues with stability.

No, we did not have issues with scalability.

Good. They have technically fluent engineers there.

Yes. We switched because this is a USM (SIEM, FIM, and VA tool in one product) and the price.

The initial setup is straightforward, but some features are little bit difficult.

We are the partners in Sri Lanka. Therefore, we are directly involved with implementations.

It has good pricing.

We evaluated EventTracker.

Our customers have good references about AlienVault.

• Supporting an MSSP.
• Supporting clients with minimum on-premise install.
• We are rolling out a USM appliance.

It allows for a lot of out-of-the-box features: vuln scanning, HIDS/HIPS, and IDS. The Suricata rule set is pretty lame

Asset discovery seems to be good. Nice that everything is bundled.  

Scaling, and it has no APIs! 

It would be hard for any legitimate MSSP to use it.  

The price point is good.

I'm a re-seller of AlienVault SIEM in Sri Lanka. We have deployed AlienVault SIEM in one of the bank in Sri Lanka three months back. Currently we are working on the fine tuning. It took me two weeks to complete the basic deployment and integration of devices up-to 50 with the clients technical team.

Since we are re-seller, AlienVault helped us because of their cheaper price compared to other SIEM solutions and the addition of FIM in the solution. Implementation took few days and it's easy to complete the task within the given project time line.

Raw logs: Clients require to store their raw logs in a data-store rather than keep it in the actual device.

Alarm section: It's very easy to see the Alarms for any incidents rather than going through all the logs.

Security events: Categorization of Security events helps our SOC analyst for further analysis.

User friendly interface could be an advantage. Sometimes we may face trouble when we were going through the settings of AlienVault SIEM.

Working as the CIO for a small community bank, resources for staffing and manpower can be limited. AlienVault helps to simplify the management of Information Security and helps me to detect threats and manage alerts with ease!

AlienVault gave our organization a centralized tool to manage our security with its intrusion detection, asset management, vulnerability assessments, along with all of its other features, it has become an invaluable asset for our small organization.

We have found the AIO USM the most valuable because of its centralized grouping of all of the tools necessary to manage our security in an "All In One" solution.  Of its parts, the scheduled vulnerability assessment tool has been helpful as a preventative measure to help keep ahead of security threats!

As with many of its users, I have submitted suggestions in the past and AlienVault has seemed to listen to suggestions from its users and have implemented them every time.  I am happy with the product as it is today.