USM Anywhere Reviews

We use the appliance in a few of ways: monitoring network behaviour, asset discovery, and running vulnerability scans. We can monitor the availability of servers and any particular software. As we have to service several servers, we can manage them in a economical way, which is beneficial to our team and business.

We have been able to ensure the health of our servers. We can also use vulnerability scans to ensure our system is as good as it could be.

Any unusual behaviour, we can monitor. We have alerts set up to be sent when we receive signs of any unusual behaviour. The ranking can be modified to allow us to apply a standard rule and also be customized, which suits our business needs.

I have used the asset discovery and the vulnerability scans the most. As a system administrator, it is important that we are prepared for any eventualities. I also like how you can use the hardware “out-of-the-box”, or using logs you can actually customise the performance to fit your environment and needs.

For creating new rules, you have to be familiar with regular expressions. I feel there could be something built-in to make sure that process is easier.

No stability issues.

No scalability issues.

We did not have any sustainable solution, previously.

Use the AlienVault team. They are helpful and the documentation that they provide is second to none.

We checked out several competitors. For what it can do and the cost, it was the best SIEM tool!

AlienVault is used in our infrastructure for compliance purposes. It was brought in as a replacement for use in multiple products at the time, such as Kiwi and Nexpose scanner. With the environment being new, it was the best place to start with being everything into one location for Syslog and Asset management. The vulnerability scanner also made the difference where the scans created tickets for remediation.

The all-in-one source for the needs of compliance has put everything into one location without the need of other applications and tools to accomplish the tasks. It brought our logs into one place for review and set up alarms based on changes we were missing due to lack of having one place for everything to go. Vulnerability scanning helped out shortcomings of what was not patched in the past and what needed to be patched. This assisted with fine tuning the environment for compliance. The reports also helped upper management with the ease the product was doing in its job and holes that were being filled.

The asset management of nodes has been a large help in terms of being able to track applications with more detail and have changes made being monitored into one source. The vulnerability scanning has also been an aide of reviewing the systems and having feedback of what is missing patches and holes in our environment that need review and remediation. The all-in-one aspect has been helpful to see items and correlate within one source rather then multiple.

Source material on the forums to be more up-to-date with the changes happening within the product. Forums being out-of-date with information due to the changes makes troubleshooting a little more difficult - specific to the HIDS agents. Troubleshooting connectivity is limited to very view articles with very little information. Perhaps adding templates into the HIDS agents for collection based on systems or a clickable addition of files to collect with check boxes rather than configuring the HIDS agents through text. 

Also, more information on how specific sections relate to PCI and how to use/setup the SIEM to follow the guidelines of the areas. Some information is vague on how to accomplish specific items within PCI on help forums through AlienVault.

The primary use case for AlienVault is Log Management and SIEM functionality with the added benefit of IDS.

It has streamlined log aggregation and analysis to meet organizational and regulatory needs.

The most useful feature is the customization for alarms, alerts, and reports. AlienVault is situated to be adapted and changed to meet many different needs and use cases, but still being effective at most of them. 

Reporting and Windows log collection is the biggest drawback. Reporting is convoluted and difficult at times, although they claim to have hundreds of pre-built reports, very few of them are actually useful for anything but what the USM is doing. Windows log collection works with HIDS, but documentation is sparse and confusing. You have to trace back to how Windows Event ID ultimately correlates with AlienVault events through HID's IDs. 

Some minor issues here and there with updating/services not working, but AlienVault support is quick and easy to work with and will handle it. 

No issues. Make sure you do size appropriately though for the level of logs you want to collect and retain. 

Complex in some ways, but AlienVault is pretty easy and will help along the way. Also, taking the training class is very valuable. 

Do the one month trial and try to work out the kinks during it, as it has free support and service hours. The staff is great at knowing what to do and what they can do to help. 

Yes. Our SIEM tool list, from which we were evaluating, included Splunk and LogRhythm.

It has allowed us to gain a better understanding of how data flows within our network, and has helped us think about what type of things we want to be alerted on, or not alerted on.

AlienVault provides you with a unified view for all aspects of what is going on in your environment. It allows you to define what alerts you want to see, or not to see, as well as if you want them grouped, or ungrouped.

The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing. The views are also very static and do not give you a lot of options on how the data is presented.

No, the product is stable.

No, our network has stayed for the most part the same. In the future, it should be scalable with additional sensors.

Customer Service:

This is an area that could be improved.

Technical Support:

This is an area that could be improved. However, once you get a knowledgeable tech support person, they are good to work with.

No, this is our first SIEM device.

Both. It was simple to just get up and running. However, when you start tweaking it for your organization it gets more complex.

A little bit of both. The vendor team's expertise was amazing. I highly recommend using them.

The time that it would take to manually investigate events versus looking at one dashboard.

Definitely get professional services.

Darktrace and QRadar.

Once set up, for the most part, it is a "set it and forget it" solution. There is some upkeep with making sure all the things are monitored, but other than that AlienVault provides what you need out-of-the-box.

The low cost of entry SIEM functionality has increased due to network views and network traffic.

• General SIEM tool functionality.
• Ease of deployment across various environments.

Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement.

None, which are related to this solution.

No.

Customer Service:

Seven out of ten.

Technical Support:

Seven out of ten.

No.

The initial setup was straightforward.

It was a a blend. The implementation was primarily internal with support provided as needed. The vendor team had a good quality of expertise.

Medium-high.

Research the solution heavily prior to investing.

Setting up a bench OSSIM install should help identify possible pain points with the setup.

No.

The solution is improving steadily, particularly in relation to the quality and breadth of documentation. Though some areas are still weak.

• Network monitoring
• SIEM

We have much greater visibility in what is happening on our network.

Backup, restore, and upgrade - some menu options are a bit convoluted.

Six months.

No.

No.

No.

Excellent, every contact with customer services, support, and training has been superb.

Excellent - very good, comprehensive, and knowledgeable staff.

No.

Yes - simple deployment in VM, worked the first time.

In-house.

Difficult to answer - specifically, this was a new product for us to increase and improve upon security.

We did market research, web reviews, etc. We spoke to a number of vendors (LogRhythm, etc.), but we felt that AlienVault was the best value and most comprehensive for our organisation's size.

Yes, LogRhythm, and Splunk.

We are very happy. The training was excellent, and the interaction with AlienVault is first rate - real leader in customer service, the OTX pulse feature is very useful.

Recently, we used the NetFlow capability to find a bottleneck in the network and the offending computer.

The most valuable aspect of AlienVault is the visibility into the network. You have the capability to gather logs from multiple sources and easily see what is going on in the network.

It is a lot of work to get the software configured and set up properly.

There were some issues with the reporting functions. AlienVault corrected that problem in a new update.

Customer Service:

The customer service department is very responsive to questions.

Technical Support:

The technical support team is very knowledgeable. It is helpful that they are able to have remote support sessions to review the problem.

No.

We deployed this system in-house. We are not a fan of moving things to cloud-based solutions.

The engineering support that is provided by AlienVault upon first installation was excellent! They went way above and beyond what I was expecting.

We evaluated the popular SIEM tools Splunk, LogRhythm, and SolarWinds. AlienVault provided the most features for the price point.

Quickly got insight into my environment.

Deployment was very easy. I got my servers and devices reporting very quickly.

It would be great if there was a feature to add in watch lists, like McAfee or QRadar have -- to keep track of IPs, domain, etc. that I have identified as being malicious.

Also, being able to connect into other TAXII/STIX feeds other than OTX.

Customer Service:

Excellent. Customer service was very responsive.

Technical Support:

Excellent. Support was very responsive.

Yes, McAfee ESM. Even after upgrading to Version 10, the interface was still hard to navigate through and did not work on every browser. Writing effective rules was difficult.

Very straightforward.

In-house.

Very reasonable and for the value of the product, we couldn't ask for better pricing.

We did a SIEM solution comparison with McAfee ESM, IBM QRadar, and Fortinet.