AT&T AlienVault USM OverviewUNIXBusinessApplication

AT&T AlienVault USM is the #3 ranked solution in top Compliance Management tools, #9 ranked solution in top Security Information and Event Management (SIEM) tools, and #10 ranked solution in Log Management Software. PeerSpot users give AT&T AlienVault USM an average rating of 8.0 out of 10. AT&T AlienVault USM is most commonly compared to Wazuh: AT&T AlienVault USM vs Wazuh. AT&T AlienVault USM is popular among the large enterprise segment, accounting for 50% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 21% of all views.
AT&T AlienVault USM Buyer's Guide

Download the AT&T AlienVault USM Buyer's Guide including reviews and more. Updated: June 2023

What is AT&T AlienVault USM?

AlienVault USM Anywhere is a cloud-based security management solution that accelerates and centralizes threat detection, incident response, and compliance management for your cloud, hybrid cloud, and on-premises environments. USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physical IT infrastructure.

With USM Anywhere, you can rapidly deploy sensors into your cloud and on-premises environments while centrally managing data collection, security analysis, and threat detection from the AlienVault Secure Cloud.

Five Essential Security Capabilities in a Single SaaS Platform

AlienVault USM Anywhere provides five essential security capabilities in a single SaaS solution, giving you everything you need for threat detection, incident response, and compliance management—all in a single pane of glass. With USM Anywhere, you can focus on finding and responding to threats, not managing software. An elastic, cloud-based security solution, USM Anywhere can readily scale to meet your threat detection needs as your hybrid cloud environment changes and grows.

  1. Asset Discovery
  2. Vulnerability Assessment
  3. Intrusion Detection
  4. Behavioral Monitoring
  5. SIEM

Try USM Anywhere in your environment—free for the first 14 days. 
www.alienvault.com/products/usm-anywhere/free-trial

AT&T AlienVault USM was previously known as AlienVault, AlienVault USM, Alienvault Cybersecurity.

AT&T AlienVault USM Customers

Abel & Cole, Bank of Ireland, Bluegrass Cellular, CareerBuilder, Claire's, Hays Medical Center, Hope International, McCurrach, McKinsey & Company, Party Delights, Pepco Holdings, Richland School District, Ricoh, SaveMart, Shake Shack, Steelcase, TaxAct, Taylor Morrison, Vonage and Zoom

AT&T AlienVault USM Video

AT&T AlienVault USM Pricing Advice

What users are saying about AT&T AlienVault USM pricing:
  • "Its price is in the medium to upper range."
  • "I don't know exactly, but I know it is based on the number of logs and the retention duration, such as 30 days or something like that. So, the smallest package is about 500 a month for 30 days of logs. There is a virtual machine. You need resources for it. It is a log collecting VM. They provide the software, and you just have to load a virtual machine. So, you're going to incur some CPU RAM and storage for wherever this log collecting appliance is running, which typically is in our cloud and on our platform for the customer."
  • "They are a little more expensive than Microsoft."
  • "We pay around $12,000 a year including storage."
  • "It is affordable, and it also has many features that the premium products such as ArcSight and QRadar have. It is a very good platform for a SIEM solution. Everything is included in the price."
  • "AlienVault is certainly not nearly as expensive as Splunk or QRadar. It's decently priced, but I don't have the exact figure."
  • AT&T AlienVault USM Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Owner at ThatsIT Consultants
    Real User
    An all-in-one package for monitoring components across the network
    Pros and Cons
    • "In terms of monitoring, my best feature would be the monitoring of components across the network. It monitors the respective nodes and any new node that comes onto the network and provides reports. The reporting dashboards are really helpful for management in terms of making decisions around patch management."
    • "I've been using it just for my own personal upskilling in terms of how the product works. At the moment, it is pretty straightforward and simple, and it is working how it is supposed to. The feedback would come once it is deployed to customer sites. They'll be using it on a more frequent basis, and that's when the feedback would come in terms of the areas in which they're facing issues or are looking for simplicity."

    What is our primary use case?

    General use cases would be for patch management and vulnerability management. The devices that are on the network may need patching if they're outdated. For any device or node that has entered the network and may be considered a threat, the HTTPS ports and different nodes need to be monitored for incoming and outgoing traffic. We could put in security rules for monitoring the actual devices down to the USP level, and we can also get the vulnerability information from OSX, and then provide that information to the IT teams.

    In terms of the version, usually, when the updates come, the updates need to be aggregated to the customer, but at this moment in time, I am yet to secure a customer in that space due to the current COVID crisis in the country, across the Pacific, and globally.

    In terms of deployment, the endpoints are on-premise, but it would be cloud-based in terms of the platform. So, it could be both depending on the customer. They would either have cloud or hybrid.

    What is most valuable?

    In terms of monitoring, my best feature would be the monitoring of components across the network. It monitors the respective nodes and any new node that comes onto the network and provides reports. The reporting dashboards are really helpful for management in terms of making decisions around patch management.

    It is an all-in-one package. In terms of the selling points, to the best of my knowledge, it has eight different selling points or eight features, and they're all interlinked, which most of the infrastructure setups here do not have. They have separate systems for monitoring the networks. So, USM can cater based on those eight capabilities.

    What needs improvement?

    I've been using it just for my own personal upskilling in terms of how the product works. At the moment, it is pretty straightforward and simple, and it is working how it is supposed to. The feedback would come once it is deployed to customer sites. They'll be using it on a more frequent basis, and that's when the feedback would come in terms of the areas in which they're facing issues or are looking for simplicity.

    For how long have I used the solution?

    I have been using this solution for the last eight to 10 months.

    Buyer's Guide
    AT&T AlienVault USM
    June 2023
    Learn what your peers think about AT&T AlienVault USM. Get advice and tips from experienced pros sharing their opinions. Updated: June 2023.
    708,544 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    So far, I haven't seen any patches or updates from the partner or the OTX site to show any issues in terms of stability. Based on the frequency of the updates, at the moment, it seems stable.

    What do I think about the scalability of the solution?

    It is easy to scale. It comes with all features, as opposed to separate individual modules. To my knowledge, you can scale it for your organization as and when there is a requirement or the organization grows. So, in terms of scalability, there is no problem. After you get it up and running, as the organization grows, the engines will be able to pick up that information.

    It is really good for medium and large companies, but it can also be used for small organizations. Instead of deploying it to a small organization, you could provide a service where it is not on the customer site, and you basically link into your nodes for small customers. So, you install it for medium and large customers, and for small customers, you install it on your premise, and then you sell the individual features that they may request.

    How are customer service and support?

    I have not been in touch with their technical support. I deal with the technical account manager. When I read up the information and there is something that I'm not sure about, I check my resources and see what's available online. If none of the available resources are helpful, I reach out to my account manager who then puts me in touch with the technical team. I presume that if we encounter any issues in deployment, it would be based on a customer's demography or the setup.

    How was the initial setup?

    If you're not familiar with it from a tech perspective, it might be confusing for you, but from what I've seen and based on my experience, it is pretty simple and straightforward.

    The user guides are also very helpful if you hit any roadblocks. It is very straightforward in terms of the instructions to set it up, but you should have minimum tech experience in understanding the documentation, which is fair enough and good because you don't want it to be too simple to set up that companies would say, "Well, we don't need IT if anybody can do this." So, you'd need some technical background to at least understand the documentation or the user guide.

    I've only installed it for myself. It took a short amount of time to get it up and running. The deployment duration would depend on a customer's infrastructure size and the number of nodes that a customer has. It will also depend on the data collection that the agents or the engines need to do to protect the information and then put it in its database.

    What's my experience with pricing, setup cost, and licensing?

    Its price is in the medium to upper range.

    What other advice do I have?

    I would definitely recommend this solution, but I would also do a pre-assessment of the organizational setup and infrastructure. I'm a reseller, and it is obviously my top priority that we sell the product

    If you look at the Gartner Magic Quadrants, you will see AlienVault is up there in the upper right quadrant, which makes it one of the top recommended solutions. That is the reason for my partnership with AT&T Cybersecurity for the product.

    I would rate AT&T AlienVault USM a nine out of 10. No solution is 100% perfect.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Solutions Engineer at a computer software company with 51-200 employees
    MSP
    Top 20Leaderboard
    Useful for compliance, very scalable, and pretty stable
    Pros and Cons
    • "We're using it more for reporting, that's all. We're using it to help our customers to pass any kind of audits that they receive."
    • "There could be some type of integration with our existing portal. We have our own customer portals, and it would be good if there was an integration so that our portal can provide reports. There could be some type of API into the AlienVault system with the USM system so that it is easy to show the customers high-level reports of the system through our portal."

    What is our primary use case?

    We use it for compliance. We're not using it as a security operation center type of thing. Its usage is more from an auditing standpoint at this point.

    We partner with them for customers who need something like a SIEM, so we're a cloud provider and integrator.

    It is deployed on the cloud. It is a combination of AT&T's own cloud and our cloud. We run our own infrastructure. So, it is a hybrid and private cloud.

    What is most valuable?

    We're using it more for reporting, that's all. We're using it to help our customers to pass any kind of audits that they receive.

    What needs improvement?

    I don't have any suggestions for improvement. On our side, as a provider, we should develop a real security operation center type of practice, which we don't have right now.

    There could be some type of integration with our existing portal. We have our own customer portals, and it would be good if there was an integration so that our portal can provide reports. There could be some type of API into the AlienVault system with the USM system so that it is easy to show the customers high-level reports of the system through our portal.

    What do I think about the stability of the solution?

    It is pretty stable from what I hear. 

    What do I think about the scalability of the solution?

    It is cloud-based, so it is very scalable. It really depends on how many devices they have in their environment. Our customers are more mid-sized companies, so it fits what we need.

    We don't have a lot of clients using this SIEM. Usually, a client is interested in something like this to help them with their auditing. So, we don't have a lot of customers using it right now. Probably in the near future, its usage will be increased in terms of the customers requesting it from a security standpoint.

    How are customer service and technical support?

    It is pretty good. I usually don't contact their support. I usually contact their sales team. I work with their pre-sales and sales engineer and account rep.

    How was the initial setup?

    It is pretty straightforward from what I've seen, but it has to be verified to make sure any changes in the environment are added to the configuration. Like anything, it is not set it and forget it. You really have to make sure that it is capturing everything if things change or new systems are brought online. It is more of a procedural thing where you have to make sure somebody is keeping it up to date.

    For its maintenance, we have someone who manages the product itself. In our company, for IT people, we have around 100 or so staff. We have customers nationwide, but we probably have two to three people managing this product. They are in more of a security analyst type of role dedicated to security.

    What's my experience with pricing, setup cost, and licensing?

    I don't know exactly, but I know it is based on the number of logs and the retention duration, such as 30 days or something like that. So, the smallest package is about 500 a month for 30 days of logs.

    There is a virtual machine. You need resources for it. It is a log collecting VM. They provide the software, and you just have to load a virtual machine. So, you're going to incur some CPU RAM and storage for wherever this log collecting appliance is running, which typically is in our cloud and on our platform for the customer.

    What other advice do I have?

    I would advise knowing your requirements and your data. What are you trying to protect or monitor? Before implementing something like this, you really should have basic security in place. You should have systems that are generating logs, for example, antivirus software and firewall. You have to have that all in place first to make this kind of product useful because this type of product is really meant to aggregate things after the fact. After you've put all the systems in place, then this system aggregates and collects everything together. You really need all the endpoint security, firewall security, and server security first, so you have meaningful data to look at. The SIEM is not going to be useful if you don't have any meaningful data for it to collect.

    I still need to dig into it deeper to see exactly what it does. Our practice is kind of evolving, so this is probably something that we need to offer more to customers. We need to get more product knowledge on it and develop a practice around it. A lot of customers are asking for security operations center (SOC) services for remediation of problems. We don't do that right now, but that's something that I know is probably on the roadmap. With everything going on, that would be a helpful service to our customers, and I think they're asking for that. We've encountered customers asking for that type of service. We don't do it yet. I know there are other partners out there that do that, so really it's on our side to develop the product more. Whether it involves staying with this AT&T product or going for maybe another one, customers are looking for a little bit more. They are not just to have it set up, but also to have someone to act on any kind of alerts or any kind of potential breaches. They're looking for a service for somebody to actually remediate.

    From what I know of the product, I would rate it an eight out of 10. 

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Buyer's Guide
    AT&T AlienVault USM
    June 2023
    Learn what your peers think about AT&T AlienVault USM. Get advice and tips from experienced pros sharing their opinions. Updated: June 2023.
    708,544 professionals have used our research since 2012.
    MattCarter - PeerSpot reviewer
    Founding Member at Integotec
    Real User
    A very scalable solution with vulnerability management that helps avoid weaknesses, but needs broader compliance management capabilities
    Pros and Cons
    • "The most valuable feature is vulnerability management because it gives you insight into your environment to know what systems need to be updated or patched."
    • "I want to see more compliance management capability. The quality of integrations seems to be a little bit low."

    What is our primary use case?

    The use case is for companies that want to have more visibility in their environment and want to apply governance. This solution is used for compliance management, vulnerability management, threat hunting, and threat protection.

    What is most valuable?

    I think all of the features are valuable. However, the most valuable feature is vulnerability management because it gives you insight into your environment to know what systems need to be updated or patched. You can avoid weaknesses in the computers and other systems by keeping them patched.

    What needs improvement?

    I think they need to broaden their compliance management to cover more areas of compliance. For example, they're very specific about HIPAA, CIS 8.0, and a few others, but they don't have a broad compliance management base. Some customers need compliance management with other standards or frameworks, which are unavailable on their platform. I want to see more compliance management capability because if they broadened it, it would be a much more attractive product. 

    They have a lot of integrations, which is good, but the quality of integrations seems to be a little bit low. It's one thing to provide integration, and it's another to provide integration that works really well.

    What do I think about the scalability of the solution?

    The solution is cloud-based and hybrid. A server is put into a customer's environment to collect information and send it to the cloud. Both the server installed in the customer's environment and the cloud solution are scalable. The solution has rapid elasticity and all the check marks a cloud-based solution needs to scale. It is definitely scalable.

    There are currently 19 users in our company. I think over time we have plans to increase our usage of this solution, but as an MSP, we have clients with different requirements or needs, so we might pick a different solution because it's a better fit.  

    How was the initial setup?

    The initial setup was pretty straightforward. It wasn't that difficult.

    The initial steps of the implementation, getting the account and setting it up, only take a few hours. Then there's some fine-tuning that takes place afterward, and it takes a little bit longer. You need about a week to really get that fully configured with a good plan and deployed in the environment, and then from there, it's just fine-tuning as you go.

    What about the implementation team?

    We handled the deployment in-house. The solution needs one person for deployment and one for management.

    What's my experience with pricing, setup cost, and licensing?

    I don't recall exactly what their prices are, but they are a little more expensive than Microsoft. It really depends on what features in Microsoft you may already be using. If, for example, you're a company that has Microsoft's Defender for Endpoint and Defender for Identity, or basically any of their Defender Suite applications, you might already be paying a certain amount every month or every year for those features that the Microsoft Sentinel solution brings under one umbrella.

    AlienVault also has additional fees for extra storage in the cloud. 

    Which other solutions did I evaluate?

    Recently, we were going to sell a customer AlienVault, but then they picked Microsoft Sentinel. We compared them because we wanted to make sure that  both solutions could do the same thing, and it turns out that Microsoft does it a little bit better.

    It's like having a Swiss Army knife that has all of the tools you need to do a craft, or just having a regular pocketknife that you can only use to do one thing. In this case, AT&T is the pocketknife and Microsoft is the Swiss Army knife.

    What other advice do I have?

    My advice would be to make sure the product is a good fit in terms of compliance and compatibility with your security solution, like your EDR and ATP solutions. Make sure that they play well together because you could have issues with the two fighting each other over protecting the computers.

    I would rate this solution as a seven out of ten. 

    It's a good product. They created AlienVault based off of an open source framework, so it's built on OSSIM. It's interesting that AT&T is going into the cybersecurity market since they're a huge mobile carrier. Right now, their marketing and advertisements are really good, but they need to invest more money into the product. If they focus more on building out the product, maybe invest a little bit more money into development, I think they'll have a stronger strategy and a very dominant winning solution in the market.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Principal DevOps Engineer at a tech vendor with 11-50 employees
    Real User
    Top 20
    It gives you robust protection and value without the need for a dedicated SOC team
    Pros and Cons
    • "AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small company that doesn't have those resources."
    • "I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins."

    What is our primary use case?

    AlienVault USM is an SaaS solution offered through the cloud. It's a security incident event management solution that scans logs to look for various security patterns that are shipped to it. Then it alerts us so we can identify trends.

    How has it helped my organization?

    AlienVault gives us greater visibility into our security and tells us what we need to address. We haven't had any breaches, but if we were to have some, we would get alerts.

    What is most valuable?

    AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small company that doesn't have those resources.

    What needs improvement?

    I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins.

    We often have application logs that are unique to us, so it's silly to have to open a ticket, have them do the work, and then release the plugin. It would be nice if they had a self-service portal where we could define the parameters within the product for the plugin and have a custom plugin for our logs. 

    For how long have I used the solution?

    I've been using AlienVault USM for about two or three years.

    What do I think about the stability of the solution?

    AlienVault USM has been quite stable so far. We might've had one or two hiccups over the past couple of years, but nothing major.

    What do I think about the scalability of the solution?

    We have had no issues with scalability at all. It's been seamless. We have only three or four users on our DevOps team, but we're getting information from all over. Of course, many downstream people benefit from the work that we do, but only about four people actually log in and use it. 

    How are customer service and support?

    Technical support has been okay. It hasn't been great. On a scale of one to 10 scale, I'd say maybe a six. It took them a long time to respond to some of our questions, and we didn't get the complete responses we were expecting. In some cases, the process took so long that the question's urgency diminished by the time we could get to an answer.

    How was the initial setup?

    Setting up AlienVault USM was relatively straightforward. Of course, all software is complex, but this wasn't overly complex. We did do some professional service hours with the vendor during the deployment, but that was more about best practices. We asked how to configure it to get the most out of the solution. 

    It's not an admin-heavy product in terms of maintenance and management. There's certainly a lot you can do to customize and configure it, but it doesn't require much administration. Someone is logging in most days to check in and review alerts.

    Which other solutions did I evaluate?

    We looked at Splunk Enterprise with the added security module, and that worked great, but it also had a lot of overhead to get value out of it. We just didn't have the capacity for it.

    What other advice do I have?

    I would give AlienVault USM a solid eight out of 10. There are certainly products out there that can do more. For a smaller company, I'd say it's a solid nine or a 10, but if we compare all the offerings on the market, I would say it's a solid eight. It doesn't have some of the features of the other ones, but it offers a lot of benefits to us because we can get the value that we need out of it without having a dedicated team.

    It's been good overall, so I would give it a thumbs up. It's suitable for small organizations that don't have the capacity for a dedicated SOC that could handle something like Splunk Enterprise. Splunk is great for businesses with a dedicated team to do full-time analysis. But I think this is a nice solution for smaller companies where the IT staff has to wear multiple hats.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Senior Talent Sourcer, Digital at Digitaltrack
    Reseller
    Top 5Leaderboard
    Easy to deploy, stable, and affordable
    Pros and Cons
    • "The ease of implementation is the most valuable feature."
    • "The reporting and dashboards have room for improvement."

    What is our primary use case?

    We use AT&T AlienVault USM as a managed SOC service for our customers to detect and respond to security events and potential incidents.

    How has it helped my organization?

    AT&T AlienVault USM has improved detection of the potential threats and helped us to proactively take action against these threats. AT&T USM has enabled us to identify the weaknesses and has helped in strengthening the weaknesses.

    What is most valuable?

    The ease of implementation is the most valuable feature.

    What needs improvement?

    The reporting and dashboards have room for improvement.

    For how long have I used the solution?

    I have been using the solution for one year.

    What do I think about the stability of the solution?

    The solution is stable. I give the stability a nine out of ten. AT&T AlienVault USM has no uptime issues.

    What do I think about the scalability of the solution?

    AT&T AlienVault USM is scalable and is based on the tiers offered. The tiers are from 250GB to 15 TB and more. This is the monthly log ingestion storage and is scalable to the next tier if more devices are added. This is a subscription model that supports 15 days, 30 days, and 90 days of online storage with little difference in pricing. The beauty of the solution is that they offer unlimited cold storage post the online storage duration. That can be retrieved within a day's time.

    How are customer service and support?

    We have an account manager located in the UK who helps in getting the right technical person for emergencies. There is standard technical support through tickets. In general, they are pretty quick to respond and some of the enhancements are handled by their backend team for feature enrichment. 

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The initial setup is straightforward. The configuration and deployment are easy.

    The setup process initially requires a few hours. Once we have obtained the necessary licenses, we can start using the system within a day. However, it may take a few months to complete the heuristic data and begin the optimization process. One to two people are required for the deployment.

    There is a trial license for 15 days and that acts as a POC. Post-trial period the same can be converted into a licensed tier.

    What about the implementation team?

    We implement the solution for our customers.

    What's my experience with pricing, setup cost, and licensing?

    When compared to other solutions such as Splunk, LogRhythm, and IBM Security QRadar, AT&T AlienVault USM is a reasonably priced option that is also relatively inexpensive. 

    What other advice do I have?

    There are two criteria that I consider when evaluating products: "value for money" and "fit for purpose." The AT&T AlienVault USM satisfies both of these criteria. While we could potentially obtain better SIEM solutions by spending more, we must consider the cost. The SIEM is only one part of the overall model, and the efficiency of the response is also influenced by the people and processes behind it. Therefore, the tool alone cannot guarantee an efficient response. However, the AT&T AlienVault USM performs adequately in this regard, and I have not encountered any significant issues with it so far. Even with superior solutions such as Splunk, the effectiveness of the tool ultimately depends on the proficiency of the monitoring team. Therefore, I assign one-third of the overall value or a maximum of 40 percent to the tool's value if it accounts for 100 percent of the efficiency. In comparison to other products, the AT&T AlienVault USM is relatively good. On a scale of one to ten, I would rate the solution a nine out of ten.

    I would not recommend this solution for on-premises deployment or for large organizations due to the need for a well-designed architecture for implementation. However, I would recommend this solution for cloud deployment and for small to medium-sized organizations.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Dr. Sushan Banerjee - PeerSpot reviewer
    GISO - Global Information Security Officer at Beyon Connect
    Real User
    Top 5Leaderboard
    Comes with a vulnerability assessment package, has good pricing, and is extremely easy to set up and integrate
    Pros and Cons
    • "The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution. So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable."
    • "Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products."

    What is our primary use case?

    I used it in my previous company. My main use case was to identify the security events. Basically, it was a platform through which we used to monitor threat events for SOC operations.

    We had its latest version. We used to keep updating it whenever there was a new release.

    AlienVault was on-prem, and for cloud, we had Wazuh.

    What is most valuable?

    The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution. So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable.

    The setup of AlienVault is extremely easy. It is very simple to understand for someone who is trying a SIEM solution for the first time.

    The integration of servers and other devices is extremely easy. It is a piece of cake. You just double-click and start, and you are up and running. That's all.

    What needs improvement?

    Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products. 

    For how long have I used the solution?

    I have been working with this solution for around nine years. I was using it in my previous company, and I stopped using it about four months ago when I moved to my current company.

    What do I think about the stability of the solution?

    It is very stable.

    What do I think about the scalability of the solution?

    It is scalable. It was a large deployment. We had more than 1,000 employees, but it was only used by the information security team to monitor the security events and logs. We had 18 users, but we had integrated more than 250 servers and network devices with it.

    How are customer service and support?

    They were absolutely helpful. I found everyone very knowledgeable, and the ideology and everything else was fantastic. I would rate them a five out of five.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    From a security perspective, this was the first one, but before that, they had SolarWinds, which is not a security incident monitoring tool. It is just a network performance monitoring tool. After I joined the company, we had to get a SIEM solution, and we onboarded AlienVault at first. We used it for a few years, and after that, we also integrated Wazuh.

    In my current company, we have Datadog. We are using ELK Stack, and we have built our own SIEM solution.

    How was the initial setup?

    It was very simple. The deployment and integration of other devices took about three to five days, and just the installation took less than 30 minutes.

    What about the implementation team?

    I did the setup for the company. I was heading information security for that company. 

    What's my experience with pricing, setup cost, and licensing?

    It is affordable, and it also has many features that the premium products such as ArcSight and QRadar have. It is a very good platform for a SIEM solution. Everything is included in the price.

    Which other solutions did I evaluate?

    We have done a PoC in my current company, and I find both AlienVault and Datadog to be good, but we are exploring more options and doing a PoC with other solutions. We have not yet finalized any solution.

    What other advice do I have?

    I would give it a good eight out of ten. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    CHARLES GOLLIDAY - PeerSpot reviewer
    Chief Information Security Officer at a computer software company with 51-200 employees
    Real User
    it brings everything into one single pane that includes your vulnerability management, asset management, IDS, logs, and correlation
    Pros and Cons
    • "Our main focus was intrusion detection, alerts, and correlation. It's easy to use AlienVault and integrate it with other alert tools because it includes lots of connectors. Either the tool is already there, or AlienVault will write an API for us if they don't have a connector for the solution that is providing the logs."
    • "I've been told that AlienVault doesn't have a full version of NES running in there, but I'm not sure if that's accurate or if my engineer made it that way. I'm not sure he was completely honest either because we had NES in the environment before. Those tools could be improved because AlienVault is a SIEM, and it added all these other features."

    What is our primary use case?

    We primarily use AlienVault for managing logs, IDS, and correlation, but we haven't used the other tools, which was a huge disappointment to me. 

    What is most valuable?

    Our main focus was intrusion detection, alerts, and correlation. It's easy to use AlienVault and integrate it with other alert tools because it includes lots of connectors. Either the tool is already there, or AlienVault will write an API for us if they don't have a connector for the solution that is providing the logs.

    We've seen a lot of improvement in the product over the years. Their threat monitoring was an important feature for us, but we didn't use the tool to its full advantage. I wanted to use the built-in NES and asset management tools, but unfortunately we didn't use those because we had other solutions to address those areas.

    What needs improvement?

    I've been told that AlienVault doesn't have a full version of NES running in there, but I'm not sure if that's accurate or if my engineer made it that way. I'm not sure he was completely honest either because we had NES in the environment before. Those tools could be improved because AlienVault is a SIEM, and it added all these other features.

    Are they proficient in every one of those areas? Are they proficient in asset management? Is their tool good enough to be your company's vulnerability scanner? Is it good enough to be your asset manager? Is it good enough to be those additional tools? That's where I don't know if we have enough information.

    For how long have I used the solution?

    We've been using AlienVault for three years.

    What do I think about the stability of the solution?

    AlienVault is a highly stable tool. The sensors go down once or twice every few months, but it's generally a stable product. It ran for us for three years with very minimal issues or concerns.

    What do I think about the scalability of the solution?

    We were a small organization of 250 people when we started with maybe 150 machines out there server-wise. We grew to about 1,500 employees through the acquisition of four or five different businesses, so it was effortless to scale.

    You need to add more licenses and data for law collection. Other than that, it was easy to work with from that perspective, and the AlienVault salespeople are accommodating.

    How are customer service and support?

    My engineer dealt with the techs before, but that wasn't often. When he did deal with them, they were knowledgeable and helpful.

    How was the initial setup?

    Setting up AlienVault is straightforward. They provide teams and reps to help us get everything set up and connected. We also had a security engineer who was highly experienced in deploying the agents, putting the connectors in place, and pulling the logs into the SIEM.

    What's my experience with pricing, setup cost, and licensing?

    AlienVault is certainly not nearly as expensive as Splunk or QRadar. It's decently priced, but I don't have the exact figure. 

    Which other solutions did I evaluate?

    This organization has AlienVault, and they're not happy with it, so I'm looking at other solutions. However, I don't know what their pain points were. I thought it was a great solution for my previous organization. It has tremendous benefits, and it brings everything into one single pane that includes your vulnerability management, asset management, IDS, logs, and correlation. It does all of those things in one single pane, and I think that's one of the benefits of AlienVault.

    What other advice do I have?


    I rate AlienVault USM eight out of 10. That said, I haven't used many other SIEMs. I haven't worked with Splunk or QRadar. One of our organizations had QRadar, but they switched to AlienVault.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Francis Silva - PeerSpot reviewer
    Coordinator de Servicios  at MAINT
    Real User
    Top 20Leaderboard
    Easy to use and intuitive platform against security threats, with a feature for adding apps
    Pros and Cons
    • "Easy to use, scalable, stable, and very intuitive platform that provides protection against security threats."
    • "Adding a parsing interface for the customers would make AT&T AlienVault USM better."

    What is our primary use case?

    We have customers from the retail, industrial, strategic resource, and OT infrastructure sectors who are using AT&T AlienVault USM. The solution has several use cases.

    What is most valuable?

    I like that AT&T AlienVault USM is deployed on cloud, because the previous solution, the all-in-one solution wasn't, so we had a lot of problems with the all-in-one solution. Either the database was corrupted, or there was a large delay in the appliance. With AT&T AlienVault USM being on cloud, all of those problems disappeared.

    Another feature I like about the solution is the ability to add apps. It's a really good feature.

    AT&T AlienVault USM is a very intuitive tool, especially for analysts. It's easy to use.

    What needs improvement?

    An improvement for AT&T AlienVault USM is the option for us to build the connectors ourselves, for us to do the parsing ourselves, because those options disappeared with the version of the solution that we're currently using. I know I can talk to the vendor to ask for a new parsing option for the application, for any new platform, but I understand that it can take several months. Adding a parsing interface for the customers would be good.

    What do I think about the stability of the solution?

    AT&T AlienVault USM is a stable solution.

    What do I think about the scalability of the solution?

    AT&T AlienVault USM is a scalable solution, especially because we have the option to use more sensors, and we have an average scale of log space for log rotation.

    How are customer service and support?

    We don't deal with the support team for AT&T AlienVault USM, in terms of big issues, but in terms of them answering a question, or giving information about design specs, their response is good. Their response is correct, so we have no problem with the support for this solution.

    From one to five, where one is bad and five is good, I'm rating their support a four.

    How was the initial setup?

    The initial setup for AT&T AlienVault USM was easy.

    Which other solutions did I evaluate?

    We evaluated another product: AlienVault OSSIM, but only for testing, we did not suggest it to our customers.

    What other advice do I have?

    We are using AT&T AlienVault USM. It's our main SIEM solution. We've been a partner of AT&T for four to five years. We still have a customer using the all-in-one solution, but now we are mainly promoting AlienVault USM Anywhere.

    I know that the solution is undergoing changes to become even more useful, so we have no problems with it. There's no problem, even in terms of integration.

    We use three people for the deployment and maintenance of the solution. One person is in charge of designing and implementing. Another person supports the implementation and the requirements of the customer. The third person does the monitoring exclusively. We provide our customers with the services of a security operations center.

    I'm recommending AT&T AlienVault USM to others and I'm rating AT&T AlienVault USM eight out of ten.


    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Buyer's Guide
    Download our free AT&T AlienVault USM Report and get advice and tips from experienced pros sharing their opinions.
    Updated: June 2023
    Buyer's Guide
    Download our free AT&T AlienVault USM Report and get advice and tips from experienced pros sharing their opinions.