USM Anywhere Room for Improvement

PB
Senior Security Information Manager at agiito

USM Anywhere relies a lot on the community putting the data in. Often, you'll right-click on the attack, but nothing will be found. That's a weakness of it.

View full review »
Omer Jamil - PeerSpot reviewer
Supervisor, Security Operations at Bpm

The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient.

A mobile app for user management is something I would like to see in the product's future release.

View full review »
CHARLES GOLLIDAY - PeerSpot reviewer
Chief Information Security Officer at a computer software company with 51-200 employees

I've been told that AlienVault doesn't have a full version of NES running in there, but I'm not sure if that's accurate or if my engineer made it that way. I'm not sure he was completely honest either because we had NES in the environment before. Those tools could be improved because AlienVault is a SIEM, and it added all these other features.

Are they proficient in every one of those areas? Are they proficient in asset management? Is their tool good enough to be your company's vulnerability scanner? Is it good enough to be your asset manager? Is it good enough to be those additional tools? That's where I don't know if we have enough information.

View full review »
Buyer's Guide
USM Anywhere
March 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
Dr. Sushan Banerjee - PeerSpot reviewer
GISO - Global Information Security Officer at Beyon Connect

Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products. 

View full review »
Gabriel Clement - PeerSpot reviewer
Lead IT Security and Remediation at ARM Ltd

We like the on-premises solution, but AT&T wants us to move to their cloud version. We are not interested in doing that because the storage in the cloud version is not cheap. We don't want to move to the cloud and be unable to afford the cost of maintaining the cloud. We are looking for a solution that we can afford long term. Since the support for on-premises is close to being eliminated, we are looking for a solution that fits our budget.

View full review »
JV
Network and Security Infrastructure Manager at a wholesaler/distributor with 201-500 employees

AT&T AlienVault USM can improve searchable data. It should be available for more than 90 days. If you need more than 90 days of data, you have to put a request and they give you raw data, which is not easy to search. A good addition would be to allow users to search data older than 90 days.

In a future update, they should add more integrations with third-party devices.

View full review »
Jason G. - PeerSpot reviewer
Market Development Manager, Cyber Security Consultant at Abacode

Although they use machine learning, the algorithms that they use are graph-based. Their AI/ML capabilities could be improved a bit.

View full review »
VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees

This product is jack-of-all trades, but master of none. As mentioned in the good, being a jack-of-all trades is well suited for certain organizations. However, the lack of mature functionality and expertise in any of those areas is a strong negative.

For example, the correlation engine is nowhere close to the likes of ArcSight , QRadar, or Splunk, etc. The threat Intelligence is not as good as QRadar, McAfee, RSA, etc. When it comes to critical functionality expertise, AV USM is found lacking.

  • Database: AV USM is using MySQL for its database. All the issues related to a structured DB for log collection, storage and management come to haunt AV USM as well. All SIEM logs are stored in the MySQL database and this causes an issue in terms of scalability, especially with high log volume environments because backup and restore is time and CPU/RAM consuming. USM can hugely benefit from moving to a non-DB Log storage architecture, thereby giving more flexibility in data management. It is doubtful if AV will take that route. Based on their product direction, they are looking at Percona Server to replace MySQL. While it is a good move, it is still customized MySQL replacement. It may not add much desired scale to the product.
View full review »
Gerald Mbewa - PeerSpot reviewer
Cyber Security Analyst at DIgital Sentry Ltd

AlienVault cannot automatically respond to threats like other SIEM solutions, such as Sentinel and LogRhythm. Most of our clients are far away, so it's often challenging to handle alerts when they come up on our dashboard.

View full review »
MattCarter - PeerSpot reviewer
Founding Member at Integotec

I think they need to broaden their compliance management to cover more areas of compliance. For example, they're very specific about HIPAA, CIS 8.0, and a few others, but they don't have a broad compliance management base. Some customers need compliance management with other standards or frameworks, which are unavailable on their platform. I want to see more compliance management capability because if they broadened it, it would be a much more attractive product. 

They have a lot of integrations, which is good, but the quality of integrations seems to be a little bit low. It's one thing to provide integration, and it's another to provide integration that works really well.

View full review »
DL
Solutions Engineer at a computer software company with 51-200 employees

I don't have any suggestions for improvement. On our side, as a provider, we should develop a real security operation center type of practice, which we don't have right now.

There could be some type of integration with our existing portal. We have our own customer portals, and it would be good if there was an integration so that our portal can provide reports. There could be some type of API into the AlienVault system with the USM system so that it is easy to show the customers high-level reports of the system through our portal.

View full review »
SL
Senior Talent Sourcer, Digital at Digitaltrack

The reporting and dashboards have room for improvement.

View full review »
it_user459648 - PeerSpot reviewer
Manager, Information Security at a retailer with 5,001-10,000 employees

With all these products there is always room for improvement. Whether it’s making the filtering of anomalies better, making setup and deployment faster, streamlining more of the functional aspects of the product, etc. There is really not one thing that stands out in particular.

View full review »
JS
Senior Network Architect / Network Team Leader at ICE Consulting. Inc.

I'd like to see a dashboard that's a little more descriptive. We can customize the dashboards, but the out-of-the-box dashboards are kind of bland. Since we give our customers access to their dashboards, it would be nice if they were a little bit more intuitive. We can go easily drill into it and show them everything, but the customer just sees the writing on the page. 

I'd like to see them dress up their out-of-the-box dashboard a little bit. We have the ability to do a lot of that. 

Since they have this image — they have a strong MSP program. I would love to see them allow branding, which they don't at this point.

View full review »
PF
VP at Castra Consulting

One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs. AlienVault has three components to it, a sensor, a server, and a logger. Sensors grab data, servers correlate data, and loggers store data. The logger can only hold so much data. If they improved that, that would help.

View full review »
CB
Manager, Security Operation Center at Ideal Integrations

The support could absolutely be better. It seems to have gotten worse with the AT&T acquisition. 

We have been hearing some not so great things from our associates in the field as well.

View full review »
DO
Principal DevOps Engineer at a tech vendor with 11-50 employees

I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins.

We often have application logs that are unique to us, so it's silly to have to open a ticket, have them do the work, and then release the plugin. It would be nice if they had a self-service portal where we could define the parameters within the product for the plugin and have a custom plugin for our logs. 

View full review »
MW
Production DBA at BLUE MOTOR FINANCE LIMITED

We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.  

View full review »
GP
Consultant at Embratel
  • They should improve the reporting capabilities. 
  • Different functions to customize reports should be added. 
  • Export features should not be limited to spreadsheets (.XLS) only.
View full review »
it_user883449 - PeerSpot reviewer
admin at KIL A&T
  • Plugins could be better utilized, as some of them do not recognize all logs.
  • We could add little more customization to dashboards.
View full review »
KH
Information Security Manager at a tech services company with 201-500 employees

The one thing I continue to dislike about the USM is the limitation on reports. Hard to get what you need in a report and once you do, there is no control over the formatting.

View full review »
Francis Silva - PeerSpot reviewer
Coordinator de Servicios  at MAINT

An improvement for AT&T AlienVault USM is the option for us to build the connectors ourselves, for us to do the parsing ourselves, because those options disappeared with the version of the solution that we're currently using. I know I can talk to the vendor to ask for a new parsing option for the application, for any new platform, but I understand that it can take several months. Adding a parsing interface for the customers would be good.

View full review »
SK
Director of Department at BAKOTECH LLC

The solution could be improved in three ways. The first one is user behavioral analytics. They need work.

The second one is cloud-related usage. The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on.

The third one improvement could be a bit more customization for security products. If someone has an antivirus where it is customizable they need to have the ability to easily connect everything together.

View full review »
MM
Senior Buyer & Operations Specialist at Nth Generation Computing

The only recommended changes I can think of is to have the ability to filter logs. Also, being able to navigate the dashboard. That seems to have been quite a challenge.

View full review »
JT
Owner at ThatsIT Consultants

I've been using it just for my own personal upskilling in terms of how the product works. At the moment, it is pretty straightforward and simple, and it is working how it is supposed to. The feedback would come once it is deployed to customer sites. They'll be using it on a more frequent basis, and that's when the feedback would come in terms of the areas in which they're facing issues or are looking for simplicity.

View full review »
Stephen Hui - PeerSpot reviewer
Cybersecurity Architect at DataAssure

The solution is a bit complicated. It could be simplified quite a bit.

The correlation engine could be improved. Much improvement could be made there, as it is an important open-source solution. 

The solution could benefit from including security orchestration. It's still not available yet. It would be really nice to have in a future release.

It could use something like a pen test. Tools like that would make it more comprehensive from a cybersecurity aspect. 

View full review »
LC
VP IT Operations at a financial services firm with 51-200 employees

The only that I can think of is that is not ideal is sending Windows Server logs to their device, to the system. That has to be done on each server. I don't know if they have changed that.

View full review »
TS
Consultant at a tech services company with 11-50 employees

Search performance can be slow. The Raw Logs feature is painfully slow. And if we're talking about the newer, the Anywhere product, you can't even schedule reports on it. There are probably a dozen other features I'd really like to see there, but that would be one of the biggies.

Also, there is no visibility into the NIDS or HIDS agent configurations and no easy way to augment them. The same is true for vulnerability scanning, it's all or nothing; there are no fine-grain controls as there was in their older product. There is a lack of "real" visibility into the correlation rules, and the inability to create our own sophisticated rules (only very simple ones) is a big miss.

View full review »
it_user800649 - PeerSpot reviewer
Network Operations Manager / Systems Engineer at a tech services company

Source material on the forums to be more up-to-date with the changes happening within the product. Forums being out-of-date with information due to the changes makes troubleshooting a little more difficult - specific to the HIDS agents. Troubleshooting connectivity is limited to very view articles with very little information. Perhaps adding templates into the HIDS agents for collection based on systems or a clickable addition of files to collect with check boxes rather than configuring the HIDS agents through text. 

Also, more information on how specific sections relate to PCI and how to use/setup the SIEM to follow the guidelines of the areas. Some information is vague on how to accomplish specific items within PCI on help forums through AlienVault.

View full review »
BS
Systems Administrator at a healthcare company

Honestly, the product itself is great. The only room for improvement I can mention is the initial installation procedures. I found that the online installation instructions for the product were missing important details, they lacked necessary steps. The product itself is fine.

View full review »
reviewer847167 - PeerSpot reviewer
Network and Securirty Engineer at a tech vendor with 501-1,000 employees

As this software is in the cloud, you do not have control on updates and general changes which are happening. It can be a somewhat annoying that DC sensors are updated and you will not have control when this happens. 

View full review »
it_user846063 - PeerSpot reviewer
SOC Analyst II at Shatter I.T.

The UI and overall processes need a little bit more love. The development job postings have the requirement, for prospective candidates, of "values progress over perfection". This shows in the error banners that come up when you select certain things. There isn't a day that goes by that the UI doesn't error out and I can't view events for an alarm. It's nice that they have new features rolling, keeping up with demand, but fixing the events/alarm database errors would be nice too.

The reporting tools are a bit lacking for building reports to give directly to customers, but support has been helpful in giving our requests for new features to the development team and following up with us.

View full review »
it_user690780 - PeerSpot reviewer
Network Administrator at a legal firm with 51-200 employees

I would like to see it be able to run on any hardware via just an installer.

View full review »
it_user339099 - PeerSpot reviewer
IS Manager at a financial services firm with 501-1,000 employees

I would like to see some better ways to report on the information. There are many reports included but would be nice to have better access to the data. Customizations are possible but don't always allow us to report on what we need.

View full review »
it_user593826 - PeerSpot reviewer
Security Architecture and Operations Lead at a university with 1,001-5,000 employees

Reporting still needs a lot of work, especially on the vulnerability side. Vulnerability management UI could be improved as well.

Vulnerability reports are clunky and difficult to manage. The layout is not really professional or intuitive and takes some time to understand how to navigate it. In general, while there are some customization options with reporting features as far a look and feel, reports still have an “open source” feeling. In general, the look is not as clean and professional as what one is used to seeing in other, similar products.

View full review »
it_user671907 - PeerSpot reviewer
System Administrator at a financial services firm with 201-500 employees

The vulnerability reporting needs to have options to be able to sort or customize the output. It is helpful to look at the vulnerability and how many hosts have it, in addition to being able to look at an individual host to see what vulnerabilities it has.

View full review »
JM
I.T. Manager at a non-profit with 51-200 employees

Long-term I'm genuinely concerned about AT&T's ownership of AlienVault. I have never had a good relationship with AT&T in +15 years, and fear they will destroy this good product.

View full review »
BG
Systems Engineer at a university with 201-500 employees

The menu system can be a little confusing, until you use it for a while. Such as at the top right there is a “settings” menu. Which is more of a user profile menu. I would like that to say what it is “My Profile.” Under the “Settings” menu I had rather see true system settings. Such as User Accounts, Configuration Backups/Restore, SMTP server Setting, AD (LDAP) settings, Password Policies, and other true System Settings. There is also a large button at the right called “Configuration.” I would change that to something like “Deployment Settings”. Under this menu I would have settings specifically related to “this deployment of AlienVault”. Such as Plugins, Sensors, Remote Locations, and Services Running on this deployment (with the ability to Enable/Disable these and Start/Stop these). Also here I would have a sub-menu called “System Performance” with metrics (CPU usage, Swap, Ram, database health (with cleanup and compress options), Network Traffic In/Out performance for each NIC, and etc. Currently Threat Intelligence items are also under Configuration. I would make a separate “Threat Intelligence” menu and expand upon it to cover more items. Just my thoughts.

I guess it comes down to my being old school and would like traditional menus. Such as text-style drop-down menus from the top and not the huge big button menus. Like File, Analysis, Environment, Reports, Settings, Deployment Settings, Preferences, help, and etc. The text-type tend to be much more explanatory as to what is in them below. I know a lot of software has gone to the big button/ribbon style menus (MS Office). I assume that is to make things mobile friendly. To me it makes navigation less easy and more confusing and the big buttons take up too much screen real estate that I have rather see for other things such as alarms and real-time system activities.

View full review »
it_user671703 - PeerSpot reviewer
Sr. Networking & EMS Analyst

Most of the troubleshooting requires going through the Linux command line and bypassing the GUI. We have a wide variety of users with different technical expertise. For some, any amount of command line troubleshooting scares them away from products.

View full review »
it_user466506 - PeerSpot reviewer
Group Information Security Officer at a consumer goods company with 1,001-5,000 employees

The reporting could do with some improvements for example the vulnerability report only tells you what vulnerabilities are open and lists them but there is no indication of how old they are at a glance and what vulnerabilities have been closed since the previous scans. I would also like to see the ability to scan my devices for compliance against the CIS Benchmarks.

View full review »
CC
ISO (Information Security Officer) with 10,001+ employees

The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management.

View full review »
it_user707502 - PeerSpot reviewer
System Administrator at a tech services company with 10,001+ employees

For creating new rules, you have to be familiar with regular expressions. I feel there could be something built-in to make sure that process is easier.

View full review »
it_user765879 - PeerSpot reviewer
Security Administrator at a financial services firm with 501-1,000 employees

The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing. The views are also very static and do not give you a lot of options on how the data is presented.

View full review »
BC
Director Of Information Technology at a tech services company with 51-200 employees

I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job.

View full review »
it_user671700 - PeerSpot reviewer
IT Security Analyst at a financial services firm with 201-500 employees

Offer solutions based on a PoC (Proof of Concept) to fit each company's specific needs, rather than letting the company guess or piece together the solution they need.

View full review »
it_user465876 - PeerSpot reviewer
Information Systems Network Technician at a local government with 501-1,000 employees

The alarms section of the USM is very robust, yet I still find myself having to look back through the events to find more details. It would be nice if I could navigate straight to the event from the alarm.

View full review »
it_user479445 - PeerSpot reviewer
Chief Information Security Officer at a tech services company with 51-200 employees

The search capabilities are not optimal and are going to be optimized in the next versions. For example, it is possible to search both username and IPs but not usernames and specific fields (aka user data) at the same time.

Documentation needs to be improved, especially due to the fact that AlienVault gets improved often with new features.

Vulnerability scanning does not support Nessus (after version 5) which is a leader in the market. The default vulnerability scanner is OpenVAS, it does the job but the report are not the same quality as Nessus.

View full review »
it_user479376 - PeerSpot reviewer
Information Security Officer at a healthcare company with 1,001-5,000 employees

Asset scanning and inventory (stale assets, scheduling scans) and correlation (false positives).

View full review »
it_user467313 - PeerSpot reviewer
IT Field Support Manager at a consumer goods company with 1,001-5,000 employees

They need to be faster in developing custom plugins.

View full review »
MF
Chief Operating Officer / SR. Project Manager at SCS

They set aside a lot of the functionality from the on-premises version that we found very helpful in managing tickets. As it is now, the cloud-based deployment is lacking these useful features.

The reporting is mediocre and is something that needs to be improved.

View full review »
it_user833982 - PeerSpot reviewer
Cybersecurity Analyst at a tech company with 51-200 employees

A tailored OTX map for each customer's central would be awesome to have for displays.  A lot of companies like to have visuals for their central instance in order to be able to see when an IOC comes through and it would help have something in front of analysts/engineers to respond to promptly if they were away from central working downstream. 

View full review »
it_user787419 - PeerSpot reviewer
IT Systems Administrator at a financial services firm with 201-500 employees

Reporting and Windows log collection is the biggest drawback. Reporting is convoluted and difficult at times, although they claim to have hundreds of pre-built reports, very few of them are actually useful for anything but what the USM is doing. Windows log collection works with HIDS, but documentation is sparse and confusing. You have to trace back to how Windows Event ID ultimately correlates with AlienVault events through HID's IDs. 

View full review »
it_user484701 - PeerSpot reviewer
SOC Intrusion Analyst at a tech services company with 51-200 employees

Directives and searches within security events. So many issues with directives. Creating directives is a pain on it's own, but editing them can be a nightmare filled with tedious unnecessary steps. You do not have an option to whitelist or blacklist specific traffic flows to trigger alarms (eg. Specific IP to specific IP) if your directive contains multiple alarms. A simple fix would be to allow the engineer to give "and" and "or" statements so you could get something along the lines of (SRC IP: 192.168.0.20, DST IP: 10.10.1.12 OR 10.10.1.13) AND (SRC IP: 192.168.10.5, DST IP: 10.10.2.5). Instead you have a list of source IPs and a list of destination IPs and no matter if the traffic you need to blacklist is specific, anything communicating from the source list to the destination list triggers an alarm, which is not always what you want.

A workaround for that is to split the alarm directive into separate directives for any specific flows you are looking for. Searching in security events comes with it's own minor inconvenience that isn't a deal breaker, however, a simple improvement could make things orders of magnitude better: Allow the analyst to decide everything he wants to search for and trigger the search themselves. Right now, if you want to search something by signature, time range, and port - for example - you have to do each individually and each search forces the query to reload before you get the information set you want. E.g.: I want to search for Admin Activity Events, surrounding a specific Admin, over the last week. I need to first search for Admin activity events, which reloads the whole set of data, then search for the username, reloading the whole set of data again, then choose the last week time range, reloading again. It would make more sense to be able to package the queries I intend to use, then click something along the lines of submit. AlienVault does offer predefined searches, which is a great tool, but I think fixing the search function of the SIEM would be great.

View full review »
it_user484695 - PeerSpot reviewer
Information Security Consultant at Securepoint Nederland B.V.

The next release will include cloud security and it will support a hybrid IT environment, furthermore the OTX has a great added value but it will help when there is more OTX information in the database. Future releases will definitely need to improve on these items and it will position the product in a more enterprise ready strategic position.

View full review »
BC
Manager at WASHI

The solution is very user-friendly, but the dashboard could be improved as well as the level of customization.

View full review »
it_user829533 - PeerSpot reviewer
IT Manager at a manufacturing company with 51-200 employees

More complimentary training needs to be done for use with this tool. If you get into a bind, then it will cost you.

View full review »
it_user702744 - PeerSpot reviewer
Professional Services Engineer at a tech services company with 11-50 employees

Stability on certain components could be better, but for a system that is on 24/7/365 without reboots, it's fairly trouble free.

View full review »
it_user673095 - PeerSpot reviewer
Delivery Manager at a tech services company with 11-50 employees

The report section needs to be improved. Most of the correlation rules are based on the NIDS event, which needs to be improved. In other words, we have to use the device logs also.

View full review »
it_user466524 - PeerSpot reviewer
Senior Infrastructure Analyst at a pharma/biotech company with 1,001-5,000 employees

The configuration is somewhat complex and the interface a bit non-intuitive. Whilst very useful for reporting, interpretation of the results can be difficult: improved features to help with this would be welcome.

View full review »
it_user846192 - PeerSpot reviewer
Network Architect at Envision IT LLC

It can still be difficult to feed products that are not supported out-of-the-box. It would be good if they had a better plugin exchange/store with AlienVault QA to ensure data is being processed properly.

View full review »
it_user484698 - PeerSpot reviewer
Security Consultant at a tech consulting company with 51-200 employees

My biggest challenge has always been the fine tuning that is sometimes required for some networks. It requires a solid understanding of Linux and databases and how networks work. So a non-technical user may become frustrated, or not configure the product to work at its best, and therefore miss important events. So I see room for improvement in the following -

  • Easy of deployment and configuration
  • Easier way of testing if features are working as designed, e.g. Packet analysis
  • Troubleshooting features that are not working as designed
View full review »
it_user123747 - PeerSpot reviewer
Chief Security Officer at a financial services firm with 501-1,000 employees

Some customizations with the integration between AlienVault components have room for improvement and enabling users with WebUI interfaces instead of having to edit configuration files on the system to achieve certain actions would be a good improvement.

View full review »
HH
Operation Manager at Checksum Consultancy

Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira.

It is also a bit slow, and its replication engine can be improved.

View full review »
it_user790017 - PeerSpot reviewer
Client Development Manager at a tech services company with 51-200 employees

AlienVault needs to continue to integrate with other third-party technologies that clients want to have monitored. The plugin builder in the most recent version update is helpful, but it is still a little "clunky" at times.

View full review »
it_user672663 - PeerSpot reviewer
Information Security Analyst at a insurance company

I think expanding their vendor-specific plugins would beneficial.

View full review »
it_user557322 - PeerSpot reviewer
SOC Lead / Sr. SOC Analyst at a tech services company with 501-1,000 employees

With all the great features AlienVault has to offer, it would be nice to see improved search query functionality, similar to ELK stack.

View full review »
DT
ICT Consultant at N3tcom

The price of AT&T AlienVault USM could be reduced.

View full review »
SA
DevOps Engineer at a tech services company with 201-500 employees

The AT&T AlienVault USM is okay, but the relational database is not very good for large amounts of data. For example, many logs cannot be processed. It has been very slow for the queries and some data which are large, it is not very good in this case.

View full review »
it_user814395 - PeerSpot reviewer
Network and Security Engineer at a tech services company with 11-50 employees

The Log Management and configuration of email notifications should be user-friendly. Pay attention to false-positive event automatic correlations. 

View full review »
it_user681138 - PeerSpot reviewer
IT Security Analyst at a tech services company with 10,001+ employees

Report modules now lets us get a visualization of the activity of the main assets to continue to improve the business and reduce the risk of failures.

View full review »
it_user673290 - PeerSpot reviewer
IT Security Engineer II at a retailer with 5,001-10,000 employees

Sub menus: Sometimes you really have to drill down to get to where you want to go.

View full review »
DL
Sales Solutions Engineer at a tech services company with 201-500 employees

Having automatic agent deployment would be a great feature. It would be nice to see some machine learning and monitoring of the configuration in network devices.

View full review »
it_user955890 - PeerSpot reviewer
DevOps Engineer at Two Hat Security

Taking into account that server access credentials are controlled by the tool, some more management-focused actions could be performed from AlienVault.

View full review »
kr1spy84 - PeerSpot reviewer
Security Systems Administrator at VERTICAL SCREEN, INC

Many of the tasks on features are useless in our situation. NetFlow is worthless.  Many of the built-in correlation engine solutions are just okay.

View full review »
it_user837123 - PeerSpot reviewer
CEO at a tech services company with 1-10 employees

All products have room for improvement. AlienVault is always looking at ways to improve their solution. 

We would like more plugins. This being the main point of improvement which would benefit the users.

View full review »
it_user817980 - PeerSpot reviewer
Head of MSS Platform and Product Management at a tech services company with 51-200 employees

Scaling, and it has no APIs! 

It would be hard for any legitimate MSSP to use it.  

View full review »
it_user746328 - PeerSpot reviewer
Head of IT at a consultancy with 201-500 employees

Backup, restore, and upgrade - some menu options are a bit convoluted.

View full review »
it_user695217 - PeerSpot reviewer
IT User

The web UI can be clunky at times, with poor error handling. Updates need more QC before release.

View full review »
it_user479484 - PeerSpot reviewer
Network Security Administrator at a comms service provider with 501-1,000 employees

We have a relatively large deployment that spans multiple locations and domains. Having the ability to authenticated users across multiple domains would be useful, but is not critical. The log query capability is pretty restrictive and I find myself searching through raw logs via command line more often than the GUI. Full logging is not supported out of the box, you will need to modify configurations to store all logs if that is your concern or a requirement of your organization, AlienVault by default only stores alert logs, this can and will bite you at some point. The IDS Rules need better oversight when updated. The vulnerability scanner needs to have a power user mode that gives you a more complete interface to the vulnerability scanner (OpenVas).

View full review »
AM
System Administrator at a insurance company with 51-200 employees

This solution has too many issues with integration with other technologies. For example, you can configure the solution to integrate with your technology today but tomorrow it will stop working. You have to continually update the login, save the issue, and create a ticket with support. It is a long process that takes too long for the support to resolve quickly.

In the future, I would like to see all these features of the solution working properly.

View full review »
RB
Security Analyst SOC at Sumasoft Pvt Ltd

While it is relatively easy to use, it takes a little time to get used to where everything is located in the web interface. I do wish that their support would help a bit more with the analysis of alarms.

View full review »
it_user829383 - PeerSpot reviewer
Engineer - Network Security at a tech company with 11-50 employees

Still I was working on the implementation I have found difficulties in searches within security events. Configuring some areas looks complicated.

I had issues while installing OSSEC agent in Solaris and CentOS Servers. A workaround for this issue will give some value for users.

View full review »
SK
Engineer - Information Security at a tech services company with 51-200 employees

User friendly interface could be an advantage. Sometimes we may face trouble when we were going through the settings of AlienVault SIEM.

View full review »
it_user714207 - PeerSpot reviewer
Security Analyst at a tech services company

It would be great if there was a feature to add in watch lists, like McAfee or QRadar have -- to keep track of IPs, domain, etc. that I have identified as being malicious.

Also, being able to connect into other TAXII/STIX feeds other than OTX.

View full review »
it_user502473 - PeerSpot reviewer
Infrastructure Engineer at a tech services company with 1,001-5,000 employees

API, ETL, or connector to support BI tools such as Tableau, Power BI, etc.

View full review »
it_user484692 - PeerSpot reviewer
Security Consultant at a tech consulting company with 51-200 employees

The biggest improvement they could do is to provide full support for IPv6 addressing. It currently has quite lightweight support for IPv6 addresses in the sense that it will record the source/destination addresses in all cases, but currently trying to search with IPv6 addresses is not possible and thus makes our lives harder.

View full review »
it_user235437 - PeerSpot reviewer
Network Engineer II at a healthcare company

It needs to be easier to deploy switch monitoring.

View full review »
it_user604401 - PeerSpot reviewer
AVP & Information Security Officer at a financial services firm with 501-1,000 employees

The way it identifies systems can use some improvement. It has a hard time differentiating between versions of Windows.

View full review »
TR
Network and Security Engineer at a tech services company with 51-200 employees

AlienVault must improve their correlation feature. Some of the events do not match with the correlation rules and some of the correlation events are false-positive.

View full review »
it_user745119 - PeerSpot reviewer
Security Engineer at a tech services company with 201-500 employees

Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement.

View full review »
it_user703422 - PeerSpot reviewer
Network Administrator at a tech services company

The setup was somewhat complex.

View full review »
it_user466953 - PeerSpot reviewer
Security Analyst at a tech company with 51-200 employees

They have the advantage of having a large community that uses the free version, and they really could use this as a sort of beta testing population for new releases. Yet, a lot of the releases break things that are used. I think they need to do more QA before releases. For example, I have custom rules written for the Suricata function. Some releases ago, there was a code change and now every single update requires that I reinstall the custom rules, and I am still waiting for the fix. They need to either stop allowing customization (which would be a mistake) or they need to embrace that a majority of their customer base does this and put in safe guards. I understand putting in limits to what’s supported, but simple things like this are part of the appeal of the product. Another example is that a few releases back, they broke the Nagios availability monitoring portion. All the functionality to watch your systems is there, and of course, I used it. When it broke, support told me it was really only meant to watch the AlienVault system itself, yet the entire interface is there, the options to enable the monitoring on hosts is there. I believe, first of all, that what I was told was wrong as availability monitoring is one of the core functions AlienVault touts, and secondly, that they need to be more careful with testing before releasing updates. It took like twp more updates before the functionality was restored.

View full review »
it_user479427 - PeerSpot reviewer
Director of Information Technology at a healthcare company with 51-200 employees

More information about what the alerts mean and how they are derived would be useful when determining their significance. Support is good to provide this information though.

View full review »
it_user472305 - PeerSpot reviewer
Senior Network and Security Consultant SI at a tech services company

Plugins: most plugins are not up to date with the newer versions of products.

View full review »
it_user752880 - PeerSpot reviewer
Security Analyst at a tech services company with 1-10 employees

It should be able to communicate with other security solutions to stop threats.

View full review »
it_user824214 - PeerSpot reviewer
IT/IS Officer - Marketing Director at a tech services company with 51-200 employees

As with many of its users, I have submitted suggestions in the past and AlienVault has seemed to listen to suggestions from its users and have implemented them every time.  I am happy with the product as it is today.

View full review »
it_user466902 - PeerSpot reviewer
IT Engineer at a energy/utilities company with 501-1,000 employees

As it includes multiple security softwares, the installation and configuration takes a lot of time. It would be good if they could work on that but the time is understandable given all the features AlienVault offers.

View full review »
it_user466923 - PeerSpot reviewer
Information Security Administrator at a government with 1,001-5,000 employees

They should simplify the HIDS agent reporting/custom rule creation.

View full review »
JR
Network Security Specialist at SEFISA

Maybe logs are the problem, as the database query is too slow. If you want to search something, you need time to find it.

The other thing is the agent is OSSEC. They needed to create its own agent to help to find threats on the devices that it happens to be installed.

View full review »
it_user103734 - PeerSpot reviewer
IT Officer with 51-200 employees

It is a lot of work to get the software configured and set up properly.

View full review »
it_user171111 - PeerSpot reviewer
Security Expert at a tech services company
  • Accuracy of threat detection
  • Advance reporting
  • Reliable asset and vulnerability management feature
View full review »
it_user482859 - PeerSpot reviewer
Tech Support Engineer at a tech services company with 501-1,000 employees
  • IPv6 not supported
  • Correlate with external logs from other sources makes little bit difficult to work
View full review »
it_user467397 - PeerSpot reviewer
IT Security Administrator at a local government with 501-1,000 employees

I'd like to see built in support to detect more security incidents.

View full review »
it_user466518 - PeerSpot reviewer
IT Security Architect at a healthcare company with 1,001-5,000 employees
  • Database query speed when dealing with millions of events per day
  • Reports customization and types
  • Dashboards TV modes (SOC surveillance monitors)
View full review »
it_user673113 - PeerSpot reviewer
Technical Writer at a tech services company with 11-50 employees

I would say the menus could use some tweaking and custom rule creation could be made simpler.

View full review »
it_user675858 - PeerSpot reviewer
IT Assistant at a financial services firm with 51-200 employees

I don't have any, as I've been pretty satisfied with the product.

View full review »
MA
‎SOC Manager at a tech services company with 11-50 employees

This solution could be easier to use. It is hard for some people to understand, and they need to get training and certification just to understand what it's showing them.

View full review »
MH
Team Lead & Principal Software Engineer at a tech services company with 51-200 employees

The GUI needs to improve because it's not user-friendly.

View full review »
Buyer's Guide
USM Anywhere
March 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.