USM Anywhere Room for Improvement
PB
Philip Bradley
Senior Security Information Manager at agiito
USM Anywhere relies a lot on the community putting the data in. Often, you'll right-click on the attack, but nothing will be found. That's a weakness of it.
View full review »The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient.
A mobile app for user management is something I would like to see in the product's future release.
I've been told that AlienVault doesn't have a full version of NES running in there, but I'm not sure if that's accurate or if my engineer made it that way. I'm not sure he was completely honest either because we had NES in the environment before. Those tools could be improved because AlienVault is a SIEM, and it added all these other features.
Are they proficient in every one of those areas? Are they proficient in asset management? Is their tool good enough to be your company's vulnerability scanner? Is it good enough to be your asset manager? Is it good enough to be those additional tools? That's where I don't know if we have enough information.
Buyer's Guide
USM Anywhere
March 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products.
View full review »We like the on-premises solution, but AT&T wants us to move to their cloud version. We are not interested in doing that because the storage in the cloud version is not cheap. We don't want to move to the cloud and be unable to afford the cost of maintaining the cloud. We are looking for a solution that we can afford long term. Since the support for on-premises is close to being eliminated, we are looking for a solution that fits our budget.
View full review »JV
Jomel Varghese
Network and Security Infrastructure Manager at a wholesaler/distributor with 201-500 employees
AT&T AlienVault USM can improve searchable data. It should be available for more than 90 days. If you need more than 90 days of data, you have to put a request and they give you raw data, which is not easy to search. A good addition would be to allow users to search data older than 90 days.
In a future update, they should add more integrations with third-party devices.
View full review »Although they use machine learning, the algorithms that they use are graph-based. Their AI/ML capabilities could be improved a bit.
View full review »VS
Vinod Shankar
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
This product is jack-of-all trades, but master of none. As mentioned in the good, being a jack-of-all trades is well suited for certain organizations. However, the lack of mature functionality and expertise in any of those areas is a strong negative.
For example, the correlation engine is nowhere close to the likes of ArcSight , QRadar, or Splunk, etc. The threat Intelligence is not as good as QRadar, McAfee, RSA, etc. When it comes to critical functionality expertise, AV USM is found lacking.
- Database: AV USM is using MySQL for its database. All the issues related to a structured DB for log collection, storage and management come to haunt AV USM as well. All SIEM logs are stored in the MySQL database and this causes an issue in terms of scalability, especially with high log volume environments because backup and restore is time and CPU/RAM consuming. USM can hugely benefit from moving to a non-DB Log storage architecture, thereby giving more flexibility in data management. It is doubtful if AV will take that route. Based on their product direction, they are looking at Percona Server to replace MySQL. While it is a good move, it is still customized MySQL replacement. It may not add much desired scale to the product.
AlienVault cannot automatically respond to threats like other SIEM solutions, such as Sentinel and LogRhythm. Most of our clients are far away, so it's often challenging to handle alerts when they come up on our dashboard.
View full review »I think they need to broaden their compliance management to cover more areas of compliance. For example, they're very specific about HIPAA, CIS 8.0, and a few others, but they don't have a broad compliance management base. Some customers need compliance management with other standards or frameworks, which are unavailable on their platform. I want to see more compliance management capability because if they broadened it, it would be a much more attractive product.
They have a lot of integrations, which is good, but the quality of integrations seems to be a little bit low. It's one thing to provide integration, and it's another to provide integration that works really well.
DL
reviewer1607511
Solutions Engineer at a computer software company with 51-200 employees
I don't have any suggestions for improvement. On our side, as a provider, we should develop a real security operation center type of practice, which we don't have right now.
There could be some type of integration with our existing portal. We have our own customer portals, and it would be good if there was an integration so that our portal can provide reports. There could be some type of API into the AlienVault system with the USM system so that it is easy to show the customers high-level reports of the system through our portal.
View full review »SL
Subramaniam L.
Senior Talent Sourcer, Digital at Digitaltrack
The reporting and dashboards have room for improvement.
View full review »With all these products there is always room for improvement. Whether it’s making the filtering of anomalies better, making setup and deployment faster, streamlining more of the functional aspects of the product, etc. There is really not one thing that stands out in particular.
View full review »JS
John Stanford
Senior Network Architect / Network Team Leader at ICE Consulting. Inc.
I'd like to see a dashboard that's a little more descriptive. We can customize the dashboards, but the out-of-the-box dashboards are kind of bland. Since we give our customers access to their dashboards, it would be nice if they were a little bit more intuitive. We can go easily drill into it and show them everything, but the customer just sees the writing on the page.
I'd like to see them dress up their out-of-the-box dashboard a little bit. We have the ability to do a lot of that.
Since they have this image — they have a strong MSP program. I would love to see them allow branding, which they don't at this point.
View full review »PF
Vpf4dc
VP at Castra Consulting
One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs. AlienVault has three components to it, a sensor, a server, and a logger. Sensors grab data, servers correlate data, and loggers store data. The logger can only hold so much data. If they improved that, that would help.
View full review »CB
Corey Bussard
Manager, Security Operation Center at Ideal Integrations
The support could absolutely be better. It seems to have gotten worse with the AT&T acquisition.
We have been hearing some not so great things from our associates in the field as well.
View full review »DO
reviewer981528
Principal DevOps Engineer at a tech vendor with 11-50 employees
I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins.
We often have application logs that are unique to us, so it's silly to have to open a ticket, have them do the work, and then release the plugin. It would be nice if they had a self-service portal where we could define the parameters within the product for the plugin and have a custom plugin for our logs.
View full review »MW
Matthew White
Production DBA at BLUE MOTOR FINANCE LIMITED
We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.
View full review »GP
Guilherme Peralta
Consultant at Embratel
- They should improve the reporting capabilities.
- Different functions to customize reports should be added.
- Export features should not be limited to spreadsheets (.XLS) only.
- Plugins could be better utilized, as some of them do not recognize all logs.
- We could add little more customization to dashboards.
KH
Karl Hart, Acse, Ceh, Chfi, Cissp
Information Security Manager at a tech services company with 201-500 employees
The one thing I continue to dislike about the USM is the limitation on reports. Hard to get what you need in a report and once you do, there is no control over the formatting.
View full review »An improvement for AT&T AlienVault USM is the option for us to build the connectors ourselves, for us to do the parsing ourselves, because those options disappeared with the version of the solution that we're currently using. I know I can talk to the vendor to ask for a new parsing option for the application, for any new platform, but I understand that it can take several months. Adding a parsing interface for the customers would be good.
SK
Sergey Kornienko
Director of Department at BAKOTECH LLC
The solution could be improved in three ways. The first one is user behavioral analytics. They need work.
The second one is cloud-related usage. The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on.
The third one improvement could be a bit more customization for security products. If someone has an antivirus where it is customizable they need to have the ability to easily connect everything together.
View full review »MM
seniorbu978126
Senior Buyer & Operations Specialist at Nth Generation Computing
The only recommended changes I can think of is to have the ability to filter logs. Also, being able to navigate the dashboard. That seems to have been quite a challenge.
View full review »JT
Jim Tora
Owner at ThatsIT Consultants
I've been using it just for my own personal upskilling in terms of how the product works. At the moment, it is pretty straightforward and simple, and it is working how it is supposed to. The feedback would come once it is deployed to customer sites. They'll be using it on a more frequent basis, and that's when the feedback would come in terms of the areas in which they're facing issues or are looking for simplicity.
View full review »The solution is a bit complicated. It could be simplified quite a bit.
The correlation engine could be improved. Much improvement could be made there, as it is an important open-source solution.
The solution could benefit from including security orchestration. It's still not available yet. It would be really nice to have in a future release.
It could use something like a pen test. Tools like that would make it more comprehensive from a cybersecurity aspect.
View full review »LC
Lorenzo Ciolfi
VP IT Operations at a financial services firm with 51-200 employees
The only that I can think of is that is not ideal is sending Windows Server logs to their device, to the system. That has to be done on each server. I don't know if they have changed that.
View full review »TS
Consulta85d2
Consultant at a tech services company with 11-50 employees
Search performance can be slow. The Raw Logs feature is painfully slow. And if we're talking about the newer, the Anywhere product, you can't even schedule reports on it. There are probably a dozen other features I'd really like to see there, but that would be one of the biggies.
Also, there is no visibility into the NIDS or HIDS agent configurations and no easy way to augment them. The same is true for vulnerability scanning, it's all or nothing; there are no fine-grain controls as there was in their older product. There is a lack of "real" visibility into the correlation rules, and the inability to create our own sophisticated rules (only very simple ones) is a big miss.
View full review »Source material on the forums to be more up-to-date with the changes happening within the product. Forums being out-of-date with information due to the changes makes troubleshooting a little more difficult - specific to the HIDS agents. Troubleshooting connectivity is limited to very view articles with very little information. Perhaps adding templates into the HIDS agents for collection based on systems or a clickable addition of files to collect with check boxes rather than configuring the HIDS agents through text.
Also, more information on how specific sections relate to PCI and how to use/setup the SIEM to follow the guidelines of the areas. Some information is vague on how to accomplish specific items within PCI on help forums through AlienVault.
BS
SystemsA3512
Systems Administrator at a healthcare company
Honestly, the product itself is great. The only room for improvement I can mention is the initial installation procedures. I found that the online installation instructions for the product were missing important details, they lacked necessary steps. The product itself is fine.
View full review »As this software is in the cloud, you do not have control on updates and general changes which are happening. It can be a somewhat annoying that DC sensors are updated and you will not have control when this happens.
View full review »The UI and overall processes need a little bit more love. The development job postings have the requirement, for prospective candidates, of "values progress over perfection". This shows in the error banners that come up when you select certain things. There isn't a day that goes by that the UI doesn't error out and I can't view events for an alarm. It's nice that they have new features rolling, keeping up with demand, but fixing the events/alarm database errors would be nice too.
The reporting tools are a bit lacking for building reports to give directly to customers, but support has been helpful in giving our requests for new features to the development team and following up with us.
I would like to see it be able to run on any hardware via just an installer.
I would like to see some better ways to report on the information. There are many reports included but would be nice to have better access to the data. Customizations are possible but don't always allow us to report on what we need.
View full review »Reporting still needs a lot of work, especially on the vulnerability side. Vulnerability management UI could be improved as well.
Vulnerability reports are clunky and difficult to manage. The layout is not really professional or intuitive and takes some time to understand how to navigate it. In general, while there are some customization options with reporting features as far a look and feel, reports still have an “open source” feeling. In general, the look is not as clean and professional as what one is used to seeing in other, similar products.
View full review »The vulnerability reporting needs to have options to be able to sort or customize the output. It is helpful to look at the vulnerability and how many hosts have it, in addition to being able to look at an individual host to see what vulnerabilities it has.
View full review »JM
reviewer980886
I.T. Manager at a non-profit with 51-200 employees
Long-term I'm genuinely concerned about AT&T's ownership of AlienVault. I have never had a good relationship with AT&T in +15 years, and fear they will destroy this good product.
View full review »BG
reviewer673236
Systems Engineer at a university with 201-500 employees
The menu system can be a little confusing, until you use it for a while. Such as at the top right there is a “settings” menu. Which is more of a user profile menu. I would like that to say what it is “My Profile.” Under the “Settings” menu I had rather see true system settings. Such as User Accounts, Configuration Backups/Restore, SMTP server Setting, AD (LDAP) settings, Password Policies, and other true System Settings. There is also a large button at the right called “Configuration.” I would change that to something like “Deployment Settings”. Under this menu I would have settings specifically related to “this deployment of AlienVault”. Such as Plugins, Sensors, Remote Locations, and Services Running on this deployment (with the ability to Enable/Disable these and Start/Stop these). Also here I would have a sub-menu called “System Performance” with metrics (CPU usage, Swap, Ram, database health (with cleanup and compress options), Network Traffic In/Out performance for each NIC, and etc. Currently Threat Intelligence items are also under Configuration. I would make a separate “Threat Intelligence” menu and expand upon it to cover more items. Just my thoughts.
I guess it comes down to my being old school and would like traditional menus. Such as text-style drop-down menus from the top and not the huge big button menus. Like File, Analysis, Environment, Reports, Settings, Deployment Settings, Preferences, help, and etc. The text-type tend to be much more explanatory as to what is in them below. I know a lot of software has gone to the big button/ribbon style menus (MS Office). I assume that is to make things mobile friendly. To me it makes navigation less easy and more confusing and the big buttons take up too much screen real estate that I have rather see for other things such as alarms and real-time system activities.
View full review »Most of the troubleshooting requires going through the Linux command line and bypassing the GUI. We have a wide variety of users with different technical expertise. For some, any amount of command line troubleshooting scares them away from products.
View full review »The reporting could do with some improvements for example the vulnerability report only tells you what vulnerabilities are open and lists them but there is no indication of how old they are at a glance and what vulnerabilities have been closed since the previous scans. I would also like to see the ability to scan my devices for compliance against the CIS Benchmarks.
View full review »CC
Christian Caldarone
ISO (Information Security Officer) with 10,001+ employees
The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management.
View full review »For creating new rules, you have to be familiar with regular expressions. I feel there could be something built-in to make sure that process is easier.
View full review »The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing. The views are also very static and do not give you a lot of options on how the data is presented.
View full review »BC
Brett Carson
Director Of Information Technology at a tech services company with 51-200 employees
I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job.
View full review »Offer solutions based on a PoC (Proof of Concept) to fit each company's specific needs, rather than letting the company guess or piece together the solution they need.
View full review »The alarms section of the USM is very robust, yet I still find myself having to look back through the events to find more details. It would be nice if I could navigate straight to the event from the alarm.
View full review »The search capabilities are not optimal and are going to be optimized in the next versions. For example, it is possible to search both username and IPs but not usernames and specific fields (aka user data) at the same time.
Documentation needs to be improved, especially due to the fact that AlienVault gets improved often with new features.
Vulnerability scanning does not support Nessus (after version 5) which is a leader in the market. The default vulnerability scanner is OpenVAS, it does the job but the report are not the same quality as Nessus.
Asset scanning and inventory (stale assets, scheduling scans) and correlation (false positives).
View full review »They need to be faster in developing custom plugins.
View full review »MF
Maria Foss
Chief Operating Officer / SR. Project Manager at SCS
They set aside a lot of the functionality from the on-premises version that we found very helpful in managing tickets. As it is now, the cloud-based deployment is lacking these useful features.
The reporting is mediocre and is something that needs to be improved.
View full review »A tailored OTX map for each customer's central would be awesome to have for displays. A lot of companies like to have visuals for their central instance in order to be able to see when an IOC comes through and it would help have something in front of analysts/engineers to respond to promptly if they were away from central working downstream.
View full review »Reporting and Windows log collection is the biggest drawback. Reporting is convoluted and difficult at times, although they claim to have hundreds of pre-built reports, very few of them are actually useful for anything but what the USM is doing. Windows log collection works with HIDS, but documentation is sparse and confusing. You have to trace back to how Windows Event ID ultimately correlates with AlienVault events through HID's IDs.
View full review »Directives and searches within security events. So many issues with directives. Creating directives is a pain on it's own, but editing them can be a nightmare filled with tedious unnecessary steps. You do not have an option to whitelist or blacklist specific traffic flows to trigger alarms (eg. Specific IP to specific IP) if your directive contains multiple alarms. A simple fix would be to allow the engineer to give "and" and "or" statements so you could get something along the lines of (SRC IP: 192.168.0.20, DST IP: 10.10.1.12 OR 10.10.1.13) AND (SRC IP: 192.168.10.5, DST IP: 10.10.2.5). Instead you have a list of source IPs and a list of destination IPs and no matter if the traffic you need to blacklist is specific, anything communicating from the source list to the destination list triggers an alarm, which is not always what you want.
A workaround for that is to split the alarm directive into separate directives for any specific flows you are looking for. Searching in security events comes with it's own minor inconvenience that isn't a deal breaker, however, a simple improvement could make things orders of magnitude better: Allow the analyst to decide everything he wants to search for and trigger the search themselves. Right now, if you want to search something by signature, time range, and port - for example - you have to do each individually and each search forces the query to reload before you get the information set you want. E.g.: I want to search for Admin Activity Events, surrounding a specific Admin, over the last week. I need to first search for Admin activity events, which reloads the whole set of data, then search for the username, reloading the whole set of data again, then choose the last week time range, reloading again. It would make more sense to be able to package the queries I intend to use, then click something along the lines of submit. AlienVault does offer predefined searches, which is a great tool, but I think fixing the search function of the SIEM would be great.
View full review »The next release will include cloud security and it will support a hybrid IT environment, furthermore the OTX has a great added value but it will help when there is more OTX information in the database. Future releases will definitely need to improve on these items and it will position the product in a more enterprise ready strategic position.
View full review »BC
BAMALICK CISS
Manager at WASHI
The solution is very user-friendly, but the dashboard could be improved as well as the level of customization.
View full review »More complimentary training needs to be done for use with this tool. If you get into a bind, then it will cost you.
View full review »Stability on certain components could be better, but for a system that is on 24/7/365 without reboots, it's fairly trouble free.
View full review »The report section needs to be improved. Most of the correlation rules are based on the NIDS event, which needs to be improved. In other words, we have to use the device logs also.
The configuration is somewhat complex and the interface a bit non-intuitive. Whilst very useful for reporting, interpretation of the results can be difficult: improved features to help with this would be welcome.
View full review »It can still be difficult to feed products that are not supported out-of-the-box. It would be good if they had a better plugin exchange/store with AlienVault QA to ensure data is being processed properly.
View full review »My biggest challenge has always been the fine tuning that is sometimes required for some networks. It requires a solid understanding of Linux and databases and how networks work. So a non-technical user may become frustrated, or not configure the product to work at its best, and therefore miss important events. So I see room for improvement in the following -
- Easy of deployment and configuration
- Easier way of testing if features are working as designed, e.g. Packet analysis
- Troubleshooting features that are not working as designed
Some customizations with the integration between AlienVault components have room for improvement and enabling users with WebUI interfaces instead of having to edit configuration files on the system to achieve certain actions would be a good improvement.
View full review »HH
Hesham Hameed
Operation Manager at Checksum Consultancy
Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira.
It is also a bit slow, and its replication engine can be improved.
View full review »AlienVault needs to continue to integrate with other third-party technologies that clients want to have monitored. The plugin builder in the most recent version update is helpful, but it is still a little "clunky" at times.
View full review »I think expanding their vendor-specific plugins would beneficial.
View full review »With all the great features AlienVault has to offer, it would be nice to see improved search query functionality, similar to ELK stack.
View full review »DT
Danilo Tiberi
ICT Consultant at N3tcom
The price of AT&T AlienVault USM could be reduced.
View full review »SA
Seyed Afzouni
DevOps Engineer at a tech services company with 201-500 employees
The AT&T AlienVault USM is okay, but the relational database is not very good for large amounts of data. For example, many logs cannot be processed. It has been very slow for the queries and some data which are large, it is not very good in this case.
View full review »The Log Management and configuration of email notifications should be user-friendly. Pay attention to false-positive event automatic correlations.
Report modules now lets us get a visualization of the activity of the main assets to continue to improve the business and reduce the risk of failures.
View full review »Sub menus: Sometimes you really have to drill down to get to where you want to go.
View full review »DL
Denis L
Sales Solutions Engineer at a tech services company with 201-500 employees
Having automatic agent deployment would be a great feature. It would be nice to see some machine learning and monitoring of the configuration in network devices.
View full review »Taking into account that server access credentials are controlled by the tool, some more management-focused actions could be performed from AlienVault.
View full review »Many of the tasks on features are useless in our situation. NetFlow is worthless. Many of the built-in correlation engine solutions are just okay.
View full review »All products have room for improvement. AlienVault is always looking at ways to improve their solution.
We would like more plugins. This being the main point of improvement which would benefit the users.
View full review »Backup, restore, and upgrade - some menu options are a bit convoluted.
View full review »The web UI can be clunky at times, with poor error handling. Updates need more QC before release.
View full review »We have a relatively large deployment that spans multiple locations and domains. Having the ability to authenticated users across multiple domains would be useful, but is not critical. The log query capability is pretty restrictive and I find myself searching through raw logs via command line more often than the GUI. Full logging is not supported out of the box, you will need to modify configurations to store all logs if that is your concern or a requirement of your organization, AlienVault by default only stores alert logs, this can and will bite you at some point. The IDS Rules need better oversight when updated. The vulnerability scanner needs to have a power user mode that gives you a more complete interface to the vulnerability scanner (OpenVas).
View full review »AM
Alaa Mady
System Administrator at a insurance company with 51-200 employees
This solution has too many issues with integration with other technologies. For example, you can configure the solution to integrate with your technology today but tomorrow it will stop working. You have to continually update the login, save the issue, and create a ticket with support. It is a long process that takes too long for the support to resolve quickly.
In the future, I would like to see all these features of the solution working properly.
View full review »RB
Rajnikant Bhandare
Security Analyst SOC at Sumasoft Pvt Ltd
While it is relatively easy to use, it takes a little time to get used to where everything is located in the web interface. I do wish that their support would help a bit more with the analysis of alarms.
Still I was working on the implementation I have found difficulties in searches within security events. Configuring some areas looks complicated.
I had issues while installing OSSEC agent in Solaris and CentOS Servers. A workaround for this issue will give some value for users.
View full review »SK
Shayanthan Karunaharan
Engineer - Information Security at a tech services company with 51-200 employees
User friendly interface could be an advantage. Sometimes we may face trouble when we were going through the settings of AlienVault SIEM.
It would be great if there was a feature to add in watch lists, like McAfee or QRadar have -- to keep track of IPs, domain, etc. that I have identified as being malicious.
Also, being able to connect into other TAXII/STIX feeds other than OTX.
View full review »API, ETL, or connector to support BI tools such as Tableau, Power BI, etc.
View full review »The biggest improvement they could do is to provide full support for IPv6 addressing. It currently has quite lightweight support for IPv6 addresses in the sense that it will record the source/destination addresses in all cases, but currently trying to search with IPv6 addresses is not possible and thus makes our lives harder.
View full review »It needs to be easier to deploy switch monitoring.
View full review »The way it identifies systems can use some improvement. It has a hard time differentiating between versions of Windows.
View full review »TR
Tharaka Ranasinghe
Network and Security Engineer at a tech services company with 51-200 employees
AlienVault must improve their correlation feature. Some of the events do not match with the correlation rules and some of the correlation events are false-positive.
View full review »Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement.
View full review »The setup was somewhat complex.
View full review »They have the advantage of having a large community that uses the free version, and they really could use this as a sort of beta testing population for new releases. Yet, a lot of the releases break things that are used. I think they need to do more QA before releases. For example, I have custom rules written for the Suricata function. Some releases ago, there was a code change and now every single update requires that I reinstall the custom rules, and I am still waiting for the fix. They need to either stop allowing customization (which would be a mistake) or they need to embrace that a majority of their customer base does this and put in safe guards. I understand putting in limits to what’s supported, but simple things like this are part of the appeal of the product. Another example is that a few releases back, they broke the Nagios availability monitoring portion. All the functionality to watch your systems is there, and of course, I used it. When it broke, support told me it was really only meant to watch the AlienVault system itself, yet the entire interface is there, the options to enable the monitoring on hosts is there. I believe, first of all, that what I was told was wrong as availability monitoring is one of the core functions AlienVault touts, and secondly, that they need to be more careful with testing before releasing updates. It took like twp more updates before the functionality was restored.
View full review »More information about what the alerts mean and how they are derived would be useful when determining their significance. Support is good to provide this information though.
View full review »Plugins: most plugins are not up to date with the newer versions of products.
View full review »It should be able to communicate with other security solutions to stop threats.
View full review »As with many of its users, I have submitted suggestions in the past and AlienVault has seemed to listen to suggestions from its users and have implemented them every time. I am happy with the product as it is today.
View full review »As it includes multiple security softwares, the installation and configuration takes a lot of time. It would be good if they could work on that but the time is understandable given all the features AlienVault offers.
View full review »They should simplify the HIDS agent reporting/custom rule creation.
View full review »JR
Javier Ramirez
Network Security Specialist at SEFISA
Maybe logs are the problem, as the database query is too slow. If you want to search something, you need time to find it.
The other thing is the agent is OSSEC. They needed to create its own agent to help to find threats on the devices that it happens to be installed.
View full review »It is a lot of work to get the software configured and set up properly.
View full review »- Accuracy of threat detection
- Advance reporting
- Reliable asset and vulnerability management feature
- IPv6 not supported
- Correlate with external logs from other sources makes little bit difficult to work
I'd like to see built in support to detect more security incidents.
View full review »- Database query speed when dealing with millions of events per day
- Reports customization and types
- Dashboards TV modes (SOC surveillance monitors)
I would say the menus could use some tweaking and custom rule creation could be made simpler.
View full review »I don't have any, as I've been pretty satisfied with the product.
View full review »MA
SOCmgr67
SOC Manager at a tech services company with 11-50 employees
This solution could be easier to use. It is hard for some people to understand, and they need to get training and certification just to understand what it's showing them.
View full review »MH
reviewer1022949
Team Lead & Principal Software Engineer at a tech services company with 51-200 employees
The GUI needs to improve because it's not user-friendly.
View full review »Buyer's Guide
USM Anywhere
March 2024
Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.