USM Anywhere has a built-in TI (threat intelligence), and it includes lots of investigation tools. The solution also provides basic log storage options for periods of 15, 30, and 90 days. The 365-day block query is a major feature.

Log aggregation and alarms are the most useful for security for our customers. It collects logs from various log sources in the corporate network and then gives you actionable intel on the collected logs.

The second feature is SIEM capabilities. It's an umbrella set for what SIEM does.

The asset discovery and inventory capabilities in USM Anywhere is quite good because it helps to discover all assets and IP addresses on the corporate network.

USM Anywhere uses artificial intelligence to enhance threat detection.

What I find the most valuable about USM Anywhere is its compliance. It shows a list of all the administrators logged on and does it quite well. There are no whistles and bells, it's reliable and simple to use. Also, for the first time in eight years, I felt I could actually work with the raw data. I don't have to use search or log file manipulator engines because I can see the log file directly. It's readable and it's not cloudy like, for example, QRadar. 

The most valuable feature of the solution is the ease of deployment that it provides to users. The integrations that the product has with third-party applications are useful.

Our main focus was intrusion detection, alerts, and correlation. It's easy to use AlienVault and integrate it with other alert tools because it includes lots of connectors. Either the tool is already there, or AlienVault will write an API for us if they don't have a connector for the solution that is providing the logs.

We've seen a lot of improvement in the product over the years. Their threat monitoring was an important feature for us, but we didn't use the tool to its full advantage. I wanted to use the built-in NES and asset management tools, but unfortunately we didn't use those because we had other solutions to address those areas.

The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution. So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable.

The setup of AlienVault is extremely easy. It is very simple to understand for someone who is trying a SIEM solution for the first time.

The integration of servers and other devices is extremely easy. It is a piece of cake. You just double-click and start, and you are up and running. That's all.

The ease of implementation is the most valuable feature.

Having everything in a central place has been helpful. 

I think all of the features are valuable. However, the most valuable feature is vulnerability management because it gives you insight into your environment to know what systems need to be updated or patched. You can avoid weaknesses in the computers and other systems by keeping them patched.

The most valuable feature in AT&T AlienVault USM is the reporting.

It gives us everything we want. We don't use vulnerability management, and we use it specifically for the log.

AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small company that doesn't have those resources.

In terms of monitoring, my best feature would be the monitoring of components across the network. It monitors the respective nodes and any new node that comes onto the network and provides reports. The reporting dashboards are really helpful for management in terms of making decisions around patch management.

It is an all-in-one package. In terms of the selling points, to the best of my knowledge, it has eight different selling points or eight features, and they're all interlinked, which most of the infrastructure setups here do not have. They have separate systems for monitoring the networks. So, USM can cater based on those eight capabilities.

We're using it more for reporting, that's all. We're using it to help our customers to pass any kind of audits that they receive.

The reason why we went with AT&T AlienVault USM, was because we liked their reporting capability a little better than some of the other ones we evaluated; however, the biggest draw for us was how AT&T has their MSP program set up. In most cases, you have to buy a certain number of either agents or sensors which are, more or less, the program. With an MSP, our clients don't have to buy any — there are no minimum requirements. Alien Vault provided us with really good worksheets to detail the number of sensors needed when we are in negotiations with prospective clients. We can also use them to determine the number of devices that are going to be monitored, and how we can tailor the customer setup based on what the customer requirement is.

The other big selling feature for us was its integration capabilities with all the other security-based products, not just security-based, but application settings in general. It works with Google Drive, Gmail, and Microsoft 365. It also works with different antivirus software from Proof Point to Okta — all of the different pieces of applications that we normally provide as a best practice to our clients. This software can interact with them all and pull the event data and the security data from all of these different applications, and more.

The SIEM, security information management is very, very good. Basically, it's great at analyzing the logs of our servers.

The setup is very easy and straightforward.

The solution has excellent compliance and has good incident response.

There are multiple tools for information security. The solution includes all the latest advances on the network and host intrusion detection systems.

The out-of-the-box features are great. You don't have to jump to different consoles as everything is right there. Everything from a security standpoint can be handled via one screen.

I like that AT&T AlienVault USM is deployed on cloud, because the previous solution, the all-in-one solution wasn't, so we had a lot of problems with the all-in-one solution. Either the database was corrupted, or there was a large delay in the appliance. With AT&T AlienVault USM being on cloud, all of those problems disappeared.

Another feature I like about the solution is the ability to add apps. It's a really good feature.

AT&T AlienVault USM is a very intuitive tool, especially for analysts. It's easy to use.

AT&T AlienVault USM is good for ELK Stack, the user experience is great because of its architecture. The ELK has a great performance and it has very good speed in the search and Kibana. Additionally, the visuals and dashboards and very nice and customizable.

The solution has all the features that we need, however they do not work correctly.

Asset discovery and vulnerability scanner are good features. The integration between this solution and OTX, which is an AlienVault platform for Open Threat Exchange, is also a valuable feature. It is also quick and easy to deploy, so you can quickly engage with a customer's environment.

The most valuable feature is threat intelligence. Their community is a very helpful tool and I think it's one of the values of AlienVault.

The most valuable feature of this solution is security management for PCI DSS.

The features that we have found most valuable are the out-of-box vulnerability scanner, Network IDS, Host IDS, Netflow Monitoring, and more than four thousand pre-installed correlation rules.

My favourite one is the vulnerability scanner because while using it, our environment is always updated about security threats.

The fact that AlienVault is several tools in one is most valuable to our small team. We can collect logs, and also actively scan our network for vulnerabilities all from one tool.

• In my experience, I've found the vulnerability assessment very valuable because it identifies vulnerabilities and AWS configuration issues, so we are less likely to have potential risks. 
• The compliance reporting is also valuable for reporting purposes.
  

IDS is a nice capability to have. In the past, I have implemented standalone Suricata sensors and having this bundled in is very helpful. OTX is good when implemented correctly.

It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts - NIDS, HIDS, etc., provides a very efficient way of dealing with things.

Their OTX intel is also great, as one needs to know who is running around threatening the IT infrastructure with a "crowbar."

The IDS and the threat intelligence are very useful. They are very intuitive and data-rich.

• Vulnerability assessments and log aggregation/correlation

These were the two answers we needed for our solution. It gave those solutions very easily. It is easy to implement, and effective.

A vulnerability assessment feature is very helpful for me. Because of this feature, I can schedule a vulnerability assessment for my critical server.

The most valuable feature is what it can block, what it can prevent from coming in.

On any given day I could give you a different answer regarding the most valuable features of the product. The feature that is most important is the fact that it has a lot of features, that it's not just a log collection and correlation system, that it has a lot of other components built in. The bundle of features is really the killer feature.

In particular though: 

• ease of use and deployment
• excellent cloud integration
• dynamic asset management
• vulnerability scanning
• network intrusion detection
• host-based agent monitoring and collection. 

All of these features combined create a compelling "one-stop" package for a business that needs security monitoring and analytics.

Log-monitoring and alerting, so we can find out when things happen that we need to know about.

It's hard to pick just one valuable feature for this product. I like everything the product has to offer. The dashboards are very descriptive and contain just the right amount of information. The activity alarms and events contain a plethora of data that is very descriptive and useful. 

Vulnerability scans, IDS  scans, asset scans. It's pretty much the whole USM Anywhere tool. Everything in here is pretty important. It gives you all the vulnerabilities of your assets. It goes through and it actually shows you the software on there, if it's missing patches, the operating system.

Overall, I find that this product is amazing.

AlienVault USM Anywhere has a modern, user-friendly, and intuitive GUI, making it easy to use. It is a cloud-based solution that is easy to deploy and easy to scale as well. On top of having built-in support with several technologies, AlienVault USM Anywhere has an API that allows you to develop additional plugins if necessary.

AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the Cloud) is quick and easy. With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon Cloudwatch Logs. Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response. USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice.

I have found the host-based intrusion detection system (HIDS) extremely useful, as it

• Allows me to identify possible threats and vulnerabilities.
• Allows anyone with little knowledge of a cybersecurity devise to work with a high level threat discovery solution.

• Centralized logs: All the details are in one place. This is helpful if you have over 100 servers.
• Centralized IDS: We need this as we are able to see what is happening in (almost) real time.

• Alarms
• Correlation

The Vulnerability Scanning Engine using OpenVAS is a quality tool. The asset management functionality (active and passive scans) is also really important. You can't protect what you do not know about, so having an inventory of all your devices and software is critical to a security management program.

The main menu: You can see everything there, what is happening on the servers, and in the logs, you can view more details of each event. Everything you need is in 'one place'.

The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure.

The cloud console is by far the best improvement of the product. In the past, our less technical clients had trouble sorting through the dashboards within the USM console, and we had received complaints on viewing the real-time data versus our prepared reports.

The new cloud-based panel is excellent both for client review as well as for our SOC to review and respond to threats. It is much easier to configure and use than the previous solution from AlienVault.

SIEM and the FIM are the first preferences when I started the deployment. Because the customer wanted to monitor network security incidents of the Servers and any file modification done to their critical files residing in the production servers. 

Vulnerability scanning and OTX helped us to manage all in one single point.

The alerting and security intelligence is the heart of the product. Monitoring customer's critical network is now almost a one man job.

AlienApps that we use to integrate with our current setup is awesome! Not only that, they have roadmapped being able to open up their API so we can integrate and flex the USM Anywhere as much as we want and when we want to. The staff has been incredibly helpful on getting us further down the line with our constructive feedback and have worked on implementing changes to their system to help improve their product.

AlienVault has the necessary all-in-one product with the function of vulnerability scanner integrated with detections, so when you detect an incident in a vulnerable port you can act faster and prevent more incidents.

• Real-time email alerts
• Event correlations
• Log management
• System monitoring
• Network monitoring
• Uptime monitoring
• OTX threat intelligence
• Vulnerability scanning/reporting
• Compliance reporting

SIEM log collection is great, and all of the rules that support updates with maintenance. 

AlienVault USM has a vulnerability assessment feature and only one SIEM feature compared to other SIEM solutions. 

Unified Security Manager (USM). In every SIEM, having only SIEM features (log management, alerting, notifications, etc.) is typical. Here we can get file integrity monitoring and a vulnerability assessment tool together with SIEM. 

I have never seen a tool like this.

Asset discovery seems to be good. Nice that everything is bundled.  

Raw logs: Clients require to store their raw logs in a data-store rather than keep it in the actual device.

Alarm section: It's very easy to see the Alarms for any incidents rather than going through all the logs.

Security events: Categorization of Security events helps our SOC analyst for further analysis.

We have found the AIO USM the most valuable because of its centralized grouping of all of the tools necessary to manage our security in an "All In One" solution.  Of its parts, the scheduled vulnerability assessment tool has been helpful as a preventative measure to help keep ahead of security threats!

I have used the asset discovery and the vulnerability scans the most. As a system administrator, it is important that we are prepared for any eventualities. I also like how you can use the hardware “out-of-the-box”, or using logs you can actually customise the performance to fit your environment and needs.

The asset management of nodes has been a large help in terms of being able to track applications with more detail and have changes made being monitored into one source. The vulnerability scanning has also been an aide of reviewing the systems and having feedback of what is missing patches and holes in our environment that need review and remediation. The all-in-one aspect has been helpful to see items and correlate within one source rather then multiple.

The most useful feature is the customization for alarms, alerts, and reports. AlienVault is situated to be adapted and changed to meet many different needs and use cases, but still being effective at most of them. 

AlienVault provides you with a unified view for all aspects of what is going on in your environment. It allows you to define what alerts you want to see, or not to see, as well as if you want them grouped, or ungrouped.

• General SIEM tool functionality.
• Ease of deployment across various environments.

• Network monitoring
• SIEM

The most valuable aspect of AlienVault is the visibility into the network. You have the capability to gather logs from multiple sources and easily see what is going on in the network.

Deployment was very easy. I got my servers and devices reporting very quickly.

The UI is clean and easy to use. Lots of documentation, training, and community involvement available as well.

SIEM capabilities, vulnerability scanning, asset discovery/management features.

The tool is a great way to meet logging requirements for PCI and HIPAA standards. It is very flexible and customizable.

Flexible Deployment Architecture – This is where the Open Source roots really start to flex their muscles when it comes to AV USM. The main components of the architecture are as follows:

• AV Sensor: AV Sensors perform Asset Discovery, Vulnerability Assessment, Threat Detection, and Behavioral Monitoring in addition to receiving raw data from event logs and helping in monitoring network traffic (including Flow). The sensors also perform normalization of the received raw events and communicates them to the AV Server for correlation and reporting.
• AV Server: AV Server is the Central Management Console that provides USM capabilities under a single GUI. The server receives normalized data from the sensors, correlates, and prioritizes the events and generates security alerts or alarms. The server also provide a variety of reporting and dashboarding capabilities as well.
• AV Logger: AV Logger provides the capability to archive log files for purposes of forensic analysis and to meet compliance requirements for long term retention and management.

All the architecture components including the Sensor, the Logger, the Correlation Engine, etc., can be deployed tier-based, isolated, or in a consolidated all-in-one style. This wide variety of deployment options help customers to have flexible and open architectures. This also helps control cost depending on the budget at hand. Very rarely can products boast of such flexibility.

I have worked with a Managed Security Team that uses AlienVault USM for the past two years. The user interface is as good as it gets. The setup is greatly simplified with intensive documentation and a great tech support.

The customizable reports

The ease of use and customization. The USM is a work horse, no matter what devices or the number of logs we throw at it, the system processes them in real time, correlates the events, and alerts on only events that need human review.

The vulnerability scans and network scans and alarms.

OTX is a great module that lets staff maintain and monitor updates regarding events in the infrastructure and takes decision to improve the security perimeter.

We use several features extensively. Logging, vulnerability scanning, file integrity monitoring, and threat information.

Policies have been very valuable. We use them as alerts on many compliance requirements and concerns.

The dashboard.

• Real-time email alerts
• Event correlations
• Log management
• System monitoring
• Network monitoring
• Up-time monitoring
• OTX threat intelligence
• Vulnerability scanning reporting

There are too many to list.

Threat detection powered by signatures and advanced correlation rules.

• Vulnerability scanning
• Cross co-relation
• Reports in a grouped manner
• OTX for threat intelligence

Log aggregation, correlation, and threat intel.

Event monitoring and vulnerability scanning have been a huge benefit to us.

The best feature of this product is the ease of use. It is extremely easy to set up and get going. This is a very useful tool for a small organization.

AlienVault's "Overview" dashboard makes it very easy to see everything going on in your network that needs your immediate attention. You can easily customize the dashboard to you or your company's needs.

AlienVault is used in a classroom setting at Pittsburgh Technical College, which brings industry tools from the college classroom back into the field. We have several employers in the area that use AV so student acclimation to the product is key. AV is set up as a dashboard in the security lab where students can view and analyze the monitoring techniques of the product. If an event happens, they can process an analytical step to provide remediation.

Alarms dashboard shows immediately any threats that may need further investigation. The vulnerability scanning is helpful to identify the areas that need patching or fixes installed.

• Open Threat Exchange (for IP reputation)
• Vulnerability scanning
• Quick APT phishing-related threat detection

The automated alarms have been very helpful in identifying what is happening on your network that should be investigated.

The NIDS/HIDS features have probably been the best features for us in our environment. We've had some open-source options and, while they work, it isn't the same as having commercial support. SIEM is the second-most useful feature.

AlienVault out of the box features for easy asset discovery, vulnerability scans, IDS setup are all beneficial, but the best feature we find most valuable is the main dashboard for how the information is bubbled up and presented to us.

It's a single solution that is meeting the needs of multiple of my PCI compliance objectives.

As an information security consultant that works across many diverse networks, these features offer by far the most critical information when analysing a client’s environment for issues that need to be addressed:

• Raw logs
• Alarm section
• Security events

Vulnerability scanning and OTX are powerful. The alerting and security intelligence is the engine of the product. Looking at the cockpit and monitoring your IT environment is now almost a one man job. There is no complex alerting or code review, just click and go.

AlienVault provides excellent visibility into your network by combining centralized logging, host-based IDS and network IDS. This enables me to detect quite a lot of potential issues that have gone through AlienVault's correlation engine and our own policies.

SIEM, Event Correlation and the Vulnerability Scanner.

The most important part of the product is the event correlation and alerting that it provides. Sifting through tens of millions of logs a day looking for the proverbial needle in a haystack is impossible for a single person or even a team without automation

• Correlation
• Customization

Flexibility. As the source of AlienVault is based on an Open Source product, it is possible to implement nearly everything including fully customized plugins, scripts, etc. We haven't yet found any limitations.

Alerts derived from logs.

The integration of IDS and OSSEC is valuable as it enables correlation between Network IDS events and host system event logs.

Integrated vulnerability assessment, intrusion/anomaly detection and monitoring, with a simple management interface.

The fact that I am a very small security team and AlienVault allows me to have a SIEM, FIM and Vulnerability scanner all in one.

• Security alarms
• Log collection

The SIEM part where I can see all HIDS and IDS events in one place alongwith the correlation directives.

Event Correlation is the most valuable feature for every SIEM. AlienVault has ISO 27001 compliance which is very helpful for the companies looking to have the ISO 27001 certification.

The correlation from the Host Based Intrusion to Network Intrusion against the vulnerabilities in my network.

• Central log aggregation
• Security correlation

We now have the ability to see what is happening in the environment.

The SIEM and intrusion detection.

Enabling visibility of traffic on our network, merging of multiple systems reporting and analysis and clear method to highlight potential issues.

The most valuable features of AT&T AlienVault USM are the ease of management and knowledge of what is on the network of my customers. It's easy to understand the problems, and management our alarms and events.

The vulnerability manager and the file integration are very good.