What I find the most valuable about USM Anywhere is its compliance. It shows a list of all the administrators logged on and does it quite well. There are no whistles and bells, it's reliable and simple to use. Also, for the first time in eight years, I felt I could actually work with the raw data. I don't have to use search or log file manipulator engines because I can see the log file directly. It's readable and it's not cloudy like, for example, QRadar. 

The most valuable feature of the solution is the ease of deployment that it provides to users. The integrations that the product has with third-party applications are useful.

Our main focus was intrusion detection, alerts, and correlation. It's easy to use AlienVault and integrate it with other alert tools because it includes lots of connectors. Either the tool is already there, or AlienVault will write an API for us if they don't have a connector for the solution that is providing the logs.

We've seen a lot of improvement in the product over the years. Their threat monitoring was an important feature for us, but we didn't use the tool to its full advantage. I wanted to use the built-in NES and asset management tools, but unfortunately we didn't use those because we had other solutions to address those areas.

The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution. So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable.

The setup of AlienVault is extremely easy. It is very simple to understand for someone who is trying a SIEM solution for the first time.

The integration of servers and other devices is extremely easy. It is a piece of cake. You just double-click and start, and you are up and running. That's all.

It gives us everything we want. We don't use vulnerability management, and we use it specifically for the log.

The most valuable feature in AT&T AlienVault USM is the reporting.

AlienVault USM Anywhere has a modern, user-friendly, and intuitive GUI, making it easy to use. It is a cloud-based solution that is easy to deploy and easy to scale as well. On top of having built-in support with several technologies, AlienVault USM Anywhere has an API that allows you to develop additional plugins if necessary.

Flexible Deployment Architecture – This is where the Open Source roots really start to flex their muscles when it comes to AV USM. The main components of the architecture are as follows:

• AV Sensor: AV Sensors perform Asset Discovery, Vulnerability Assessment, Threat Detection, and Behavioral Monitoring in addition to receiving raw data from event logs and helping in monitoring network traffic (including Flow). The sensors also perform normalization of the received raw events and communicates them to the AV Server for correlation and reporting.
• AV Server: AV Server is the Central Management Console that provides USM capabilities under a single GUI. The server receives normalized data from the sensors, correlates, and prioritizes the events and generates security alerts or alarms. The server also provide a variety of reporting and dashboarding capabilities as well.
• AV Logger: AV Logger provides the capability to archive log files for purposes of forensic analysis and to meet compliance requirements for long term retention and management.

All the architecture components including the Sensor, the Logger, the Correlation Engine, etc., can be deployed tier-based, isolated, or in a consolidated all-in-one style. This wide variety of deployment options help customers to have flexible and open architectures. This also helps control cost depending on the budget at hand. Very rarely can products boast of such flexibility.

Having everything in a central place has been helpful. 

I think all of the features are valuable. However, the most valuable feature is vulnerability management because it gives you insight into your environment to know what systems need to be updated or patched. You can avoid weaknesses in the computers and other systems by keeping them patched.

We're using it more for reporting, that's all. We're using it to help our customers to pass any kind of audits that they receive.

The fact that I am a very small security team and AlienVault allows me to have a SIEM, FIM and Vulnerability scanner all in one.

The reason why we went with AT&T AlienVault USM, was because we liked their reporting capability a little better than some of the other ones we evaluated; however, the biggest draw for us was how AT&T has their MSP program set up. In most cases, you have to buy a certain number of either agents or sensors which are, more or less, the program. With an MSP, our clients don't have to buy any — there are no minimum requirements. Alien Vault provided us with really good worksheets to detail the number of sensors needed when we are in negotiations with prospective clients. We can also use them to determine the number of devices that are going to be monitored, and how we can tailor the customer setup based on what the customer requirement is.

The other big selling feature for us was its integration capabilities with all the other security-based products, not just security-based, but application settings in general. It works with Google Drive, Gmail, and Microsoft 365. It also works with different antivirus software from Proof Point to Okta — all of the different pieces of applications that we normally provide as a best practice to our clients. This software can interact with them all and pull the event data and the security data from all of these different applications, and more.

The IDS and the threat intelligence are very useful. They are very intuitive and data-rich.

• Vulnerability assessments and log aggregation/correlation

These were the two answers we needed for our solution. It gave those solutions very easily. It is easy to implement, and effective.

AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small company that doesn't have those resources.

AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the Cloud) is quick and easy. With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon Cloudwatch Logs. Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response. USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice.

I have found the host-based intrusion detection system (HIDS) extremely useful, as it

• Allows me to identify possible threats and vulnerabilities.
• Allows anyone with little knowledge of a cybersecurity devise to work with a high level threat discovery solution.

• Centralized logs: All the details are in one place. This is helpful if you have over 100 servers.
• Centralized IDS: We need this as we are able to see what is happening in (almost) real time.

The ease of use and customization. The USM is a work horse, no matter what devices or the number of logs we throw at it, the system processes them in real time, correlates the events, and alerts on only events that need human review.

The ease of implementation is the most valuable feature.

I like that AT&T AlienVault USM is deployed on cloud, because the previous solution, the all-in-one solution wasn't, so we had a lot of problems with the all-in-one solution. Either the database was corrupted, or there was a large delay in the appliance. With AT&T AlienVault USM being on cloud, all of those problems disappeared.

Another feature I like about the solution is the ability to add apps. It's a really good feature.

AT&T AlienVault USM is a very intuitive tool, especially for analysts. It's easy to use.

The solution has excellent compliance and has good incident response.

There are multiple tools for information security. The solution includes all the latest advances on the network and host intrusion detection systems.

The out-of-the-box features are great. You don't have to jump to different consoles as everything is right there. Everything from a security standpoint can be handled via one screen.

• In my experience, I've found the vulnerability assessment very valuable because it identifies vulnerabilities and AWS configuration issues, so we are less likely to have potential risks. 
• The compliance reporting is also valuable for reporting purposes.
  

In terms of monitoring, my best feature would be the monitoring of components across the network. It monitors the respective nodes and any new node that comes onto the network and provides reports. The reporting dashboards are really helpful for management in terms of making decisions around patch management.

It is an all-in-one package. In terms of the selling points, to the best of my knowledge, it has eight different selling points or eight features, and they're all interlinked, which most of the infrastructure setups here do not have. They have separate systems for monitoring the networks. So, USM can cater based on those eight capabilities.

The SIEM, security information management is very, very good. Basically, it's great at analyzing the logs of our servers.

The setup is very easy and straightforward.

The most valuable feature is what it can block, what it can prevent from coming in.

On any given day I could give you a different answer regarding the most valuable features of the product. The feature that is most important is the fact that it has a lot of features, that it's not just a log collection and correlation system, that it has a lot of other components built in. The bundle of features is really the killer feature.

In particular though: 

• ease of use and deployment
• excellent cloud integration
• dynamic asset management
• vulnerability scanning
• network intrusion detection
• host-based agent monitoring and collection. 

All of these features combined create a compelling "one-stop" package for a business that needs security monitoring and analytics.

The asset management of nodes has been a large help in terms of being able to track applications with more detail and have changes made being monitored into one source. The vulnerability scanning has also been an aide of reviewing the systems and having feedback of what is missing patches and holes in our environment that need review and remediation. The all-in-one aspect has been helpful to see items and correlate within one source rather then multiple.

It's hard to pick just one valuable feature for this product. I like everything the product has to offer. The dashboards are very descriptive and contain just the right amount of information. The activity alarms and events contain a plethora of data that is very descriptive and useful. 

Vulnerability scans, IDS  scans, asset scans. It's pretty much the whole USM Anywhere tool. Everything in here is pretty important. It gives you all the vulnerabilities of your assets. It goes through and it actually shows you the software on there, if it's missing patches, the operating system.

Overall, I find that this product is amazing.

The main menu: You can see everything there, what is happening on the servers, and in the logs, you can view more details of each event. Everything you need is in 'one place'.

The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure.

The vulnerability scans and network scans and alarms.

We use several features extensively. Logging, vulnerability scanning, file integrity monitoring, and threat information.

AlienVault is used in a classroom setting at Pittsburgh Technical College, which brings industry tools from the college classroom back into the field. We have several employers in the area that use AV so student acclimation to the product is key. AV is set up as a dashboard in the security lab where students can view and analyze the monitoring techniques of the product. If an event happens, they can process an analytical step to provide remediation.

The NIDS/HIDS features have probably been the best features for us in our environment. We've had some open-source options and, while they work, it isn't the same as having commercial support. SIEM is the second-most useful feature.

Log-monitoring and alerting, so we can find out when things happen that we need to know about.

Alarms dashboard shows immediately any threats that may need further investigation. The vulnerability scanning is helpful to identify the areas that need patching or fixes installed.

The fact that AlienVault is several tools in one is most valuable to our small team. We can collect logs, and also actively scan our network for vulnerabilities all from one tool.

• Real-time email alerts
• Event correlations
• Log management
• System monitoring
• Network monitoring
• Up-time monitoring
• OTX threat intelligence
• Vulnerability scanning reporting

There are too many to list.

Event monitoring and vulnerability scanning have been a huge benefit to us.

The correlation from the Host Based Intrusion to Network Intrusion against the vulnerabilities in my network.

It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts - NIDS, HIDS, etc., provides a very efficient way of dealing with things.

Their OTX intel is also great, as one needs to know who is running around threatening the IT infrastructure with a "crowbar."

I have used the asset discovery and the vulnerability scans the most. As a system administrator, it is important that we are prepared for any eventualities. I also like how you can use the hardware “out-of-the-box”, or using logs you can actually customise the performance to fit your environment and needs.

AlienVault provides you with a unified view for all aspects of what is going on in your environment. It allows you to define what alerts you want to see, or not to see, as well as if you want them grouped, or ungrouped.

The best feature of this product is the ease of use. It is extremely easy to set up and get going. This is a very useful tool for a small organization.

AlienVault's "Overview" dashboard makes it very easy to see everything going on in your network that needs your immediate attention. You can easily customize the dashboard to you or your company's needs.

It's a single solution that is meeting the needs of multiple of my PCI compliance objectives.

Flexibility. As the source of AlienVault is based on an Open Source product, it is possible to implement nearly everything including fully customized plugins, scripts, etc. We haven't yet found any limitations.

Integrated vulnerability assessment, intrusion/anomaly detection and monitoring, with a simple management interface.

The SIEM and intrusion detection.

The most valuable feature is threat intelligence. Their community is a very helpful tool and I think it's one of the values of AlienVault.

AlienApps that we use to integrate with our current setup is awesome! Not only that, they have roadmapped being able to open up their API so we can integrate and flex the USM Anywhere as much as we want and when we want to. The staff has been incredibly helpful on getting us further down the line with our constructive feedback and have worked on implementing changes to their system to help improve their product.

The most useful feature is the customization for alarms, alerts, and reports. AlienVault is situated to be adapted and changed to meet many different needs and use cases, but still being effective at most of them. 

• Raw logs
• Alarm section
• Security events

Vulnerability scanning and OTX are powerful. The alerting and security intelligence is the engine of the product. Looking at the cockpit and monitoring your IT environment is now almost a one man job. There is no complex alerting or code review, just click and go.

SIEM log collection is great, and all of the rules that support updates with maintenance. 

The tool is a great way to meet logging requirements for PCI and HIPAA standards. It is very flexible and customizable.

• Vulnerability scanning
• Cross co-relation
• Reports in a grouped manner
• OTX for threat intelligence

Enabling visibility of traffic on our network, merging of multiple systems reporting and analysis and clear method to highlight potential issues.

The cloud console is by far the best improvement of the product. In the past, our less technical clients had trouble sorting through the dashboards within the USM console, and we had received complaints on viewing the real-time data versus our prepared reports.

The new cloud-based panel is excellent both for client review as well as for our SOC to review and respond to threats. It is much easier to configure and use than the previous solution from AlienVault.

As an information security consultant that works across many diverse networks, these features offer by far the most critical information when analysing a client’s environment for issues that need to be addressed:

The integration of IDS and OSSEC is valuable as it enables correlation between Network IDS events and host system event logs.

Asset discovery and vulnerability scanner are good features. The integration between this solution and OTX, which is an AlienVault platform for Open Threat Exchange, is also a valuable feature. It is also quick and easy to deploy, so you can quickly engage with a customer's environment.

The Vulnerability Scanning Engine using OpenVAS is a quality tool. The asset management functionality (active and passive scans) is also really important. You can't protect what you do not know about, so having an inventory of all your devices and software is critical to a security management program.

Log aggregation, correlation, and threat intel.

AlienVault out of the box features for easy asset discovery, vulnerability scans, IDS setup are all beneficial, but the best feature we find most valuable is the main dashboard for how the information is bubbled up and presented to us.

The most valuable features of AT&T AlienVault USM are the ease of management and knowledge of what is on the network of my customers. It's easy to understand the problems, and management our alarms and events.

AT&T AlienVault USM is good for ELK Stack, the user experience is great because of its architecture. The ELK has a great performance and it has very good speed in the search and Kibana. Additionally, the visuals and dashboards and very nice and customizable.

Unified Security Manager (USM). In every SIEM, having only SIEM features (log management, alerting, notifications, etc.) is typical. Here we can get file integrity monitoring and a vulnerability assessment tool together with SIEM. 

I have never seen a tool like this.

OTX is a great module that lets staff maintain and monitor updates regarding events in the infrastructure and takes decision to improve the security perimeter.

The dashboard.

The features that we have found most valuable are the out-of-box vulnerability scanner, Network IDS, Host IDS, Netflow Monitoring, and more than four thousand pre-installed correlation rules.

My favourite one is the vulnerability scanner because while using it, our environment is always updated about security threats.

IDS is a nice capability to have. In the past, I have implemented standalone Suricata sensors and having this bundled in is very helpful. OTX is good when implemented correctly.

• Real-time email alerts
• Event correlations
• Log management
• System monitoring
• Network monitoring
• Uptime monitoring
• OTX threat intelligence
• Vulnerability scanning/reporting
• Compliance reporting

Asset discovery seems to be good. Nice that everything is bundled.  

• Network monitoring
• SIEM

SIEM capabilities, vulnerability scanning, asset discovery/management features.

The most important part of the product is the event correlation and alerting that it provides. Sifting through tens of millions of logs a day looking for the proverbial needle in a haystack is impossible for a single person or even a team without automation

The solution has all the features that we need, however they do not work correctly.

A vulnerability assessment feature is very helpful for me. Because of this feature, I can schedule a vulnerability assessment for my critical server.

SIEM and the FIM are the first preferences when I started the deployment. Because the customer wanted to monitor network security incidents of the Servers and any file modification done to their critical files residing in the production servers. 

Vulnerability scanning and OTX helped us to manage all in one single point.

The alerting and security intelligence is the heart of the product. Monitoring customer's critical network is now almost a one man job.

Raw logs: Clients require to store their raw logs in a data-store rather than keep it in the actual device.

Alarm section: It's very easy to see the Alarms for any incidents rather than going through all the logs.

Security events: Categorization of Security events helps our SOC analyst for further analysis.

Deployment was very easy. I got my servers and devices reporting very quickly.

The UI is clean and easy to use. Lots of documentation, training, and community involvement available as well.

Policies have been very valuable. We use them as alerts on many compliance requirements and concerns.

AlienVault provides excellent visibility into your network by combining centralized logging, host-based IDS and network IDS. This enables me to detect quite a lot of potential issues that have gone through AlienVault's correlation engine and our own policies.

We now have the ability to see what is happening in the environment.

The automated alarms have been very helpful in identifying what is happening on your network that should be investigated.

AlienVault USM has a vulnerability assessment feature and only one SIEM feature compared to other SIEM solutions. 

• General SIEM tool functionality.
• Ease of deployment across various environments.

• Correlation
• Customization

Alerts derived from logs.

SIEM, Event Correlation and the Vulnerability Scanner.

• Alarms
• Correlation

We have found the AIO USM the most valuable because of its centralized grouping of all of the tools necessary to manage our security in an "All In One" solution.  Of its parts, the scheduled vulnerability assessment tool has been helpful as a preventative measure to help keep ahead of security threats!

Event Correlation is the most valuable feature for every SIEM. AlienVault has ISO 27001 compliance which is very helpful for the companies looking to have the ISO 27001 certification.

• Central log aggregation
• Security correlation

AlienVault has the necessary all-in-one product with the function of vulnerability scanner integrated with detections, so when you detect an incident in a vulnerable port you can act faster and prevent more incidents.

The most valuable aspect of AlienVault is the visibility into the network. You have the capability to gather logs from multiple sources and easily see what is going on in the network.

Threat detection powered by signatures and advanced correlation rules.

• Open Threat Exchange (for IP reputation)
• Vulnerability scanning
• Quick APT phishing-related threat detection

• Security alarms
• Log collection

The SIEM part where I can see all HIDS and IDS events in one place alongwith the correlation directives.

I have worked with a Managed Security Team that uses AlienVault USM for the past two years. The user interface is as good as it gets. The setup is greatly simplified with intensive documentation and a great tech support.

The customizable reports

The most valuable feature of this solution is security management for PCI DSS.

The vulnerability manager and the file integration are very good.