USM Anywhere Reviews

SIEM capabilities, vulnerability scanning, asset discovery/management features.

Increased visibility, threat detection.

The web UI can be clunky at times, with poor error handling. Updates need more QC before release.

One year.

Deployment has always been smooth.

No, it has been quite stable.

Nothing except for networking challenges.

Seven out of 10.

Seven out of 10. First level of support is hit and miss, but higher level support technicians are great.

No, we started with OSSIM and then bought USM.

Very straightforward if you're prepared. Just deploy the OVA template and follow the instructions and you're up in less than an hour.

In-house.

I can't say.

The asset licenses are misleading. You can have as many as you want in AV and have NIDS work on all of them. The limit is more about logs and plugins for the assets.

No.

It's a good solution and has a promising future.

The most important part of the product is the event correlation and alerting that it provides. Sifting through tens of millions of logs a day looking for the proverbial needle in a haystack is impossible for a single person or even a team without automation

Being able to identify security issues as they occur at near real time. Being able to then respond to them as soon as they occur is priceless.

We have a relatively large deployment that spans multiple locations and domains. Having the ability to authenticated users across multiple domains would be useful, but is not critical. The log query capability is pretty restrictive and I find myself searching through raw logs via command line more often than the GUI. Full logging is not supported out of the box, you will need to modify configurations to store all logs if that is your concern or a requirement of your organization, AlienVault by default only stores alert logs, this can and will bite you at some point. The IDS Rules need better oversight when updated. The vulnerability scanner needs to have a power user mode that gives you a more complete interface to the vulnerability scanner (OpenVas).

3 years

Most problems were due to our environment and having to utilize the built-in VPN capabilities. Once a few sensors have been added via the VPN it is pretty simple to remember how to do it.

All interactions with customer service and technical support have been great. The engineering group is based in Spain and occasionally you may have timing issues with their team and yourself.

Another group in our company used QRadar before they were bought out. The buyout created a bad enough situation that the group refused to renew with QRadar, especially when they decided after 18 months that they did not want to support the hardware that their predecessors had sold. We also trialed LogRhythm which was a more mature product, but had its own quirks and annoyances. The largest issue I found the LogRhythm was the excessive amount of time to spend to deploy a single agent, much less repeating that process 390 times for our environment.   

We had a pretty large deployment most of our locations were straightforward some were more complex due having to route them through a MPLS connection with only limited connections to the main locations.

We integrated through a third party vendor recommended group, they caused many issues on their own some that were not discovered for over a year. Be wary of any third party that wants to do anything with the database.

ROI for AlienVault will probably not be about the money. The return is the time saved and the intelligence that you are able to gather about your environment that you did not have before.

Do your research in SIEM solutions and realize that it is not going to be a set and forget product. For 10 sensors like what we run there are weeks that it requires logging in and closing tickets and there are weeks where you will spend 10+ hours working on the deployment.

There are some things that are great and some that are annoying, this is not a perfect product. Most security products are never perfect especially based on different organizations that will run them.

I am using the solution for security information and event management.

The solution has all the features that we need, however they do not work correctly.

This solution has too many issues with integration with other technologies. For example, you can configure the solution to integrate with your technology today but tomorrow it will stop working. You have to continually update the login, save the issue, and create a ticket with support. It is a long process that takes too long for the support to resolve quickly.

In the future, I would like to see all these features of the solution working properly.

I have been using the solution for two years.

The solution is not stable. Sometimes the virtual machines are not working and it is not a network issue. There are many compatibility issues. There have been times when upgrading the firmware the device is not operational, you then have to restore to the older version.

The customer support has not been very helpful when issues arise.

The price for this solution is very good, but since the features do not work the price is expensive.

I would not recommend anyone to use it.

I rate ATT AlienVault USM a one out of ten.

AlienVault USM is a single pane of glass solution. It has not only SIEM capabilities but also other capabilities. AlienVault USM Anywhere is easy to deploy with their cloud-based model, and deploying the required agents on-prem (or in the cloud) is quick and easy. USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment's notice.

• The system slows down considerably when a large number of events are fed in.
• Also, AlienVault support has to make some improvements.

A vulnerability assessment feature is very helpful for me. Because of this feature, I can schedule a vulnerability assessment for my critical server.

While it is relatively easy to use, it takes a little time to get used to where everything is located in the web interface. I do wish that their support would help a bit more with the analysis of alarms.

No. This is the first security tool I am using.

It is easy to deploy and install an entire solution. I don't have an idea about pricing.

N/A.

They should have to improve support. So they can solve customers' problems in less time.

I'm a System Engineer working for a IT Security Solution Provider. My organization received a request for SIEM and FIM solution to be deployed for a Financial Organization. We have found AlienVault provide SIEM and FIM features in USM All In One

This was my first ever SIEM deployment and started from the scratch after doing a good POC with the customer.

It has helped me to give some InfoSec guidance to my customer after deployed the AlienVault in their premises.

Now they were able to get to know what kind of traffic passing through the firewalls and what kind of traffic hits the traffic.

SIEM and the FIM are the first preferences when I started the deployment. Because the customer wanted to monitor network security incidents of the Servers and any file modification done to their critical files residing in the production servers. 

Vulnerability scanning and OTX helped us to manage all in one single point.

The alerting and security intelligence is the heart of the product. Monitoring customer's critical network is now almost a one man job.

Still I was working on the implementation I have found difficulties in searches within security events. Configuring some areas looks complicated.

I had issues while installing OSSEC agent in Solaris and CentOS Servers. A workaround for this issue will give some value for users.

I'm a re-seller of AlienVault SIEM in Sri Lanka. We have deployed AlienVault SIEM in one of the bank in Sri Lanka three months back. Currently we are working on the fine tuning. It took me two weeks to complete the basic deployment and integration of devices up-to 50 with the clients technical team.

Since we are re-seller, AlienVault helped us because of their cheaper price compared to other SIEM solutions and the addition of FIM in the solution. Implementation took few days and it's easy to complete the task within the given project time line.

Raw logs: Clients require to store their raw logs in a data-store rather than keep it in the actual device.

Alarm section: It's very easy to see the Alarms for any incidents rather than going through all the logs.

Security events: Categorization of Security events helps our SOC analyst for further analysis.

User friendly interface could be an advantage. Sometimes we may face trouble when we were going through the settings of AlienVault SIEM.

Quickly got insight into my environment.

Deployment was very easy. I got my servers and devices reporting very quickly.

It would be great if there was a feature to add in watch lists, like McAfee or QRadar have -- to keep track of IPs, domain, etc. that I have identified as being malicious.

Also, being able to connect into other TAXII/STIX feeds other than OTX.

Customer Service:

Excellent. Customer service was very responsive.

Technical Support:

Excellent. Support was very responsive.

Yes, McAfee ESM. Even after upgrading to Version 10, the interface was still hard to navigate through and did not work on every browser. Writing effective rules was difficult.

Very straightforward.

In-house.

Very reasonable and for the value of the product, we couldn't ask for better pricing.

We did a SIEM solution comparison with McAfee ESM, IBM QRadar, and Fortinet.

The UI is clean and easy to use. Lots of documentation, training, and community involvement available as well.

Holistic view of SIEM environment.

API, ETL, or connector to support BI tools such as Tableau, Power BI, etc.

Only for a few months. We just went live with the USM when we transitioned away from on-prem.

Not on the AV side, pretty easy to use.

No.

No.

Very good.

Very good.

N/A.

Yes.

Vendor. Not the best.

Too soon to tell.

Check logging.

N/A.

No.