USM Anywhere Reviews

Log aggregation, correlation, and threat intel.

AlienVault has streamlined our security functions by combining several different functions into one package.

I think expanding their vendor-specific plugins would beneficial.

We have been using this solution for one year.

I did not encounter any issues with deployment.

I did not encounter any issues with stability.

I did not encounter any issues with scalability.

Their support is good and their response time is prompt.

I would rate them as very knowledgeable.

We did not use a previous solution.

It was very straightforward. The setup was basically install the VM, setup network monitoring/syslog, and watch the data flow.

Our implementation was in-house.

It's hard to calculate ROI on a prevention mechanism, as the variables of a prevented incident are unknown.

They are very affordable and flexible in their licensing model.

We evaluated HPE ArcSight, IBM QRadar, LogRhythm, Splunk, and SolarWinds.

I would highly recommend the customer training courses. They are very helpful.

Event monitoring and vulnerability scanning have been a huge benefit to us.

It provides a good platform to start looking at the traffic on your network.

Most of the troubleshooting requires going through the Linux command line and bypassing the GUI. We have a wide variety of users with different technical expertise. For some, any amount of command line troubleshooting scares them away from products.

We have been using this solution for a year.

Our deployment was rather unique and is pushing the limitations of the architecture that we chose. Given from what I have learned, if you have large deployments of the separate networks, then do not attempt to use remote sensors on those network segments.

Many of the patches typically have some bugs that we end up finding. We ended up implementing a deployment in our lab so as to fully test it internally, before patching.

The system is quite scalable however, it is best to understand the limitations of the different architectures offered.

The customer service is excellent, we have quick and knowledgeable help on all our calls.

The support team is also excellent with very knowledgeable engineers.

This was our first solution for this type of security appliance.

The initial setup was straightforward, but adding in more sensors made it a bit more complex.

We had vendor help for the initial setup, however, the additional sensor expansion was in-house.

We quickly found some issues after deploying and have used the vulnerability scanner to verify patches are properly applied in the environment.

If you expect to have a significant amount of devices on a sensor, then look at the cost/performance of going to a full server.

We evaluated LogRhythm and QRadar.

This has helped improve our overall IT security by allowing us to implement a full suite of security tools that allows us to roll out log management on clients and servers, host-based IDS, and network-based IDS. It also provides vulnerability scanning; however, we use a separate product for that.

The best feature of this product is the ease of use. It is extremely easy to set up and get going. This is a very useful tool for a small organization.

I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job.

We have not encountered any stability issues.

We have not encountered any scalability issues; the product scales very easy.

Customer Service:

I would rate customer service an 8/10. I've received calls from customer service a few times a month and it gets a little overbearing, especially when you are busy, as IT professionals are.

Technical Support:

I would rate technical support a 9/10.

This was our first solution for HIDS, NIDS, and log management.

The initial setup was straightforward. I simply followed the steps in the setup wizard and the steps provided by technical support, and I had a trial version (later converted to paid version with additional steps) set up in about an hour or less.

This was set up in-house.

It is really hard to put a number on ROI but I will say that AlienVault has allowed us to close the gap on security alert timing and we can respond to incidents in a much more timely fashion which, to me, is much more valuable than a number.

AlienVault is flexible on their pricing for unlimited licenses.

We evaluated Splunk as well. AlienVault was a much cheaper solution and required less time to be rolled out. Splunk is a much more difficult product to work with and almost requires a dedicated employee to manage.

I highly recommend AlienVault USM for anybody that is seeking a SIEM solution that is easy to implement and easy to manage. It works very well for small- and medium-size businesses.

AlienVault's "Overview" dashboard makes it very easy to see everything going on in your network that needs your immediate attention. You can easily customize the dashboard to you or your company's needs.

I now have the ability to report all vulnerabilities and threats hitting our network to upper management in an easy-to-understand format.

Offer solutions based on a PoC (Proof of Concept) to fit each company's specific needs, rather than letting the company guess or piece together the solution they need.

I have used it for six months.

We have not encountered any deployment issues; the setup was very easy and support was by my side to assist me with any issues that arose.

We have encountered stability issues; we have a high volume of logs passing through our SIEM and the default configuration couldn't handle all the data. Working with support, we were able to remediate all the crashes we were having.

We have encountered scalability issues. We had to keep changing our configuration or updating our storage capabilities as we added more logs.

Customer service is 8/10.

Technical support is 9/10. Engineers are very knowledgeable about their product!

We did not previously use a different solution.

The setup was very straightforward. AlienVault provides simple, step-by-step instructions for each of their products!

As a single Analyst, I was able to implement this product very easily.

At this time, it is too early to tell ROI.

Know your capabilities and storage needs before negotiating a price! Make sure you ask about log storage options before purchase.

Before choosing, we evaluated other options. We were looking at Splunk and Rapid7.

AlienVault is used in a classroom setting at Pittsburgh Technical College, which brings industry tools from the college classroom back into the field. We have several employers in the area that use AV so student acclimation to the product is key. AV is set up as a dashboard in the security lab where students can view and analyze the monitoring techniques of the product. If an event happens, they can process an analytical step to provide remediation.

Students becoming acclimated to the product can go out into the field and have first-hand knowledge on how to use a USM or SIEM product. This is a win-win solution for the vendor and future employers.

The school has used the product for over a year.

We were attempting to push HIDS on the domain controllers, and ran into an initial problem. This problem was immediately solved by the AV service technician that was able to remote in and fix the problem.

One of the problems we had with stability was a problem of our own. We were running AV on a VLAN that students were able to run DHCP servers, which caused our own problems.

We have had several tickets open with AV and they are prompt in their service time.

Technical support is prompt in acknowledging your needs and reply with a message that a service technician will be with you shortly. They make every attempt possible to work with your schedule.

A direct competitor to AV is IBM QRadar, which is also used in the classroom environment.

The setup was straightforward. We installed AV to vSphere ESXi as a virtual appliance deployed as an OVA template.

The ROI is unmeasured since we are an academic partner; there is no way of knowing how much positive impact the product will attain from students getting first-hand knowledge of an industry product before they go out into the field upon graduation.

AlienVault has brought more awareness to the activity on our network. Security risks are identified and addressed to reduce any possible security breach.

Alarms dashboard shows immediately any threats that may need further investigation. The vulnerability scanning is helpful to identify the areas that need patching or fixes installed.

The vulnerability reporting needs to have options to be able to sort or customize the output. It is helpful to look at the vulnerability and how many hosts have it, in addition to being able to look at an individual host to see what vulnerabilities it has.

We did not encounter any stability issues. AlienVault seems to be pretty solid and we have not had any issues with it being unavailable.

We have not encountered any scalability issues. We have a fairly simple deployment with only one sensor, so it was straightforward.

Customer Service:

Customer service is very good.

Technical Support:

Technical support is very good. They have always been prompt to address an issue and stuck with it until resolution.

We did not previously use a different solution.

Initial setup was very straightforward; few configuration settings and it was pulling in logs.

An in-house team implemented it.

ROI is a difficult one to measure for this. It helps us cover a compliance need as well as provides us a means to be aware of any possible threats and vulnerabilities.

Pricing is very competitive with other products and you get much more functionality from AlienVault. The vulnerability scanning and threat intelligence offers additional tools that others don't have.

We looked at a couple of other products before choosing AlienVault. We looked at LogRhythm and EventTracker.

If you take the training virtually, make sure you can dedicate the week with uninterrupted time. The training is quite in-depth and you want to have your undivided attention on it.

• Open Threat Exchange (for IP reputation)
• Vulnerability scanning
• Quick APT phishing-related threat detection

• Phishing sites were detected and it secured the environment from the upcoming threat.
• Vulnerability scanner OpenVas is very useful for knowing current vulnerabilities present in system and taking preventive action.

• IPv6 not supported
• Correlate with external logs from other sources makes little bit difficult to work

I have been using it for one year.

It works well when you have minimum required setup as per AlienVault documentation.

Stability issues happen only when you do not have sufficient hardware as the primary requirement.

It scales well.

Customer service is 7 out of 10.

Technical support is 10 out of 10.

We did not previously use a different solution.

Initial setup was straightforward and simple.

An in-house team implemented it.

It is providing good ROI.

It is cheaper and more valuable compared to other reputable SIEMs.

Before choosing this product, we did not evaluate other options.

The automated alarms have been very helpful in identifying what is happening on your network that should be investigated.

It has helped us keep an eye on Admin activity on the network and in our directory.

The way it identifies systems can use some improvement. It has a hard time differentiating between versions of Windows.

I have used it for two years.

Deployment was extremely smooth.

The system has been very stable.

We have a small network. So far, we have had no issues with scale.

Customer service is excellent, very responsive, and they know their product.

Technical support is excellent so far.

This was the solution selected after evaluating several competing products; no SIEM prior to this deployment.

Initial setup was very straightforward.

We did the initial implementation and then had a vendor fine tune it with us. The vendor was very well qualified.

Licensing and pricing was one of the primary reasons for selecting this solution. Since no one has an unlimited budget, consider your needs and get the most bang for your buck.

Before choosing this product, we evaluated other options. We were leaning heavily towards AccelOps but had worries about their viability as a business.

If you are considering this solution, I highly recommend that you have someone in-house who is familiar with Unix/Linux. The underpinnings of this solution is *nix. It will make deployment and ongoing maintenance much easier.