USM Anywhere Reviews

Policies have been very valuable. We use them as alerts on many compliance requirements and concerns.

• Identifying the sending of clear text account information
• Identifying and fixing vulnerabilities that we were not aware of

We have been using AlienvVault for the past two years.

There was an issue in setting up the log storage location.

I did not encounter any issues with stability.

I did not encounter any issues with scalability.

There is excellent customer service and we have never had a complaint.

Technical support has a very knowledgeable support staff. Everyone we have worked with has really displayed great knowledge of this product.

We used different solutions. Pricing was an issue and support was limited.

We had the installation done by support when we purchased the solution.

The implementation was though the vendor and they were great to work with. They were able to answer any questions that we had.

The pricing was great and we were not disappointed.

We did not evaluate other solutions.

Thank you for the great solution that you provided for us.

AlienVault provides excellent visibility into your network by combining centralized logging, host-based IDS and network IDS. This enables me to detect quite a lot of potential issues that have gone through AlienVault's correlation engine and our own policies.

On several occasions we have detected attacks (DDoS) just as they are starting and have been able to rapidly mitigate them. We have also noticed outdated Java and Flash versions due to the snort rules included in the appliance.

The biggest improvement they could do is to provide full support for IPv6 addressing. It currently has quite lightweight support for IPv6 addresses in the sense that it will record the source/destination addresses in all cases, but currently trying to search with IPv6 addresses is not possible and thus makes our lives harder.

Including my experience with the previous version (v4) I have two years of professional experience with AlienVault.

We have not faced any large issues with the deployment.

We have not faced any large issues with the stability.

The only issues is related to the volume of alarms in a system - the UI/UX for working with a large mass - starting with several hundred alarms is suboptimal. I am hesitant to mention this as it is easily solved in the future by small UI changes.

All of the bug reports have been sent to AlienVault and have been handled with skill. At least once we got to talk to their experts who worked with us to debug the cases in our environment.

There are many steps, but the steps are not complex. The biggest hurdle in the deployment/setup phase is usually gathering the actual information (assets details, services, policies) about the environment, not the installation itself.

Our team did the implementation. If you have experience implementing a SIEM solution then you can implement this yourselves, otherwise you should get an external team do it. The issue is not with the technical skills needed for the actual implementation, but the knowledge needed to know what to include, what policies to write, and what not to include.

For licensing you will need to contact an AlienVault reseller as it is comprised of (roughly) how many events per second you are processing, how many assets you are adding, and in how many physical locations.

I was not part of the process. I have heard that our team had tried other products, but mostly the cost was prohibitive in those alternatives.

As this is a product that will give you a lot of visibility into everything you can throw at it, it is good to note that you should have good working relations with the *people* in charge of the assets you have visibility over (e.g. with network mirroring).

You will get alarms about a plethora of things you couldn't have imagined, things that people have forgotten, that have been misconfigured and that are under attack. You will need to explain the remedies and mitigations to people. And that is possibly the biggest hurdle. This product will not help you if you cannot fix the problems it finds.

It may not have the same abilities as most tools off-the-shelf but it has the best bang for buck. Unless you already have a high-quality SOC operation running, you will be able to handle probably all of your SIEM needs with AlienVault for a few years with a fraction of the price of other more complete solutions.

We now have the ability to see what is happening in the environment.

We now can find the source of where Windows account lockouts are occurring.

It needs to be easier to deploy switch monitoring.

We've been using it for four months.

We've had no issues so far.

We've been able to scale it for our needs without issues.

I've not had to contact them yet.

We switched because our previous solution wasn't scalable.

It was pretty straightforward.

It was a reasonably priced solution.

We didn't look at any other solutions.

It’s pretty easy to setup but to really take advantage you should have a dedicated person who will devote their time, to customizing and utilizing the power this solution has.

The automated alarms have been very helpful in identifying what is happening on your network that should be investigated.

It has helped us keep an eye on Admin activity on the network and in our directory.

The way it identifies systems can use some improvement. It has a hard time differentiating between versions of Windows.

I have used it for two years.

Deployment was extremely smooth.

The system has been very stable.

We have a small network. So far, we have had no issues with scale.

Customer service is excellent, very responsive, and they know their product.

Technical support is excellent so far.

This was the solution selected after evaluating several competing products; no SIEM prior to this deployment.

Initial setup was very straightforward.

We did the initial implementation and then had a vendor fine tune it with us. The vendor was very well qualified.

Licensing and pricing was one of the primary reasons for selecting this solution. Since no one has an unlimited budget, consider your needs and get the most bang for your buck.

Before choosing this product, we evaluated other options. We were leaning heavily towards AccelOps but had worries about their viability as a business.

If you are considering this solution, I highly recommend that you have someone in-house who is familiar with Unix/Linux. The underpinnings of this solution is *nix. It will make deployment and ongoing maintenance much easier.

AlienVault Unified Security Management (USM) has powerful threat detection, incident response, and compliance management. We can use this across cloud, on-premise and hybrid environments. 

The reason to use USM is that it has the following components in its package: 

• Asset Discovery
• Vulnerability Assessment
• Intrusion Detection
• Behavioral Monitoring
• SIEM & Log Management.

AlienVault has an advanced component within one package. With this, we can cover more area with one solution. 

As a example, it has vulnerability assessment component built-in. From this, we can do the vulnerability assessment easily and we do not have to buy another solution for the vulnerability assessment. It is easy to use and we can take better advantage from an all-in-one solution like USM. 

AlienVault USM has a vulnerability assessment feature and only one SIEM feature compared to other SIEM solutions. 

AlienVault must improve their correlation feature. Some of the events do not match with the correlation rules and some of the correlation events are false-positive.

It is the most valuable tool that I have seen of the SIEM solutions.

The low cost of entry SIEM functionality has increased due to network views and network traffic.

• General SIEM tool functionality.
• Ease of deployment across various environments.

Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement.

None, which are related to this solution.

No.

Customer Service:

Seven out of ten.

Technical Support:

Seven out of ten.

No.

The initial setup was straightforward.

It was a a blend. The implementation was primarily internal with support provided as needed. The vendor team had a good quality of expertise.

Medium-high.

Research the solution heavily prior to investing.

Setting up a bench OSSIM install should help identify possible pain points with the setup.

No.

The solution is improving steadily, particularly in relation to the quality and breadth of documentation. Though some areas are still weak.

The setup was somewhat complex.

We have had this solution in place for about 10 months.

There were deployment issues. At the time, it was right after USM Anywhere had been released, and not all of the documentation was posted. This made the deployment have some issues.

The product has been very stable.

We have had no issues with scalabilty.

I would give customer service a rating of four out of five.

I would give technical support a rating of four out of five.

This is the first solution like this that I have deployed.

The setup was somewhat complex. One thing that was difficult was configuring log forwarding from Window systems.

We implemented using an in-house team.