USM Anywhere Reviews

• Correlation
• Customization

No, but that’s not really their fault, rather ours. I think this has a lot of valuable functions that really could be leveraged quite nicely.

They have the advantage of having a large community that uses the free version, and they really could use this as a sort of beta testing population for new releases. Yet, a lot of the releases break things that are used. I think they need to do more QA before releases. For example, I have custom rules written for the Suricata function. Some releases ago, there was a code change and now every single update requires that I reinstall the custom rules, and I am still waiting for the fix. They need to either stop allowing customization (which would be a mistake) or they need to embrace that a majority of their customer base does this and put in safe guards. I understand putting in limits to what’s supported, but simple things like this are part of the appeal of the product. Another example is that a few releases back, they broke the Nagios availability monitoring portion. All the functionality to watch your systems is there, and of course, I used it. When it broke, support told me it was really only meant to watch the AlienVault system itself, yet the entire interface is there, the options to enable the monitoring on hosts is there. I believe, first of all, that what I was told was wrong as availability monitoring is one of the core functions AlienVault touts, and secondly, that they need to be more careful with testing before releasing updates. It took like twp more updates before the functionality was restored.

I've used it for three years.

Some, but they are hard to pin down. This is a system that has a lot of things that can stop working, and unless you are paying close attention, to the background processes, you would never realize it.

Some people are excellent, and others not so much. They also seem to sometimes have conflicting information. I often rely more on the community for answers than I do on support, depending on the issue.

We didn't have anything in place previously.

We had a consultant that was provided by AlienVault, which was great. Otherwise, it would have been a little confusing and though they have made improvements in the documentation, it was horrible initially.

Fair for all of the capabilities it has.

We looked at some but I can't remember which ones.

It has a lot of capabilities, but make sure there’s someone that can devote daily time to it and that there is buy in from all segments, or a majority of the capabilities become pointless.

Alerts derived from logs.

Simplified log analysis and log management.

More information about what the alerts mean and how they are derived would be useful when determining their significance. Support is good to provide this information though.

>12 months

No.

Excellent.

Fairly straightforward. It does take some time to tune the system to your environment – to prevent getting alerts on activity your find acceptable in your environment.

They do give discounts towards the end of quarters if your renewal is due.

You will wonder how you lived without it.

SIEM, Event Correlation and the Vulnerability Scanner.

Reduced the number of the false alarms generated by other devices. With AlienVault we can gather all data from different devices, analyze theme and extract the correct information.

Plugins: most plugins are not up to date with the newer versions of products.

Since 2013

We had problems with the MySQL database, but the technical support is very helpful. I'd give them a 9/10.

Yes, But AlienVault is the more appropriate solution, it's flexible, Linux based, and contains a large number of open source solutions.

Simple.

A vendor team, don't install the solution in a virtual platform except VMware ESXi. We had a long story with AlienVault with a Proxmox Virtual Environment.

It's a powerfull solution and contain more features than other products.

Its powerful correlation engine helps reduce time in manually correlating events.

• Alarms
• Correlation

It should be able to communicate with other security solutions to stop threats.

No stability issues.

No scalability issues.

Customer Service:

I would rate customer service as a nine out of 10.

Technical Support:

I would rate technical support as a nine out of 10.

We did not previously use a different solution.

The only complex area of the setup was writing the custom scripts.

We use both a vendor team and an in-house team for implementation.

The ROI is quite good.

Use an MSSP instead. It is much cheaper.

We did not evaluate other options.

It is quite awesome.

Working as the CIO for a small community bank, resources for staffing and manpower can be limited. AlienVault helps to simplify the management of Information Security and helps me to detect threats and manage alerts with ease!

AlienVault gave our organization a centralized tool to manage our security with its intrusion detection, asset management, vulnerability assessments, along with all of its other features, it has become an invaluable asset for our small organization.

We have found the AIO USM the most valuable because of its centralized grouping of all of the tools necessary to manage our security in an "All In One" solution.  Of its parts, the scheduled vulnerability assessment tool has been helpful as a preventative measure to help keep ahead of security threats!

As with many of its users, I have submitted suggestions in the past and AlienVault has seemed to listen to suggestions from its users and have implemented them every time.  I am happy with the product as it is today.

Event Correlation is the most valuable feature for every SIEM. AlienVault has ISO 27001 compliance which is very helpful for the companies looking to have the ISO 27001 certification.

As it includes a logger feature for gathering all logs from all devices (network devices, servers, hosts etc.) it has basically become the only software that we look at when we have a problem. We don’t need to search from one device to another as it’s all centralized on the same AlienVault Server which enables us to save time and become more efficient at work.

As it includes multiple security softwares, the installation and configuration takes a lot of time. It would be good if they could work on that but the time is understandable given all the features AlienVault offers.

It’s a very good SIEM with plenty of functionalities which helped improve our KPI.

• Central log aggregation
• Security correlation

It provides greater visibility of host-based and network activity through its HIDS and NIDS functionality.

They should simplify the HIDS agent reporting/custom rule creation.

I've used it for one year.

We had issues but this was due to us receiving improper training from a third party and not necessarily due to the product.

Servers/sensors cap at 2048 host based agent deployments, but servers and sensors are easily scalable for a medium sized business.

10/10

I haven't used anything similar.

AlienVault is willing to offer flexible and competitive pricing.

We also looked at AccelOps, LogRhythm, and IBM QRadar.

If you have any questions, AlienVault's support team is more than willing to help with your installation, implementation, and integration.

The solution has everything that you want: SIEM, vulnerability management, NetFlow, IDS, and more. This solution can completely detect and prevent incidents on your network. This solution can completely detect and prevent incidents on your network

It has helped not only in the security, but also on the network when we have problems with slowness, we can go to the NetFlow section and see who is generating a lot of traffic. 

Using the communication within the security device, it is easier to create plugins. Therefore, if you want to create plugins, there is an option called plugin creator to assist with this.

AlienVault has the necessary all-in-one product with the function of vulnerability scanner integrated with detections, so when you detect an incident in a vulnerable port you can act faster and prevent more incidents.

Maybe logs are the problem, as the database query is too slow. If you want to search something, you need time to find it.

The other thing is the agent is OSSEC. They needed to create its own agent to help to find threats on the devices that it happens to be installed.