USM Anywhere Reviews

• Security alarms
• Log collection

We now get a better view into what is happening on our network and to the servers than previously.

I'd like to see built in support to detect more security incidents.

I've been using it for 10 months.

We had no issues with the stability.

It's been able to scale for our needs.

They're very good.

This is the first time we've used a solution of this type.

The basic setup was straightforward, but it would have been nice if I could have had more information on a full setup and the advanced features.

You should license it for all your devices including endpoints, as this will make it more valuable to you.

We did compare it to some others solutions, but I don't remember which.

Try it first as you get a free evaluation.

The SIEM part where I can see all HIDS and IDS events in one place alongwith the correlation directives.

We have a better detection rate for malware and other cyber-attacks. Really helps when USM integrated in the incident response plan.

• Database query speed when dealing with millions of events per day
• Reports customization and types
• Dashboards TV modes (SOC surveillance monitors)

I've been using it for three years.

I've experienced frequent slowness, and we had to downgrade to filter out many logs.

The AIO is not fast enough for a network over 100 EPS, so you have to go with a dedicated server option for better speed.

7/10

We had nothing in place prior to this.

It's complex when playing with custom plugins.

The price is low, and it's good quality but require effort.

There were no other options looked at.

To take full advantage of the product you have to work under the hood.

Event Correlation is the most valuable feature for every SIEM. AlienVault has ISO 27001 compliance which is very helpful for the companies looking to have the ISO 27001 certification.

As it includes a logger feature for gathering all logs from all devices (network devices, servers, hosts etc.) it has basically become the only software that we look at when we have a problem. We don’t need to search from one device to another as it’s all centralized on the same AlienVault Server which enables us to save time and become more efficient at work.

As it includes multiple security softwares, the installation and configuration takes a lot of time. It would be good if they could work on that but the time is understandable given all the features AlienVault offers.

It’s a very good SIEM with plenty of functionalities which helped improve our KPI.

The correlation from the Host Based Intrusion to Network Intrusion against the vulnerabilities in my network.

We had no visibility of our vulnerabilities without looking up WSUS and matching this against the Windows bulletins. This completely missed the mark when it came to third party patches and poor configuration and waster hours upon hours for half a story. Not to mention we have a much better understanding of how and when we are being attacked.

The reporting could do with some improvements for example the vulnerability report only tells you what vulnerabilities are open and lists them but there is no indication of how old they are at a glance and what vulnerabilities have been closed since the previous scans. I would also like to see the ability to scan my devices for compliance against the CIS Benchmarks.

I have had this solution in place for just over a year now.

I've not experienced any issues with this yet.

I've not experienced any issues with this yet.

The tech support guys have been very friendly and helped as soon as there has been any issue. I cannot fault their technical support.

I used multiple products to try and get someway towards the level of visibility afforded by AlienVault. ManageEngine SIEM, Qualys, vulnerability management, and Norton for HIDS. Having this all in one interface made more sense which swayed the decision to go with Alienvault.

Very easy for initial set-up. My system was up and running within two hours. When you start to get into it more, then you need a better technical understanding.

This is much cheaper than some of the big names it is very affordable and scalable.

We looked at managed services from Dell SecureWorks as well as Qualys & Nessus.

Being the only Security professional in an organisation of well over 1000 people AlienVault lets me keep a watchful eye whilst getting on with my day job. This is a very good product with excellent support. Personally I would have preferred to go on the AlienVault System Engineers course as I believe this would help in fine tuning the system.

• Central log aggregation
• Security correlation

It provides greater visibility of host-based and network activity through its HIDS and NIDS functionality.

They should simplify the HIDS agent reporting/custom rule creation.

I've used it for one year.

We had issues but this was due to us receiving improper training from a third party and not necessarily due to the product.

Servers/sensors cap at 2048 host based agent deployments, but servers and sensors are easily scalable for a medium sized business.

10/10

I haven't used anything similar.

AlienVault is willing to offer flexible and competitive pricing.

We also looked at AccelOps, LogRhythm, and IBM QRadar.

If you have any questions, AlienVault's support team is more than willing to help with your installation, implementation, and integration.

We now have the ability to see what is happening in the environment.

We now can find the source of where Windows account lockouts are occurring.

It needs to be easier to deploy switch monitoring.

We've been using it for four months.

We've had no issues so far.

We've been able to scale it for our needs without issues.

I've not had to contact them yet.

We switched because our previous solution wasn't scalable.

It was pretty straightforward.

It was a reasonably priced solution.

We didn't look at any other solutions.

It’s pretty easy to setup but to really take advantage you should have a dedicated person who will devote their time, to customizing and utilizing the power this solution has.

The SIEM and intrusion detection.

We already used a lot of the open source products in this suite but they were too cumbersome for our IT team to handle. This brought them all under one roof and allowed one person to do what 10 could not in a few hours a day.

They need to be faster in developing custom plugins.

We've been using it for six months.

We've had no issues so far and the product works great.

We have not scaled it yet but it handles our entire environment without a problem.

4/10 - they need to provide faster responses to emails.

We previously used Splunk for SIEM.

It is a complex product, but a lot less complex than the products it's built on like Snort and Splunk.

Get the Virtual Appliance and build the unit yourself. The software is the valuable piece as AlienVault is not a hardware builder and the machine they sell is fine but you could build better yourself for much less.

We also looked at Solarwinds SIEM and network monitoring.

Go slow and get everything into your SIEM so you can do some really neat correlations and alerts.

Enabling visibility of traffic on our network, merging of multiple systems reporting and analysis and clear method to highlight potential issues.

Previously we had no single way to analyze traffic and threats on our network, relying instead on multiple, independent systems. We can now correlate reported threats and anomalies to better determine what threats we face.

The configuration is somewhat complex and the interface a bit non-intuitive. Whilst very useful for reporting, interpretation of the results can be difficult: improved features to help with this would be welcome.

I've been using it for six months.

We’ve had 100% uptime since installation.

We have not had any requirements to change the scope of the installation since first deployment.

Good. Initial help with deployment was excellent, and the facility to create a tunnel for tech support personnel to troubleshoot system is very useful.

We didn't have anything like AlienVault previously.

It's fairly complex. There is quite a bit of additional config required in order to get the most from the system. A base config allows for monitoring, but to get the most, you need to add plugins for various systems on your network: this config is somewhat complex and requires a good knowledge of how AV works.

Unless you have a small network, you really need the unlimited endpoint license, which is the most expensive option. Best to negotiate to get this version, otherwise scalability will be an issue (unless your total number of endpoints in under approx. 100).

We also looked at Tripwire.

The initial onboarding during the trial period, including assisted setup, was most useful. Ensure you get the most from this, as if you require further setup assistance, it comes under (paid-for) professional services. AV is a very useful tool, but must be configured correctly in order to get the most out of it.