USM Anywhere Reviews

We use it for compliance. We're not using it as a security operation center type of thing. Its usage is more from an auditing standpoint at this point.

We partner with them for customers who need something like a SIEM, so we're a cloud provider and integrator.

It is deployed on the cloud. It is a combination of AT&T's own cloud and our cloud. We run our own infrastructure. So, it is a hybrid and private cloud.

We're using it more for reporting, that's all. We're using it to help our customers to pass any kind of audits that they receive.

I don't have any suggestions for improvement. On our side, as a provider, we should develop a real security operation center type of practice, which we don't have right now.

There could be some type of integration with our existing portal. We have our own customer portals, and it would be good if there was an integration so that our portal can provide reports. There could be some type of API into the AlienVault system with the USM system so that it is easy to show the customers high-level reports of the system through our portal.

It is pretty stable from what I hear. 

It is cloud-based, so it is very scalable. It really depends on how many devices they have in their environment. Our customers are more mid-sized companies, so it fits what we need.

We don't have a lot of clients using this SIEM. Usually, a client is interested in something like this to help them with their auditing. So, we don't have a lot of customers using it right now. Probably in the near future, its usage will be increased in terms of the customers requesting it from a security standpoint.

It is pretty good. I usually don't contact their support. I usually contact their sales team. I work with their pre-sales and sales engineer and account rep.

It is pretty straightforward from what I've seen, but it has to be verified to make sure any changes in the environment are added to the configuration. Like anything, it is not set it and forget it. You really have to make sure that it is capturing everything if things change or new systems are brought online. It is more of a procedural thing where you have to make sure somebody is keeping it up to date.

For its maintenance, we have someone who manages the product itself. In our company, for IT people, we have around 100 or so staff. We have customers nationwide, but we probably have two to three people managing this product. They are in more of a security analyst type of role dedicated to security.

I don't know exactly, but I know it is based on the number of logs and the retention duration, such as 30 days or something like that. So, the smallest package is about 500 a month for 30 days of logs.

There is a virtual machine. You need resources for it. It is a log collecting VM. They provide the software, and you just have to load a virtual machine. So, you're going to incur some CPU RAM and storage for wherever this log collecting appliance is running, which typically is in our cloud and on our platform for the customer.

I would advise knowing your requirements and your data. What are you trying to protect or monitor? Before implementing something like this, you really should have basic security in place. You should have systems that are generating logs, for example, antivirus software and firewall. You have to have that all in place first to make this kind of product useful because this type of product is really meant to aggregate things after the fact. After you've put all the systems in place, then this system aggregates and collects everything together. You really need all the endpoint security, firewall security, and server security first, so you have meaningful data to look at. The SIEM is not going to be useful if you don't have any meaningful data for it to collect.

I still need to dig into it deeper to see exactly what it does. Our practice is kind of evolving, so this is probably something that we need to offer more to customers. We need to get more product knowledge on it and develop a practice around it. A lot of customers are asking for security operations center (SOC) services for remediation of problems. We don't do that right now, but that's something that I know is probably on the roadmap. With everything going on, that would be a helpful service to our customers, and I think they're asking for that. We've encountered customers asking for that type of service. We don't do it yet. I know there are other partners out there that do that, so really it's on our side to develop the product more. Whether it involves staying with this AT&T product or going for maybe another one, customers are looking for a little bit more. They are not just to have it set up, but also to have someone to act on any kind of alerts or any kind of potential breaches. They're looking for a service for somebody to actually remediate.

From what I know of the product, I would rate it an eight out of 10. 

I am using the solution for security information and event management.

The solution has all the features that we need, however they do not work correctly.

This solution has too many issues with integration with other technologies. For example, you can configure the solution to integrate with your technology today but tomorrow it will stop working. You have to continually update the login, save the issue, and create a ticket with support. It is a long process that takes too long for the support to resolve quickly.

In the future, I would like to see all these features of the solution working properly.

I have been using the solution for two years.

The solution is not stable. Sometimes the virtual machines are not working and it is not a network issue. There are many compatibility issues. There have been times when upgrading the firmware the device is not operational, you then have to restore to the older version.

The customer support has not been very helpful when issues arise.

The price for this solution is very good, but since the features do not work the price is expensive.

I would not recommend anyone to use it.

I rate ATT AlienVault USM a one out of ten.

We provide information security services to clients. We are seeking some clients to provide monitoring services by using AlienVault. We are also providing AlienVault USM Anywhere, which is cloud-based and has integration with cloud platforms such as AWS, Azure, and Google Cloud. 

Asset discovery and vulnerability scanner are good features. The integration between this solution and OTX, which is an AlienVault platform for Open Threat Exchange, is also a valuable feature. It is also quick and easy to deploy, so you can quickly engage with a customer's environment.

Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira.

It is also a bit slow, and its replication engine can be improved.

I have been using this solution for six months.

We provide technical support for our clients.

I have used McAfee ESM. McAfee ESM has many good features, but it is not very integrated with cloud-based assets. AlienVault is already a cloud-based solution, and it is native to cloud assets, which gives AlienVault an advantage over McAfee ESM. On the other hand, McAfee ESM is much better than AlienVault in terms of search engine, data collection, and events. 

It is very easy to deploy. It just takes one or two days and allows you to engage with your customer's environment quickly.

Its price is much lower than McAfee ESM.

I would encourage others to go with this solution because it is easy to deploy, and it provides good tools to know more about your network and the traffic on it. Its reporting needs some improvements, but it fulfills the needs.

I would rate AlienVault USM an eight out of ten.

The primary use case of this solution is for security.

The solution is very user-friendly, but the dashboard could be improved as well as the level of customization.

I have been using the solution for one year.

The solution is stable.

The deployment of this solution is easy, but you need some level of understanding.

The price of this solution is reasonable, which is one of the reasons why we selected it over other solutions.

I would recommend this solution to other users.

We primarily use the solution for cybersecurity events and management.

The SIEM, security information management is very, very good. Basically, it's great at analyzing the logs of our servers.

The setup is very easy and straightforward.

The solution is a bit complicated. It could be simplified quite a bit.

The correlation engine could be improved. Much improvement could be made there, as it is an important open-source solution. 

The solution could benefit from including security orchestration. It's still not available yet. It would be really nice to have in a future release.

It could use something like a pen test. Tools like that would make it more comprehensive from a cybersecurity aspect. 

I've been using the solution since about 2015. It's been approximately six years or so.

The solution is extremely stable. We don't have any issues with its reliability. It doesn't crash or freeze and it's not buggy at all.

The solution doesn't scale well if you are talking about enterprises using it. However, for our purposes, we've never had an issue with this. Larger companies might. We do intend to continue to use the solution and potentially increase usage.

Technical support is extremely reliable. We've very satisfied with the level of service we receive. They are always knowledgeable, helpful, and responsive.

The initials setup is not complex. It's a very straightforward implementation.

The overall deployment is quite quick. It might take about 30 minutes or so. That's all.

The solution has a subscription-based annual payment option. It's not a perpetual license.

We use both on-premises and cloud deployment models.

We both use the solution and sell the solution as well.

Overall, on a scale from one to ten, I would rate the solution at an eight.

We're more focused on servicing medium to small businesses. This solution may not be suitable for a large enterprise-level organization.

That said, we highly recommend it. I'd recommend that new users decide to first go for the trial. Take the trial and then make sure that you like it before investing in the subscription. The company offers a free trial - you might as well use it.

We have three main uses for the solution. They are compliance, incident response, and as a tool for information security.

The solution has excellent compliance and has good incident response.

There are multiple tools for information security. The solution includes all the latest advances on the network and host intrusion detection systems.

The out-of-the-box features are great. You don't have to jump to different consoles as everything is right there. Everything from a security standpoint can be handled via one screen.

The solution could be improved in three ways. The first one is user behavioral analytics. They need work.

The second one is cloud-related usage. The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on.

The third one improvement could be a bit more customization for security products. If someone has an antivirus where it is customizable they need to have the ability to easily connect everything together.

I've been dealing with the solution for four years.

The solution is very stable. We haven't had issues so far in terms of using it.

The solution is quite easy to scale. You just need to install the standard solution. You don't have to change the whole installation. In the case of the cloud deployment version, you only need to add sensors. In either case, you need to have the correct licenses, however, it's quite simple to accomplish.

Technical support has always been quite good. With the product itself, we haven't personally had any issues. However, a lot of times our customers or engineers contact AlienVault support with a request to help to start a new correlation rule, integration, or other issues. When that happens, support always answers and gives them all the details they need.

As a reseller, we've looked into other solutions, however, we find this product to be the best option for our customers time after time.

The initial setup is pretty easy. Anyone can install this solution within four or five hours. They don't need to be engineers in order to do that.

By that point, it will already be prepped and can show us what is happening from a security point of view.

It's quite easy to install and deploy. You don't need a security team for ten people. There's a lot of automation within the tool, so you only really need one or two security staff to operate it for a company of, for example, 500 people.

In comparison to the competition, it's a very inexpensive option, whether you use the cloud or the on-premises deployment models. You also get great value for money as you do get a lot of very good tools that come standard with the solution as well.

We're not using the solution ourselves. We're resellers.

USM Anywhere is cloud-based, although they have a different version that is on-premises or on a private cloud called the USM Appliance. We're using the on-premises version, which is quite different from the cloud version.

Overall, I'd rate the solution nine out of ten. There are a few areas where they can improve, however, overall, it's been a very good product for us and our customers.

We'd recommend the solution. We've looked into other options and we always come back to this product.

We are a managed security service provider and we offer AlienVault USM to our clients. We use it to monitoring their environments and to maintain their logs.

The most valuable feature is threat intelligence. Their community is a very helpful tool and I think it's one of the values of AlienVault.

They set aside a lot of the functionality from the on-premises version that we found very helpful in managing tickets. As it is now, the cloud-based deployment is lacking these useful features.

The reporting is mediocre and is something that needs to be improved.

I have been using the cloud-based deployment of this solution for about two years.

The stability is fine.

Scalability in a cloud solution is tied to costs. With any cloud solution, the more data you have and the larger your company, the higher the price point. I wouldn't say that scaling is easy, but it is standard.

Technical support is slow to respond when we put in a ticket. We're a number. 

We use both the on-premises version and USM Anywhere. The latter is a SaaS solution.

The initial setup is okay. At an additional cost, they offer services to assist with deployment.

Our take on it is that we are paying more for this product because of the AT&T name. We don't necessarily find that we are getting more functionality or quality, given the price point.

The licensing fees are dependent on usage.

We are currently evaluating different SIEM solutions. I have found that all of them have issues, whether it is related to functionality or price point. Even the ones that have a high price don't provide everything that you need.

My advice for anybody who is considering this product is to evaluate all of the options that are out there. There is no one, great answer, so you have to figure out what best fits your needs.

I would rate this solution a seven out of ten.

This is a SIEM solution that our customers use in an on-premises deployment.

The most valuable feature of this solution is security management for PCI DSS.

This solution could be easier to use. It is hard for some people to understand, and they need to get training and certification just to understand what it's showing them.

In terms of stability, I would give it fifty percent.

The scalability of this solution is good.

We have a large number of customers who use this product on a daily basis.

Technical support is very good from their side.

The initial setup of this solution is a bit complex. Specifically, it is the way that it integrates with other products.

We deployed this solution in-house.

This is a good product but it can be made more user-friendly.

I would rate this solution a seven out of ten.