What needs improvement with AT&T AlienVault USM?

Miriam Tover - PeerSpot reviewer
  • 0
  • 69
PeerSpot user

36 Answers

Omer Jamil - PeerSpot reviewer
Real User
Top 10
Jan 16, 2024

The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient. A mobile app for user management is something I would like to see in the product's future release.

Search for a product comparison
Real User
Top 20
Sep 6, 2023

USM Anywhere relies a lot on the community putting the data in. Often, you'll right-click on the attack, but nothing will be found. That's a weakness of it.

Top 5
Apr 7, 2023

The reporting and dashboards have room for improvement.

Gerald Mbewa - PeerSpot reviewer
Real User
Top 5
Jan 19, 2023

AlienVault cannot automatically respond to threats like other SIEM solutions, such as Sentinel and LogRhythm. Most of our clients are far away, so it's often challenging to handle alerts when they come up on our dashboard.

Gabriel Clement - PeerSpot reviewer
Real User
Top 5Leaderboard
Nov 10, 2022

We like the on-premises solution, but AT&T wants us to move to their cloud version. We are not interested in doing that because the storage in the cloud version is not cheap. We don't want to move to the cloud and be unable to afford the cost of maintaining the cloud. We are looking for a solution that we can afford long term. Since the support for on-premises is close to being eliminated, we are looking for a solution that fits our budget.

Real User
Top 5
Sep 21, 2022

The price of AT&T AlienVault USM could be reduced.

Learn what your peers think about USM Anywhere. Get advice and tips from experienced pros sharing their opinions. Updated: February 2024.
757,198 professionals have used our research since 2012.
Dr. Sushan Banerjee - PeerSpot reviewer
Real User
Top 5
Jul 10, 2022

Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products.

Francis Silva - PeerSpot reviewer
Real User
Top 20
Apr 25, 2022

An improvement for AT&T AlienVault USM is the option for us to build the connectors ourselves, for us to do the parsing ourselves, because those options disappeared with the version of the solution that we're currently using. I know I can talk to the vendor to ask for a new parsing option for the application, for any new platform, but I understand that it can take several months. Adding a parsing interface for the customers would be good.

Real User
Jan 12, 2022

The GUI needs to improve because it's not user-friendly.

Real User
Dec 21, 2021

I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins. We often have application logs that are unique to us, so it's silly to have to open a ticket, have them do the work, and then release the plugin. It would be nice if they had a self-service portal where we could define the parameters within the product for the plugin and have a custom plugin for our logs.

Jul 4, 2021

I don't have any suggestions for improvement. On our side, as a provider, we should develop a real security operation center type of practice, which we don't have right now. There could be some type of integration with our existing portal. We have our own customer portals, and it would be good if there was an integration so that our portal can provide reports. There could be some type of API into the AlienVault system with the USM system so that it is easy to show the customers high-level reports of the system through our portal.

Real User
Apr 1, 2021

This solution has too many issues with integration with other technologies. For example, you can configure the solution to integrate with your technology today but tomorrow it will stop working. You have to continually update the login, save the issue, and create a ticket with support. It is a long process that takes too long for the support to resolve quickly. In the future, I would like to see all these features of the solution working properly.

Real User
Jan 26, 2021

Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira. It is also a bit slow, and its replication engine can be improved.

Real User
Jan 3, 2021

The solution is very user-friendly, but the dashboard could be improved as well as the level of customization.

Real User
Nov 18, 2020

I'd like to see a dashboard that's a little more descriptive. We can customize the dashboards, but the out-of-the-box dashboards are kind of bland. Since we give our customers access to their dashboards, it would be nice if they were a little bit more intuitive. We can go easily drill into it and show them everything, but the customer just sees the writing on the page. I'd like to see them dress up their out-of-the-box dashboard a little bit. We have the ability to do a lot of that. Since they have this image — they have a strong MSP program. I would love to see them allow branding, which they don't at this point.

Oct 27, 2020

The solution could be improved in three ways. The first one is user behavioral analytics. They need work. The second one is cloud-related usage. The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on. The third one improvement could be a bit more customization for security products. If someone has an antivirus where it is customizable they need to have the ability to easily connect everything together.

Stephen Hui - PeerSpot reviewer
Oct 27, 2020

The solution is a bit complicated. It could be simplified quite a bit. The correlation engine could be improved. Much improvement could be made there, as it is an important open-source solution. The solution could benefit from including security orchestration. It's still not available yet. It would be really nice to have in a future release. It could use something like a pen test. Tools like that would make it more comprehensive from a cybersecurity aspect.

Real User
Top 20
Jul 8, 2020

They set aside a lot of the functionality from the on-premises version that we found very helpful in managing tickets. As it is now, the cloud-based deployment is lacking these useful features. The reporting is mediocre and is something that needs to be improved.

Real User
Aug 12, 2019

This solution could be easier to use. It is hard for some people to understand, and they need to get training and certification just to understand what it's showing them.

Apr 24, 2019

Having automatic agent deployment would be a great feature. It would be nice to see some machine learning and monitoring of the configuration in network devices.

Real User
Dec 23, 2018

Long-term I'm genuinely concerned about AT&T's ownership of AlienVault. I have never had a good relationship with AT&T in +15 years, and fear they will destroy this good product.

Real User
Dec 17, 2018

The only recommended changes I can think of is to have the ability to filter logs. Also, being able to navigate the dashboard. That seems to have been quite a challenge.

Real User
Dec 12, 2018

One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs. AlienVault has three components to it, a sensor, a server, and a logger. Sensors grab data, servers correlate data, and loggers store data. The logger can only hold so much data. If they improved that, that would help.

Real User
Nov 26, 2018

The support could absolutely be better. It seems to have gotten worse with the AT&T acquisition. We have been hearing some not so great things from our associates in the field as well.

Real User
Nov 13, 2018

While it is relatively easy to use, it takes a little time to get used to where everything is located in the web interface. I do wish that their support would help a bit more with the analysis of alarms.

it_user955890 - PeerSpot reviewer
Nov 6, 2018

Taking into account that server access credentials are controlled by the tool, some more management-focused actions could be performed from AlienVault.

Real User
Oct 29, 2018

We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.

Real User
Oct 21, 2018

The only that I can think of is that is not ideal is sending Windows Server logs to their device, to the system. That has to be done on each server. I don't know if they have changed that.

Jason G. - PeerSpot reviewer
Oct 19, 2018

Although they use machine learning, the algorithms that they use are graph-based. Their AI/ML capabilities could be improved a bit.

Sep 16, 2018

Search performance can be slow. The Raw Logs feature is painfully slow. And if we're talking about the newer, the Anywhere product, you can't even schedule reports on it. There are probably a dozen other features I'd really like to see there, but that would be one of the biggies. Also, there is no visibility into the NIDS or HIDS agent configurations and no easy way to augment them. The same is true for vulnerability scanning, it's all or nothing; there are no fine-grain controls as there was in their older product. There is a lack of "real" visibility into the correlation rules, and the inability to create our own sophisticated rules (only very simple ones) is a big miss.

Aug 29, 2018

* They should improve the reporting capabilities. * Different functions to customize reports should be added. * Export features should not be limited to spreadsheets (.XLS) only.

Real User
Aug 16, 2018

The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management.

Real User
Aug 12, 2018

Honestly, the product itself is great. The only room for improvement I can mention is the initial installation procedures. I found that the online installation instructions for the product were missing important details, they lacked necessary steps. The product itself is fine.

it_user883449 - PeerSpot reviewer
Real User
Jun 6, 2018

* Plugins could be better utilized, as some of them do not recognize all logs. * We could add little more customization to dashboards.

kr1spy84 - PeerSpot reviewer
Feb 13, 2018

Many of the tasks on features are useless in our situation. NetFlow is worthless. Many of the built-in correlation engine solutions are just okay.

it_user752880 - PeerSpot reviewer
Oct 11, 2017

It should be able to communicate with other security solutions to stop threats.

USM Anywhere centralizes security monitoring of networks and devices in the cloud, on premises, and in remote locations, helping you to detect threats virtually anywhere. Discover Network asset discovery Software & services discovery AWS asset discovery Azure asset discovery Google Cloud Platform asset discovery Analyze SIEM event correlation, auto-prioritized alarms User activity monitoring Up to 90-days of online, searchable events Detect Cloud intrusion detection (AWS,...
Download USM Anywhere ReportRead more

Related Q&As