AlienVault USM (from AT&T Cybersecurity)

AlienVault USM (from AT&T Cybersecurity)

4.4
(96)

AlienVault USM (from AT&T Cybersecurity) is a platform that provides five essential security capabilities in a single console to manage both compliance and threats, understanding the sensitive nature of IT environments, include active, passive and host-based technologies to match the requirements of each particular environment.

Work for AlienVault USM (from AT&T Cybersecurity)?

Learning about AlienVault USM (from AT&T Cybersecurity)?

We can help you find the solution that fits you best.

AlienVault USM (from AT&T Cybersecurity) Reviews

Write a Review
Filter Reviews
Filter Reviews
  • Ratings
  • Company Size
  • User Role
  • For Category
  • Industry
Ratings
Company Size
User Role
For Category
Industry
Showing 96 AlienVault USM (from AT&T Cybersecurity) reviews
LinkedIn Connections
Sign in to G2 to see what your connections have to say about AlienVault USM (from AT&T Cybersecurity)
Eric M.
Validated Reviewer
Verified Current User
Review Source
content

"AlienVault has been a huge help"

What do you like best?

AlienVault has given us the opportunity to get a better look at what is going on within the network of our organization. The events shown have opened our eyes to many more activities than we ever knew about before, and implementing the NIDS piece only increased our visibility. The SIEM is easy to use and navigate, and resolution steps are very easy to follow and helpful.

What do you dislike?

At times, the online portal can be a bit sluggish or sometimes not respond at all. We have hit a wall when running scans at the wrong time and had to adjust groups and automatic scan times. We used to manually run scans on servers as we identified them, but had to relegate to adding them to groups to scan on off hours to help system usability.

Recommendations to others considering the product:

Great product for a very affordable price. Has helped us see things happening in and outside our network that we never knew about before hand. The NIDS also adds an extra layer of events that help see even more. The SIEM is easy to navigate and makes it easy to see everything in one place.

What problems are you solving with the product? What benefits have you realized?

AlienVault has helped us see outside scans and prodding we never knew existed. It has helped us monitor suspicious activity and malware within our network, and keep an eye on all network activity. The auditing features have helped us stay compliant with PCI DSS and other external audits we use.

What Security Information and Event Management (SIEM) solution do you use?

Thanks for letting us know!
Chris M.
Validated Reviewer
Verified Current User
Review Source
content

"Comprehensive SIEM Tool"

What do you like best?

Alienvault USM gives us the ability to monitor our on premise and cloud infrastructure via a single web based portal. It helps us to maintain our PCI compliance. We check our portal daily and i also get email alerts about alarms generated by the system. The system is relatively easy to set up and there are lots of plugins to translate the different log files generated by different manufacturers to give richer more useful information. Dashboards allow us to see trends and activity across all our areas of responsibility. We now get information from sources such as our Cisco Meraki switches, Office 365 Azure AD, One drive, SharePoint, Windows, and vmware systems. More integrations are being added all the time. It is also possible to create customized alarms and filters so that you can focus in on the things that are important to you. We like to run the joval (oval) scans on our in-scope systems weekly out of business hours so that end users are not impacted.

What do you dislike?

In order to get a fully compliant solution we had to go for a premium subscription. This allows 90 days of real-time search and a year of cold storage.

Recommendations to others considering the product:

Get an eval and have a play. The documentation is very good

What problems are you solving with the product? What benefits have you realized?

Alienvault USM has simplified our monitoring, vulnerability scanning, and ability to remain PCI Compliant.

We are now able to get logs from a much wider range of sources than was possible with our previous systems.

Juan Carlos G.
Validated Reviewer
Verified Current User
Review Source
content
Business partner of the vendor or vendor's competitor, not included in G2 scores.

"The best USM Anywhere"

What do you like best?

With the USM Alienvault we can detect threats in real time unlike other solutions, is a very good tool, easy to implement and use, and has a low cost.

I have a very good satisfaction with Alienvault nywhere technology because we only need to install the sensor at the customer's office because we are MSSP, does not require much configuration and neither radical changes in the client's network, once the sensor is well configured we can see real-time alerts on the central console in the cloud, this experience is very satisfactory because it does not require the server or logger at the customer's office.

What do you dislike?

There really is not much to say, but I have problems with the false positives detected.

Actually the only flaw I had was that I detected skype activity as a threat being a false positive, I spoke with alienvault and they explained me how to make a rule to omit from ids such behavior that was not malicious.

Recommendations to others considering the product:

Vulnerability scan of anywhere solution.

does not works same at the usm aio

What problems are you solving with the product? What benefits have you realized?

We was can detect with the anywhere solution a brute force attack and stop the attack before that the incident increased.

In a real case they talked to us to detect a malware infection, they had more than 400 computers and did not know where the propagation originated, they wanted to eliminate the root of the problem and thanks to Alienvault anywhere we found the problem, we isolated the computer that was infecting the entire network and the customer was satisfied.

Matthew W.
Validated Reviewer
Verified Current User
Review Source
content

"AlienVault USM Anywhere - SIEM in the Cloud"

What do you like best?

AlienVault USM Anywhere is easy to deploy with their Cloud-based model and deploying the required agents on-prem (or in the Cloud) is quick and easy. With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon Cloudwatch Logs. Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response. USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moments notice.

What do you dislike?

We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.

Recommendations to others considering the product:

If you SIEM on a budget and want a Cloud-based product with great support, consider this

What problems are you solving with the product? What benefits have you realized?

AlienVault USM Anywhere provides us with SIEM, at a low price-point and with a great array of functionality. SIEM is critical to our security operations and feeds incident response efforts.

Zoran G.
Validated Reviewer
Verified Current User
Review Source
content
Business partner of the vendor or vendor's competitor, not included in G2 scores.

"AlienVault an E-commerce"

What do you like best?

AlienVault USM Anywhere provided us excellent platform to offer managed security services for our clients deploying E-commerce solutions (online stores). Best features for our clients and us are out-of-box log analysis and alarms, help in achieving PCI DSS compliance and OTX cyber threat intelligence. Day to day monitoring is very easy with AlienVault USM Anywhere. Interface is very modern. AlienVault USM Central is a big plus for MSSPs.

What do you dislike?

Shortcomings of current AlienVault USM Anywhere version is reports automation and lack of robust rule engine as it is in AlienVault USM Appliance.

Recommendations to others considering the product:

Very good solution for quick deployment

What problems are you solving with the product? What benefits have you realized?

It was very easy for us to create our managed security services offer using AlienVault USM Anywhere. We are mostly software company so we are glad to be able to mostly avoid hardware administration and concentrate on security.

Layla B.
Validated Reviewer
Verified Current User
Review Source
content

"AlienVault USM Review"

What do you like best?

AlienVault is overall an easy product to use that has a significant amount of documentation and a growing community to help learn the product rather quickly. Our company has only been using AlienVault for a couple of years and we have a pretty solid understanding of the product.

What do you dislike?

The UI can be rather buggy. There isn't a day that goes by that we don't run into an error banner from trying to view an alarm that "doesn't exist in the database" or that the UI page isn't found. My personal favorite is viewing an event through the alarm information page and getting the "this event doesn't exist in the database". These types of errors make it significantly harder to do investigations.

Recommendations to others considering the product:

The product is definitely getting better - the features are being more refined and as an MSSP there is a significant amount of resources Alienvault offers. It's definitely worthwhile to check-out, but it isn't for everyone.

What problems are you solving with the product? What benefits have you realized?

Reporting on vulnerabilities. The vulnerability scans are nice for getting an overall view of an asset. If you need more in depth, the open source tool AlienVault uses won't be enough. But for giving an overall "security health checkup" to a customer it gets the job done.

Cary W.
Validated Reviewer
Verified Current User
Review Source
content

"Great tool for security team"

What do you like best?

It is easy to setup and use, especially for a small team. Support is great as well.

What do you dislike?

Rules can sometimes get a little complex, but there is good documentation and support for this.

Recommendations to others considering the product:

spend some time checking out the online demo. Also, make a list of what you need in a tool, and do a demo with an account manager and support person to make sure you understand fully what they offer.

What problems are you solving with the product? What benefits have you realized?

Primarily intrustion detection and ingest of AWS logs for risk analysis. For a small team it is a great tool when you need to have logs audited on a daily basis for compliance. This tool allows us to check multiple boxes for our PCI compliance all at once.

Jorge R.
Validated Reviewer
Review Source
content
Business partner of the vendor or vendor's competitor, not included in G2 scores.

"AlienVault USM Anywhere"

What do you like best?

The solution is very complete due to the way it operates in the user's resources, which makes it very intuitive and innovative. Each one of the modules complements it as well as the solutions that are being added for monitoring make it unique in the market with high value. I totally like the tool and it has helped me too much here in the company to detect attacks in real time and have reaction time to prevent them. On the other hand what I love the most is that the solution recommends you to do for prevention. It would have been a plus if the solution had an agent to check the health status of the team or perform tasks as an endpoint that I hope in the future can be added as an option. I think he is on the right track and I don't doubt that in the future he will be number 1 in his category. Your user training program is excellent as it helps us become familiar with the tool and apply good practices in our environment and also for personal knowledge. Alientvault is wonderful and maybe I will use it for a long time as it helps me too much. Thank you Alienvault.

What do you dislike?

We would like in the future to include an agent in the equipment and interact more with the other security solutions, for the time being is complete but I think it might help to have an agent to notify you of the health status of the endpoint.

Recommendations to others considering the product:

None so far.

What problems are you solving with the product? What benefits have you realized?

Prevention of cyber attacks and constant monitoring of my users to validate their activity.

Karl H.
Validated Reviewer
Verified Current User
Review Source
content

"Security that is out of this world"

What do you like best?

The ease of use and customization. The USM is a work horse, no matter what devices or the number of logs we throw at it, the system processes them in real-time, correlates the events, and alerts on only events that need human review.

What do you dislike?

The one thing I continue to dislike about the USM is the limitation on reports. Hard to get what you need in a report and once you do there is no control over the formatting.

Recommendations to others considering the product:

Compare how AlienVault does Events Per Second (EPS) compared to others. Most other products charge based on EPS, the more events the more you have to pay. This causes most companies to limit the amount of logs sent and processed. AlienVault charges by the number of devices managed, you can send anything and everything to the USM. The more logs you can process the better correlation you will have. I have found that companies that limit their logs then have a security incident would have been able to identify the attack if they would have been monitoring all events in their logs.

What problems are you solving with the product? What benefits have you realized?

We are able to get a real-time view on of our security that is accurate. We have seen a dramatic increase in the productivity and efficiency of our security team. We are now able to identify and stop security issues before they get out of control, usually before anyone else even notices.

Mikhail K.
Validated Reviewer
Review Source
content

"Great SIEM product"

What do you like best?

We deployed AlienVault as an Open-Source SIEM for continuous traffic monitoring and behavioural analysis. Another great features of AlienVault are file integrity monitoring, HISD/NIDS, integration with external systems via API. The implementation was straightforward. The customization of product is not quite simple, but it depends on your needs and time you are ready to invest to SIEM. We found that training directly from vendor was really helpful. It allowed us to implement the system in our environment with minimal issues. AlienVault's correlation engine is well designed and it understands a huge number of log types.

What do you dislike?

Limited alerting out of the box. Nothing special to say here. AlienVault is very good at communications on the right things at the right time.

Recommendations to others considering the product:

This is one of the best SIEM we tried. I would definitely to try it, at least to go with the proof of concept.

What problems are you solving with the product? What benefits have you realized?

AlienVault USM is a great tool for medium-size organizations. It helps us collect and log from a variety of sources. We use that information to generate security events. AlienVault also helped us to track which systems are most vulnerable to security issues so we can prioritise patching. AlienVault is an excellent company with a great product.

Erlon S.
Validated Reviewer
Verified Current User
Review Source
content

"An excellent tool that delivered us much more than we were looking for."

What do you like best?

The way the tool handles several extremely important areas in security management. At the same time, we have a vulnerability scanner, we have a SIEM and a cloud event analyzer. Several crucial tools delivered in just one platform.

What do you dislike?

The licensing model based on monthly traffic brings a recurring concern so that the monthly limit is not reached.

Recommendations to others considering the product:

strongly recommend joining the official training of the tool. This allowed us to discuss with other users, various situations as well as best practices.

What problems are you solving with the product? What benefits have you realized?

In our case, the main thing is the adequacy to the GDPR and the delivery of information that allow us to fulfill our security policy.

Brett C.
Validated Reviewer
Review Source
content

"AlienVault USM Anywhere SEIM"

What do you like best?

The product is easy to use for small organizations that require network and security monitoring. It allows us to monitor systems that are located in geographically different areas than our business office. We can now monitor remote and mobile endpoints with ease.

What do you dislike?

There are times when it can be difficult to get a plugin to work with the USM software. This seems to be getting better as they courteously add and update features but it is still little troublesome at times.

Recommendations to others considering the product:

Make sure your monitoring interfaces are located properly within your organization.

What problems are you solving with the product? What benefits have you realized?

AlienVault USM has helped with issues such as risk management. We are better able to identified potential risk associated with IT. The benefits we have received are such that we can now better to respond to risks that affect our business. With this being the USM Anywhere version, we are able to solve the problem of protecting remote and mobile endpoints from one plane of view with ease.

Jorge L.
Validated Reviewer
Verified Current User
Review Source
content
Business partner of the vendor or vendor's competitor, not included in G2 scores.

"Alien as a MSSP"

What do you like best?

The order of the data, is esay to find an incident and have a security over view of the network to more eficiente in our plan of incident respone

What do you dislike?

More AlienApps, that permit have more iteraction with other solucion and make esay to get the info for the antimalware or the antispam looking and be able to to actions directo form the console to solucion and event in the network

Recommendations to others considering the product:

More Alien Apps

What problems are you solving with the product? What benefits have you realized?

Can incomporate multiples solucion in one security view make easy to identify and take action over an security event and make reportes of the activity

James E.
Validated Reviewer
Verified Current User
Review Source
content

"Simple and understandable security interface"

What do you like best?

I do not have to 'dig' within multiple levels of information to see what is going on. I can view the current alarm notifications in 1 large readable format. If an event catches my attention I can then delve into the details from here.

What do you dislike?

The inability for assets that have been identified to be tracked by MAC address. After spending the time to identify all our assets in the network I have found that devices with DHCP address can be incorrectly identified. Example hostname frplabws02-pc is currently recognized as:

frplabws02-pc (192.168.***.***)

jack-win7.***.local,mikes-pc.***.local,frplabws02-pc.***.local

But DHCP lease has identified the system as : lorettas-iphone.***.local

What problems are you solving with the product? What benefits have you realized?

To monitor computer systems for vulnerabilities not previously identified. The system discovered an ongoing port scan against our servers that was not identified before. Our main server was getting hit with a port scan to RDP 3389 (default port). Once this was discovered I changed the default port, created firewall rule on the desktop and our cisco firewall to allow legitimate access. Once configured the random port scan stopped and our network seemed to be more responsive.

Javier R.
Validated Reviewer
Verified Current User
Review Source
content

"Is the SIEM you want"

What do you like best?

Best of USM is that you have all tools in one place, vulnerability scanner, netflow, hids...the other thing is the easy way to implement this product you have a wizard in the beggining that help step by step using the best practice like scan your network to find assets and adding to the usm inventory, next initiate the logger from security devices or other programs like, switches, firewalls, AV, you can add a span port to help improve your security this help to see malwares, danger applications, or if you have compromised the netflow help to see if there is a stranger behavior in the network. The USM have a ticket system that help to follow the alarms

What do you dislike?

some times the system have database problem, like generating reports that have too much time like two months ago you cant get the information sometimes, the other thing is when you do a vulnerability scanner you cant do anything because all the performance are using for the task, the other think is the dificult to follow a behaviour that you want to investigate so you have to add the alarm id and find it manually

Recommendations to others considering the product:

the best you can do is buy a AV Appliance have all that you need that include like 24 gb ram 1 tb of hdd 16 n so that is one option to buy.

What problems are you solving with the product? What benefits have you realized?

monitoring and saving time finding threats in the network.

Paul R.
Validated Reviewer
Verified Current User
Review Source
content

"No Fuss, No Muss, Does what it says on the Tin"

What do you like best?

The solution "just works"... once you've got it set up. Support is usually great and the community surrounding the product is top notch.

What do you dislike?

KB Articles leave a bit to be desired and sometimes lack depth or go into too much detail where none is needed, a second pass through technical writers would be a good idea.

Recommendations to others considering the product:

You owe it to yourself to at least eval the OSSIM product if you're shopping around, it should give you a good idea of the product without investment.

What problems are you solving with the product? What benefits have you realized?

SIEM first, ask questions later. The USM thrives as a SIEM and does this at a lower cost of entry than many competitors. Everything else can be hit or miss but it always works... just not necessarily the way you want or in a way that is immediately intuitive.

UI
User in Information Technology and Services
Validated Reviewer
Verified Current User
Review Source
content

"AlienVault Pefect for InfoSec SMB"

What do you like best?

1. It's an appliance.

2. It's easy to setup.

3. It's a ton of information.

4. Integrated ticketing system allows for assignment of vulns and closure.

5. UI is good. Easy to use.

What do you dislike?

1. Customization capabilities are limiting:

- We want the AlienVault to be the dashboard for state of health. You get some things.

- Reports are good, but that data can't be put on the dashboard in many cases.

2. AlienVault has BI capabilities, but doesn't leverage BI on the dashboard effectively.

3. AlienVault advertises it's central solution for InfoSec. True for SIEM, but not true for many other aspects. Frustratingly, it could be as the solution is very capable through it's modularity of functions.

Recommendations to others considering the product:

1. Give it a chance. It has many features that compete with other more expensive products, like Rapid7.

2. Work with the sales engineering team to put the product through it's paces in POC.

3. Negotiate training when purchashing. Training is essential for full experience.

What problems are you solving with the product? What benefits have you realized?

1. Security Vulnerability Assessment and tracking of production systems.

2. SIEM Logging and alerting of all security products.

3. Monthly reporting audit requirements.

Kristopher H.
Validated Reviewer
Review Source
content

"Alien Vault USM"

What do you like best?

I like the fact they provide a free version of their flagship product in a .ova or vmdk file format so it is quickly loaded into VMWare or Virtualbox and can be deployed on the network quickly. Also, love the logo similiar to my Alienware laptop. I like how AlienVault targets capabilities for small IT security teams of up to

about 20 people, regardless of the size of the organization.

What do you dislike?

Bit of a learning curve, but there are lots of great tutorials and their support on their website is top notch.

Recommendations to others considering the product:

Easy to pick up, check out the free OSSIM if you're concerned about cost or adoption.

What problems are you solving with the product? What benefits have you realized?

Automated Monitoring, Logging, etc. Incident response and integration of various systems to get a better picture of the threat landscape.

Trevor S.
Validated Reviewer
Verified Current User
Review Source
content

"Well Rounded Product"

What do you like best?

This product was easy to get up and running, has a great support team behind it, and has a variety of great tools built into one package.

What do you dislike?

The main problem I have with the USM solution is the tendency for the information to easily overwhelm and thus be ignored. For instance, filtering out expected events tends to be more cumbersome than I would hope.

Recommendations to others considering the product:

When selecting a USM solution make sure you speak with a representative about their free trial options. They have different products depending on organization size and their trails are fully functional.

What problems are you solving with the product? What benefits have you realized?

Alienvault was purchased to meet our needs pertaining to PCI Compliance standards. We were able to use Alienvault to complete four different requirements for monitoring rather than using multiple programs.

Jason G.
Validated Reviewer
Review Source
content
Business partner of the vendor or vendor's competitor, not included in G2 scores.

"Fantastic Value for a SIEM Solution"

What do you like best?

I am speaking to USM Anywhere specifically as that is now the primary solution. It is easy to deploy and very easy to manage. The GUI is modern, user-friendly, and intuitive.

What do you dislike?

As far as AI goes, it's only using graph-based machine learning. However, from what I hear, they're working on more advanced implementations of AI for the next year or 2.

Recommendations to others considering the product:

Although they use machine learning, be prepared, if a client really wants to know, that it is graph-based.

What problems are you solving with the product? What benefits have you realized?

As do most SIEMs, AlienVault allows us to monitor the security of the organization as a whole in a central location. It has great integration with several different technologies and an API for more support if necessary. All the added features, such as vulnerability scanning, make it a great product.

David C.
Validated Reviewer
Verified Current User
Review Source
content

"Making my job easier or harder depending on how you look at it."

What do you like best?

I like that it one dashboard I get a great overview of what my network is doing.

What do you dislike?

I dislike the agent deployment process and which it were more flexible.

Recommendations to others considering the product:

Really do like the software as any company should they continue to improve their product. As I use the product more I begin to realize the cost savings we are actually accumulating such as with the new WannaCry. I hear company after company getting hit by this malware as we had already closed up the vulnerability of SMBv1 in our network due to it showing on my vuln list weeks prior. This alone has saved my company quite a bit of funds.

What problems are you solving with the product? What benefits have you realized?

We are utilizing this software to prevent and secure our network from malicious attacks and also providing a means to measure our compliance actively.

AM
Administrator in Management Consulting
Validated Reviewer
Verified Current User
Review Source
content

"Its the People that make a great product"

What do you like best?

Ease of use, clarity, the support and training - enthusiasm of the support and training teams - training is fantastic - we also had a day of consultancy and that was extremely insightful - the product brings a broad feature stack in one clean unified interface - its easy to install, and maintain - the OTX pulses are very helpful and provide a powerful platform for almost instant detection of emerging threats - worth subscribing to whilst you eval the product

What do you dislike?

Some aspects of the upgrade process - the fact that you backup, upgrade the system, but that backup is worthless as it can only be used on the previous build version, which would require a downgrade install and fresh build - fine in a VM world if you are using the virtualised version of the product and can take a snapshot, but could be improved upon. We run another backup post upgrade for completeness and compatibility. Some of the menus/features are over nested - not always clear where to find things.

Recommendations to others considering the product:

Run an Eval, give yourself time - its a comprehensive product- make sure you understand the networking requirements - do the training - its great value and very well taught - understand the need for remote sensors - only log what you need to!

What problems are you solving with the product? What benefits have you realized?

The primary purpose of AlienVault USM is to provide us with additional insight in to the unknown - what's happening on our network, and servers and to provide an SIEM platform to help reduce risk and improve management, bring insight in to our logs.

C
Consultant
Validated Reviewer
Review Source
content
Business partner of the vendor or vendor's competitor, not included in G2 scores.

"Alien Vault USM"

What do you like best?

Is a complete security solution and is easy to install. I think is a transversal security solution, can give a full vision of network. Enables companies to optimize security investments and increase the efficiency of their technology infrastructure. It has essential security features that allow an organization to monitor applications and systems, in addition to its network services, gives us the ability to understand the vulnerabilities of such systems, identify new threats that actively compromise the network, as well as make detections for suspicious behavior that could indicate a compromised system.

AlienVault USM generates and stores records and events from all your local and cloud environments for 12 months, simplifying records management and review and helping you meet regulatory record retention requirements.

In addition to the benefits of the solution allows a correct and high compliance with security standards such as ISO/IEC 27001, HIPAA, Payment Card Industry Data Security Standard (PCI DSS), CIS Critical Security Controls, among others.This is possible because of:

- asset discovery,

- vulnerability assessment,

- file integrity monitoring,

- SIEM

- logs

- Reports for PCI-DSS, HIPAA, NIST and more

Recently in Mexico, companies are being required to comply with regulations, including as a requirement to banks by the CNBV.

What do you dislike?

I would like to have more training material, preferably in Spanish language, as well as training in this language since most of the content is in English language. There could even be practical laboratories with real scenarios in virtual environments.

Recommendations to others considering the product:

only learning material in Spanish

What problems are you solving with the product? What benefits have you realized?

- Compliance

- Monitoring

- Vulnerability Detection

- Asset Discovery

- Event correlation

A
Administrator
Validated Reviewer
Verified Current User
Review Source
content

"Excellent Compliance Basis "

What do you like best?

USM Anyway agent which protects our cloud environments with integrated thread intelligence hub one of the best security our security upgrade within last year. SEIM makes us feel that we have a virtual security office which cares about us

What do you dislike?

I would be happy to collect all application logs withing AV, but our current plan doesn't allow this. And sure we want to have more features.

What problems are you solving with the product? What benefits have you realized?

AV USM was introduced as a required part of SOC 2 compliance and we a happy to get such an integrated solution. Also, we managed to find and fix the number of existing for years security issues in the infrastructure.

AC
Administrator in Computer & Network Security
Validated Reviewer
Review Source
content

"Okay Solution that does not play well with others"

What do you like best?

The log analysis component works well and adding additional alerting rules is pretty simple.

They have a large number of modules for ingesting logs from a variety of systems.

Support is pretty good.

Open threat exchange is an excellent idea and well implemented.

The UI is ok

Annual cost is better than most

Using the USM client is a quick and easy way to forward system logs into USM.

They have a easy to read task list of what is in their pipeline for new features.

What do you dislike?

The lack integration with other tools. They have a ticket system that is ok, it would be better if they had integration with third party tools like Jira.

They have assets that are used to conduct scans and assign modules for understanding logs taken from it. Again there is no integration with any third party asset management system.

They have a vulnerability scanner however its not as through as some of the alternatives and you can not initiate scans via an api.

They claim to have a compliance scanner what they really have is a set of canned reports that you can provide to an auditor. A compliance scanner is something like openscap.

They only allow in the ingesting and processing of Office 365 logs in their cloud solution. There is no reason why this couldn't also be done with their on premise solution as well.

It would seem that development of their USM product has slowed to a crawl. If you monitor their change lists on their website the upcoming changes to their USM product is woefully lacking. It would be better if they used the same code base for both platforms and when one feature was added to one platform it would also be available to the other.

Recommendations to others considering the product:

Do a feature comparison and go with the system that has the best cost for the features you need.

Qualys appears to be the most featured product but the most expensive.

Rapid 7 is a little more expensive but has a few more features that Alienvault needs to add.

I would take another look at tenable's solution as its changed a good bit since my last eval.

Alienvault may be missing some of the features I was looking for but they have provided great support and their features cover most of what I was looking for.

The Alienvault USM Appliance seems to be lagging behind their USM Anywhere product as far as development goes. If you are not required to have Fedramp certified cloud services I would recommend going with USM anywhere over the USM appliance. However USM Anywhere does cost a bit more.

What problems are you solving with the product? What benefits have you realized?

AlienVault USM analyses our logs and reports vulnerabilities.

Marcela G.
Validated Reviewer
Verified Current User
Review Source
content

"Alienvault is a good choice as SIEM"

What do you like best?

It is easy to understand and use, the training by the staff is excellent and fast since they have solved several doubts. . Alienvault is a product that works well for companies that do not have personal security insurance, which is quite easy to start up and manage.

What do you dislike?

I have nothing that I dislike about AlienVault

What problems are you solving with the product? What benefits have you realized?

DS, vulnerability scanning, activity time monitoring, notification of when a server or device is disconnected, network mapping, network asset detection, malware monitoring, network traffic monitoring, record consolidation, activity alert suspicious etc.

Aden L.
Validated Reviewer
Verified Current User
Review Source
content

"Excellent cost effective security for smb"

What do you like best?

Ease of use, flexibility and feeling secure.

What do you dislike?

nothing bad to really say. There's a small learning curve involved in turning alerts to your environment but the documentation and support team are stellar in helping you along the way.

What problems are you solving with the product? What benefits have you realized?

PCI and SOX compliance are a breeze. Effective Intrusion detection and unifying our security tooling into a single pane of glass view were also big wins.

AI
Administrator in Investment Management
Validated Reviewer
Verified Current User
Review Source
content

"Great Product, very flexible but difficult to get started"

What do you like best?

The product is amazing in terms of what it can do, it is very flexible and powerful. Lots of features relating to alerts on potential threats. In addition the ability to package a SIEM into the same product is great.

What do you dislike?

It is complicated to get started. It takes a big learning curve to get up and running. The online training is basic at best and their online courses are "In Person" so you have to sit through an entire session at one time. I don't have 5 full days to take a training class (EVER).

Recommendations to others considering the product:

Make sure you have the bandwidth to dedicate for setup and training. This is not a product that is set and forget. You must install and customize it to your environment before it will be useful.

What problems are you solving with the product? What benefits have you realized?

I was looking for a vulnerability scanner to solve a business requirement of being able to scan my entire network and prioritize vulnerabilities.

Ruben H.
Validated Reviewer
Review Source
content

"Alienvault Good Choice For All Around SIEM"

What do you like best?

Integration of security tools in one platform, I think is a differential on the market with the others SIEM's, the ease of modify and create my own plugins although is need have a deep linux knowledge.

I think the reports is very good, the solution have the templates to get information and take decisions to improve the security controls.

What do you dislike?

It's not just AV, I think all platforms in the market needs to improve the GUI to have a better manage and I think the preformance in the appliances need improve and last, more documentation or improve the KB to have a better knowledge to do troubleshooting.

Recommendations to others considering the product:

Deployment, integration and scalability

What problems are you solving with the product? What benefits have you realized?

It is perfect to have the best visibility of the behavior of the network with reports and to give evidence to the compliances such as ISO 27001, also is great tool to begin to established indicators to the SOC with the data recollected

Eric S.
Validated Reviewer
Verified Current User
Review Source
content

"It's a Swiss Army Knife of Functionality"

What do you like best?

One pane of glass covers a lot of functionality. Alienvault provides an awful lot of coverage at a very reasonable price. And, over time the user interface has improved and the linkages between functionality has become better. We are looking forward to being a long term customer.

What do you dislike?

Updating could be better. Occassionally there is regression in small pieces of functionality during an update. Most updates are just fine; however, some of the updates have caused problems - especially with vulnerability scanning (slower scanning). This is usually resolved fairly quickly, but it would have been helpful for this to be better QA'd first.

Recommendations to others considering the product:

If you need a lot of functionality in one solution - this is a great tool. It may not be 100% of the best point solution, but it will be 80-90% of the functionality and nearly 100% of what you would actually use anyway.

What problems are you solving with the product? What benefits have you realized?

SIEM, VulnManagement, HIDS, Asset Discovery - Basically, excellent coverage on required toolsets to manage an InfoSec Program.

Philip G.
Validated Reviewer
Review Source
content

"Industry Tools from the College Classroom to the Field"

What do you like best?

The executive dashboards give an immediate presence when displayed in the classroom environment on a big screen television as a dashboard. Students become inquisitive to learn what a product like USM or SIEM is, as buzz words become alive to touch an actual product. It is one thing to read about a Unified Security Manager (USM), or a Security Incident Event Manager (SIEM), but to actually visually see in a production environment and use it is another story.

What do you dislike?

There is a huge learning curve to understand the product. False positives provide a means for the students to do adequate research on a particular event and determine if what actually happened in the environment did indeed happen.

Recommendations to others considering the product:

Have a dedicated person understand the product and give them the time to use it.

What problems are you solving with the product? What benefits have you realized?

Many of our students are using AV in their required internship jobs as the companies they go to work for in the field are using the product. This is a great way for students to learn the product in a production lab environment without fear of breaking something.

Clark B.
Validated Reviewer
Review Source
content

"It does the job"

What do you like best?

The software is user-friendly, and anyone can be trained to use it. New employees don't take a LOT of time trying to get used to it. In my organization's scenario, the on-premise appliance provides great value as we are a small company with site inter-connectivity. Where I am not too sure of is how exactly the product scales with very large networks with separate Windows and network domains.

What do you dislike?

Could be a little less expensive for other companies to try out. Walking through all the devices after a Nmap or device discovery scan can be tedious to get the data correct

What problems are you solving with the product? What benefits have you realized?

The vault helps protect all kinds of data and helps with encryption as well

Kevin W.
Validated Reviewer
Review Source
content
Business partner of the vendor or vendor's competitor, not included in G2 scores.

"AlienVault Locks it Down"

What do you like best?

AlienVault provides a simple, customizable dashboard to easily see the most important things going on in your environment. It goes beyond traditional SIEM by providing things like File Integrity Monitoring, IDS and Asset Management. It also has very simple integration with common cloud services (USM Anywhere only).

What do you dislike?

From a volume perspective, if you have a ton of log data, it isn't the best tool for traditional SIEM activities. There is also no migration from USM Appliance to USM Anywhere. You basically have to start over if you move some things to the cloud and want to capture that information.

What problems are you solving with the product? What benefits have you realized?

Besides being a SIEM platform, I consider AlienVault to be a security/threat management platform. It provides IDS, SIEM, and active threat monitoring.

Richard P.
Validated Reviewer
Review Source
content

"Keeping an Eye of your Network"

What do you like best?

AlienVault's ability to monitor all HIDS and NIDS traffic and to correlate security events to warn you of breaches or malware is exceptional. They constantly update their intelligence and will provide a view of the network for the cyber security engineer that ordinarily he or she would not have.

What do you dislike?

I would recommend that the installation be done by a certified engineer. The setup is critical and not intuitive.

Recommendations to others considering the product:

Powerful product. Setup is crucial and monitoring a must.

What problems are you solving with the product? What benefits have you realized?

Firewalls, Endpoint protection, IDS, Sandboxing are all necessary components of network security. They usually do a great job in keeping malware and threats from penetrating their defenses. However, nothing is 100% effective. AlienVault makes sure that if anything does get through, AlienVault let's me know so I can handle the intrusion. Without it, I wouid be network blind.

Karel .
Validated Reviewer
Verified Current User
Review Source
content

"AlienVault USM - technology of data distillation to information"

What do you like best?

One graphic enviroment can orchestrate six security tools. Every tool is so connected with everyone. Together they achieve higher values. Information context, graphical form and interactivity also give this community a tool of a special spirit. Good idea, good execution.

What do you dislike?

AlienVault USM use MySQL like main database engine. I would like to be able to connect to another database, for example some graph database (Neo4J) or object database (CEPH).

Recommendations to others considering the product:

Please - try to create a better environment for parser creation and correlation.

What problems are you solving with the product? What benefits have you realized?

we provide more secure security for clients who are unattainable for better security.

Shaun S.
Validated Reviewer
Verified Current User
Review Source
content

"More than just a SIEM"

What do you like best?

I like all the features in AlienVault. Vulnerability Scanning, SIEM, IDS, File Integrity Monitoring are all critical functions we use daily

What do you dislike?

It does take some configuration of plugins, but AV will create ones given log files. Additionally, the vulnerability scans can take some tweaking but they are always updated with new vulnerabilities.

What problems are you solving with the product? What benefits have you realized?

We started looking for a SIEM and found AlienVault did so much more. We were able to convert older systems and consolidate all our logging and alarms in one system. I appreciate all the functionality AV gathers into one windows pane.

AI
Administrator in Information Technology and Services
Validated Reviewer
Verified Current User
Review Source
content

"Alienvault USM"

What do you like best?

I love the ability to see anything and everything that is going on in my network. The dashboard and alarms page are the beginning and end of my days and it makes my daily life easier!

What do you dislike?

Without training, the product is quite usable, but even with some training, there is usually a need for additional training in order to fully utilize all of the capabilities. I wish it were easier to mark events as false-positives instead of having to create custom policies that can take a bit to configure properly.

Recommendations to others considering the product:

Alienvault is the only SIEM that I've used, but I've worked with former federal agents and they swear by Alien Vault so you know it's good.

What problems are you solving with the product? What benefits have you realized?

We are concerned with HIPAA regulations and the built-in reporting is great.

Pedro Luis V.
Validated Reviewer
Review Source
content
Business partner of the vendor or vendor's competitor, not included in G2 scores.

"Analysts point of view"

What do you like best?

Talking specifically from a performance stand point I really like the interface and the smoothness of the platform as most of our clients use USM Appliance its a nice change of pace not having to deal with the physical appliance it self.

What do you dislike?

I feel like reporting is not as well built as it is on USM Appliance or lacks customization.

What problems are you solving with the product? What benefits have you realized?

Most of our clients are looking to migrate to the cloud to reduce their infrastructure, using AWS or Azure and this system helps us provide them with a solution that we are comfortable with.

Corey S.
Validated Reviewer
Verified Current User
Review Source
content

"Secure Compliance Solutions uses AlienVault to provide Managed Security Services"

What do you like best?

The Visibility it provides into the traffic traversing the network. From the moment it is set up and configured, it is providing value.

What do you dislike?

It can get be expensive to install. Also, the product requires a handsome supply of system resources.

Recommendations to others considering the product:

Consider going with USM Anywhere if you plan on managing it internally.

What problems are you solving with the product? What benefits have you realized?

Information security management and general piece of mind. The news is inundated with stories of system breaches. With AlienVault installed and configured, there is always a team of security researchers on your payroll.

CI
Consultant in Information Technology and Services
Validated Reviewer
Verified Current User
Review Source
content
Business partner of the vendor or vendor's competitor, not included in G2 scores.

"Good product that solves a lot of issues in the security sector"

What do you like best?

I like that we solve a lot of issues such as vulnerability assessments, correlated to alerts under one solution

What do you dislike?

support is not the greatest. They can be good depending on who you get, or they can be not great. The issues we have had have sometimes been resolved in a timely manner, and others that were more pressing have taken way too long.

Recommendations to others considering the product:

Good product for small/medium businesses. It does not do as well once it gets to a certain point.

What problems are you solving with the product? What benefits have you realized?

solves SIEM solution, continuous vulnerability assessments, potentially HIDS, as well as reporting/compliance.

CC
Consultant in Computer & Network Security
Validated Reviewer
Review Source
content

"It Has Powerful Threat Detection, Incident Response, And Compliance Management"

What do you like best?

AlienVault Unified Security Management (USM) has powerful threat detection, incident response, and compliance management. We can use this across cloud, on-premise and hybrid environments.

The reason to use USM is that it has the following components in its package:

Asset Discovery

Vulnerability Assessment

Intrusion Detection

Behavioral Monitoring

SIEM & Log Management.

What do you dislike?

AlienVault must improve their correlation feature. Some of the events do not match with the correlation rules and some of the correlation events are false-positive.

What problems are you solving with the product? What benefits have you realized?

AlienVault has an advanced component within one package. With this, we can cover more area with one solution.

As a example, it has vulnerability assessment component built-in. From this, we can do the vulnerability assessment easily and we do not have to buy another solution for the vulnerability assessment. It is easy to use and we can take better advantage from an all-in-one solution like USM.

AF
Administrator in Financial Services
Validated Reviewer
Verified Current User
Review Source
content

"Great data aggregation and monitoring"

What do you like best?

The more data you feed into AV, the better reporting and analytics you get out of it. Since AV can cross correlate different sources of data, it notifies our team much more quickly of any potential issues.

What do you dislike?

The amount of granularity can become overwhelming. However, it becomes much easier after a bit of time with the rules.

Recommendations to others considering the product:

If you need data aggregation for your security events, this is the tool to use. On top of the standard SIEM features, AV's OTX community is great resource for security events that happen around the world.

What problems are you solving with the product? What benefits have you realized?

Security monitoring and awareness. We now have a single pane of glass to all things related to security on the network.

Juan W.
Validated Reviewer
Verified Current User
Review Source
content
Business partner of the vendor or vendor's competitor, not included in G2 scores.

"Anywhere is amazing!"

What do you like best?

The search and filters is a huge step up from Appliance. Having OTX is comparable to have a large family that helps you even at your lowest point. The plugins are great to have.

What do you dislike?

The Search and Filters Advanced option. I wish it was always advanced.

Recommendations to others considering the product:

N/A

What problems are you solving with the product? What benefits have you realized?

Advanced Security Analysis

CI
Consultant in Information Technology and Services
Validated Reviewer
Verified Current User
Review Source
content

"AlienVault USM Anywhere"

What do you like best?

AlienVault USM Anywhere is a great product. Its ability to post threat data to a cloud console is a huge improvement over the previous reporting functionality.

What do you dislike?

It can still be difficult to integrate with 3rd party products. Digesting logs from some devices still requires plugins to be build manually - but they have made great strides in including more plugins by default. DHCP-based networks are still quite challenging to deal with.

What problems are you solving with the product? What benefits have you realized?

It is a great tool for knowing what types of activities are happening on your network. It has enabled the mitigation of several benign but unwanted applications on the network.

U
User
Validated Reviewer
Review Source
content

"AlienVault gives us detailed insight into what is happening on our network as it occurs "

What do you like best?

AlienVault has all the tools needed to get a complete view of what is happening on our network, from network traffic to to log management, even to what suspicious processes are being executed on our client workstations.

What do you dislike?

The only fault with AlienVault is that the dashboards can be a bit slow to render.

Recommendations to others considering the product:

Get your business processes in order so that you can fix all the issues that you are going to find with your network

What problems are you solving with the product? What benefits have you realized?

We are now able to easily prove PCI compliance and ISO 27001 compliance around the areas of log managment and FIM. AlienVault makes it very easy where as before we had multiple systems that did not tie together.

AE
Administrator in Education Management
Validated Reviewer
Verified Current User
Review Source
content

"AlienVault USM is the guard dog you need"

What do you like best?

The quick out of the box setup. The easy to figure out settings because their documentation is not very good. The customization ability for plugins, rules and alerts. The integration with OTX makes it feel being part of a world wide Infosec Operation.

What do you dislike?

Documentation and training are not good. The product itself is pretty solid and has never given me issues and i've implemented it at 2 different companies. Their support is very solid and responsive.

What problems are you solving with the product? What benefits have you realized?

It has given both companies i have implemented this at the ability to get into the SEIM space at a nice price. My teams have been small so being able to implement, tune and train has been very important.

Kevin M.
Validated Reviewer
Verified Current User
Review Source
content

"AlienVault USM Single Pain of Glass"

What do you like best?

All the monitoring is right at your finger tips.

Easy to navigate with plenty of features to do the job,

What do you dislike?

It does take a little while to learn where all the features are located.

The appliance does so much right out of the box, maybe there could be different user levels.

Recommendations to others considering the product:

Defiantly is worth the investment, you won't be sorry.

What problems are you solving with the product? What benefits have you realized?

Keeping our environment safe.

Definitely helps with alerting the threats. Great device for log collection and reporting.

Karl S.
Validated Reviewer
Verified Current User
Review Source
content

"Feature packed but unrefined"

What do you like best?

AlienVault is made of well known open source tools which makes it highly customization.

What do you dislike?

The UI is a bit unrefined and the reporting is not the best to look at. The software can also be unreliable.

Recommendations to others considering the product:

Be knowledgeable with linux and take their training course to become familiar with the product.

What problems are you solving with the product? What benefits have you realized?

Security visibility and monitoring.

David I.
Validated Reviewer
Review Source
content

"Alienvault USM for Security professionals"

What do you like best?

AlienVault is an all-in-one SIEM device for monitoring events on your network. Not only does it monitor everything on your network, but also comes with a built-in vulnerability scanner.

What do you dislike?

Some of the reporting capabilities are not quite as robust as I would like.

Recommendations to others considering the product:

For the price that AlienVault is; it is hard to beat everything you get; Events plus a vulnerability scanner.

What problems are you solving with the product? What benefits have you realized?

Solving the issue of having tons and tons of events scattered throughout the organization, but no way to have one place to find what all is happening. With Alienvault we have been able to see everything for the organization, in one nice dashboard.

Learn more about AlienVault USM (from AT&T Cybersecurity)

AlienVault USM (from AT&T Cybersecurity) Videos

Kate from G2

Learning about AlienVault USM (from AT&T Cybersecurity)?

I can help.
* We monitor all AlienVault USM (from AT&T Cybersecurity) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. Validated reviews require the user to submit a screenshot of the product containing their user ID, in order to verify a user is an actual user of the product.