LevelBlue USM Anywhere Reviews & Product Details

It is easy to setup and use, especially for a small team. Support is great as well. Review collected by and hosted on G2.com.

Rules can sometimes get a little complex, but there is good documentation and support for this. Review collected by and hosted on G2.com.

Outstanding SIEM for small security teams. Fairly robust out of the box feature set and integrations from a SIEM point of view. Integrations with AWS, Slack and other industry leading security and back office SaaS apps, combined with AlienVault's OTX threat intel and AlienVault labs rules are the big reasons we went with this. Platform is easy to stand up and doesn't require a ton of maintenance. Review collected by and hosted on G2.com.

Vulnerability scanning and management platform is bare-bones and lacking; primarily because it doesn't allow for closing vulnerabilities due to false positive (back-ported linux patches are a good example). This makes the entire scanning module and reporting for it unusable. The cloud offering doesn't have a way to consume logs via webhook or API. Only options are really for syslog, graylog, and some Windows logging. MacOS and Linux agents don't allow for any remote management or forensic response like the Windows agents do and also instead of leveraging the agent for authentication, you still need administrative credentials; which can be a big pain if you are an agille, cloud-based company that doesn't employ a Windows Domain/AD. AlienVault NIDS can't really deal with layer 2 traffic and thus it causes a challenge to accurately identify endpoints in a DHCP environment. For example, if I have a malware alert on a machine, I really only see that machines IP address from the NIDS sensor. Having the MAC address tracking the machine (a static value) rather than the IP address (variable layer 3 value), would make the process of machine identification and isolation during a malware alarm immensely easier. Review collected by and hosted on G2.com.

The solution is very complete due to the way it operates in the user's resources, which makes it very intuitive and innovative. Each one of the modules complements it as well as the solutions that are being added for monitoring make it unique in the market with high value. I totally like the tool and it has helped me too much here in the company to detect attacks in real time and have reaction time to prevent them. On the other hand what I love the most is that the solution recommends you to do for prevention. It would have been a plus if the solution had an agent to check the health status of the team or perform tasks as an endpoint that I hope in the future can be added as an option. I think he is on the right track and I don't doubt that in the future he will be number 1 in his category. Your user training program is excellent as it helps us become familiar with the tool and apply good practices in our environment and also for personal knowledge. Alientvault is wonderful and maybe I will use it for a long time as it helps me too much. Thank you Alienvault. Review collected by and hosted on G2.com.

We would like in the future to include an agent in the equipment and interact more with the other security solutions, for the time being is complete but I think it might help to have an agent to notify you of the health status of the endpoint. Review collected by and hosted on G2.com.

USM Anyway agent which protects our cloud environments with integrated thread intelligence hub one of the best security our security upgrade within last year. SEIM makes us feel that we have a virtual security office which cares about us Review collected by and hosted on G2.com.

I would be happy to collect all application logs withing AV, but our current plan doesn't allow this. And sure we want to have more features. Review collected by and hosted on G2.com.

AlienVault USM Anywhere is easy to deploy with their Cloud-based model and deploying the required agents on-prem (or in the Cloud) is quick and easy. With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon Cloudwatch Logs. Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response. USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moments notice. Review collected by and hosted on G2.com.

We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great. Review collected by and hosted on G2.com.

Is a complete security solution and is easy to install. I think is a transversal security solution, can give a full vision of network. Enables companies to optimize security investments and increase the efficiency of their technology infrastructure. It has essential security features that allow an organization to monitor applications and systems, in addition to its network services, gives us the ability to understand the vulnerabilities of such systems, identify new threats that actively compromise the network, as well as make detections for suspicious behavior that could indicate a compromised system.

AlienVault USM generates and stores records and events from all your local and cloud environments for 12 months, simplifying records management and review and helping you meet regulatory record retention requirements.

In addition to the benefits of the solution allows a correct and high compliance with security standards such as ISO/IEC 27001, HIPAA, Payment Card Industry Data Security Standard (PCI DSS), CIS Critical Security Controls, among others.This is possible because of:

- asset discovery,

- vulnerability assessment,

- file integrity monitoring,

- SIEM

- logs

- Reports for PCI-DSS, HIPAA, NIST and more

Recently in Mexico, companies are being required to comply with regulations, including as a requirement to banks by the CNBV. Review collected by and hosted on G2.com.

I would like to have more training material, preferably in Spanish language, as well as training in this language since most of the content is in English language. There could even be practical laboratories with real scenarios in virtual environments. Review collected by and hosted on G2.com.

Ease of use, flexibility and feeling secure. Review collected by and hosted on G2.com.

nothing bad to really say. There's a small learning curve involved in turning alerts to your environment but the documentation and support team are stellar in helping you along the way. Review collected by and hosted on G2.com.

AlienVault monitor all logs and send alarms and point to risks Review collected by and hosted on G2.com.

I think that I faced two issues one of them with the support and the other that the AlienVault is complicated Review collected by and hosted on G2.com.

AlienVault has all the tools needed to get a complete view of what is happening on our network, from network traffic to to log management, even to what suspicious processes are being executed on our client workstations. Review collected by and hosted on G2.com.

The only fault with AlienVault is that the dashboards can be a bit slow to render. Review collected by and hosted on G2.com.

It makes it easy monitor things such as unusual logins from our Azure AD Review collected by and hosted on G2.com.

The interface can be slow to reload when navigating through different tabs such as events, alarms etc Review collected by and hosted on G2.com.