We changed our name from IT Central Station: Here's why

AT&T AlienVault USM OverviewUNIXBusinessApplication

AT&T AlienVault USM is #10 ranked solution in Log Management Software and #11 ranked solution in top Security Information and Event Management (SIEM) tools. PeerSpot users give AT&T AlienVault USM an average rating of 8 out of 10. AT&T AlienVault USM is most commonly compared to AlienVault OSSIM: AT&T AlienVault USM vs AlienVault OSSIM. The top industry researching this solution are professionals from a computer software company, accounting for 28% of all views.
What is AT&T AlienVault USM?

AlienVault USM Anywhere is a cloud-based security management solution that accelerates and centralizes threat detection, incident response, and compliance management for your cloud, hybrid cloud, and on-premises environments. USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physical IT infrastructure.

With USM Anywhere, you can rapidly deploy sensors into your cloud and on-premises environments while centrally managing data collection, security analysis, and threat detection from the AlienVault Secure Cloud.

Five Essential Security Capabilities in a Single SaaS Platform

AlienVault USM Anywhere provides five essential security capabilities in a single SaaS solution, giving you everything you need for threat detection, incident response, and compliance management—all in a single pane of glass. With USM Anywhere, you can focus on finding and responding to threats, not managing software. An elastic, cloud-based security solution, USM Anywhere can readily scale to meet your threat detection needs as your hybrid cloud environment changes and grows.

  1. Asset Discovery
  2. Vulnerability Assessment
  3. Intrusion Detection
  4. Behavioral Monitoring
  5. SIEM

Try USM Anywhere in your environment—free for the first 14 days. 
www.alienvault.com/products/usm-anywhere/free-trial

AT&T AlienVault USM was previously known as AlienVault, AlienVault USM, Alienvault Cybersecurity.

AT&T AlienVault USM Buyer's Guide

Download the AT&T AlienVault USM Buyer's Guide including reviews and more. Updated: January 2022

AT&T AlienVault USM Customers

Abel & Cole, Bank of Ireland, Bluegrass Cellular, CareerBuilder, Claire's, Hays Medical Center, Hope International, McCurrach, McKinsey & Company, Party Delights, Pepco Holdings, Richland School District, Ricoh, SaveMart, Shake Shack, Steelcase, TaxAct, Taylor Morrison, Vonage and Zoom

AT&T AlienVault USM Video

AT&T AlienVault USM Pricing Advice

What users are saying about AT&T AlienVault USM pricing:
  • "Its price is in the medium to upper range."
  • "I don't know exactly, but I know it is based on the number of logs and the retention duration, such as 30 days or something like that. So, the smallest package is about 500 a month for 30 days of logs. There is a virtual machine. You need resources for it. It is a log collecting VM. They provide the software, and you just have to load a virtual machine. So, you're going to incur some CPU RAM and storage for wherever this log collecting appliance is running, which typically is in our cloud and on our platform for the customer."
  • "The licensing fees are dependent on usage."
  • "Its price is much lower than McAfee ESM."
  • AT&T AlienVault USM Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Owner at ThatsIT Consultants
    Real User
    An all-in-one package for monitoring components across the network
    Pros and Cons
    • "In terms of monitoring, my best feature would be the monitoring of components across the network. It monitors the respective nodes and any new node that comes onto the network and provides reports. The reporting dashboards are really helpful for management in terms of making decisions around patch management."
    • "I've been using it just for my own personal upskilling in terms of how the product works. At the moment, it is pretty straightforward and simple, and it is working how it is supposed to. The feedback would come once it is deployed to customer sites. They'll be using it on a more frequent basis, and that's when the feedback would come in terms of the areas in which they're facing issues or are looking for simplicity."

    What is our primary use case?

    General use cases would be for patch management and vulnerability management. The devices that are on the network may need patching if they're outdated. For any device or node that has entered the network and may be considered a threat, the HTTPS ports and different nodes need to be monitored for incoming and outgoing traffic. We could put in security rules for monitoring the actual devices down to the USP level, and we can also get the vulnerability information from OSX, and then provide that information to the IT teams.

    In terms of the version, usually, when the updates come, the updates need to be aggregated to the customer, but at this moment in time, I am yet to secure a customer in that space due to the current COVID crisis in the country, across the Pacific, and globally.

    In terms of deployment, the endpoints are on-premise, but it would be cloud-based in terms of the platform. So, it could be both depending on the customer. They would either have cloud or hybrid.

    What is most valuable?

    In terms of monitoring, my best feature would be the monitoring of components across the network. It monitors the respective nodes and any new node that comes onto the network and provides reports. The reporting dashboards are really helpful for management in terms of making decisions around patch management.

    It is an all-in-one package. In terms of the selling points, to the best of my knowledge, it has eight different selling points or eight features, and they're all interlinked, which most of the infrastructure setups here do not have. They have separate systems for monitoring the networks. So, USM can cater based on those eight capabilities.

    What needs improvement?

    I've been using it just for my own personal upskilling in terms of how the product works. At the moment, it is pretty straightforward and simple, and it is working how it is supposed to. The feedback would come once it is deployed to customer sites. They'll be using it on a more frequent basis, and that's when the feedback would come in terms of the areas in which they're facing issues or are looking for simplicity.

    For how long have I used the solution?

    I have been using this solution for the last eight to 10 months.

    What do I think about the stability of the solution?

    So far, I haven't seen any patches or updates from the partner or the OTX site to show any issues in terms of stability. Based on the frequency of the updates, at the moment, it seems stable.

    What do I think about the scalability of the solution?

    It is easy to scale. It comes with all features, as opposed to separate individual modules. To my knowledge, you can scale it for your organization as and when there is a requirement or the organization grows. So, in terms of scalability, there is no problem. After you get it up and running, as the organization grows, the engines will be able to pick up that information.

    It is really good for medium and large companies, but it can also be used for small organizations. Instead of deploying it to a small organization, you could provide a service where it is not on the customer site, and you basically link into your nodes for small customers. So, you install it for medium and large customers, and for small customers, you install it on your premise, and then you sell the individual features that they may request.

    How are customer service and technical support?

    I have not been in touch with their technical support. I deal with the technical account manager. When I read up the information and there is something that I'm not sure about, I check my resources and see what's available online. If none of the available resources are helpful, I reach out to my account manager who then puts me in touch with the technical team. I presume that if we encounter any issues in deployment, it would be based on a customer's demography or the setup.

    How was the initial setup?

    If you're not familiar with it from a tech perspective, it might be confusing for you, but from what I've seen and based on my experience, it is pretty simple and straightforward.

    The user guides are also very helpful if you hit any roadblocks. It is very straightforward in terms of the instructions to set it up, but you should have minimum tech experience in understanding the documentation, which is fair enough and good because you don't want it to be too simple to set up that companies would say, "Well, we don't need IT if anybody can do this." So, you'd need some technical background to at least understand the documentation or the user guide.

    I've only installed it for myself. It took a short amount of time to get it up and running. The deployment duration would depend on a customer's infrastructure size and the number of nodes that a customer has. It will also depend on the data collection that the agents or the engines need to do to protect the information and then put it in its database.

    What's my experience with pricing, setup cost, and licensing?

    Its price is in the medium to upper range.

    What other advice do I have?

    I would definitely recommend this solution, but I would also do a pre-assessment of the organizational setup and infrastructure. I'm a reseller, and it is obviously my top priority that we sell the product

    If you look at the Gartner Magic Quadrants, you will see AlienVault is up there in the upper right quadrant, which makes it one of the top recommended solutions. That is the reason for my partnership with AT&T Cybersecurity for the product.

    I would rate AT&T AlienVault USM a nine out of 10. No solution is 100% perfect.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    Solutions Engineer at a computer software company with 51-200 employees
    MSP
    Top 20
    Useful for compliance, very scalable, and pretty stable
    Pros and Cons
    • "We're using it more for reporting, that's all. We're using it to help our customers to pass any kind of audits that they receive."
    • "There could be some type of integration with our existing portal. We have our own customer portals, and it would be good if there was an integration so that our portal can provide reports. There could be some type of API into the AlienVault system with the USM system so that it is easy to show the customers high-level reports of the system through our portal."

    What is our primary use case?

    We use it for compliance. We're not using it as a security operation center type of thing. Its usage is more from an auditing standpoint at this point.

    We partner with them for customers who need something like a SIEM, so we're a cloud provider and integrator.

    It is deployed on the cloud. It is a combination of AT&T's own cloud and our cloud. We run our own infrastructure. So, it is a hybrid and private cloud.

    What is most valuable?

    We're using it more for reporting, that's all. We're using it to help our customers to pass any kind of audits that they receive.

    What needs improvement?

    I don't have any suggestions for improvement. On our side, as a provider, we should develop a real security operation center type of practice, which we don't have right now.

    There could be some type of integration with our existing portal. We have our own customer portals, and it would be good if there was an integration so that our portal can provide reports. There could be some type of API into the AlienVault system with the USM system so that it is easy to show the customers high-level reports of the system through our portal.

    What do I think about the stability of the solution?

    It is pretty stable from what I hear. 

    What do I think about the scalability of the solution?

    It is cloud-based, so it is very scalable. It really depends on how many devices they have in their environment. Our customers are more mid-sized companies, so it fits what we need.

    We don't have a lot of clients using this SIEM. Usually, a client is interested in something like this to help them with their auditing. So, we don't have a lot of customers using it right now. Probably in the near future, its usage will be increased in terms of the customers requesting it from a security standpoint.

    How are customer service and technical support?

    It is pretty good. I usually don't contact their support. I usually contact their sales team. I work with their pre-sales and sales engineer and account rep.

    How was the initial setup?

    It is pretty straightforward from what I've seen, but it has to be verified to make sure any changes in the environment are added to the configuration. Like anything, it is not set it and forget it. You really have to make sure that it is capturing everything if things change or new systems are brought online. It is more of a procedural thing where you have to make sure somebody is keeping it up to date.

    For its maintenance, we have someone who manages the product itself. In our company, for IT people, we have around 100 or so staff. We have customers nationwide, but we probably have two to three people managing this product. They are in more of a security analyst type of role dedicated to security.

    What's my experience with pricing, setup cost, and licensing?

    I don't know exactly, but I know it is based on the number of logs and the retention duration, such as 30 days or something like that. So, the smallest package is about 500 a month for 30 days of logs.

    There is a virtual machine. You need resources for it. It is a log collecting VM. They provide the software, and you just have to load a virtual machine. So, you're going to incur some CPU RAM and storage for wherever this log collecting appliance is running, which typically is in our cloud and on our platform for the customer.

    What other advice do I have?

    I would advise knowing your requirements and your data. What are you trying to protect or monitor? Before implementing something like this, you really should have basic security in place. You should have systems that are generating logs, for example, antivirus software and firewall. You have to have that all in place first to make this kind of product useful because this type of product is really meant to aggregate things after the fact. After you've put all the systems in place, then this system aggregates and collects everything together. You really need all the endpoint security, firewall security, and server security first, so you have meaningful data to look at. The SIEM is not going to be useful if you don't have any meaningful data for it to collect.

    I still need to dig into it deeper to see exactly what it does. Our practice is kind of evolving, so this is probably something that we need to offer more to customers. We need to get more product knowledge on it and develop a practice around it. A lot of customers are asking for security operations center (SOC) services for remediation of problems. We don't do that right now, but that's something that I know is probably on the roadmap. With everything going on, that would be a helpful service to our customers, and I think they're asking for that. We've encountered customers asking for that type of service. We don't do it yet. I know there are other partners out there that do that, so really it's on our side to develop the product more. Whether it involves staying with this AT&T product or going for maybe another one, customers are looking for a little bit more. They are not just to have it set up, but also to have someone to act on any kind of alerts or any kind of potential breaches. They're looking for a service for somebody to actually remediate.

    From what I know of the product, I would rate it an eight out of 10. 

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    Learn what your peers think about AT&T AlienVault USM. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
    563,208 professionals have used our research since 2012.
    John Stanford
    Senior Network Architect / Network Team Leader at ICE Consulting. Inc.
    Real User
    Top 10
    Threat detection, incident response, and compliance management in an all-in-one solution
    Pros and Cons
    • "The other big selling feature for us was its integration capabilities with all the other security-based products."
    • "I'd like to see a dashboard that's a little more descriptive."

    What is our primary use case?

    We were trying to get into the security market to be able to offer something to our clients who are asking for a monitoring event management system. We started looking at what we could offer as an MSP to our clients; that's what drove us into evaluating different SIEM products, to get a better understanding of how the billing is set up as a partner. Alien Vault had the best set up for MSPs — the way they are set up for billing and the way they set up their USM account. 

    What is most valuable?

    The reason why we went with AT&T AlienVault USM, was because we liked their reporting capability a little better than some of the other ones we evaluated; however, the biggest draw for us was how AT&T has their MSP program set up. In most cases, you have to buy a certain number of either agents or sensors which are, more or less, the program. With an MSP, our clients don't have to buy any — there are no minimum requirements. Alien Vault provided us with really good worksheets to detail the number of sensors needed when we are in negotiations with prospective clients. We can also use them to determine the number of devices that are going to be monitored, and how we can tailor the customer setup based on what the customer requirement is.

    The other big selling feature for us was its integration capabilities with all the other security-based products, not just security-based, but application settings in general. It works with Google Drive, Gmail, and Microsoft 365. It also works with different antivirus software from Proof Point to Okta — all of the different pieces of applications that we normally provide as a best practice to our clients. This software can interact with them all and pull the event data and the security data from all of these different applications, and more.

    What needs improvement?

    I'd like to see a dashboard that's a little more descriptive. We can customize the dashboards, but the out-of-the-box dashboards are kind of bland. Since we give our customers access to their dashboards, it would be nice if they were a little bit more intuitive. We can go easily drill into it and show them everything, but the customer just sees the writing on the page. 

    I'd like to see them dress up their out-of-the-box dashboard a little bit. We have the ability to do a lot of that. 

    Since they have this image — they have a strong MSP program. I would love to see them allow branding, which they don't at this point.

    For how long have I used the solution?

    We deployed the demo roughly eight months ago.

    What do I think about the stability of the solution?

    AT&T AlienVault USMIt's has been very stable.

    How are customer service and technical support?

    Their support has been stellar, any issues that we had with trying to get it configured or trying to interpret instructions, we could just make a quick phone call and they were there to help us.

    How was the initial setup?

    I'd say it was kind of in the middle, complexity-wise. It's actually fairly easy to deploy a new client. 

    What's my experience with pricing, setup cost, and licensing?

    It's competitive with other similar solutions; however, I don't do the billing so I can't properly comment on it.

    What other advice do I have?

    Most of our clients are small to medium-sized businesses; they can't afford to go out and purchase a SIEM on their own. They're looking for us to provide something for them. This was why we provide HCZ cybersecurity and Alien Vault, etc. 

    If you're in an MSP and you're servicing small to medium-sized clients, this is definitely a product that you want to look at and evaluate. When we were doing our evaluations, we were looking at the applications that are supported out-of-the-box, without having to develop any special ATIs — we wanted a pre-built application that supported most of the applications that we use within our client base.

    On a scale from one to ten, I would give this solution a rating of eight.

    I'd like to see a little bit more work, out-of-the-box, regarding the dashboards. I'd like to see them provide us with branding capabilities, to be able to put our logos on the dashboard so that the client understands that it's coming from Ice Consulting instead of Alien Vault.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Principal DevOps Engineer at a tech vendor with 11-50 employees
    Real User
    It gives you robust protection and value without the need for a dedicated SOC team
    Pros and Cons
    • "AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small company that doesn't have those resources."
    • "I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins."

    What is our primary use case?

    AlienVault USM is an SaaS solution offered through the cloud. It's a security incident event management solution that scans logs to look for various security patterns that are shipped to it. Then it alerts us so we can identify trends.

    How has it helped my organization?

    AlienVault gives us greater visibility into our security and tells us what we need to address. We haven't had any breaches, but if we were to have some, we would get alerts.

    What is most valuable?

    AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small company that doesn't have those resources.

    What needs improvement?

    I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins.

    We often have application logs that are unique to us, so it's silly to have to open a ticket, have them do the work, and then release the plugin. It would be nice if they had a self-service portal where we could define the parameters within the product for the plugin and have a custom plugin for our logs. 

    For how long have I used the solution?

    I've been using AlienVault USM for about two or three years.

    What do I think about the stability of the solution?

    AlienVault USM has been quite stable so far. We might've had one or two hiccups over the past couple of years, but nothing major.

    What do I think about the scalability of the solution?

    We have had no issues with scalability at all. It's been seamless. We have only three or four users on our DevOps team, but we're getting information from all over. Of course, many downstream people benefit from the work that we do, but only about four people actually log in and use it. 

    How are customer service and support?

    Technical support has been okay. It hasn't been great. On a scale of one to 10 scale, I'd say maybe a six. It took them a long time to respond to some of our questions, and we didn't get the complete responses we were expecting. In some cases, the process took so long that the question's urgency diminished by the time we could get to an answer.

    How was the initial setup?

    Setting up AlienVault USM was relatively straightforward. Of course, all software is complex, but this wasn't overly complex. We did do some professional service hours with the vendor during the deployment, but that was more about best practices. We asked how to configure it to get the most out of the solution. 

    It's not an admin-heavy product in terms of maintenance and management. There's certainly a lot you can do to customize and configure it, but it doesn't require much administration. Someone is logging in most days to check in and review alerts.

    Which other solutions did I evaluate?

    We looked at Splunk Enterprise with the added security module, and that worked great, but it also had a lot of overhead to get value out of it. We just didn't have the capacity for it.

    What other advice do I have?

    I would give AlienVault USM a solid eight out of 10. There are certainly products out there that can do more. For a smaller company, I'd say it's a solid nine or a 10, but if we compare all the offerings on the market, I would say it's a solid eight. It doesn't have some of the features of the other ones, but it offers a lot of benefits to us because we can get the value that we need out of it without having a dedicated team.

    It's been good overall, so I would give it a thumbs up. It's suitable for small organizations that don't have the capacity for a dedicated SOC that could handle something like Splunk Enterprise. Splunk is great for businesses with a dedicated team to do full-time analysis. But I think this is a nice solution for smaller companies where the IT staff has to wear multiple hats.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Sergey Kornienko
    Director of Department at BAKOTECH LLC
    Reseller
    Top 20
    Good compliance, lots of useful features, and easy to scale
    Pros and Cons
    • "There are multiple tools for information security. The solution includes all the latest advances on the network and host intrusion detection systems."
    • "The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on."

    What is our primary use case?

    We have three main uses for the solution. They are compliance, incident response, and as a tool for information security.

    What is most valuable?

    The solution has excellent compliance and has good incident response.

    There are multiple tools for information security. The solution includes all the latest advances on the network and host intrusion detection systems.

    The out-of-the-box features are great. You don't have to jump to different consoles as everything is right there. Everything from a security standpoint can be handled via one screen.

    What needs improvement?

    The solution could be improved in three ways. The first one is user behavioral analytics. They need work.

    The second one is cloud-related usage. The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on.

    The third one improvement could be a bit more customization for security products. If someone has an antivirus where it is customizable they need to have the ability to easily connect everything together.

    For how long have I used the solution?

    I've been dealing with the solution for four years.

    What do I think about the stability of the solution?

    The solution is very stable. We haven't had issues so far in terms of using it.

    What do I think about the scalability of the solution?

    The solution is quite easy to scale. You just need to install the standard solution. You don't have to change the whole installation. In the case of the cloud deployment version, you only need to add sensors. In either case, you need to have the correct licenses, however, it's quite simple to accomplish.

    How are customer service and technical support?

    Technical support has always been quite good. With the product itself, we haven't personally had any issues. However, a lot of times our customers or engineers contact AlienVault support with a request to help to start a new correlation rule, integration, or other issues. When that happens, support always answers and gives them all the details they need.

    Which solution did I use previously and why did I switch?

    As a reseller, we've looked into other solutions, however, we find this product to be the best option for our customers time after time.

    How was the initial setup?

    The initial setup is pretty easy. Anyone can install this solution within four or five hours. They don't need to be engineers in order to do that.

    By that point, it will already be prepped and can show us what is happening from a security point of view.

    It's quite easy to install and deploy. You don't need a security team for ten people. There's a lot of automation within the tool, so you only really need one or two security staff to operate it for a company of, for example, 500 people.

    What's my experience with pricing, setup cost, and licensing?

    In comparison to the competition, it's a very inexpensive option, whether you use the cloud or the on-premises deployment models. You also get great value for money as you do get a lot of very good tools that come standard with the solution as well.

    What other advice do I have?

    We're not using the solution ourselves. We're resellers.

    USM Anywhere is cloud-based, although they have a different version that is on-premises or on a private cloud called the USM Appliance. We're using the on-premises version, which is quite different from the cloud version.

    Overall, I'd rate the solution nine out of ten. There are a few areas where they can improve, however, overall, it's been a very good product for us and our customers.

    We'd recommend the solution. We've looked into other options and we always come back to this product.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
    Solutions Architect - Team Lead at a computer software company with self employed
    Reseller
    Top 5
    Easy setup with great security information management and very stable
    Pros and Cons
    • "The setup is very easy and straightforward."
    • "The solution is a bit complicated. It could be simplified quite a bit."

    What is our primary use case?

    We primarily use the solution for cybersecurity events and management.

    What is most valuable?

    The SIEM, security information management is very, very good. Basically, it's great at analyzing the logs of our servers.

    The setup is very easy and straightforward.

    What needs improvement?

    The solution is a bit complicated. It could be simplified quite a bit.

    The correlation engine could be improved. Much improvement could be made there, as it is an important open-source solution. 

    The solution could benefit from including security orchestration. It's still not available yet. It would be really nice to have in a future release.

    It could use something like a pen test. Tools like that would make it more comprehensive from a cybersecurity aspect. 

    For how long have I used the solution?

    I've been using the solution since about 2015. It's been approximately six years or so.

    What do I think about the stability of the solution?

    The solution is extremely stable. We don't have any issues with its reliability. It doesn't crash or freeze and it's not buggy at all.

    What do I think about the scalability of the solution?

    The solution doesn't scale well if you are talking about enterprises using it. However, for our purposes, we've never had an issue with this. Larger companies might. We do intend to continue to use the solution and potentially increase usage.

    How are customer service and technical support?

    Technical support is extremely reliable. We've very satisfied with the level of service we receive. They are always knowledgeable, helpful, and responsive.

    How was the initial setup?

    The initials setup is not complex. It's a very straightforward implementation.

    The overall deployment is quite quick. It might take about 30 minutes or so. That's all.

    What's my experience with pricing, setup cost, and licensing?

    The solution has a subscription-based annual payment option. It's not a perpetual license.

    What other advice do I have?

    We use both on-premises and cloud deployment models.

    We both use the solution and sell the solution as well.

    Overall, on a scale from one to ten, I would rate the solution at an eight.

    We're more focused on servicing medium to small businesses. This solution may not be suitable for a large enterprise-level organization.

    That said, we highly recommend it. I'd recommend that new users decide to first go for the trial. Take the trial and then make sure that you like it before investing in the subscription. The company offers a free trial - you might as well use it.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
    Chief Operating Officer / SR. Project Manager with 1-10 employees
    Real User
    Top 20
    Helpful threat intelligence capability, but the reporting is mediocre
    Pros and Cons
    • "The most valuable feature is threat intelligence."
    • "The reporting is mediocre and is something that needs to be improved."

    What is our primary use case?

    We are a managed security service provider and we offer AlienVault USM to our clients. We use it to monitoring their environments and to maintain their logs.

    What is most valuable?

    The most valuable feature is threat intelligence. Their community is a very helpful tool and I think it's one of the values of AlienVault.

    What needs improvement?

    They set aside a lot of the functionality from the on-premises version that we found very helpful in managing tickets. As it is now, the cloud-based deployment is lacking these useful features.

    The reporting is mediocre and is something that needs to be improved.

    For how long have I used the solution?

    I have been using the cloud-based deployment of this solution for about two years.

    What do I think about the stability of the solution?

    The stability is fine.

    What do I think about the scalability of the solution?

    Scalability in a cloud solution is tied to costs. With any cloud solution, the more data you have and the larger your company, the higher the price point. I wouldn't say that scaling is easy, but it is standard.

    How are customer service and technical support?

    Technical support is slow to respond when we put in a ticket. We're a number. 

    Which solution did I use previously and why did I switch?

    We use both the on-premises version and USM Anywhere. The latter is a SaaS solution.

    How was the initial setup?

    The initial setup is okay. At an additional cost, they offer services to assist with deployment.

    What's my experience with pricing, setup cost, and licensing?

    Our take on it is that we are paying more for this product because of the AT&T name. We don't necessarily find that we are getting more functionality or quality, given the price point.

    The licensing fees are dependent on usage.

    Which other solutions did I evaluate?

    We are currently evaluating different SIEM solutions. I have found that all of them have issues, whether it is related to functionality or price point. Even the ones that have a high price don't provide everything that you need.

    What other advice do I have?

    My advice for anybody who is considering this product is to evaluate all of the options that are out there. There is no one, great answer, so you have to figure out what best fits your needs.

    I would rate this solution a seven out of ten.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Operation Manager at Checksum Consultancy
    Real User
    Top 20
    Easy to deploy, good integration with OTX, and good at asset discovery and vulnerability scanning
    Pros and Cons
    • "Asset discovery and vulnerability scanner are good features. The integration between this solution and OTX, which is an AlienVault platform for Open Threat Exchange, is also a valuable feature. It is also quick and easy to deploy, so you can quickly engage with a customer's environment."
    • "Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira. It is also a bit slow, and its replication engine can be improved."

    What is our primary use case?

    We provide information security services to clients. We are seeking some clients to provide monitoring services by using AlienVault. We are also providing AlienVault USM Anywhere, which is cloud-based and has integration with cloud platforms such as AWS, Azure, and Google Cloud. 

    What is most valuable?

    Asset discovery and vulnerability scanner are good features. The integration between this solution and OTX, which is an AlienVault platform for Open Threat Exchange, is also a valuable feature. It is also quick and easy to deploy, so you can quickly engage with a customer's environment.

    What needs improvement?

    Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira.

    It is also a bit slow, and its replication engine can be improved.

    For how long have I used the solution?

    I have been using this solution for six months.

    How are customer service and technical support?

    We provide technical support for our clients.

    Which solution did I use previously and why did I switch?

    I have used McAfee ESM. McAfee ESM has many good features, but it is not very integrated with cloud-based assets. AlienVault is already a cloud-based solution, and it is native to cloud assets, which gives AlienVault an advantage over McAfee ESM. On the other hand, McAfee ESM is much better than AlienVault in terms of search engine, data collection, and events. 

    How was the initial setup?

    It is very easy to deploy. It just takes one or two days and allows you to engage with your customer's environment quickly.

    What's my experience with pricing, setup cost, and licensing?

    Its price is much lower than McAfee ESM.

    What other advice do I have?

    I would encourage others to go with this solution because it is easy to deploy, and it provides good tools to know more about your network and the traffic on it. Its reporting needs some improvements, but it fulfills the needs.

    I would rate AlienVault USM an eight out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: partner
    Buyer's Guide
    Download our free AT&T AlienVault USM Report and get advice and tips from experienced pros sharing their opinions.