I like the automated asset discovery feature, once we created the network tap, we could easily discover assets on the dashboard. Another feature that I absolutely love is the integration with Alienvault OTX, having to group/categorise IP addresses and hostnames based on pulses from OTX gives you an idea of what you're about to investigate before you even get started.

The least helpful thing would be the need to spend more for EPS. If you have a large on-prem environment and you decide to use Alienvault, you could be regularly over-shooting the EPS count for your license, this increases cost. The more your environment grows, the more you have to pay for licenses.

We can use the Vulnerability Scanner without having to pay for another Vulnerability Scanning software, and not incur the risks associated with open source scanners. Running a hybrid environment means we need full visibility on both cloud and on-prem assets, and Alienvault gives us that coverage.

This is a great SIEM with all the features we need. It has central management which is huge for us since we are an MSSP and have many clients in many different environments. It also has some built in connections with tools that are super helpful.

I don't really dislike anything about Alienvault. The cost isn't very high and the services offered are pretty wide. If I had to change anything I think I would add rules based on time.

We use this for every client as a SIEM And a way to generate alerts for anything that seems unusual. This has been working great and it integrates with many of their tools.

They have an easy-to-understand UI, the case management is really good. Also, suppression of the false-positive area is very easily available. Onboarding of the data sources are easy.

Availability of the SIEM tool is the major issue here. They have a lot of downtimes and even sometimes without prior notice, it is not accessible. Also the performance is very poor. It takes minutes after clicking once.

We have multiple security data sources, so it was a bit difficult to monitor all at the same time. But AlienVault allows us to monitor all things at one place and allowed us to configure rules over there.

A SIEM in all-in-one format, with which you can easily have the functionalities of a SIEM, network behavior analysis and vulnerability analysis. Plus, it's easy to deploy and has plenty of integrations available to use.

In very large environments, it is very heavy to manage and servers can consume a lot of RAM. High availability is not well designed, so you have to look for workarounds to secure the solution.

It allows to deploy a complete and simple solution in small clients, who cannot afford other much more expensive solutions. Being able to have a complete security solution.

Simple SIEM, easy to set-up, great actionable results, clear reporting features. Easy to work with assistance team.

Some false positives take time to correct.

Good price point to product value proposition

Meeting security guidelines, ensuring network safety, reporting requirements, system security awareness

Alien Vault is essential to the day to day operations of our entire intel team. Being able to pivot on related files and prove maliciousness of a domain makes AV one of the best OSINT tools on the market.

I dislike how much Alien Vault charges for their enterprise accounts.

I am solving internet security issues by being able to perform my daily duties.

the rich interface and the ThreatIntell overall was pretty good.

the management and maintenance are too cumbersome.

Make sure you have 3 engineers to manage, maintain, and Operate the SIEM platform alone. You also need 6 security analyst. The training is expensive so make sure you have one SME to teach others.

we are solving SIEM required by regulators

Great to monitor events and provide feedback. Good product coverage. It has integration with SQL, AWS and other cloud infrastructure with ease. Better than cloudwatch. This tool is cheaper than splunk.

Sometimes becomes overly complicated to analyze DDoS attacks. Not very user friendly.

The UI is complicated to use. Basic tasks are easy.

To timely monitor suspicious events within AWS. Utilization within load balancer.

Easy to use for such a sophisticated software and tech support.

There is nothing that I don't like. If you need high security, you know when a product is good.

None

When your network has lots of different software that protects it, USM gives you an instant panorama.

The ease of use and customization. The USM is a work horse, no matter what devices or the number of logs we throw at it, the system processes them in real-time, correlates the events, and alerts on only events that need human review. USM Anywhere was a great progression of the product, whether you are a small business with no security team or a large enterprise with a large team, AlienVault will meet your needs.

The one thing I continue to dislike about the USM Anywhere the lack of an on-prem deployment option.

Compare how AlienVault does Events Per Second (EPS) compared to others. Most other products charge based on EPS, the more events the more you have to pay. This causes most companies to limit the amount of logs sent and processed. AlienVault charges by the number of devices managed, you can send anything and everything to the USM. The more logs you can process the better correlation you will have. I have found that companies that limit their logs then have a security incident would have been able to identify the attack if they would have been monitoring all events in their logs.

We are able to get a real-time view on of our security that is accurate. We have seen a dramatic increase in the productivity and efficiency of our security team. We are now able to identify and stop security issues before they get out of control, usually before anyone else even notices.