Overall Satisfaction with AlienVault USM
This is currently being used across our corporate environment to help monitor our firewalls that process all associate traffic, active directory, O365, etc. This product has helped us to gain more visibility into the traffic that is being sent across our network and help identify threats quicker. Currently, the Security department is in charge of all that is AlienVault, and have given read access to a few neighborliness departments.
- Ability to tune alarms and events to your liking. Very easy to get rid of false positives that are known in your environment, and create actionable alerts for legitimate alerts.
- The simplicity of the dashboard. Everything within AlienVault USM Anywhere is easy to navigate and configure. From sorting logs to creating new users, the layout is natural and easy to figure out.
- The Architecture of the SaaS deployment went smoothly and is very simple and expandable. Very little to worry about on our side with great results.
- Support response time and incident handling have some room to improve. We had major issues with a sensor, and it took several days to get a response. Once we got a response the issue was corrected, it just took a while to get our engineer on the phone.
- Small bugs in the way that the syslog packets are read and normalized. Reading the time in the packet wrong has been the biggest issue we have found so far that is without a solution.
- Complicated Architecture to fully use the product. Requiring port mirroring to use the IDS portion of Alienvault is quite challenging when dealing with a large network size and diverse locations such as ours.
Much cheaper and better testing experience than with Exabeam. The user interface and setup was much more smooth as well. Very similar platforms and functionality, but in the end price and performance played a large factor. For a product that would do the same things, and some things better, and a much better price, AlienVault was the way to go.