What do you like best?
The log analysis component works well and adding additional alerting rules is pretty simple.
They have a large number of modules for ingesting logs from a variety of systems.
Support is pretty good.
Open threat exchange is an excellent idea and well implemented.
The UI is ok
Annual cost is better than most
Using the USM client is a quick and easy way to forward system logs into USM.
They have a easy to read task list of what is in their pipeline for new features.
What do you dislike?
The lack integration with other tools. They have a ticket system that is ok, it would be better if they had integration with third party tools like Jira.
They have assets that are used to conduct scans and assign modules for understanding logs taken from it. Again there is no integration with any third party asset management system.
They have a vulnerability scanner however its not as through as some of the alternatives and you can not initiate scans via an api.
They claim to have a compliance scanner what they really have is a set of canned reports that you can provide to an auditor. A compliance scanner is something like openscap.
They only allow in the ingesting and processing of Office 365 logs in their cloud solution. There is no reason why this couldn't also be done with their on premise solution as well.
It would seem that development of their USM product has slowed to a crawl. If you monitor their change lists on their website the upcoming changes to their USM product is woefully lacking. It would be better if they used the same code base for both platforms and when one feature was added to one platform it would also be available to the other.
Recommendations to others considering the product
Do a feature comparison and go with the system that has the best cost for the features you need.
Qualys appears to be the most featured product but the most expensive.
Rapid 7 is a little more expensive but has a few more features that Alienvault needs to add.
I would take another look at tenable's solution as its changed a good bit since my last eval.
Alienvault may be missing some of the features I was looking for but they have provided great support and their features cover most of what I was looking for.
The Alienvault USM Appliance seems to be lagging behind their USM Anywhere product as far as development goes. If you are not required to have Fedramp certified cloud services I would recommend going with USM anywhere over the USM appliance. However USM Anywhere does cost a bit more.
What business problems are you solving with the product? What benefits have you realized?
AlienVault USM analyses our logs and reports vulnerabilities.