AT&T Cybersecurity’s USM Anywhere centralizes threat detection, incident response and compliance management across environments to simplify threat management for security professionals of all experience levels. This platform contains many important automated features, simplifying implementation, reducing the burden on security teams and eliminating the need for more security tools. For instance, USM Anywhere links directly with the MITRE database and Open Threat Exchange so there is no need to purchase additional threat feed tools, as is the case with some traditional SIEMs.
USM Anywhere is a SIEM solution at its core but focuses on threat detection and response. It leverages a variety of supported sensors with built-in network intrusion detection to collect events and log information. If support for a desired sensor is unavailable, subscribers can request help from AlienApp collectors with the click of a button.
Enormous metadata support these correlation rules that, in turn, serve as the basis for threat detection. Rule violations automatically trigger alerts so that security teams can address threats immediately. The USM Anywhere catalogue comes with more than 1,000 pre-defined rules. Notification rules send an SMS or email notification for manual responses, while response rules accept only automated responses. Subscribers may choose from among these rules to customize the platform to suit their particular needs. A robust and customizable ruleset is crucial to the success of any SIEM and USM Anywhere’s flexibility gives security teams the freedom to detect a wide variety of problems and reduce alert fatigue. That way, security teams can easily conduct investigations based on data that is meaningful to their organization.
There are many pre-defined, configurable dashboard options for numerous sensors to give a single pane view of an environment. For example, drilling into the Google Drive dashboard reveals the usernames of everyone modifying files. There is also an option to create custom dashboards. We really like the design and feel of these dashboards. Users can easily pivot into events and drilldown for more information. The dashboard even provides a plain English explanation of events so that even non-security professionals can better understand these events and identify compromised systems.
Various event- and compliance-based reports are ready out-of-the box and can be exported in CSV or PDF format. USM Anywhere also supports the freedom and flexibility of custom reports. Security teams can configure the platform to generate either automated or manual reports and to highlight events that occurred during specific timeframes.
AT&T Cybersecurity readily admits that SIEM implementation can still be challenging, even for experienced personnel and has taken some important steps to address this issue. The Guided Tour provides an impressive and interactive walkthrough of the platform. This added feature attests to the company’s commitment to simplifying threat management for all security professionals.
This user-friendly SIEM solution comes standard with pre-configured options, plain English explanations and highly useful built-in features. USM Anywhere is a superb SIEM choice, offering a lot in return for little effort.
Pricing starts at $825 per month and includes 24/7 phone, email and website support. Customers can access a knowledge base and FAQ list. Additional support options are available for a fee.
Tested by: Tom Weil