Content

AT&T Cybersecurity USM Anywhere

AT&T Cybersecurity’s USM Anywhere centralizes threat detection, incident response and compliance management across environments to simplify threat management for security professionals of all experience levels. This platform contains many important automated features, simplifying implementation, reducing the burden on security teams and eliminating the need for more security tools. For instance, USM Anywhere links directly with the MITRE database and Open Threat Exchange so there is no need to purchase additional threat feed tools, as is the case with some traditional SIEMs.

USM Anywhere is a SIEM solution at its core but focuses on threat detection and response. It leverages a variety of supported sensors with built-in network intrusion detection to collect events and log information. If support for a desired sensor is unavailable, subscribers can request help from AlienApp collectors with the click of a button.

Enormous metadata support these correlation rules that, in turn, serve as the basis for threat detection. Rule violations automatically trigger alerts so that security teams can address threats immediately.  The USM Anywhere catalogue comes with more than 1,000 pre-defined rules. Notification rules send an SMS or email notification for manual responses, while response rules accept only automated responses. Subscribers may choose from among these rules to customize the platform to suit their particular needs. A robust and customizable ruleset is crucial to the success of any SIEM and USM Anywhere’s flexibility gives security teams the freedom to detect a wide variety of problems and reduce alert fatigue. That way, security teams can easily conduct investigations based on data that is meaningful to their organization.

There are many pre-defined, configurable dashboard options for numerous sensors to give a single pane view of an environment. For example, drilling into the Google Drive dashboard reveals the usernames of everyone modifying files. There is also an option to create custom dashboards. We really like the design and feel of these dashboards. Users can easily pivot into events and drilldown for more information. The dashboard even provides a plain English explanation of events so that even non-security professionals can better understand these events and identify compromised systems.

Various event- and compliance-based reports are ready out-of-the box and can be exported in CSV or PDF format. USM Anywhere also supports the freedom and flexibility of custom reports. Security teams can configure the platform to generate either automated or manual reports and to highlight events that occurred during specific timeframes.

AT&T Cybersecurity readily admits that SIEM implementation can still be challenging, even for experienced personnel and has taken some important steps to address this issue. The Guided Tour provides an impressive and interactive walkthrough of the platform. This added feature attests to the company’s commitment to simplifying threat management for all security professionals.

This user-friendly SIEM solution comes standard with pre-configured options, plain English explanations and highly useful built-in features. USM Anywhere is a superb SIEM choice, offering a lot in return for little effort.

Pricing starts at $825 per month and includes 24/7 phone, email and website support. Customers can access a knowledge base and FAQ list. Additional support options are available for a fee.

Tested by: Tom Weil

Product title
AT&T Cybersecurity USM Anywhere
Product info
Vendor: AT&T Cybersecurity Contact: https://cybersecurity.att.com Price: $825 per month
Strength
This user-friendly SIEM offers a lot of out-of-the-box content that simplifies implementation and use. It even has a Guided Tour that provides an impressive and interactive walk through of the platform.
Weakness
None that we found.
Verdict
This SIEM is focused on threat detection and response and has several highly useful features that reduce the burden on security teams and eliminate the need for additional security tools.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds