Forrester Says that AlienVault “Challenges” Enterprise SIEM vendors

September 21, 2018 | Russ Spitler

Forrester just released their “Security Analytics Wave” report that evaluates Security Analytics/SIEM technologies used by large enterprises (5000+ employees).  

I am super excited that AlienVault was included for the first time and placed as a “Challenger”. This is quite incredible if you think about it. To include AlienVault as a challenger in a group of vendors that provide big data platforms to large enterprises is a major note on the state of the market.  

AlienVault has always taken a contrarian approach to traditional SIEM/big data based security techniques.  We do not require our users to set up data lakes, or train machine learning algorithms - instead we make it as simple as possible to quickly detect threats, efficiently respond to breaches and manage compliance.   We provide a SaaS platform to remove the administrative overhead of a big data product, we integrate the essential security capabilities most customers need and our Labs team delivers Threat Intelligence on a daily basis to train all of the technologies in our platform.  The result is that 46% of our customers are investigating an alarm within 24 hours!! In contrast, it takes days maybe more to just deploy and populate a big data store leave alone constructing analytics workflows.

In our early years we quickly gained a large, loyal following in organizations with less than 5000 employees.  Our approach has helped security champions in more than 7000 organizations around the world along with over 80000 subscribers to our Open Threat Exchange (OTX).  In fact, Forrester did an objective analysis of the impact USM Anywhere has had on some real world users of the product. They found that there was an 80% reduction in the time spent on ‘security engineering’ (time spent deploying, maintaining, integrating security technology), an 80% improvement in the time to detect an incident and an average of 6000 hours a year saved on their audits (2.5 full time employees!).  You can find this report here

Our inclusion in the Wave reflects that our value proposition is now resonating with a broader set of customers by making a noticeable dent in ‘traditional’ approaches that require a security team to procure, deploy, integrate security controls into a data lake and research teams to stay current on threats and tune AI and ML algorithms.  In addition, organizations need an operations team to continuously monitor dashboards and respond to the threats. This approach is heavy in technology and heavy in people - it is exactly what we set out to solve with USM Anywhere.

As we continue our evolution and become AT&T Cybersecurity it gives us access to one of the world’s largest cyber-security operations. We look forward to leveraging this knowledge to improve the USM Anywhere platform, deliver new capabilities and expand our threat intelligence to disrupt the status quo and help organizations of all sizes strengthen and simplify their security postures.

To learn more about the USM Anywhere platform, you can take a look at our interactive demo ( or call us (


Russ Spitler

About the Author: Russ Spitler

Russell Spitler brings over a decade of experience building products and startup companies that secure companies across the globe. Russ currently serves as the AVP of Products at AT&T Cybersecurity where he is responsible for cybersecurity product strategy and the execution of the cybersecurity product roadmap that has resulted in the acquisition of over 7,000 commercial customers and over 20,000 open source users during his tenure. Russ was also one of the founders and a driving force behind AlienVault's Open Threat Exchange- a crowd-sourced threat intelligence community with over 100,000 active users from more than 140 countries. His leadership and focus on practical and effective threat detection has helped establish AlienVault's open-source and commercial products as an undisputed industry leader. Prior to AT&T, Russell served in engineering and product management roles at Fortify Software. Russ was instrumental in developing and maturing the Fortify product suite that dominated the application security testing market earning the leadership position in the Gartner MQ for 11 straight years. Fortify's 750+ customers included all 10 of the world's 10 largest banks and all the major branches and agencies within the US DoD. Russell frequently contributes articles and quotes for major news outlets and regularly presents at industry conferences such as RSA, and BlackHat.

Read more posts from Russ Spitler ›


Get the latest security news in your inbox.

Subscribe via email


Watch a demo ›
Get price Free trial