AlienVault® Unified Security Management®
(USM) delivers threat detection, incident response, and compliance
management in one unified platform. It is designed to combine all the essential security
capabilities needed for effective security monitoring across cloud and
on-premises environments, including SIEM, intrusion detection, vulnerability
management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT
security teams, AlienVault…
$1,075
per month
Microsoft Intune
Score 8.2 out of 10
N/A
Microsoft Intune (formerly Microsoft Endpoint Manager), combining the capabilities of the former Microsoft System Center Configuration Manager, SCCM or ConfigMgr, is presented as a unified endpoint management option. Microsoft Intune is an endpoint management solution for mobile devices, an MDM solution that allows the user to securely manage iOS, Android, Windows, and macOS devices with a single endpoint management solution. The component Endpoint Configuration Manager (the…
At this point I'm saying a 4. While the marketing material make it appear to be easy to use and it was relatively easy to set up, as previously mentioned, each event description is based upon the individual asset making it nearly impossible for the administrator to be a SME for each asset. For example, if one of the assets reporting is a router, the administrator monitoring alerts would need to know what the various events are that can be triggered as an event for the particular router; however, if the asset is a workstation, the administrator would need to know the various events that are triggered for workstations.
Windows Autopilot makes provisioning user Windows PC laptops a breeze. A user only needs to turn on the laptop, join it to their local WiFi, login with their O365 account then sit back and let Windows Autopilot handle the app installations required for work, configure the laptop settings to meet my organization requirements. I have seen this all completed in less than 30 minutes depending on how fast the internet connection is. Where Microsoft Intune needs to improve I think is the part where it can push out software updates to 3rd party apps. Right now I have to use Automox to fill in this gap.
AlienVault USM is simple and easy to deploy. Sensors can be deployed in as little as 15 minutes through the setup wizard.
The USM UI is easy to understand. I've trained multiple analysts who are able to perform their duties on their first day, in part because of USM Anywhere's ease of use.
Top-notch built-in compliance templates and reporting features.
[Microsoft Endpoint Manager (Microsoft Intune + SCCM)] helps to speed up the deployment of patches/software throughout our environment. I can easily build a package and then deploy across all endpoints.
The ability to supercede software is also quite handy. This automates the removal of old versions and replacing them with newer versions.
The Intune Autopilot option is very useful if you want to deploy software to devices straight out of the box. You can configure them to download software when a user opens a new PC and turns it on for the first time.
Personally, I've wished I could purchase a service that would configure AV for my environment. I get a lot of traffic on a daily basis and I almost need to hire an analyst that just works on AV.
Some of the filters when looking for a specific alert aren't that easy to use.
The program itself can be challenging to use, especially if there hasn't been any formal training on the use of the product. Either training/reviewing documentation is recommended prior to using SCCM.
At times, it can be difficult to try and find out why a certain machine that's listed in SCCM says that the endpoint has the SCCM client and shows as Active, but in fact, it's not. It's also difficult at times to try and figure out why the client can't be pushed down to the endpoint.
Even though the remote assistance features in SCCM are really good, it can be challenging at times when the remote options don't work for a particular endpoint, even though the machine is active, online, etc.
The centralized logging and retention for PCI compliance was our main driver, and it is meeting that need. Otherwise there has been enough frustration with the lack of documentation and the need to customize through the CLI that I would be open to alternatives.
Mascom Wireless is a Microsoft shop and SCCM has proved to be helpful in keeping our Microsoft products up to date every month without fail. We also have a Microsoft Enterprise Agreement which we renewed for three years ending 2022. The remote access utility works wonders for the organisation and have saved travel bills including subsistance allowance. We have been able to fulfill security audits both internal and external. We have been able to keep a robust inventory of our computer assets and nothing falls of the cracks
Once you are able to navigate the different panels, finding what you need is quite easily. Before getting used it it can be a bit of challenge . Each panel is quite well laid out and the filtering search capabilities are quite strong.
The console is not intuitive and does not work well often. Due to the complexity of the product, documentation can be confusing. When properly configured, routine tasks like OS deployment, remote control, and software deployment are easy to do. Troubleshooting of System Center Configuration Manager issues is hard, as there are various logs, and their content can be hard to understand.
We do have issues with maintenance on the AlienVault USM as the disk fills up from time to time with other data sources. Sources for scanning logs and net flow data isn't calculated in regular disk maintenance and can easily fill up our disk if we do not keep an eye on it with some custom Nagios plugins. The system does properly trim logging data from logging sources properly.
With the latest release of AlienVault USM overall performance has not been an issue. We have noticed single source events per second does not scale well with the overall system. 2,000eps on a vmware system with a single source produces delays of up to an hour for us. Pages, reporting and even raw log searches are rather quick though.
It's a 'heavy' system, which demands a lot of resources form the datacenter perspective. So, make sure you followed the requirements to avoid frustration in the future. From the 'client' perspective, it's fine. I've never had any issue with that.
The support we received from alienvault was excellent. They went above and beyond in making sure everything was working as it needed to be. They REALLY want their product implementation to be a success and our security goals be achieved. They are like a member of our security team.
Being a Microsoft product, support was good. Out interaction was limited to our in-house IT team which was installing the Intune app in our mobile device. The installation was smooth and we haven't faced any difficulties with the app while using it. Provides a smooth and secure access to all Office 365 apps in mobile while separating the personal and professional data.
I did not have any experience with "in person" training directly. The free online classes offered for a half a day are based on the actual training offered. These little teasers are very good and well worth your time to learn a few quick and dirty ways of getting more information from your SIEM
It was very well organized and helpful in using the product to the fullest extent. The instructor allowed time for folks who were involved with managed services to receive tuning tips in order to better support their customers. In addition, the course materials were automatically updated when the new version came out.
AlienVault USM was a very simple to implement and get up and running. We started with a trial version and had that up and going within an hour of receiving email instructions from the sales engineer. We never had to contact support to get the system up and going. It was extremely easy to convert over to a full license once we started with a paid version.
Work with a "test group" of users who you have a good relationship with so that when things don't work properly they understand! Work with your partner nicely without forcing things especially timelines as you are bound to make mistakes and create oversights in the project Management can also interfere with the implementation (which can cause delays) if you make too many mistakes which takes me back to having a "test group" where you have good relations
Splunk's ES is a paid add-on on top of an already pricey product. Finding a MSSP that supports Splunk and isn't a 6 figure annual commitment seems unlikely. LogRhythm did not have a cloud-based solution when we were considering SIEMs. Fantastic product though and have a good MSSP base. Devo did not have a MSSP partner base when we looked. Their product is fantastic too. AlienVault USM has good partners to choose from as well as an affordable cloud model, that's why we chose it.
We did not evaluate or use other products like Microsoft Endpoint Manager (Microsoft Intune + SCCM). The main reason we did not evaluate or use other products is because Microsoft Endpoint Manager (Microsoft Intune + SCCM) integrates seamlessly with Microsoft 365 and Windows PCs. Expenses would have increased as well if we had purchased another similar product.
The AlienVault USM is not very scalable. Some scalability can be achieved by installing additional sensors, but this only offers 500eps per sensor and is still overall limited by the installation type of VM or physical. We have also noticed the EPS (events per second) is rated overall and not towards a single source. A single source on a very healthy VMware partition tops out at 2,000eps for us, no matter how we configure it. Maybe this is a problem of the 5.2 release?
Once you hit the 150 asset mark, you have to jump to their unlimited license. There is no middle ground. We were only 10 or so assets above the 150 so we had to chose to either not monitor those assets or pay the price of the upgrade.
AlienVault brings all the information to one place which makes it much quicker to track down problems.
In our current environment, this System Center Configuration Manager had replaced several standalone solutions for patching, imaging, remote assistance, reporting, etc. That saved a lot of time and resulted in money to manage the IT infrastructure.
Once SCCM is deployed and fully configured, all agents are deployed and it is easy to automate a lot of processes and just control them from time to time to make sure that everything is working as supposed to be.
SCCM + Windows 10: great built-in endpoint protection solution. As a result, there is no need to buy additional software for that purpose.
The imaging process is better compared to WDS because you can modify deployment packages and apply patches to a newly imaged machine. This saves tons of time for new employees deployment.
