AlienVault USM vs PRTG

• Pulling in LOTS of logs from various places in AWS.
• In theory, can consume any type of log you can send it.

Read full review

• PRTG performs an intial search of your network and automatically adds devices it finds, creating sensors on the fly. This is great for new users.
• PRTG has a free version which offers 100 free sensors. I highly recommend this for anyone looking to use PRTG. It offers a free, non-limited trial of the software for an indefinite time. Giving people the chance to play, and tweak - really getting to know the ins and outs.
• Email alerts are great for those of us on the road. We can get up to the minute notifications if a site is down or having potential issues.
• The Android app works very well. Keeping me in the know while on the go.

Read full review

• Although the creation of custom report modules is powerful and easy, incorporating them into reports that are readable by non-technical staff without some interpretation is not so easy. Section headers can't be customized, and full log events cannot be presented in reports.
• Normalization (extraction/parsing of log fields and mapping them to actionable fields in the SIEM) needs to be done in further detail. There are times when I want to search on a particular field in a log, and can't do it because it's not normalized. I'm sure that it's a bit of a cat and mouse game with device vendors and operating systems, but more actionable fields in the database would be better. Fortunately, I can go into the underlying Linux system and do it myself, but it is quite time consuming to do so.
• A faster, more convenient way to weed out false positives would speed up the journey to SIEM success. I envision an interface similar to Micorosoft Outlook's rules, in which an analyst can look at an alarm from the USM, select the criteria on which she wants to suppress the event, create the rule, then hit a button to "delete existing alarms that match these criteria". I've shared this vision with AlienVault, and have my fingers crossed for the next version.

Read full review

• PRTG updates a LOT. When the server updates, the client needs to update. It's not a huge inconvenience but certainly puts a quick stop to the day when the notification takes focus.
• It's hard to gauge what resources PRTG needs sometimes. Looking at the system requirements and giving said requirements to the VM running PRTG doesn't always solve the problem. Many times, PRTG will report that the probe is using all resources allocated and having problems because there is nothing more to give. Adding more RAM or CPUs to the VM doesn't always fix the problem. It can be perplexing at times.

Read full review

• Provides an effective means for threat intelligence
• Reduced overall cost on network security monitoring
• Increase in customer satisfaction rating

Read full review